Computer Security and Human Values, Essay Example

In this research paper we will give an overview of the main issues associated with computer security in relation to human values, i.e. the moral aspect of computer security and violation of it.  We will discuss a number of notions connected with computer security and their positive or negative connotation, some legal aspects of security and, finally, educational issues: what and when users should be taught about good and bad behavior in the context of computer-based information space.

Computer security is generally defined as a system of measures aimed at ensuring the necessary level of confidentiality and integrity and preventing different types of misuse, accidents, and faults of both the software and the data. Peter Neumann describes the functions of computer security as twofold or even multidimensional. The examples include the use of computer security to protect personal privacy or to limit access to false data about someone which should be accessible or to undermine other personal rights. One of its main functions is to protect the system against viruses, Trojan horses and other forms of harmful invasion. At the same time, it can make repair process much more complicated and slow down responses to emergencies. Computer security simplifies and protects the concerns of legitimate users. However, it can create a number of problems to daily system use. Automated monitoring of computer activities system, originally designed to trace intrusion and misuse, can be turned into a tool of spying on legitimate users, thus violating personal privacy. (Neumann, 2007).

This scheme illustrates the imperfectness of computer security and, consequentially, its complete dependence on human values practiced by a user. Provided the user has no desire to involve in illegal activity and respects his / her privacy as well as the privacy of other people, he / she will try to make effective use of computer security and protect his / her personal information. But if the user is ill-intended, he / she might attempt to use computer security to a disadvantage of potential victims like in the case of automated monitoring of computer activities which may work against legitimate users.

Like any other global human enterprise, the world of computers finds place for such intrinsic human qualities as fraud, laziness, malice, curiosity etc. It necessitates the use of computer security despite all the problems associated with it such as difficulty in administering etc. What is the nature of computer-related crimes and to what extent is it the same with or different from the nature of other human crimes? Peter Neumann suggests that people seem to have a natural tendency to “depersonalize complex systems” (Neumann, 2007). Protectability of computer access serves to many people as an equivalent to impunity. Once they have defended access to their own computers, they feel they can intrude on those less protected without being disclosed. Unfortunately, for many little danger of disclosure is synonymous to correctness of their activities. People who do not realize that they may also be affected do not hesitate to violate the privacy of others and unethical behavior becomes a norm for them. Moreover, computer systems give the ill-intended individuals absolutely new opportunities. They can now perform distant perpetrated fraud, arrange distributed attacks or high-speed cross-linking, search and match huge databases, organize internal surveillance of legitimate users leaving them unawares of it or external surveillance undetectable by administrators. Formerly incredible, these activities make violation of computer security even more attractive as a type of criminal activity.

An addition to the feeling of impunity and a strange difference of computer crimes as compared to non-computer crimes lie in the fact that computer crime legislation of many states places responsibility first and foremost on the computer owner who failed to secure his / her system. In case of crimes against property, however, the responsibility is placed on a burglar or swindler even if the owner made an inviting target for fraud or robbery of his belongings. This does not work with computer crimes. In New York State, for example, the penetrated system is beyond the protection of computer crime statutes if an unauthorized user has not been put on notice as being not admitted in the system. In spite of the fact that computer-based criminal activity may bring about millions and even billions of dollars of loss for companies as a result of distribution of secret codes. In essence, computer-based criminal activity like that does not differ from any other kinds of crimes: an individual obtains something that belongs to other people without their permission or will breaking one of the main moral rules. For computer intruders, however, this rule is overshadowed by the perspectives opened by their own intellect. Intellectual achievements in the context of hi-tech world are undoubtedly positively connoted. Once a person has managed to find a technological solution, he / she feels automatically entitled to obtain all the benefit he / she can get from it. The principle that works here is “might makes right”, which is by definition incoherent with standard moral values. Exercising the power to intrude on seemingly protected confidential computer systems may even be more pleasant than obtaining the benefit from such activity. It is proved by the number of computer penetrations performed only in order to show how vulnerable the system is for a clever person. These “clever persons” do not take or distribute anything; they just leave traces of intrusion to mock the system personnel leave a mystery to an operator.

Although the greatest part of legislation is intended to protect the weak from such unscrupulous “might”, in case of computer crime the society tends to exercise global permissiveness. Kenneth Citarella, a prosecutor who specializes in computer crime and telecommunication fraud and took part in drawing up computer crime statutes, believes that such permissiveness results from the fact that severe punishment and close prosecution of this type of crime would expose hundreds of the country’s brightest young professionals to deserved punishment and the society will have to admit that its intellectual elite is widely involved in criminal activity and forego the benefits of their professionalism excluding them from the working economy. Indeed, computer criminals are in the overwhelming majority white, middle class and well-educated, which is far from our stereotyped image of a culprit. They are intelligent, curious, skilful and decisive – the qualities which have become widely romanticized in our society alongside with the notion of “hacking”. Originally, “hacking” was viewed as positive and associated first of all with free exchange of ideas and clever technological solutions which was encouraged worldwide. However, the openness of information space leaves great opportunities of misuse, both intentional and accidental, several types of which are discussed further.

Misuse on the part of both authorized and unauthorized users may result from trap doors and other vulnerabilities. Authorized and especially privileged users may go beyond their authority and misuse the system. Misuse may be based on the effect of Trojan horses, self-propagated viruses, malevolent worms, etc. Many of the viruses give no opportunities to obtain profit for the criminal and are spread just out of desire to harm.

The effects of computer-related criminal activity can be classified into losses of confidentiality, losses of system and application integrity and predictability, denials of service and other misuse (Neumann, 2007). Translated into the terms of human values and social security, these computer notions mean violation of privacy and related human rights. Obviously, breaks of confidentiality and undesirable exposure are fraught with privacy problems. The spreading of erroneous information, i.e. aspersion, can be even more detrimental. Another aspect is the threat to intellectual property presented by stealing programs, data, documentation, and other information which may result in the loss of control and recognition, loss of responsibility without loss of liability, loss of accountability etc. If a life-critical system becomes an object of misuse, the result may be deaths and injuries of people. In this respects, total automation of, for instance, medical institutions and in particular some medical operations can have monstrous side-effects in case of intentional or accidental misuse. Computer crimes are becoming an issue of increasingly hot debates in legislative sphere causing much confusion in law enforcement communities and resulting in often painful lawsuits. Finally, fear of intrusion and of infection in the form of Trojan horses and viruses has a ruinous psychological effect on what was meant to be open and cooperative information community. Individuals who have already experienced the effects of computer system violation feel insulted and insecure and strive for greater protection of their systems which often turns out to be slowing down their work and creating a multitude of negative emotions.

In my opinion, human values in connection with computer-based activity should be promoted and maintained as any other human values – first of all, through education and only after that through punitive measures. There is a wide range of seminars arranged for computer specialists. A course on intellectual propriety and security is a must for many educational institutions. However, I think that late teens and twenties are not the correct time to teach a person some human values. It would be more effective to let every child who approaches computer for the first time in his / her life to understand that with the help of the computer he / she can create a unique personal space just like anyone else. Just like and other personal space, either physical or virtual, computer space needs adequate protection and the most powerful instrument of protection is mutual respect. Parents should explain children that accessing computer-based information which is not opened for access by its owner or creator is just like consulting the other person’s private papers or checking on his / her purse and is widely frowned upon by the society. Young people should understand that the greatest control is imposed on them by their conscience, not by some punitive institutions. This is the only way to create a healthier and happier society for our children and ourselves.

References

Burgess, J.P. (2008). Human Values and Security Technologies. PRIO.

Bynum, T.W., Rogerson, S. (2004). Computer Ethics and Professional Responsibility. Wiley-Blackwell.

Citarella, K.C. (2007). Computer Crime, Computer Security and Human Values – The Prosecutor’s Perspective. The Research Center on Computing and Society. Retrieved 19 June, 2009, from http://www.southernct.edu/organizations/rccs/resources/research/security/citarella/computer_crime.html

Denning, D.E. (2007). Responsibility and Blame in Computer Security. The Research Center on Computing and Society. Retrieved 19 June, 2009, from https://www.southernct.edu/organizations/rccs/resources/research/security/denning/introduction.html

Edgar, S.L. (2002). Morality and Machines: Perspectives on Computer Ethics. Jones & Bartlett Pusblishers.

Gattiker, U.E., Kelley, H. (1999). Morality and Computers: Attitudes and Differences in Moral Judgments. Information Systems Research, 10(3), 233-254.

Himma, K.E. (2006). Internet Security: Hacking, Counterhacking, and Society. Jones & Bartlett Publishers.

Johnson, D.G. (1994). Computer Ethics. Prentice Hall.

Miller, K.W. (1997). Computer Security and Human Values Interact. Retrieved June 19, 2009, from fie-conference.org/fie97/papers/1336.pdf

Neumann, P.G. (2007). Computer Security and Human Values. The Research Center on Computing and Society. Retrieved 19 June, 2009, from http://www.southernct.edu/organizations/rccs/resources/research/security/neumann/introduction.html