Professional Documents
Culture Documents
12/10/2021
CprE 234
Benjamin Blakely
Code of Ethics
I found it very difficult to think of specific rules to live by because every situation you will be in
will be different. My training, past experiences, and virtues are all subject to change during my cyber
security career. These experiences could change my outlook on the code of ethics I created. I can't know
for sure if I will follow this code of ethics to a T, my values or situation I'm in can change on a day-to-day
basis. If I am ever put into a particularly difficult ethical dilemma where the solution isn't clear, I can refer
to my code of ethics for a framework to start working through the problem at hand. The code of ethics is
more of a guide because there are too many variables to account for in any given situation. The code of
1. Ask questions, identify potential risks, and add systems to stop or avoid them, also take steps to
2. Always keep any related parties reasonably informed to the best of your ability on what exactly is
3. The privacy of individuals should not be breached unless the reasonable breach of this privacy will
The Ethical OS is a useful framework that can be used to evaluate potential ethical problems that
might arise in the future with a specific technology. There are eight different zones that assess different
types of risk. The eight zones are Addiction & the Dopamine Economy, Economic & Asset Inequalities,
Machine Ethics & Algorithmic Biases, Surveillance State, Data Control & Monetization, Implicit Trust &
User Understanding, Hateful & Criminal Actors, and Truth, Disinformation, Propaganda. Using these eight
risk zones as a checklist, you can take a current technology or plans for future technology and accurately
assess if the technology will have a high chance of causing ethical problems. Once you identify the possible
ways the technology could affect certain groups of people or be misused, you can take that into account
when mitigating potential risks for the technology (1). For example, suppose you are going to create a
messaging service that uses the internet under the Criminal Actors risk zone. In that case, you might
foresee the possibility of intercepting and reading messages. You can then mitigate this risk by adding an
encryption algorithm that encrypts any traffic your service sends out across the internet. Another
interesting example of why risk assessments are important is the original internet worm from one of our
reading assignments. Although the worm's creation was not intended to be malicious, its rapid spread and
duplication onto devices wreaked havoc on the internet in its early days (2). Before I took this class, I didn't
even think about what possible ethical issues technology could lead to. If I ever did think about the issues,
it was only surface-level issues and wasn't as extensive as the Ethical OS. The ethical OS makes it more
manageable to think about all of the potential ramifications a new technology can have on the world. This
toolkit factored into the first rule for my code of ethics: Ask questions, identify potential risks, and add
systems to stop or avoid them, also take steps to mitigate any current risks.
While formulating my code of ethics, I took into account the different ethical perspectives that
we looked at in class; teleological ethics, deontological ethics, and virtue ethics. Teleological ethics
determines if the action you take in a situation is morally good according to the overall outcome. If the
action itself is morally wrong, it could be justified by the overall outcome of the situation. I believe that
there are some situations you may be put in where you would need to make a decision or take an action
that is by default morally wrong, but in the specific context you're in, it is morally right. One example
would be self-defense. Killing someone is morally wrong; however, if they threaten to kill you, it is justified
to kill them to protect yourself. An example of morally wrong actions being justified by the outcome under
a cyber security context would be if you needed to breach the privacy of someone to save other lives. It
is considered morally wrong to breach someone's privacy, but your reason for doing so, saving people's
Another ethical lens, deontological ethics, judges the morality of an action based on an existing
set of rules. Essentially if you follow the existing set of rules or laws, then the action is morally justified no
matter what the outcome might be. I believe that rules, or a given set of laws, shouldn't always be
followed no matter what. There are some situations where you can make a moral judgment call and go
against a set of rules. I also don't think it's ok to follow the rules, but only when you want to. In general,
you should always follow the rules until that moral line is crossed and the outcome of your actions can no
longer be morally justified. An example of this ethical perspective would be a large company like Google
collecting and selling user data without the user's general knowledge. They are legally in the right to do
so; however, it's debated whether or not this practice of data collection is morally right. I don't believe
that most citizens who use services like Google are aware of how extensive their data collection, or that
their data is even collected at all. I don't think the phrase "If it's free, then you're the product." is widely
known to people not involved in a technical field related to computers, the internet, or marketing. I knew
that businesses like Google collected and sold user information before I took this class, but during the
class, as we talked about the importance of online privacy, this strengthened my position and had an
effect on the next addition to my code of ethics which is the exact opposite: Always keep any related
parties reasonably informed to the best of your ability on what exactly is going to happen to their activity
and data.
The primary ethical perspective I chose to formulate my code of ethics is virtue ethics. This ethical
lens defines the morality of an action based on your moral character. It takes into account your virtues
and past experiences. If a person lives by morally good virtues, their actions will be morally good. I want
to assume that I have lived my life up to this point with morally good virtues in mind. A lot of the situations
that require me to reference my moral code of ethics will be difficult. I think these moral dilemmas will
require a complex and diverse ethical perspective. Virtue ethics are very malleable in a way because
everyone might have similar moral principles like don't steal, don't kill, and other very basic principles
along those lines that every society has to some extent, but not everyone has the exact life experiences
I believe that citizens should have the maximum amount of security possible and the maximum
amount of privacy possible. Obviously, you can't have an absolute of either of these. Having absolute
privacy would mean no one could look at you while you are out in public, say shopping for groceries. We
discussed a certain social policy in class where an exchange of freedoms is necessary for a society to
function effectively. If you are out shopping, you are socially allowed to look at other people without their
consent, and they are allowed to look at you without yours. Whoever looks in your direction will
immediately know the exact time, place, and location you were shopping at for groceries. They would
probably even know what you were buying. This exchange of freedom is necessary because it would be
Another example within the context of cyber security is our class discussion on privacy vs. security.
I assume everyone would like to have absolute privacy and protection from everything, but realistically
that isn't possible. A topic we covered in class, the going dark debate, is a major ethical dilemma that
brings to light the difficulties law enforcement has with the increased use of encryption in our society.
Imagine a scenario where a bombing or a shooting is going to occur, and the plans for the attack pass
through web traffic but are encrypted. In this made-up scenario, there are two possible outcomes. One is
that a government organization like the National Security Agency cannot decrypt private messages, or
it's against the law. In this case, citizens' individual privacy and protection are excellent because they have
web traffic with strong encryption that a bad actor couldn't access, and the government is not monitoring
them. However, the overall safety of the population decreases because of these freedoms. Imagine the
same scenario, except all the encryption methods companies are allowed to employ are fairly easy to
decrypt. The national security agency can decrypt the private messages and prevent whatever travesty
would have occurred, but so could bad actors. The overall safety of the population would come at the
cost of individual freedom. I knew that a lot of online activity was new and didn't have well-defined laws
because of it, but before taking this class, I had no idea that this debate was going on and could change
the freedoms we have online. Learning about this debate led to my third rule: The privacy of individuals
should not be breached unless the reasonable breach of this privacy will prevent significant bodily harm
or death.
Although my code of ethics is rather short, I think that I have the core concepts of my code down.
I will update and change the code as I pursue my career in cyber security. Formulating a code of ethics is
a useful thing to do. Making a code forces you to think about your true values and helps you think about
what you would do in a difficult situation. It's impossible to consider every complicated scenario you might
come across, but it is still a good framework. It would be nice to have your rulebook that you could
reference for every ethical dilemma you come across, but as I learned in this class, that just isn't realistic.
There are far too many variables that factor into decisions that are made concerning ethical dilemmas.
One core concept we learned in class is that there isn't always a "right" option. Many times the decision
you have to make comes down to minimizing potential risk as much as possible. I am glad this class
encouraged me to put more thought into my own code of ethics than I would normally have. I'm glad I
will be able to use this code of ethics whenever I encounter an ethical dilemma during my cyber security
career.
WORKS CITED
https://web.archive.org/web/20200816212209/https://ethicalos.org/wp-
content/uploads/2018/08/EthicalOS_Check-List_080618.pdf
Sara Baase and Timothy M. Henry. 2017. A Gift of Fire: Social, Legal, and Ethical Issues for Computing
Technology (5th Edition) (5th. ed.). Pearson.