Ethical Frameworks and Computer Security Trolley Problems: Foundations for Conversations

The computer security research community regularly tackles ethical questions. The field of ethics / moral philosophy has for centuries considered what it means to be"morally good"or at least"morally allowed / acceptable". Among philosophy's contributions are (1) frameworks for evaluating the morality of actions -- including the well-established consequentialist and deontological frameworks -- and (2) scenarios (like trolley problems) featuring moral dilemmas that can facilitate discussion about and intellectual inquiry into different perspectives on moral reasoning and decision-making. In a classic trolley problem, consequentialist and deontological analyses may render different opinions. In this research, we explicitly make and explore connections between moral questions in computer security research and ethics / moral philosophy through the creation and analysis of trolley problem-like computer security-themed moral dilemmas and, in doing so, we seek to contribute to conversations among security researchers about the morality of security research-related decisions. We explicitly do not seek to define what is morally right or wrong, nor do we argue for one framework over another. Indeed, the consequentialist and deontological frameworks that we center, in addition to coming to different conclusions for our scenarios, have significant limitations. Instead, by offering our scenarios and by comparing two different approaches to ethics, we strive to contribute to how the computer security research field considers and converses about ethical questions, especially when there are different perspectives on what is morally right or acceptable.

[1]  Emily M. Bender,et al.  Ethics in Linguistics , 2022, Annual Review of Linguistics.

[2]  Mingxuan Liu,et al.  Ethics in Security Research: Visions, Reality, and Paths Forward , 2022, 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[3]  Shaanan N. Cohney,et al.  Watching the watchers: bias and vulnerability in remote proctoring software , 2022, USENIX Security Symposium.

[4]  T. Ristenpart,et al.  Care Infrastructures for Digital Security in Intimate Partner Violence , 2022, CHI.

[5]  Yulia Tsvetkov,et al.  A Survey of Race, Racism, and Anti-Racism in NLP , 2021, ACL.

[6]  Tadayoshi Kohno,et al.  Defensive Technology Use by Political Activists During the Sudanese Revolution , 2021, 2021 IEEE Symposium on Security and Privacy (SP).

[7]  Casey Fiesler,et al.  Studying Reddit: A Systematic Overview of Disciplines, Approaches, Methods, and Ethics , 2021, Social Media + Society.

[8]  Colin M. Gray,et al.  Surveying the Landscape of Ethics-Focused Design Methods , 2021, 2102.08909.

[9]  Pascal Sturmfels,et al.  FoggySight: A Scheme for Facial Lookup Privacy , 2020, Proc. Priv. Enhancing Technol..

[10]  Kangjie Lu,et al.  IEEE S&P’21 Program Committee Statement Regarding The “Hypocrite Commits” Paper , 2021 .

[11]  Casey Fiesler,et al.  Ethical and privacy considerations for research using online fandom data , 2020, Transformative Works and Cultures.

[12]  Ben Y. Zhao,et al.  Fawkes: Protecting Privacy against Unauthorized Deep Learning Models , 2020, USENIX Security Symposium.

[13]  Inioluwa Deborah Raji,et al.  Saving Face: Investigating the Ethical Concerns of Facial Recognition Auditing , 2020, AIES.

[14]  Saraleah Fordyce Value Sensitive Design: Shaping Technology with Moral Imagination , 2019, Design and Culture.

[15]  Telecommunications Board,et al.  Beyond Spectre: Confronting New Technical and Policy Challenges , 2019 .

[16]  Nicola Dell,et al.  Clinical Computer Security for Victims of Intimate Partner Violence , 2019, USENIX Security Symposium.

[17]  Joshua D. Greene,et al.  Sacrificial utilitarian judgments do reflect concern for the greater good: Clarification via process dissociation and the judgments of philosophers , 2018, Cognition.

[18]  F. Hardin,et al.  What We Owe To Each Other. , 2018, Missouri medicine.

[19]  Mark Dredze,et al.  Don’t quote me: reverse identification of research participants in social media studies , 2018, npj Digital Medicine.

[20]  Nicola Dell,et al.  The Spyware Used in Intimate Partner Violence , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[21]  Nicola Dell,et al.  “A Stalker's Paradise”: How Intimate Partner Abusers Exploit Technology , 2018, CHI.

[22]  Michael Zimmer,et al.  Addressing Conceptual Gaps in Big Data Research Ethics: An Application of Contextual Integrity , 2018 .

[23]  Timnit Gebru,et al.  Gender Shades: Intersectional Accuracy Disparities in Commercial Gender Classification , 2018, FAT.

[24]  Casey Fiesler,et al.  “Participant” Perceptions of Twitter Research Ethics , 2018 .

[25]  D. Kramer,et al.  Cybersecurity Concerns and Medical Devices: Lessons From a Pacemaker Advisory. , 2017, JAMA.

[26]  M. Lamont,et al.  Bridging cultural sociology and cognitive psychology in three contemporary research programmes , 2017, Nature Human Behaviour.

[27]  Alastair R. Beresford,et al.  Ethical issues in research using datasets of illicit origin , 2017, Internet Measurement Conference.

[28]  Wenyuan Xu,et al.  Cybersecurity and medical devices: A practical guide for cardiac electrophysiologists , 2017, Pacing and clinical electrophysiology : PACE.

[29]  Tara Matthews,et al.  Stories from Survivors: Privacy & Security Practices when Coping with Intimate Partner Abuse , 2017, CHI.

[30]  Arvind Narayanan,et al.  Semantics derived automatically from language corpora contain human-like biases , 2016, Science.

[31]  Michael,et al.  The Path: What Chinese Philosophers Can Teach Us About the Good Life , 2016 .

[32]  Nick Feamster,et al.  Ethical Concerns for Censorship Measurement , 2015, NS Ethics@SIGCOMM.

[33]  Phillip Rogaway,et al.  The Moral Character of Cryptographic Work , 2015, IACR Cryptol. ePrint Arch..

[34]  J. Brady,et al.  The Belmont Report. Ethical principles and guidelines for the protection of human subjects of research. , 2014, The Journal of the American College of Dentists.

[35]  Stuart E. Schechter,et al.  Using Ethical-Response Surveys to Identify Sources of Disapproval and Concern with Facebook's Emotional Contagion Experiment and Other Controversial Studies , 2014 .

[36]  A. Honneth Freedom's Right: The Social Foundations of Democratic Life , 2014 .

[37]  A. Colman,et al.  Cultural differences in responses to real-life and hypothetical trolley problems , 2014, Judgment and Decision Making.

[38]  Eric Wustrow,et al.  ZMap: Fast Internet-wide Scanning and Its Security Applications , 2013, USENIX Security Symposium.

[39]  Bertram Gawronski,et al.  Deontological and utilitarian inclinations in moral decision making: a process dissociation approach. , 2013, Journal of personality and social psychology.

[40]  Flavio D. Garcia,et al.  Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer , 2013, USENIX Security Symposium.

[41]  D. Dittrich,et al.  The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research , 2012 .

[42]  Annette N. Markham,et al.  FABRICATION AS ETHICAL PRACTICE , 2012 .

[43]  T. Tännsjö,et al.  Chinese and Westerners Respond Differently to the Trolley Dilemmas , 2012 .

[44]  S. Athar Principles of Biomedical Ethics , 2011, The Journal of IMA.

[45]  Dan Priel Justice: What’s the Right Thing to Do? , 2010, International Journal of Law in Context.

[46]  Felix Leder,et al.  A Case Study in Ethical Decision Making Regarding Remote Mitigation of Botnets , 2010, Financial Cryptography Workshops.

[47]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[48]  Chris Kanich,et al.  Spamalytics: an empirical analysis of spam marketing conversion , 2009, CACM.

[49]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[50]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[51]  Felix C. Freiling,et al.  Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm , 2008, LEET.

[52]  Dirk Grunwald,et al.  Legal issues surrounding monitoring during network research , 2007, IMC '07.

[53]  Julian Baggini,et al.  The Ethics Toolkit: A Compendium of Ethical Concepts and Methods , 2007 .

[54]  Eytan Adar,et al.  User 4XXXXX9: Anonymizing Query Logs , 2007 .

[55]  Sunny Consolvo,et al.  Development of a Privacy Addendum for Open Source Licenses: Value Sensitive Design in Industry , 2006, UbiComp.

[56]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[57]  A. Bruckman Studying the amateur artist: A perspective on disguising data collected in human subjects research on the Internet , 2002, Ethics and Information Technology.

[58]  P. Foot Moral Dilemmas: and other topics in moral philosophy , 2003 .

[59]  Matt Blaze,et al.  Rights Amplification in Master-Keyed Mechanical Locks , 2003, IEEE Secur. Priv..

[60]  P. H. Kahn,et al.  Human values, ethics, and design , 2002 .

[61]  J. Samet,et al.  Food and Drug Administration , 2007, BMJ : British Medical Journal.

[62]  S. Garfinkel,et al.  Web Security, Privacy & Commerce , 2001 .

[63]  Steven Levy,et al.  Crypto: How the Code Rebels Beat the Government--Saving Privacy in the Digital Age , 2001 .

[64]  Roger Dingledine,et al.  The Free Haven Project : design and deployment of an anonymous secure data haven , 2000 .

[65]  L Sweeney,et al.  Weaving Technology and Policy Together to Maintain Confidentiality , 1997, Journal of Law, Medicine & Ethics.

[66]  T. Gross,et al.  The epidemiology of pacemaker implantation in the United States. , 1995, Public health reports.

[67]  Matt Blaze,et al.  Protocol failure in the escrowed encryption standard , 1994, CCS '94.

[68]  N. Smith Justification and Application: Remarks on Discourse Ethics , 1994 .

[69]  John Skorupski,et al.  The Definition of Morality , 1993, Royal Institute of Philosophy Supplement.

[70]  Reinhard Kreissl,et al.  Dialektik der Aufklärung , 1987 .

[71]  A. Baier,et al.  Reasons and Persons , 1984 .

[72]  R F Atkinson,et al.  Moral Thinking: Its Levels, Method and Point , 1982 .

[73]  Raymond Geuss,et al.  The Idea of a Critical Theory: Habermas and the Frankfurt School , 1981 .

[74]  M. Horkheimer,et al.  Critical Theory: Selected Essays , 1972 .

[75]  Jessica Fuerst,et al.  Grundlegung zur Metaphysik der Sitten , 1911, Kritik der reinen Vernunft (1. Aufl.). Prolegomena. Grundlegung zur Metaphysik der Sitten. Metaphysische Anfangsgründe der Naturwissenschaft.