Yiming Zhang,Mingxuan Liu,Mingming Zhang,Chaoyi Lu,Haixin Duan

DOI: https://doi.org/10.1109/eurospw55150.2022.00064

2022-01-01

Abstract:Ethics has become a prevalent and important criterion for academic research. However, achieving ethical compliance in practice is a highly complex and specialized task. In the field of computer security research, although top-tier conferences all have set out visions for ethical compliance, researchers may encounter practical dilemmas such as the lack of assistance from legal departments and the absence of specific domain guidelines, leading to various realistic obstacles to ethical treatment. This paper provides a comprehensive investigation of ethical considerations in computer security research. We first summarize the ethical requirements of top-tier security and network conferences. Then, based on a survey of 6,078 academic papers and an online investigation of 248 researchers mainly from a Chinese security community, we reveal the current status and practical issues of ethical considerations in security research. In particular, given the plight of the lack of authoritative ethical guidance, we offer a series of suggestions on how researchers at institutions without authoritative departments could best mitigate ethical risks. We also raise several open questions, and expect to help seek paths towards better ethical compliance for the security community.

Travis LaCroix

DOI: https://doi.org/10.1007/s43681-022-00134-y

2022-03-12

Abstract:Autonomous systems are being developed and deployed in situations that may require some degree of ethical decision-making ability. As a result, research in machine ethics has proliferated in recent years. This work has included using moral dilemmas as validation mechanisms for implementing decision-making algorithms in ethically-loaded situations. Using trolley-style problems in the context of autonomous vehicles as a case study, I argue (1) that this is a misapplication of philosophical thought experiments because (2) it fails to appreciate the purpose of moral dilemmas, and (3) this has potentially catastrophic consequences; however, (4) there are uses of moral dilemmas in machine ethics that are appropriate and the novel situations that arise in a machine-learning context can shed some light on philosophical work in ethics.

Computers and Society,Artificial Intelligence

Helen Nissenbaum,Batya Friedman,Edward Felten

DOI: https://doi.org/10.48550/arXiv.cs/0110001

2001-09-28

Computers and Society

Abstract:This paper focuses on a tension we discovered in the philosophical part of our multidisciplinary project on values in web-browser security. Our project draws on the methods and perspectives of empirical social science, computer science, and philosophy to identify values embodied in existing web-browser security and also to prescribe changes to existing systems (in particular, Mozilla) so that values relevant to web-browser systems are better served than presently they are. The tension, which we had not seen explicitly addressed in any other work on computer security, emerged when we set out to extract from the concept of security the set values that ought to guide the shape of web-browser security. We found it impossible to construct an internally consistent set of values until we realized that two robust -- and in places competing -- conceptions of computer security were influencing our thinking. We needed to pry these apart and make a primary commitment to one. One conception of computer security invokes the ordinary meaning of security. According to it, computer security should protect people -- computer users -- against dangers, harms, and threats. Clearly this ordinary conception of security is already informing much of the work and rhetoric surrounding computer security. But another, substantively richer conception, also defines the aims and trajectory of computer security -- computer security as an element of national security. Although, like the ordinary conception, this one is also concerned with protection against threats, its primary subject is the state, not the individual. The two conceptions suggest divergent system-specifications, not for all mechanisms but a significant few.

Elija Perrier

DOI: https://doi.org/10.48550/arXiv.2102.04234

2021-01-31

Abstract:The ethical consequences of, constraints upon and regulation of algorithms arguably represent the defining challenges of our age, asking us to reckon with the rise of computational technologies whose potential to radically transforming social and individual orders and identity in unforeseen ways is already being realised. Yet despite the multidisciplinary impact of this algorithmic turn, there remains some way to go in motivating the crossdisciplinary collaboration that is crucial to advancing feasible proposals for the ethical design, implementation and regulation of algorithmic and automated systems. In this work, we provide a framework to assist cross-disciplinary collaboration by presenting a Four C's Framework covering key computational considerations researchers across such diverse fields should consider when approaching these questions: (i) computability, (ii) complexity, (iii) consistency and (iv) controllability. In addition, we provide examples of how insights from ethics, philosophy and population ethics are relevant to and translatable within sciences concerned with the study and design of algorithms. Our aim is to set out a framework which we believe is useful for fostering cross-disciplinary understanding of pertinent issues in ethical algorithmic literature which is relevant considering the feasibility of ethical algorithmic governance, especially the impact of computational constraints upon algorithmic governance.

Computers and Society,Machine Learning

Marc Steen

DOI: https://doi.org/10.1145/3635302

IF: 22.7

2024-05-23

Communications of the ACM

Abstract:In 1967, English philosopher Philippa Foot wanted to discuss the doctrine of double effect 2 : The difficulty of evaluating acting from good intentions whilst also bringing about harm as a side effect. She invited readers to imagine being "the driver of a runaway tram which he can only steer from one narrow track onto another; five men are working on one track and one man on the other; anyone on the track he enters is bound to be killed." To explore moral reasoning, people have created variations of what is now known as the Trolley Problem. For instance, a situation in which you have a lever that you can use to divert the trolley, so that one person is killed instead of five, or a situation in which you stand on a bridge above the track, with a person whom you can throw in front of the trolley to stop it. (Fewer people will choose to throw this person because it feels like killing that person, whereas pulling the lever feels like having the trolley do the killing.) Meanwhile, the Trolley Problem has become a trope, appearing in a comedy series, a and in many conversations about technology and ethics. The Problem The Trolley Problem has inspired scores of psychology experiments, including MIT's Moral Machine, 1 an online survey where people had to decide what a self-driving car should do in case of an impending accident. Participants were given a series of pairs of scenarios, presented as map-like diagrams, with various numbers and types of pedestrians and passengers. For each pair of scenarios, they had to choose between options such as driving ahead and killing pedestrians, or veering into an obstacle and killing passengers. Based on 40 million responses from more than 200 countries, they found general preferences, such as sparing humans over animals. They also found differences between cultures. People from countries with collectivistic cultures prefer sparing lives of older people instead of the lives of younger people. And people from poorer countries with weaker institutions tend to spare pedestrians who cross illegally. Clearly, Foot did not intend to present a practical problem that we can solve through computer science or software engineering. However, maybe such experiments can provide some clues for programming self-driving cars? Maybe indeed. Maybe not. There are at least two reasons why a study like the Moral Machine is inadequate in guiding the development of self-driving cars. First, it probed people's preferences . Scottish philosopher David Hume famously reminded us to not confuse is and ought 3 : You cannot derive moral statements from empirical findings. If people do X or say that they would do X, it does not automatically follow that X is morally acceptable or recommendable. This is called the naturalistic fallacy : the incorrect belief that what is the case also ought to be . Furthermore, the survey used scenarios that depict different types of pedestrians, rather stereotypically: homeless people, with a baggy coat; business people, with a suitcase; medical personnel, with a first-aid kit; and criminal people, with a mask and loot. Participants probably took these differences into account in the survey. In practice, however, people do not carry such identifiers, and it would be undesirable or unrealistic to require them to do that, so self-driving cars cannot take into account their identities. The problem with invoking the Trolley Problem in discussions of ethics and technology is that people might believe that surveying people's preferences can "solve" ethical questions and that computer scientists and software engineers can "solve" ethics through calculation and optimization. (An interesting view on the Trolley Problem, from a virtue ethics perspective, is from Liezl van Zyl. 10 ) In this Communications Opinion column, I present an alternative approach, more aligned with the original function of the Trolley Problem as a thought experiment: To promote ethical reflection and deliberation regarding the development and deployment of technologies 7 , 8 and ultimately result in more ethical design decisions. Context First, we can put the trolley, the workers, and the moral agent in a larger context to better understand the problem and to envision multiple approaches to enhancing the safety of emerging technologies. The original description is parsimonious on purpose: a trolley with a broken brake, two tracks with people, and you with a lever. Real life, however, is more complex. We can turn to systems thinking 4 to understand and appreciate how seemingly separate elements relate within a larger sociotechnical system aroun -Abstract Truncated-

computer science, theory & methods, software engineering, hardware & architecture

David R. Wright

DOI: https://doi.org/10.48550/arXiv.0706.0484

2007-06-04

General Literature

Abstract:Modern society is permeated with computers, and the software that controls them can have latent, long-term, and immediate effects that reach far beyond the actual users of these systems. This places researchers in Computer Science and Software Engineering in a critical position of influence and responsibility, more than any other field because computer systems are vital research tools for other disciplines. This essay presents several key ethical concerns and responsibilities relating to research in computing. The goal is to promote awareness and discussion of ethical issues among computer science researchers. A hypothetical case study is provided, along with questions for reflection and discussion.

Tina L. Peterson,Rodrigo Ferreira,Moshe Y. Vardi

DOI: https://doi.org/10.1109/tts.2022.3233776

2023-03-01

IEEE Transactions on Technology and Society

Abstract:As computing becomes more powerful and extends the reach of those who wield it, the imperative grows for computing professionals to make ethical decisions regarding the use of that power. We propose the concept of abstracted power to help computer science students understand how technology may distance them perceptually from consequences of their actions. Specifically, we identify technological intermediation and computational thinking as two factors in computer science that contribute to this distancing. To counter the abstraction of power, we argue for increased emotional engagement in computer science ethics education, to encourage students to feel as well as think regarding the potential impacts of their power on others. We suggest four concrete pedagogical approaches to enable this emotional engagement in computer science ethics curriculum, and we share highlights of student reactions to the material.

English Else

Bryce Allen Bagley

2024-04-20

Abstract:The rapid advancement in neurotechnology in recent years has created an emerging critical intersection between neurotechnology and security. Implantable devices, non-invasive monitoring, and non-invasive therapies all carry with them the prospect of violating the privacy and autonomy of individuals' cognition. A growing number of scientists and physicians have made calls to address this issue, but applied efforts have been relatively limited. A major barrier hampering scientific and engineering efforts to address Cognitive Security is the lack of a clear means of describing and analyzing relevant problems. In this paper we develop Cognitive Security, a mathematical framework which enables such description and analysis by drawing on methods and results from multiple fields. We demonstrate certain statistical properties which have significant implications for Cognitive Security, and then present descriptions of the algorithmic problems faced by attackers attempting to violate privacy and autonomy, and defenders attempting to obstruct such attempts.

Cryptography and Security,Computers and Society,Emerging Technologies,Machine Learning,Neurons and Cognition

Shun Inagaki,Robert Ramirez,Masaki Shimaoka,Kenichi Magata

DOI: https://doi.org/10.48550/arXiv.2011.13925

2020-11-26

Cryptography and Security

Abstract:When dealing with leading edge cyber security research, especially when operating from the perspective of an attacker or a red team, it becomes necessary for one to at times consider how ethics comes into play. There are currently no cyber security-specific ethics standards, which in particular is one reason more adversarial cyber security research lags behind in Japan. In this research, using machine learning and manual methods we extracted best practices for research ethics from past top conference papers. Using this knowledge we constructed an ethics knowledge base for cyber security research. Such a knowledge base can be used to properly distinguish grey-area research so that it is not wrongly forbidden. Using a decision tree-style user interface that we created for our knowledge base, researchers may be able to efficiently identify which aspects of their research require ethical consideration. In this work, as a preliminary step we focused on only a portion of the areas of research covered by cyber security conferences, but our results are applicable to any area of research.

Joseph Fenech,Deborah Richards,Paul Formosa

DOI: https://doi.org/10.1016/j.cose.2024.103795

IF: 5.105

2024-03-04

Computers & Security

Abstract:The human factor in information systems is a large vulnerability when implementing cybersecurity, and many approaches, including technical and policy driven solutions, seek to mitigate this vulnerability. Decisions to apply technical or policy solutions must consider how an individual's values and moral stance influence their responses to these implementations. Our research aims to evaluate how individuals prioritise different ethical principles when making cybersecurity sensitive decisions and how much perceived choice they have when doing so. Further, we sought to use participants' responses to cybersecurity scenarios to create profiles that describe their values and individual factors including personality. Participants (n = 193) in our study responded to five different ethically sensitive cybersecurity scenarios in random order, selecting their action in that scenario and rating and ranking of the ethical principles (i.e., Beneficence, Non-Maleficence, Justice, Autonomy, Explicability) behind that action. Using participants' demographics, personality, values, and cyber hygiene practices, we created profiles using machine learning to predict participants' choices and the principle of most importance to them across scenarios. Further, we found that, generalising, for our participants Autonomy was the most important ethical principle in our scenarios, followed by Justice. Our study also suggests that participants felt they had some agency in their decision making and they were able to weigh up different ethical principles.

computer science, information systems

Lachlan D. Urquhart,Peter J. Craigon

DOI: https://doi.org/10.1080/23299460.2021.1880112

IF: 3.37

2021-01-02

Journal of Responsible Innovation

Abstract:<span>This paper presents a new ethics by design tool: The Moral-IT Deck. The deck is a set of physical cards that prompt reflection on normative aspects of technology development. Coupled with our Moral-IT Impact Assessment Board, they help technologists to reflect on how to address emerging ethical risks and implement appropriate safeguards. We present the card deck, their development and our empirical evaluation. The cards and board enable designers to reflect on challenges posed by their system and plan how to act in response. Our key findings relate to three themes, namely: the value of our cards as a tool, their impact on the technology design process, and how they structure ethical reflection. Key lessons and concepts conclude the paper, documenting how the cards level the playing field for debate; enable ethical clustering, sorting and comparison; provide appropriate anchors for discussion, and highlight the intertwined nature of ethics.</span>

management,ethics,history & philosophy of science,social issues

Amir Hedayati-Mehdiabadi

DOI: https://doi.org/10.1145/3483841

2022-04-13

ACM Transactions on Computing Education

Abstract:The daily influence of new technologies on shaping and reshaping human lives necessitates attention to the ethical development of the future computing workforce. To improve computer science students’ ethical decision-making, it is important to know how they make decisions when they face ethical issues. This article contributes to the research and practice of computer ethics education by identifying the factors that influence ethical decision-making of computer science students and providing implications to improve the process. Using a constructivist grounded theory approach, the data from the text of the students’ discussion postings on three ethical scenarios in computer science and the follow-up interviews were analyzed. Based on the analysis, relating to real-life stories, thoughtfulness about responsibilities that come from the technical knowledge of developers, showing care for users or others who might be affected, and recognition of fallacies contributed to better ethical decision-making. On the other hand, falling for fallacies and empathy for developers negatively influenced students' ethical decision-making process. Based on the findings, this study presents a model of factors that influence the ethical decision-making process of computer science students, along with implications for future researchers and computer ethics educators.

education, scientific disciplines

Brian C. Keegan,J. Nathan Matias

DOI: https://doi.org/10.48550/arXiv.1511.06578

2015-11-20

Abstract:Managers regularly face a complex ethical dilemma over how to best govern online communities by evaluating the effectiveness of different social or technical strategies. What ethical considerations should guide researchers and managers when they employ causal research methods that make different community members bear different risks and benefits, under different levels of consent? We introduce a structural framework for evaluating the flows of risks and benefits in social systems with multiple interacting parties. This framework has implications for understanding the governmentality of managing socio-technical systems, for making research ethics discussions more commensurable, and for enumerating alternative goals researchers might pursue with interventions.

Computers and Society

Nadya Bliss,Lawrence A. Gordon,Daniel Lopresti,Fred Schneider,Suresh Venkatasubramanian

DOI: https://doi.org/10.48550/arXiv.2101.01264

2021-01-04

Computers and Society

Abstract:Computing devices are vital to all areas of modern life and permeate every aspect of our society. The ubiquity of computing and our reliance on it has been accelerated and amplified by the COVID-19 pandemic. From education to work environments to healthcare to defense to entertainment - it is hard to imagine a segment of modern life that is not touched by computing. The security of computers, systems, and applications has been an active area of research in computer science for decades. However, with the confluence of both the scale of interconnected systems and increased adoption of artificial intelligence, there are many research challenges the community must face so that our society can continue to benefit and risks are minimized, not multiplied. Those challenges range from security and trust of the information ecosystem to adversarial artificial intelligence and machine learning. Along with basic research challenges, more often than not, securing a system happens after the design or even deployment, meaning the security community is routinely playing catch-up and attempting to patch vulnerabilities that could be exploited any minute. While security measures such as encryption and authentication have been widely adopted, questions of security tend to be secondary to application capability. There needs to be a sea-change in the way we approach this critically important aspect of the problem: new incentives and education are at the core of this change. Now is the time to refocus research community efforts on developing interconnected technologies with security "baked in by design" and creating an ecosystem that ensures adoption of promising research developments. To realize this vision, two additional elements of the ecosystem are necessary - proper incentive structures for adoption and an educated citizenry that is well versed in vulnerabilities and risks.

Ivan Flechais,George Chalhoub

2023-11-17

Abstract:Research into the ethics of cybersecurity is an established and growing topic of investigation, however the translation of this research into practice is lacking: there exists a small number of professional codes of ethics or codes of practice in cybersecurity, however these are very broad and do not offer much insight into the ethical dilemmas that can be faced while performing specific cybersecurity activities. In order to address this gap, we leverage ongoing work on the Cyber Security Body of Knowledge (CyBOK) to help elicit and document the responsibilities and ethics of the profession. Based on a literature review of the ethics of cybersecurity, we use CyBOK to frame the exploration of ethical challenges in the cybersecurity profession through a series of 15 interviews with cybersecurity experts. Our approach is qualitative and exploratory, aiming to answer the research question "What ethical challenges, insights, and solutions arise in different areas of cybersecurity?". Our findings indicate that there are broad ethical challenges across the whole of cybersecurity, but also that different areas of cybersecurity can face specific ethical considerations for which more detailed guidance can help professionals in those areas. In particular, our findings indicate that security decision-making is expected of all security professionals, but that this requires them to balance a complex mix of technical, objective and subjective points of view, and that resolving conflicts raises challenging ethical dilemmas. We conclude that more work is needed to explore, map, and integrate ethical considerations into cybersecurity practice; the urgent need to conduct further research into the ethics of cybersecurity AI; and highlight the importance of this work for individuals and professional bodies who seek to develop and mature the cybersecurity profession in a responsible manner.

Cryptography and Security,Human-Computer Interaction

Emily Kesler

2024-05-17

Abstract:Classical cybersecurity is often perceived as a rigid science discipline filled with computer scientists and mathematicians. However, due to the rapid pace of technology development and integration, new criminal enterprises, new defense tactics, and the understanding of the human element, cybersecurity is quickly beginning to encompass more than just computers. Cybersecurity experts must broaden their perspectives beyond traditional disciplinary boundaries to provide the best protection possible. They must start to practice transdisciplinary cybersecurity. Taking influence from the Stakeholder Theory in business ethics, this paper presents a framework to encourage transdisciplinary thinking and assist experts in tackling the new challenges of the modern day. The framework uses the simple Think, Plan, Do approach to enable experts to develop their transdisciplinary thinking. The framework is intended to be used as an evaluation tool for existing cybersecurity practices or postures, as a development tool to engage with other disciplines to foster learning and create new methods, and as a guidance tool to encourage new ways of thinking about, perceiving, and executing cybersecurity practices. For each of those intended uses, a use case is presented as an example to showcase how the framework might be used. The ultimate goal of this paper is not the framework but transdisciplinary thinking. By using the tool presented here and developing their own transdisciplinary thinking, cybersecurity experts can be better prepared to face cybersecurity's unique and complex challenges.

Cryptography and Security

Katie Shilton,Donal Heidenblad,Adam Porter,Susan Winter,Mary Kendig

DOI: https://doi.org/10.1007/s11948-020-00250-0

Abstract:There is growing consensus that teaching computer ethics is important, but there is little consensus on how to do so. One unmet challenge is increasing the capacity of computing students to make decisions about the ethical challenges embedded in their technical work. This paper reports on the design, testing, and evaluation of an educational simulation to meet this challenge. The privacy by design simulation enables more relevant and effective computer ethics education by letting students experience and make decisions about common ethical challenges encountered in real-world work environments. This paper describes the process of incorporating empirical observations of ethical questions in computing into an online simulation and an in-person board game. We employed the Values at Play framework to transform empirical observations of design into a playable educational experience. First, we conducted qualitative research to discover when and how values levers-practices that encourage values discussions during technology development-occur during the design of new mobile applications. We then translated these findings into gameplay elements, including the goals, roles, and elements of surprise incorporated into a simulation. We ran the online simulation in five undergraduate computer and information science classes. Based on this experience, we created a more accessible board game, which we tested in two undergraduate classes and two professional workshops. We evaluated the effectiveness of both the online simulation and the board game using two methods: a pre/post-test of moral sensitivity based on the Defining Issues Test, and a questionnaire evaluating student experience. We found that converting real-world ethical challenges into a playable simulation increased student's reported interest in ethical issues in technology, and that students identified the role-playing activity as relevant to their technical coursework. This demonstrates that roleplaying can emphasize ethical decision-making as a relevant component of technical work.

Kathrin Bednar,Sarah Spiekermann

DOI: https://doi.org/10.1007/s12599-023-00837-4

2023-10-21

Business & Information Systems Engineering

Abstract:The digital transformation of the economy is accelerating companies' engagement in information technology (IT) innovation. To anticipate which technologies will become relevant over time and integrate them in their innovation plans, companies often rely on product roadmaps as strategic tools. However, ethical issues resulting from ubiquitous IT use have shown the need to accommodate hyped technical advancements in information systems (IS) design and acknowledge human values with moral relevance. Scholars have argued that this moral relevance can only come from an ethical framework. The empirical study presented here investigates whether the three ethical theories of utilitarianism, virtue ethics, and deontology can complement traditional innovation planning approaches. The mixed-method study covers three IT products – a digital toy, a food-delivery app and a telemedicine system. The results reveal that the three ethical theories boost creativity around values and enrich IT innovation planning by supporting the acknowledgment of more and higher value principles (e.g., freedom or personal growth), more diverse value classes (e.g., individual and social values) as well as more original values (e.g., human contact) in system design. What is more, participants identify and mitigate potential social and ethical issues associated with the IT product. Against this background, the findings in this paper suggest that a "value-based roadmapping" approach could be a vital stimulus for future IT innovation planning.

computer science, information systems

Deirdre K. Mulligan,Joshua A. Kroll,Nitin Kohli,Richmond Y. Wong

DOI: https://doi.org/10.1145/3359221

2019-09-26

Abstract:The explosion in the use of software in important sociotechnical systems has renewed focus on the study of the way technical constructs reflect policies, norms, and human values. This effort requires the engagement of scholars and practitioners from many disciplines. And yet, these disciplines often conceptualize the operative values very differently while referring to them using the same vocabulary. The resulting conflation of ideas confuses discussions about values in technology at disciplinary boundaries. In the service of improving this situation, this paper examines the value of shared vocabularies, analytics, and other tools that facilitate conversations about values in light of these disciplinary specific conceptualizations, the role such tools play in furthering research and practice, outlines different conceptions of "fairness" deployed in discussions about computer systems, and provides an analytic tool for interdisciplinary discussions and collaborations around the concept of fairness. We use a case study of risk assessments in criminal justice applications to both motivate our effort--describing how conflation of different concepts under the banner of "fairness" led to unproductive confusion--and illustrate the value of the fairness analytic by demonstrating how the rigorous analysis it enables can assist in identifying key areas of theoretical, political, and practical misunderstanding or disagreement, and where desired support alignment or collaboration in the absence of consensus.

Computers and Society,Human-Computer Interaction

Rediet Abebe,Solon Barocas,Jon Kleinberg,Karen Levy,Manish Raghavan,David G. Robinson

DOI: https://doi.org/10.1145/3351095.3372871

2020-07-09

Abstract:A recent normative turn in computer science has brought concerns about fairness, bias, and accountability to the core of the field. Yet recent scholarship has warned that much of this technical work treats problematic features of the status quo as fixed, and fails to address deeper patterns of injustice and inequality. While acknowledging these critiques, we posit that computational research has valuable roles to play in addressing social problems -- roles whose value can be recognized even from a perspective that aspires toward fundamental social change. In this paper, we articulate four such roles, through an analysis that considers the opportunities as well as the significant risks inherent in such work. Computing research can serve as a diagnostic, helping us to understand and measure social problems with precision and clarity. As a formalizer, computing shapes how social problems are explicitly defined --- changing how those problems, and possible responses to them, are understood. Computing serves as rebuttal when it illuminates the boundaries of what is possible through technical means. And computing acts as synecdoche when it makes long-standing social problems newly salient in the public eye. We offer these paths forward as modalities that leverage the particular strengths of computational work in the service of social change, without overclaiming computing's capacity to solve social problems on its own.

Computers and Society