How does computer security pose ethical issues?

How does computer security pose ethical issues?

As explained earlier, ethics is mostly concerned with rights, harms and interests. We may therefore answer this question by exploring the relation between computer security and rights, harms and interests. 

• What morally important benefits can computer security bring? 
• What morally important harms or violations of moral rights can result from a lack of computer security?
• Can computer security also cause harms or violate rights instead of preventing and protecting them?

A first and perhaps most obvious harm that can occur from breaches of computer security is economic harm. When system security is undermined, valuable hardware and software may be damaged or corrupted and service may become unavailable, resulting in losses of time, money and resources. Breaches of information security may come at an even higher economic cost. Valuable data may be lost or corrupted that is worth much more than the hardware on which it is stored, and this may cause severe economic losses. Stored data may also have personal, cultural or social value, as opposed to economic value, that can be lost when data is corrupted or lost. Any type of loss of system or data security is moreover likely to cause some amount of psychological or emotional harm.

Breaches of computer security may even cause grave harms like injury and death. This may occur in so-called safety-critical systems, which are computer systems with a component or real-time control that can have a direct life-threatening impact. Examples are computer systems in nuclear reactor control, aircraft and air traffic control, missile systems and medical-treatment systems. The corruption of certain other types of systems may also have life-threatening consequences in a more indirect way.

These may include systems that are used for design, monitoring, diagnosis or decision-making, for instance systems used for bridge design or medical diagnosis. Compromises of the confidentiality of information may cause additional harms and rights violations. Third parties may compromise the confidentiality of information by accessing, copying and disseminating it. Such actions may, first of all, violate property rights, including intellectual property rights, which are rights to own and use intellectual creations such as artistic or literary works and industrial design. The information may be exclusively owned by someone who has the right to determine who can access and use the information, and this right can be violated.

Second, compromises of confidentiality may violate privacy rights. This occurs when information that is accessed includes information about persons that is considered to be private. In addition to violations of property and privacy rights, breaches of confidentiality may also cause a variety of other harms resulting from the dissemination and use of confidential information. For instance, dissemination of internal memos of a firm damages its reputation, and compromises of the confidentiality of online credit card transactions undermines trust in the security of online financial transactions and harms e-banking and e-commerce activity.

Compromises of the availability of information can, when they are prolonged or intentional, violate freedom rights, specifically rights to freedom of information and free speech. Freedom of information is the right to access and use public information. Jeroen van den Hoven has argued that access to information has become a moral right of citizens in the information age, because information has become a primary social good: a major resource necessary for people to be successful in society. Shutting down vital information services could violate this right to information. In addition, computer networks have become important as a medium for speech. Websites, e-mail, bulletin boards, and other services are widely used to spread messages and communicate with others. When access to such  services is blocked, for instance through denial of service attacks or hijackings of websites, such acts are properly classified as violations of free speech. Computer security measures normally prevent harms and protect rights, but they can also cause harm and violate rights. Notably, security measures may be so protective of information and system resources that they discourage or prevent stakeholders from accessing information or using services. Security measures may also be discriminatory: they may wrongly exclude certain classes of users from using a system, or may wrongly privilege certain classes of users over others.