Skip to content

Text-only Version

Home
In the News
Research Resources
Teaching Resources
Student Resources
Links
The Gallery
Staff

Computer Security and Human Values

Peter G. Neumann

1. Introduction

We focus here on policy issues relating to computer and communication security, and on the roles that technology can and cannot play in enforcing the desired policies. In the present context, computer security relates to measures to provide desired confidentiality, integrity, availability, and more generally prevention against misuse, accidents, and malfunctions, with respect to both computer systems and the information they contain. We deliberately take a broad view of what might constitute computer security as encompassing the prevention of undesirable events, and take a broad view of undesirable human activities as well. Details are provided in the following sections.

Security is intrinsically a double-edged sword in computers and communications; it cuts both ways. For example,

  • It can be used to protect personal privacy.
  • It can be used to undermine freedom of access to false information about an individual to which that person should be entitled access; it can also be used to undermine other personal rights.
  • It can help defend against malicious misuse, such as penetrations, Trojan horses, viruses, and other forms of tampering.
  • It can significantly hinder urgent repairs and responses to emergencies.
  • It can greatly simplify the concerns of legitimate users.
  • It can seriously impair the abilities of legitimate users attempting to protect themselves from calamities, particularly in poorly designed systems with ill conceived human interfaces. It can also hinder routine system use.
  • Automated monitoring of computer activities can be used to detect intruders, masqueraders, misuse, and other undesirable events.
  • Automated monitoring of computer activities can be used to spy on legitimate users, seriously undermining personal privacy.

Each of these antagonistic pairs illustrates the potential for both constructive and deleterious use – with respect to data confidentiality, integrity, ease of use, and monitoring, respectively.

In the real world, greed, fraud, malice, laziness, curiosity, etc., are facts of life; measures to increase security become a necessity unless it is possible to live in a benign and non-malevolent environment (e.g., no dial-up lines, no networked access, no easy flow of potentially untrustworthy software, no proprietary rights to protect, ideal hardware reliability, and outstanding administrative procedures – including frequent backups). Even in a perfect world in which everyone behaves ethically, morally, and wisely, such measures are still needed to protect against accidental misuse, as well as against hardware and environmental problems. On the other hand, attempts to provide greater security invariably cause difficulties that otherwise would not exist. There are numerous potentially detrimental aspects associated with attempts to increase security, varyingly affecting system users and system operations as well as people seemingly not even in the loop (such as innocent bystanders). Effects on users include impediments to the ease of system use, some loss of performance, intensified anxieties, and perhaps increased suspicions or even paranoia resulting from the presence of the security controls and monitoring. Effects relevant to system operations include greater difficulties in maintaining and evolving systems, less facile recovery from failures, and significantly greater effort expended in administering security. There are also second-order effects that are somewhat more subtle, such as the need for emergency overrides to compensate for crashes, deadlocks, lost passwords, etc.; the pervasive use of super-user mechanisms, escapes, and override mechanisms tends to introduce new vulnerabilities that can be intentionally exploited or accidentally triggered.

The attainment of enterprise security is often dependent on adequate system reliability and availability. It also depends on the integrity of underlying subsystems. Thus, we speak of computer-related misbehavior as including user misbehavior that causes a computer system to fail to live up to its desired behavior, and also including system malfunctions due to causes such as hardware problems or software errors (e.g., flaws in design and implementation). Loosely speaking, security involves attempts to prevent such misbehavior.

There has been extensive discussion about whether access requiring no authorization violates the laws that rule against exceeding authority. Irrespective of the laws, Gene Spafford [92] concludes that the vast majority of computer break-ins are unethical, along with their would-be justifications. But what good are computer ethics in stopping misuse if computer security techniques and computer fraud laws are deficient? Following is a relevant quote from Neumann [90b] on that question:

Some RISKS Forum contributors have suggested that, because attacks on computer systems are immoral, unethical, and (hopefully) even illegal, promulgation of ethics, exertion of peer pressures, and enforcement of the laws should be major deterrents to compromises of security and integrity. But others observe that such efforts will not stop the determined attacker, motivated by espionage, terrorism, sabotage, curiosity, greed, or whatever.... It is a widely articulated opinion that sooner or later a serious collapse of our infrastructure – telephone systems, nuclear power, air traffic control, financial, etc. – will be caused intentionally.

Certainly there is a need for better teaching and greater observance of ethics, to discourage computer misuse. However, we must try harder not to configure computer systems in critical applications (whether proprietary or government sensitive but unclassified, life-critical, financially critical, or otherwise depended upon) when those systems have fundamental vulnerabilities. In such cases, we must not assume that everyone involved will be perfectly behaved, wholly without malevolence and errors; ethics and good practices address only a part of the problem – but are nevertheless very important.

There has also been much discussion on whether computer security could become unnecessary in a more open society. Unfortunately, even if all data and programs were freely accessible, there would be a need for computer system and data integrity, to provide defenses against tampering, Trojan horses, faults, and errors.

A natural question is whether computer-related systems raise any value-related issues that are substantively different from those in other kinds of systems. Some partial answers are suggested in Neumann [91c], and explored further here:

  • People seem naturally predisposed to depersonalize complex systems. Remote and in some cases unattributable computer access intensifies this predisposition. General ambivalence and a resulting sublimation of ethics, values, and personal roles, coupled with a background of increasingly loose corporate manipulations, and anti-ecological abuses) seem to encourage in some people a rationalization that unethical behavior is the norm and somehow or other justifiable. Furthermore, encroachments on the rights of other individuals somehow seem less heinous to those who do not realize that they also may be affected.
  • Computers permit radically new opportunities, such as remotely perpetrated fraud, distributed attacks, high-speed cross-linking, global searching and matching of enormous databases, internal surveillance of legitimate users that is unknown to those users, external surveillance that is undetectable by systems personnel, detailed tracking of individual activities, etc. These activities were previously impossible, inconceivable, or at least very difficult.

Most professional organizations have ethical codes. Various nations and industries have codes of fair information practice. Teaching and reinforcement of computer-related values are vitally important, alerting system purveyors, users, and would-be misusers to community standards and providing guidelines for handling abusers. But we still need sound computer systems and sound laws. (See, for example, Denning [90], articles 26 – 27.)

In the following text, we first identify sources of computer-related misbehavior (Section 2). We next examine expectations that are placed on computer and communication systems (Sections 3 and 4) and on people (Section 5), with respect to security. We also consider various system issues (Sections 6 and 7). We then examine different modes of antisocial behavior and their consequences (Section 8), and consider some specific technological approaches to reducing some of the potential problems (Section 9). We end with an assessment of future needs (Section 10), some concluding remarks (Section 11), and some potential topics for further discussion (Section 12).

Back to the top

Go to: Computer-Related Misbehavior

Home > Research Resources > Computer Security > Computer Security and Human Values


   

HOME | IN THE NEWS | RESEARCH RESOURCES
TEACHING RESOURCES | STUDENT RESOURCES
LINKS | THE GALLERY | STAFF

The Research Center on Computing & Society
at Southern Connecticut State University
501 Crescent Street • New Haven, CT 06515
Director: (203) 392-6790 • e-mail: webmaster@computerethics.org

© 2000 – 2007 – Research Center on Computing & Society