Ethics And Computer Security Essay, Research Paper
1. The Problem
In the recent discussion of the required specifications of our new computer security product, the issue of including backdoor in the product was brought up. This backdoor would allow anyone knowing this special password to access anything going on in the system and would also allow one possessing the password to read personal files and email of employees. While many thought this was a good idea, there were also many that disapproved of it. Those in favor of the “feature” say that it will allow system administrators and executives to better monitor network activity and their employee s productivity. Also noted was that about 15% of our corporate clients had requested this sort of feature. Those against the backdoor expressed privacy concerns, citing that reading email of company employees (which this feature would allow) is unjust and an invasion of privacy. Many also cited that having a backdoor could be a great security concern if the password were to fall into the wrong hands or if those who it has been entrusted to abuse its use. If this were to happen our company might be greatly blamed for any instances of “hacking” or attacks on our clients systems. This could damage our reputation as a reliable security products manufacturer.
2. Relevant Facts
There are many facts pertaining to this issue. First of all, the decision-maker in this situation is important. The purpose of this memorandum is to give the decision-maker an opportunity to make an informed decision. Apparently this will be a joint decision between our marketing manager and our software-engineering manager. The stakeholders involved this decision are actually a very wide and expansive group. Some of them include our own company (reputation-wise), the companies who use our software, the clients of those companies (consumers), and the employees of those companies. Some other facts to take into account are the dangers of having backdoors as mentioned above; the fact that this feature has been discreetly requested by some of our corporate customers (15%); the issues of privacy involved with reading company email, and also issues involved with private records held within the systems of some of our customers (i.e. medical records, DMV records, etc.).
There are a few alternatives that the decision-makers may want to take into account when making the decision of whether or not to include this feature. Perhaps the most apparent option is to not include this feature at all. While some companies may not like not having the option of a backdoor, we could send out a press release stating why we did not include this as a “feature” and affirming our company as a protector of privacy and our desire to lead the industry in producing responsible security software. This is likely to cause consumers to question the companies that hold information on them what security software they use and raise awareness in general. Another alternative is that our company could include this feature in our software product. This would appease our clients who have requested it.
Another possible alternative is to appease those who have requested this “feature” by offering two versions of the software, one with the feature and one without. Perhaps we could charge more money for the one that includes the feature. But at the very least this would give our clients a choice.
4. Relevant Models of Ethical Reasoning
There are several models or ethical reasoning that can be applied to this situation. The first of which is Rights Theory. If this feature were to be implemented in our software the rights of many people could be violated. The main right being violated in this case is privacy. With the records held within systems that rely on our security products, vast numbers of stakeholders rights could be violated.
Act-Utilitarianism also can be applied to this decision. While providing great utility for the people who wish to use this backdoor, the consequences for the other stakeholders are great. The net utility of this feature is very low because it violates a vast number of stakeholders rights. Kant s Duty Ethics can also be applied. It is hard to universalize this issue. Those who use the backdoor would most likely not approve of it if it were being used to monitor their productivity or read their personal email.
5. Evaluation of Alternatives
If our company were to include this feature in our software, I do not believe that it would fulfil any of the requirements of being a moral decision by applying the common theories. In trying to apply Act-Utilitarianism one must take into account the utility and disutility for each of the stakeholders. In the case of the corporation using our product, the utility may be great in their ability to better monitor and manage the productivity; however, there is also a great disutility because of the risks to security that this feature would cause. In the case of clients (consumers) of the company who uses our products there are some benefits to using the software but the costs of having their private information disseminated are far greater that the benefits. In the case of our own company, the costs far outweigh the benefits again. While the benefits may be that 15% of our clients will be happy that we included this feature, the costs of having our reputation on the line if this feature was ever misused are not worth the risk of including it. If we were to produce two versions of this software, the people who used the backdoor-enhanced version would be falling into the same category as mentioned above. However this choice may improve our company s utility in that it would appease our clients who have requested this feature. Despite this rise in our utility, I believe that the disutility for the other stakeholders is still greater than our now greater utility. The choice to implement our software in this fashion also might make people question how devoted we are to security. The last alternative, not including the feature at all, appears to fill all of the requirements of a moral decision. When applying Rights Theory to this alternative, it becomes quite clear that not including a backdoor stops us and others who use the software from violating anyone s rights. In attempting to balance the right to privacy to with the rights of a company, the privacy tips the scales greatly. Leaving this feature out also stresses our belief in the human right to privacy and continues to protect this liberty. In the application of Kant s Duty Ethics one can clearly see that this option (not including the backdoor) is much more universal. Most people when put on either side of the issue would agree with our action to leave this feature out. As shown above in the application of Act-Utilitarianism to the inclusion of the software we see that not including this feature has a far greater net utility than if we were to include it.
Based upon the facts presented above and the evaluation of the possible alternatives, I wholeheartedly recommend that we DO NOT include this backdoor feature with our security products. The inclusion of this would neither improve security nor uphold our beliefs in the right to privacy. While some might argue that this might cost us some business, we cannot let a mere 15% of our clients dictate the way we do business as a company with integrity and the consumers interests close at heart.