Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications

CIS Ethics - SEAS - University of Pennsylvania

advertisement 
Information Security at the
University of Pennsylvania:
Practical Applications and Experience with Information Ethics
CIS 401 Senior Design Course
Joshua Beeman
University Information Security Officer
February 23, 2012
Agenda
• UPenn InfoSec - Who we are and what we do
• Computer Ethics – Context and History
• Ethics in practice – Examples from UPenn
•
•
•
•
•
•
•
Policy & Incidents
Workplace issues
Intellectual Property and Copyright
Cybercrime
Privacy
Professional Codes of Conduct
Globalization
Office of Information Security
Jim Choate (Executive Director, ISC/AIT)
Joshua Beeman (University Information Security Officer)
Senior Information Security Specialists:
John Lupton
Melissa Muth
Dana Taylor
Contact security@isc.upenn.edu and reach all of us!
Office of Information Security
Information Security’s core mission is to develop
strategies and practices that protect Penn’s
confidential and sensitive information assets.
Office
of
Information
Security
Information Security Services
Information Securityrelated projects and
initiatives
Security consultation,
awareness & training
Development of policy
Reporting on events and
trends
Risk assessment, risk
management, threat
monitoring, and related
communications
Incident handling,
response, investigation
and notification
Point of contact and
coordination
Brief Video…
https://www.youtube.com/watch?v=6bahX2rrT1I
Why it’s relevant
• Facemash - Zuckerberg was
charged by the
administration with breach
of security, violating
copyrights, and violating
individual privacy.
• Later used in an Art History
class as a “social study tool”.
Image from:
https://www.facebook.com/photo.php?fbid=794826159841&set=a.794820416351
.2344423.1681&pid=41088721&id=1681
Ethics Defined
The rules of conduct recognized in certain associations or
departments of human life. - (O.E.D.)
More simply: the distinction between right and wrong in a given
context.
Computer Ethics – History & Key Themes
1940's
• Norbert Wiener:
• Originator of cybernetics – the structure of regulatory
systems - which he saw as having profound ethical
implications when applied to technology
• Metaphysical concepts around information
1970's
• Walter Maner
• Developed "Starter Kit" for Teaching Computer Ethics (1978)
• Defined topics, including: Privacy and Confidentiality,
Computer Crime, Professional ethics, etc.
• Believed computers introduced *new* ethical challenges
• Deborah Johnson
• Saw computers highlighting pre-existing ethical problems in
interesting - but not *new* ways. Resulted in the
"uniqueness" debate.
Computer Ethics – History & Key Themes
1980's
• Deborah Johnson published "Computer Ethics" textbook (1985)
• James Moor article "What is Computer Ethics", which describes
"policy vacuums" and "conceptual muddles".
1990's
• Donald Gotterbarn emphasized codes of conduct for computing
professionals "Computer Ethics: Responsibility Regained (1991)
• Establishment of professional organizations code of conducts, as
well as programs and tools to assist with ethical behavior (ACM,
IEEE, EFF, SEERI, SoDIS, etc.)
Universal/Key concepts:
• Technological impact on core human values, such as health,
happiness, abilities, knowledge, freedom, security, etc. (Wiener,
Moor, others)
• Context of cultural norms, practices, rules and laws that form
the basis for societal ethics (right and wrong).
Policy and the Relationship to Ethics
Policy documents what you can and cannot do.
Some key Penn resources:
• AUP
• Electronic Privacy
• Guidelines on Open Expression
• What guides policy?
• Directly related to the mission of your organization
• Frequently the place where we identify “conceptual muddles”
• Strongly driven by human values (e.g., Wiener, Moor)
Workplace Issues
• Employment/Labor Cases
• University Employee unauthorized use of IT resources, unlawful
behavior, violation of terms of employment, etc.
• Faculty responsibility to be SME?
• Penn Cloud assessments
Intellectual Property and Copyright
3%
• Copyright and IP issues
12%
• Digital Millennium Copyright Act (DMCA)
• Professional misconduct (e.g.,
plagiarism)
• Changing laws
• Context matters
• Different populations / different cultures
/ different ethical norms
• Copyright incidents
• Briton Chance website
2.60%
1st violation
2nd violation
82.40%
3rd violation
4th violation
Cyber Crime
• Penn Incidents & Examples
• Hacking & Malware
•
•
•
•
WebApp Backdoor
Zeus bot
Drive-by malware
Theft & cloud
• Hacktivism
Image courtesy of https://commons.wikimedia.org/wiki/File:Anonymous_at_Scientology_in_Los_Angeles.jpg
• 2009 - climate research emails at East Anglia University
• 2010 – 2011 – Numerous hacktivitst attacks by Anonymous group
on both governments and private sector.
• Enabling in the name of teaching/demonstration
• Square debate
Privacy
• Business of Penn – collecting information
about students, alumni, business partners,
etc.
• Regulations – PII, HIPAA, FERPA
• Cloud privacy concerns
• Social Media –
• UPenn MED grant
• Rutgers suicide
• Duke powerpoint
• Dr. Matt Blaze & Clipper Chip
• Other current events:
• FB lawsuit & Google Privacy Shift
• EPIC lawsuit
Professional Codes of Conduct
• Penn Institutional Review Board (IRB)
• Wikipedia research example
• Maner/Johnston uniqueness debate
• Note also: UPenn Social Media Guidance
• Ethical (“white hat”) hacking
• Gotterbarn in practice
•
•
•
•
ACM, IEEE
GCEH
ISC2
The Ten Commandments of Computer Ethics:
http://www.computerethicsinstitute.com
Professional Codes of Conduct
Example from The Computer Ethics Institute
1.
2.
3.
4.
5.
6.
Thou shalt not use a computer to harm other people.
Thou shalt not interfere with other people's computer work.
Thou shalt not snoop around in other people's computer files.
Thou shalt not use a computer to steal.
Thou shalt not use a computer to bear false witness.
Thou shalt not copy or use proprietary software for which you
have not paid.
7. Thou shalt not use other people's computer resources without
authorization or proper compensation.
8. Thou shalt not appropriate other people's intellectual output.
9. Thou shalt think about the social consequences of the program
you are writing or the system you are designing.
10. Thou shalt always use a computer in ways that ensure
consideration and respect for your fellow humans.
Globalization
• Collaboration
• Access Control and Shibboleth
• International Laws and Impact
• Wikileaks - Julian Assange
• IP and global economy
• Transcending Mission
• Arab Spring
• MIT open classroom & education gap
Some References & Resources
•
Computer and Information Ethics, Stanford Encyclopedia of Philosophy; Oct 23, 2008
http://plato.stanford.edu/entries/ethics-computer/
•
University of Pennsylvania Policy on Acceptable Use of Electronic Resources:
http://www.upenn.edu/computing/policy/aup.html
•
University of Pennsylvania Policy on Privacy in the Electronic Environment:
http://www.upenn.edu/almanac/v47/n04/OR-eprivacy.html
•
University of Pennsylvania Guidelines on Open Expression:
http://www.upenn.edu/provost/PennBook/guidelines_on_open_expression
•
Maner, W. (1980), Starter Kit in Computer Ethics, Hyde Park, NY: Helvetia Press and the National Information and
Resource Center for Teaching Philosophy.
•
Johnson, D. (1985), Computer Ethics, Third Edition Upper Saddle River, NJ: Prentice-Hall, 2001.
•
West, A.G., Hayati, P., Potdar, V., and Lee, I. (2012). Spamming for Science: Active Measurement in Web 2.0 Abuse
Research. In WECSR '12: Proceedings of the 3rd Workshop on Ethics in Computer Security Research, Kralendijk,
Bonaire. http://www.cis.upenn.edu/~westand/docs/wecsr_12_final.pdf
•
Dittrich, D., Bailey, M., Dietrich, S.: Building an active computer security ethics community. IEEE Security and
Privacy 9(4) (July/August 2011)
•
Peter Sunde (2012), Wired Magazine: “The Pirate Bay’s Peter Sunde: It’s Evolution, Stupid”, February 10, 2012
http://www.wired.com/threatlevel/2012/02/peter-sunde/
•
Tavernise, Sabrina, The New York Times, “Education Gap Grows Between Rich and Poor, Studies Say, February 9,
2012.
https://www.nytimes.com/2012/02/10/education/education-gap-grows-between-rich-and-poor-studiesshow.html
•
•
Verifone Consumer Alert: Card Skimming with Square, Uploaded by VeriFoneInc on Mar 9, 2011.
https://www.youtube.com/watch?v=ObGQxSuORy0
•
PÉREZ-PEÑA, Richard, The New York Times, "More Complex Picture Emerges in Rutgers Student’s Suicide, New
York Times, August 12, 2011. https://www.nytimes.com/2011/08/13/nyregion/with-tyler-clementi-suicide-morecomplex-picture-emerges.html?_r=1
•
Barber, C. Ryan, The Daily Tar Heel, "Yankaskas settles appeal, agrees to retire from UNC: Pay cut, demotion
rescinded in deal", April 18, 2011.
http://www.dailytarheel.com/index.php/article/2011/04/yankaskas_settles_appeal_agrees_to_retire_from_unc
•
“Clipper Chip”, Wikipedia entry: https://en.wikipedia.org/wiki/Clipper_chip
•
https://epic.org/
•
https://www.eff.org/
Related documents
Section V - Ethics 2
Section V - Ethics 2
Job Profile
Job Profile
Chief 101 PPT Ethics - North Carolina Department of Insurance
Chief 101 PPT Ethics - North Carolina Department of Insurance
Ten Commandments of Cyber Ethics
Ten Commandments of Cyber Ethics
Notes for Chapter 2 - Garnet Valley School District
Notes for Chapter 2 - Garnet Valley School District
McEthics in Europe and Asia Reactions
McEthics in Europe and Asia Reactions
Chapter 14 HR Ethics - UCO College of Business
Chapter 14 HR Ethics - UCO College of Business
What Would You Do? Ethics in Dental School
What Would You Do? Ethics in Dental School
Got Ethics?
Got Ethics?
Ethics in Problem Solving
Ethics in Problem Solving
Download
advertisement