Computer Security and Human Values

Peter G. Neumann

• 1. Introduction
• 2. Computer-Related Misbehavior
• 3. User-View System Requirements
• 4. System Security Requirements
• 5. Expectations on Human Behavior
• 6. Design/Implementation Concerns
• 7. Operational Concerns
• 8. Antisocial Behaviors
• 8.1 ‘Hacking,’ Good and Bad
• 8.2 Summary of Modes of Misuse
• 8.3 Deleterious Computer-System-Oriented Effects
• 8.4 Social Consequences
• 9. System Considerations
• 9.1 Identification, Authentication, and Authorization
• 9.2 Access Controls
• 9.3 Uses of Encryption Technology
• 9.4 Accountability and Monitoring
• 10. Future Needs
• 11. Conclusions
• 12. Some Topics for Discussions
• 13. Further Background
• 14. References
• Appendix: Updated Illustrative Risks to the Public…

10. Future Needs

The pervasive existence of the three gaps noted above suggests that efforts are needed to narrow each of the gaps. Some needs for the future include the following.

• Better systems, providing more comprehensive security with greater assurance – systems that are easier to use and to administer, easier to understand with respect to what is actually happening, more representative of the security policy that is really desired, etc. [Gap 1]
• Professional standards. Existing professional associations have established ethical codes. But are they adequate? or adequately invoked? [Gap 2]
• Better education relating to ethics and values, in the context of the technology, particularly in relation to computer and communication systems, and also relating to the risks of computerization (cf. Neumann [91a]). [Gap 2]
• Better understanding of the responsibilities and rights of system administrators, users, misusers, and penetrators. [Gaps 2 and 3]
• A population that is more intelligent and more responsible, including designers, programmers, operations personnel, users, and lay people who are in many ways forced to be dependent on computerization, whether they like it or not. Holistically, we need a kinder and gentler society, but realistically that is too utopian. [Gap 3]
• In the absence of a utopian world, it seems necessary that we must strive to improve our computer systems and communications, our standards, our expectations of education, and our world as a whole, all at the same time, although the needs of our society will tend to dictate certain priorities among those contributing directions. Unfortunately, commercial expedience often dictates that emphasis be placed on seemingly easy and palliative solutions that in the long run are inadequate. [Gaps 1, 2, 3, addressed together from an overall perspective.]

11. Conclusions

In this article, we have considered security somewhat broadly, encompassing not only protection against penetrations and internal misuse, but also protection against other types of undesirable system and user behavior. This perspective is important, because attempts to address a narrower set of problems are generally shortsighted.

Overall, awareness of computer system vulnerabilities and security countermeasures is greater than it was a few years ago. In retrospect, computer security has been getting steadily better, but so have the crackers and stealthy misusers of authority. Further, the potential opportunities and gains from insider misuse seem to be increasing. However, our society does not seem to be getting significantly more moral on the whole, despite some determined efforts on the part of a few individuals and groups. Gap 1 has actually been closing a little; Gap 2 needs still more work; Gap 3 remains a potentially serious problem.

At a conference in 1969 I heard “2001”author Arthur Clarke talk about how it was getting harder and harder to write good science fiction; he lamented that “The future isn’t what it used to be.” Yogi Berra might have remarked that Clarke’s observation was “deja vu all over again.” By transitive closure, I think it is appropriate to combine those two aphorisms. Deja vu isn’t what it used to be all over again – it seems to be getting worse. And there seem to be enough people around who subscribe to Tom Lehrer’s title for a song he never wrote (because it would have been an anticlimax): “If I had it to do all over again, I’d do it all over you.” In the absence of better computer and communication systems, better system operations, better laws, better educational programs, better ethical practices, and better people, we are all likely to have it done to us, over and over again.

12. Some Topics for Discussions

One of the purposes of this article is to stimulate further discussion of the vital issues relating to values in the use of computers. Following are a few topics of potential interest. All of these have implications relevant to the Security Track, but many of them also have implications in other tracks as well. They are stated here because of the pervasive nature of the problems, and the dangers of attempting to compartmentalize the relations between causes and effects.

• Can the three gaps discussed in Section 2 (technical, sociotechnical, and social, respectively) ever be closed in any realistic sense, in the face of the behaviors of Section 8? Are we converging or diverging, or both? Remember, there is no perfect security.
• Are the existing laws an adequate representation of the need to close Gaps 2 and 3? What are the appropriate roles of ‘intent’, ‘exceeding authority’, and ‘misusing authority’, particularly in situations in which no authorization is required, and what are the implications on attempts to close Gap 1?
• What are the intrinsic limitations of technological security measures by themselves, administrative and operational security measures by themselves, and all of these together? See Section 6.
• What are the essential limitations of trying to maintain privacy, particularly in light of the demands for compromising it? The implications of emergency overrides and other exceptional mechanisms (cf. SB 266) provide conflicting needs. (This is of interest also to the Privacy Track.)
• How can we best balance personal rights with needs for monitoring? For example, consider the FBI monitoring on-line newsgroups, and corporations monitoring inbound and outbound e-mail and general system usage. (See Section 9.4.)
• Consider the Free Software Foundation philosophy of open access and free distribution, and its implications. Note that security has many more purposes than just providing confidentiality. For example, preventing Trojan horses and other types of sabotage is clearly an important goal. (This is of interest also to the Equity Track and the Ownership Track.) (Added note: Ironically, just before NCCV, abuse of the FSF computers became rampant, including using the open accounts to trash the FSF software and to gain free access to other Internet systems. Richard Stallman of the FSF reluctantly admitted that they had had to institute passwords. See the Boston Globe, 6 August 1991, front page article.)
• Can we realistically “place the blame” for undesired system and human behavior, with respect to crackers, malfeasors, designers, programmers, system administrators, marketers, corporate interests, U.S. and other governments, etc., across the broad spectrum of security-related problems? Attempts to place blame are often misguided, and tend to lose sight of the underlying problems. Furthermore, blame can usually be widely distributed. There is also the danger of shooting the messenger. (Contrast this distributed notion of blame with the I Ching concept of “no blame”!) See also the following track contribution from Dorothy Denning (Denning [91]).
• How can the needs of encryption for privacy, integrity, and other purposes noted in Section 9.3 be balanced with needs for “national security” and other governmental constraints? Consider the social implications of private-key versus public-key encryption, export controls, corporate and national interests, international cooperation, etc.
• How does security aid or interfere with other social issues? Might it seriously impede access by handicapped and disadvantaged people? Or if it does not, would it present intrinsic vulnerabilities that could be exploited by others? There are challenges both ways. For example, physically disabled or otherwise handicapped individuals might be able to vote from their homes, via telephone or computer hook-up. Such systems might also encourage fraudulent voting. If serious security measures were invoked, the benefits might be lost.
• Are we creating a bipolar society of computer-literate insiders and everyone else? Or a multipolar society of various distinct categories? Are we disenfranchising any sectors of society, such as ordinary mortals and people in the humanities who do not have computer resources? Might increased computer security tend to further such an alienation? Are people in the creative arts becoming sterilized if they do move toward computerization? Are there relevant implications of computer security on such individuals?
• What are the implications of computer security on scholarly research? Unnecessary secrecy is clearly one concern. So is inadequate privacy. Loss of integrity is another concern, with the possibility of having experimental data and research results altered or forged. Authenticity (the ability to provide assurance that something is genuine) and subsequent non-repudiatability (the ability to provide some assurance that something attributed to an individual really was correctly attributed) are illustrative technical issues that relate to this question.
• Do existing transnational data exchange regulations present serious obstacles to international cooperation, including dissemination of knowledge, programs and other on-line information? If those regulations were relaxed, would there be serious consequences, e.g., with respect to social, economic, political issues, and national integrity? Could computer security help to provide controls that would permit national boundaries to be safely transcended? Or must it be an impediment? Or are both of these alternatives actually true at the same time?

The above itemization is by no means complete. It merely suggests a few of the thornier topics that might be of interest for further discussion.

13. Further Background

Further background on computer security is found in Clark et al. [90], while recent examples of system misuse are analyzed in Denning [90] and Hoffman [90]. Examples of accidental and intentional events that have resulted in serious computer-related problems are summarized in Neumann [91a], an updated copy of which is appended.

SRI International

Back to the top

Go to: 14. References

Home > Research Resources > Computer Security > Computer Security and Human Values

HOME | IN THE NEWS | RESEARCH RESOURCES
TEACHING RESOURCES | STUDENT RESOURCES
LINKS | THE GALLERY | STAFF

The Research Center on Computing & Society
at Southern Connecticut State University
501 Crescent Street • New Haven, CT 06515
Director: (203) 392-6790 • e-mail: webmaster@computerethics.org

© 2000 – 2007 – Research Center on Computing & Society