Ethical issues arise in the cybersecurity field when competing moral interests conflict. The following are examples of such conflicts.
A business has the right and need for access to the data stored on its networks and this can conflict directly with the employees’ right to privacy and freedom of surveillance. Many data security solutions examine all data flowing across the network for malicious behavior and Data Loss Prevention solutions examine all outgoing emails and data files. The dilemma is balancing the employee’s right to privacy and the corporation’s need for control and security.
The emerging trend of BYOD or ‘bring your own device’ is the use of employee owned devices such as smartphones for corporate business. It’s convenient for the employee because they only need carry a single device, but it requires corporate controlled software to be installed on the phone. The dilemma arises when the corporate owned data on the employee owned phone is stored in conjunction with private personal employee data. John in IT can download a complete backup image of Rachel’s iPhone, which would give him access to all her personal contacts, emails, and texts. (John is an ethical professional and he would never do this, even though Rachel is his ex-wife.) Security solutions should have controls to avoid the possibility of impropriety to avoid baseless accusations.
A classical ethical dilemma that may predate written history is the conflict between an individual’s right to privacy and the government’s need to knowledge for national security and criminal prosecution. In the cyber world, this question is about encryption and the government’s right to break it, or require a corporation to build backdoors into cypher systems. The FBI’s attempt to pressure Apple into creating a backdoor to their iOS iPhone operating system was a typical example.