Ethical dilemmas related to cybersecurity

10th Dec 2020

Authors: Pawlicka A., Pawlicki M., Choras M. (ITTI, Poznan, Poland)

Cybersecurity is the opposite of cybercrime; it deals with protecting people, their money and data. Despite being an undoubtedly positive thing, it causes some major concerns of ethical nature, which emerge and develop along with the development of cyberspace and online services.

Years ago, when cyberspace and the Internet had just started to gain their immense popularity, the main ethical dilemmas mostly concerned the broadly understood privacy of the users. The privacy-related ethical issues emerge at almost every level, starting from the most general, national one. The dilemma here is about striking the balance between securing the country’s assets as a whole and respecting the privacy of citizens; this issue mostly addresses the means of surveillance [1][2]. Then, there is the level of companies and organizations that process users’ data. Can they be trusted with protecting the data from leaking or being stolen? Could the user be sure the company will not sell their data to other entities? Finally, there are a number of ethical dilemmas related to individuals who purposefully or unintentionally handle other people’s data. For example, can IT specialists look through the photos stored at the computer they are fixing? Can a researcher who explores the Dark web use the data they find to report crimes [3]? etc.

Recently, the application of artificial intelligence (AI) in various domains including cybersecurity has massively increased. This created new technical dilemmas, which also bear profound ethical consequences, namely explainability and fairness. In the times where some decisions and processes are left for the AI algorithms to make, as they show better effectiveness than humans (e.g., at predicting breast cancer, [4]), their results and the reasoning behind them must be transparent and explainable, i.e., humans must know the mechanisms and be able to comprehend them. AI algorithms must be fair as well – their results must be independent of sensitive variables, such as gender, ethnicity, etc. [5][6] The SAFAIR programme, one of the four SPARTA programmes, focuses on addressing the questions of explainability and fairness.

Along with the outbreak of the COVID-19 pandemic, the year 2020 brought a whole new array of cybersecurity-related ethical issues. Due to social distancing and imposed isolation, millions of people were made to switch to working, shopping and communicating online, almost overnight. This caused malicious cyberspace actors to become increasingly active, trying to exploit vulnerable people by various means. Firstly, it has been observed that the amount of various cyberattacks and malicious software has sharply risen, to an unprecedented scale [7][8]. Particularly, two of the attacks have gained public attention: ransomware and phishing e-mails. The former type is especially notorious, as there have been the cases where even hospitals got attacked, and went out of service after refusing to pay ransom [9]. The latter is related to the fact, that the Internet is full of the COVID-19 related fake news and the citizens are disoriented, scared and vulnerable. Unsuspecting users open e-mails seemingly coming from trusted organizations, containing coronavirus-specific topics, urging them to click the links they contain, which leads to personal data and credentials being stolen.

Another ethical dilemma concerns the contact tracing app campaigns. Although the principles behind them seem to be noble, many experts have openly expressed their concern about the apps being used for excessive surveillance and gathering vast amounts of people’s sensitive, personal data, for the reasons different from the original ones [10].

Finally, the sudden switch of the whole societies to digital services has deepened the inequalities; the privilege of having an Internet-connected device and the proper skills to use it has never been so significant before. Due to this situation, many people of different age groups have lost access to education, work, information. This has led to even more instances of social exclusion [11].

The challenge for cybersecurity is to protect people, their data and assets and at the same time not violate fundamental rights, but rather, reinforce them. Although it is not a simple task, there is no need for a trade-off between security and human rights. Even if the global situation is extremely grim, cybersecurity’s first objective must be protecting thefreedoms and rights of citizens.

  1. EDRi (2018) New Protocol on cybercrime: a recipe for human rights abuse? In: Eur. Digit. Rights
  2. Lindskog D (2017) The top 7 ethical dilemmas reported by IT in 2016. IT World Canada
  3. Pompom R (2018) The ethical and legal dilemmas of threat researchers. HelpNetSecurity
  4. Hamzelou J (2020) AI system is better than human doctors at predicting breast cancer. New Sci.
  5. Choraś M, Pawlicki M, Puchalski D, Kozik R (2020) Machine Learning - The Results Are Not the only Thing that Matters! What About Security, Explainability and Fairness? ICCS 4:615–628
  6. Dobrygowski D, Hoffman W (2019) We Need to Build Up ‘Digital Trust’ in Tech. In: Wired.
  7. UNODC (2020) COVID-19: Cyber Threat Analysis
  8. WHO (2020) WHO reports fivefold increase in cyber attacks, urges vigilance. In: World Heal. Organ.
  9. Cytelligence (2020) Cybersecurity in 2020
  10. Davis J (2020) COVID-19 Contact Tracing Apps Spotlight Privacy, Security Rights. Heal. IT Secur.
  11. World Council of Churches (2020) Web meeting focuses on cyber ethical challenges of COVID-19. World Counc. Churches