Ethical Value-Centric Cybersecurity: A Methodology Based on a Value Graph
- 59 Downloads
Our society is being shaped in a non-negligible way by the technological advances of recent years, especially in information and communications technologies (ICTs). The pervasiveness and democratization of ICTs have allowed people from all backgrounds to access and use them, which has resulted in new information-based assets. At the same time, this phenomenon has brought a new class of problems, in the form of activists, criminals and state actors that target the new assets to achieve their goals, legitimate or not. Cybersecurity includes the research, tools and techniques to protect information assets. However, some cybersecurity measures may clash with the ethical values of citizens. We analyze the synergies and tensions between some of these values, namely security, privacy, fairness and autonomy. From this analysis, we derive a value graph, and then we set out to identify those paths in the graph that lead to satisfying all four aforementioned values in the cybersecurity setting, by taking advantage of their synergies and avoiding their tensions. We illustrate our conceptual discussion with examples of enabling technologies. We also sketch how our methodology can be generalized to any setting where several potentially conflicting values have to be satisfied.
KeywordsCybersecurity Ethics Privacy Fairness Autonomy
- AFP. (2018). German spies can keep monitoring internet hubs, court rules. The Local.de. https://www.thelocal.de/20180531/german-spies-can-keep-monitoring-internet-hubs-court-rules.
- Bamberger, W. (2010). Interpersonal trust—Attempt of a definition. Scientific Report, Technical University Munich.Google Scholar
- Brands, S. (1994). Untraceable off-line cash in wallet with observers. In CRYPTO’93 (pp. 302–318). Berlin: Springer.Google Scholar
- Bundesverfassungsgericht. (1983). BVerfGE 65,1 - Volkszählungsurteil. 15 December. http://www.servat.unibe.ch/dfr/bv065001.html. Retrieved September 22, 2019.
- Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.-H., Le Métayer, D., Tirtea, R., et al. (2015). Privacy and data protection by design-from policy to engineering. Heraklion: European Union Agency for Network and Information Security.Google Scholar
- Domingo-Ferrer, J., Blanco, A., Parra-Arnau, J., Herrmann, D., Kirichenko, A., Sullivan, S., Patel, A., Bangerter, E., & Inversini, R. (2017). CANVAS white paper 4-technological challenges in cybersecurity. The CANVAS project. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3091942. Retrieved September 22, 2019.
- Domingo-Ferrer, J., Wu, Q., & Blanco-Justicia, A. (2015). Flexible and robust privacy-preserving implicit authentication. In IFIP SEC 2015 (pp. 18–34). Springer.Google Scholar
- EU Scientific Advice Mechanism. (2016). Scoping paper: Cybersecurity. High Level Group of Scientific Advisors.Google Scholar
- EU Scientific Advice Mechanism. (2017). Cybersecurity in the European digital single market. High Level Group of Scientific Advisors, Scientific Opinion No. 2.Google Scholar
- European Commission. (2013). Cybersecurity strategy of the European Union: An open, safe and secure cyberspace. Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions.Google Scholar
- European Union. (2016). General data protection regulation. Regulation (EU) 2016/679. https://gdpr-info.eu. Retrieved September 22, 2019.
- Floridi, L., & Cowls, J. (2019). A unified framework of five principles for AI in society. Harvard Data Science Review, 1. https://hdsr.mitpress.mit.edu/pub/l0jsh9d1.
- Fung, B. (2018). The FCC’s net neutrality rules are officially repealed today. Here’s what that really means. The Washington Post.Google Scholar
- Hoepman, J. -H. (2014). Privacy design strategies (extended abstract). In IFIP SEC 2014 (pp. 446–459). Springer.Google Scholar
- Koops, B. -J. (2013) Crypto law survey. Version 27.0. February. http://www.cryptolaw.org. Retrieved September 19, 2019.
- Ma, A. (2018). China has started ranking citizens with a creepy ’social credit’ system—Here’s what you can do wrong, and the embarrassing, demeaning ways they can punish you. Business Insider. https://www.businessinsider.com/china-social-credit-system-punishments-and-rewards-explained-2018-4.
- Nakashima, E. (2016). Apple vows to resist FBI demand to crack iPhone linked to San Bernardino attacks. Washington Post.Google Scholar
- New Oxford American Dictionary. (2015). 3rd edition. Oxford: Oxford University Press.Google Scholar
- OWASP—Open Web Application Security Project. (2019). https://www.owasp.org/index.php/Main_Page. Retrieved September 19, 2019.
- Project Shield—Protecting news from digital attacks. (2019). https://projectshield.withgoogle.com/public/. Retrieved September 19, 2019.
- Riera-Jorba, A., & Castellà-Roca, J. (2007). Secure remote electronic voting system and cryptographic protocols and computer programs employed. U. S. Patent No. 7,260,552.Google Scholar
- Rogaway, P. (2015). The moral character of cryptographic work. IACR Cryptology ePrint Archive, Report 2015/1162. https://eprint.iacr.org/2015/1162. Retrieved September 22, 2019.
- The EU H2020-700540 “CANVAS” project (2016–2019). https://canvas-project.eu.
- The Spamhaus Project. (2019). https://www.spamhaus.org. Retrieved September 19, 2019.
- The Tor Project. (2019). https://www.torproject.org. Retrieved September 19, 2019.
- UN General Assembly. (1948). Universal declaration of human rights. https://www.un.org/en/universal-declaration-human-rights/. Accessed 22 Sept 2019.
- U.S. Department of Homeland Security. (2009). A roadmap for cybersecurity research. https://www.dhs.gov/sites/default/files/publications/CSD-DHS-Cybersecurity-Roadmap_0.pdf. Retrieved September 22, 2019.
- Warren, T. (2015) UK government could ban encrypted communications with new surveillance powers. The Verge. https://www.theverge.com/2015/1/12/7533065/whatsapp-imessage-ban-uk-government-encryption.
- Wassenaar Arrangement. (1995) The Wassenaar Arrangement on export controls for conventional arms and dual-use goods and technologies. https://www.wassenaar.org. Retrieved September 19, 2019.
- Westin, A. F. (1970). Privacy and freedom. New York: Atheneum.Google Scholar