On the Moral Scrutiny of Two Kinds of Information Security Activities

Mikko T. Siponen


Information security solutions have an increasing role in the information age given that security solutions technically ensure or deny access to information. Literature analysis from security research and practice suggests that certain information security activities, even when done within basic research, are morally debatable. This is true even though security personnel are often interpreted as being ‘the good guys’. The morally questionable activities that seem to occur rather widely mostly encompass the concept of lying. Database security is the first area where an important requirement, in the level of basic research, comes from a need for lying. The analysis of the aforementioned is close related to the ethics of the philosophy of technology. Are such security solutions or basic research (e.g. to maintain cover stories) wrong per se, or are they value-neutral (as scientific basic research is often interpreted to be), but used in a way which is moral, amoral or immoral?

The other issue under consideration concerns the general public in the information society. This is not a matter of basic research, but rather a problem that appears at the very end of applicatio. It concerns ‘lying’ with respect to the security of technical solutions, such as different transaction protocols. For example, that our SSL solution is 100% secure, that GSM encryption cannot be broken, and so on, are very general, albeit fallacious claims (as these techniques, for instance, can be broken in algorithm or software implementation level) presented in this respect.

The research question of this paper is to analyse the possible reasons and moral statuses of such claims and activities. In addition to the philosophy of technology generally, these issues are analysed through Kantian ethics including the impartial universality thesis advocated by Hare and Rawls and through the theory of information ethics by Floridi. Conceptual analysis is used as the primary research method to yield the results.