jump to navigation

Ethics and Trust October 17, 2013

Posted by louloizides in Security.
trackback

When I was in high school I became friends with a foreign exchange student from Sweden who had the odd hobby of programming computer viruses. I was always intrigued by this because his viruses were written in x86 assembler, which isn’t common. The low level language gave him the ability to inject his code into someone else’s fully compiled program without them ever noticing it, then that program would do the same to another. These were viruses in the truest sense. Nowadays “virus” tends to be a term that includes malware and Trojan horses, which tend to be easier to detect. The assembler virus was much harder to find and could easily exist without anyone ever knowing it was there.

I don’t believe his intentions were ever malicious – he had more interest in the technical challenges. But any computer programmer should be aware of the potential of themselves or others to practice malicious activities or spread knowledge that could be used in a malicious fashion.

I have BS in mechanical engineering from Rensselaer and we had to take several ethics classes as a requirement for our curriculum. In mechanical engineering the need for ethics is clear. Violating ethical rules (e.g. faking a test, cutting corners on safety margins, etc.) could result in the loss of lives. At one time ethics in computer science could have been no more than a nuisance but in today’s world, where so much is controlled by code, maintaining ethics in computer science is critical.

Ethics, unlike morals, which are one’s subjective view of right and wrong, tend to be defined by philosophy, society or some kind of code [1]. Technically a liberal profession is defined as a service performed in the interest of the public [2], and many professions, such as medicine [3], engineering [4] and computer science [5] all maintain their own codes of ethics.

Being two of the more technical professional organizations, the American Society for Computing Machinery and the National Society of Professional Engineers both maintain fairly equivalent codes. Both, for instance, mention the well-bring of the public or society in their first clause. Both require that professionals are honest and trustworthy as well as serve the public interest and maintain social responsibility. These ethical guidelines help ensure that all professionals work together for a common good.

That said, they’re simple guidelines and it’s not reasonable to assume that everyone will follow them. Trust is essentially the belief that others will follow these ethical guidelines, but never having too much trust in anyone, any work or any data is critically important. As Ken Thompson demonstrated in his “Reflections on Trusting Trust” lecture it would be extremely easy for a computer programmer to inject malicious code through a compiler [6].

This is especially true as code gets more complex and higher level. For instance, many languages today like .Net and Java are compiled in byte code and must be interpreted through a virtual machine. This is code running on top of code. Now we’re adding cloud computing to these concepts, which adds another layer of higher level code and trusting a cloud service itself generally means trusting every employee at the cloud service that could potentially access one’s data [7].

To be fair, with almost all technical projects today involving more than one person, I don’t think that as technical professionals we could accomplish our jobs without maintaining our own ethics and having some level of trust in the people we work with. But maintaining some level of skepticism is generally a good way to keep everyone in check and keep the profession honest and worthwhile.

  1. DOWNIE, R. S. (1980). Ethics, Morals and Moral Philosophy. Journal of Medical Ethics: The Journal of the Institute of Medical Ethics, 6, 33-34.
  2. Directive 2005/36/EC of the European Parliament and of the Council of September 2005 on the recognition of professional qualifications, retrieved October 2013 http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CONSLEG:2005L0036:20110324:EN:PDF
  3. American Medical Association Code of Ethics, retrieved October 2013 from http://www.ama-assn.org/ama/pub/physician-resources/medical-ethics/code-medical-ethics.page
  4. National Society of Professional Engineers, Code of Ethics for Engineers, retrieved on October 2013 from http://www.nspe.org/Ethics/CodeofEthics/index.html
  5. American Association for Computing Machinery Code of Ethics, retrieved on October 2013 from http://www.acm.org/about/code-of-ethics
  6. Thompson, Ken, Reflections on Trusting Trust, Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763
  7. Dawei Sun, Guiran Chang, Lina Sun, Xingwei Wang, Surveying and Analyzing Security, Privacy and Trust Issues in Cloud Computing Environments, Procedia Engineering, Volume 15, 2011, Pages 2852-2856

 

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: