Abstract
Our society is being shaped in a non-negligible way by the technological advances of recent years, especially in information and communications technologies (ICTs). The pervasiveness and democratization of ICTs have allowed people from all backgrounds to access and use them, which has resulted in new information-based assets. At the same time, this phenomenon has brought a new class of problems, in the form of activists, criminals and state actors that target the new assets to achieve their goals, legitimate or not. Cybersecurity includes the research, tools and techniques to protect information assets. However, some cybersecurity measures may clash with the ethical values of citizens. We analyze the synergies and tensions between some of these values, namely security, privacy, fairness and autonomy. From this analysis, we derive a value graph, and then we set out to identify those paths in the graph that lead to satisfying all four aforementioned values in the cybersecurity setting, by taking advantage of their synergies and avoiding their tensions. We illustrate our conceptual discussion with examples of enabling technologies. We also sketch how our methodology can be generalized to any setting where several potentially conflicting values have to be satisfied.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Similarly, in their discussion about the principles/values related to artificial intelligence, Floridi and Cowls (2019) mention explicability/transparency as a “new enabling principle” to be added to what they call “traditional bioethics principles”: beneficence, non-maleficence, autonomy and justice/fairness.
In graph theory, a path in a graph G is a sequence of nodes of G such that an edge in G exists that connects each node to the next node in the sequence. A Hamiltonian path in G is a path that visits each node of G exactly once.
References
AFP. (2018). German spies can keep monitoring internet hubs, court rules. The Local.de. https://www.thelocal.de/20180531/german-spies-can-keep-monitoring-internet-hubs-court-rules.
Bamberger, W. (2010). Interpersonal trust—Attempt of a definition. Scientific Report, Technical University Munich.
Bier, E., Chow, R., Golle, P., Holloway King, T., & Staddon, J. (2009). The rules of redaction: Identify, protect, review (and repeat). IEEE Security & Privacy, 7(6), 46–53.
Blanco-Justicia, A., & Domingo-Ferrer, J. (2016). Privacy-aware loyalty programs. Computer Communications, 82, 83–94.
Blanco-Justicia, A., & Domingo-Ferrer, J. (2018). Efficient privacy-preserving implicit authentication. Computer Communications, 125, 13–23.
Brands, S. (1994). Untraceable off-line cash in wallet with observers. In CRYPTO’93 (pp. 302–318). Berlin: Springer.
Bundesverfassungsgericht. (1983). BVerfGE 65,1 - Volkszählungsurteil. 15 December. http://www.servat.unibe.ch/dfr/bv065001.html. Retrieved September 22, 2019.
Danezis, G., Domingo-Ferrer, J., Hansen, M., Hoepman, J.-H., Le Métayer, D., Tirtea, R., et al. (2015). Privacy and data protection by design-from policy to engineering. Heraklion: European Union Agency for Network and Information Security.
De Pietro, C., & Francetic, I. (2018). E-health in Switzerland: The laborious adoption of the federal law on electronic health records (EHR) and health information exchange (HIE) networks. Health Policy, 122(2), 69–74.
Domingo-Ferrer, J., Blanco, A., Parra-Arnau, J., Herrmann, D., Kirichenko, A., Sullivan, S., Patel, A., Bangerter, E., & Inversini, R. (2017). CANVAS white paper 4-technological challenges in cybersecurity. The CANVAS project. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3091942. Retrieved September 22, 2019.
Domingo-Ferrer, J., & Mateo-Sanz, J. M. (2002). Practical data-oriented microaggregation for statistical disclosure control. IEEE Transactions on Knowledge and Data Engineering, 14(1), 189–201.
Domingo-Ferrer, J., Wu, Q., & Blanco-Justicia, A. (2015). Flexible and robust privacy-preserving implicit authentication. In IFIP SEC 2015 (pp. 18–34). Springer.
EU Scientific Advice Mechanism. (2016). Scoping paper: Cybersecurity. High Level Group of Scientific Advisors.
EU Scientific Advice Mechanism. (2017). Cybersecurity in the European digital single market. High Level Group of Scientific Advisors, Scientific Opinion No. 2.
European Commission. (2013). Cybersecurity strategy of the European Union: An open, safe and secure cyberspace. Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions.
European Union. (2016). General data protection regulation. Regulation (EU) 2016/679. https://gdpr-info.eu. Retrieved September 22, 2019.
Floridi, L., & Cowls, J. (2019). A unified framework of five principles for AI in society. Harvard Data Science Review, 1. https://hdsr.mitpress.mit.edu/pub/l0jsh9d1.
Fung, B. (2018). The FCC’s net neutrality rules are officially repealed today. Here’s what that really means. The Washington Post.
Hajian, S., & Domingo-Ferrer, J. (2013). A methodology for direct and indirect discrimination prevention in data mining. IEEE Transactions on Knowledge and Data Engineering, 25(7), 1445–1459.
Hajian, S., Domingo-Ferrer, J., & Farràs, O. (2014). Generalization-based privacy preservation and discrimination prevention in data publishing and mining. Data Mining and Knowledge Discovery, 28(5–6), 1158–1188.
Hajian, S., Domingo-Ferrer, J., Monreale, A., Pedreschi, D., & Giannotti, F. (2015). Discrimination and privacy-aware patterns. Data Mining and Knowledge Discovery, 29(6), 1733–1782.
Hoepman, J. -H. (2014). Privacy design strategies (extended abstract). In IFIP SEC 2014 (pp. 446–459). Springer.
Hundepool, A., Domingo-Ferrer, J., Franconi, L., Giessing, S., Schulte Nordholt, E., Spicer, K., et al. (2012). Statistical disclosure control. Hoboken: Wiley.
Koops, B. -J. (2013) Crypto law survey. Version 27.0. February. http://www.cryptolaw.org. Retrieved September 19, 2019.
Loi, M., Christen, M., Kleine, N., & Weber, K. (2019). Cybersecurity in health—Disentangling value tensions. Journal of Information, Communication and Ethics in Society, 17(2), 229–245.
Ma, A. (2018). China has started ranking citizens with a creepy ’social credit’ system—Here’s what you can do wrong, and the embarrassing, demeaning ways they can punish you. Business Insider. https://www.businessinsider.com/china-social-credit-system-punishments-and-rewards-explained-2018-4.
Nakashima, E. (2016). Apple vows to resist FBI demand to crack iPhone linked to San Bernardino attacks. Washington Post.
New Oxford American Dictionary. (2015). 3rd edition. Oxford: Oxford University Press.
OWASP—Open Web Application Security Project. (2019). https://www.owasp.org/index.php/Main_Page. Retrieved September 19, 2019.
Project Shield—Protecting news from digital attacks. (2019). https://projectshield.withgoogle.com/public/. Retrieved September 19, 2019.
Riera-Jorba, A., & Castellà-Roca, J. (2007). Secure remote electronic voting system and cryptographic protocols and computer programs employed. U. S. Patent No. 7,260,552.
Robinson, S. L. (1996). Trust and breach of the psychological contract. Administrative Science Quarterly, 41(4), 574–599.
Rogaway, P. (2015). The moral character of cryptographic work. IACR Cryptology ePrint Archive, Report 2015/1162. https://eprint.iacr.org/2015/1162. Retrieved September 22, 2019.
The EU H2020-700540 “CANVAS” project (2016–2019). https://canvas-project.eu.
The Spamhaus Project. (2019). https://www.spamhaus.org. Retrieved September 19, 2019.
The Tor Project. (2019). https://www.torproject.org. Retrieved September 19, 2019.
UN General Assembly. (1948). Universal declaration of human rights. https://www.un.org/en/universal-declaration-human-rights/. Accessed 22 Sept 2019.
U.S. Department of Homeland Security. (2009). A roadmap for cybersecurity research. https://www.dhs.gov/sites/default/files/publications/CSD-DHS-Cybersecurity-Roadmap_0.pdf. Retrieved September 22, 2019.
Warren, L., & Warren, S. (1890). The right to privacy. Harvard Law Review, 4(5), 193–220.
Warren, T. (2015) UK government could ban encrypted communications with new surveillance powers. The Verge. https://www.theverge.com/2015/1/12/7533065/whatsapp-imessage-ban-uk-government-encryption.
Wassenaar Arrangement. (1995) The Wassenaar Arrangement on export controls for conventional arms and dual-use goods and technologies. https://www.wassenaar.org. Retrieved September 19, 2019.
Westin, A. F. (1970). Privacy and freedom. New York: Atheneum.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
The following funding sources are gratefully acknowledged: European Commission (Project H2020 700540 “CANVAS”); Government of Catalonia (ICREA Acadèmia Prize to J. Domingo-Ferrer and Grant 2017 SGR 705); Spanish Government (Project RTI2018-095094-B-C21 “CONSENT”). The authors are with the UNESCO Chair in Data Privacy, but the views in this paper are their own and do not necessarily reflect those of UNESCO.
Rights and permissions
About this article
Cite this article
Domingo-Ferrer, J., Blanco-Justicia, A. Ethical Value-Centric Cybersecurity: A Methodology Based on a Value Graph. Sci Eng Ethics 26, 1267–1285 (2020). https://doi.org/10.1007/s11948-019-00138-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11948-019-00138-8