TY - JOUR
T1 - Building an active computer security ethics community
AU - Dittrich, David
AU - Bailey, Michael
AU - Dietrich, Sven
N1 - Funding Information:
IRBs seem best suited to processing and reviewing applications; however, the existing drawbacks of narrowness of scope, lack of technical expertise, lack of existing regulatory authority, US-centrism, and lack of prospective guidance for researchers limit their usefulness.13,14 Funding agencies such as the US National Science Foundation (NSF) and DARPA could similarly provide accountability and enforcement functions, but are also limited by lack of educational resources and prospective guidance for proposers. Moreover, they have authority only over those seeking funding from them. Program committees are more general, international in scope, and already provide a peer-review function. They’re not, however, uniform in their membership. In addition, they’re typically involved after research is completed, and they perform their function semi-anonymously and in private. Professional associations often have ethics boards, require acceptance of the association’s code of conduct as a condition of membership, and provide an educational and inspirational role for their members. However, their authority extends only to members, and enforcement is limited to expulsion from the society.
PY - 2011/7
Y1 - 2011/7
N2 - The Declaration of Helsinki and Belmont Report motivated the growth of bioethics alongside traditional biomedical research. Unfortunately, no equivalently active ethics discipline has paralleled the growth of computer security research, where serious ethical challenges are regularly raised by studies of increasingly sophisticated security threats (such as worms, botnets, and phishing). In this absence, program committees and funding agencies routinely must judge the acceptability of research studies. Such judgments are often difficult because of a lack of community consensus on ethical standards, disagreement about who should enforce standards and how, and limited experience applying ethical decision-making methods. This article motivates the need for such a community, touching on the extensive field of ethical decision making, examining existing ethical guidelines and enforcement mechanisms used by the computer security research community, and calling the community to joint action to address this broad challenge.
AB - The Declaration of Helsinki and Belmont Report motivated the growth of bioethics alongside traditional biomedical research. Unfortunately, no equivalently active ethics discipline has paralleled the growth of computer security research, where serious ethical challenges are regularly raised by studies of increasingly sophisticated security threats (such as worms, botnets, and phishing). In this absence, program committees and funding agencies routinely must judge the acceptability of research studies. Such judgments are often difficult because of a lack of community consensus on ethical standards, disagreement about who should enforce standards and how, and limited experience applying ethical decision-making methods. This article motivates the need for such a community, touching on the extensive field of ethical decision making, examining existing ethical guidelines and enforcement mechanisms used by the computer security research community, and calling the community to joint action to address this broad challenge.
KW - computer crime
KW - computer network security
KW - computer security
KW - ethics
KW - professional societies
KW - technology social factors
UR - http://www.scopus.com/inward/record.url?scp=79959421312&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79959421312&partnerID=8YFLogxK
U2 - 10.1109/MSP.2010.199
DO - 10.1109/MSP.2010.199
M3 - Article
AN - SCOPUS:79959421312
SN - 1540-7993
VL - 9
SP - 32
EP - 40
JO - IEEE Security and Privacy
JF - IEEE Security and Privacy
IS - 4
M1 - 5669246
ER -