Case study ethics
The case studies in Chapter five are about privacy and security. The focus of this paper will be on two case studies and this is Case Study 5.2 on descriptive privacy and 5.3 on normative privacy. The key points, in this case, was that one of the users of the system had his privacy compromised or rather interfered with. Precisely, Mary and Tom are the ones who are involved, with Mary being the victimized. An overall analysis of this case shows that the facts are accurate as the actions by the intruder are clearly outlined, with the crucial aspect of the case being on privacy.
In the outlined case study, it is evident that there are two main stakeholders and these are the user and the attacker. In this case, Mary is the user while Tom is the attacker. This analysis will take three perspectives, with the first one being that of the user. In this case, the user is seen to take all the possible measures to ensure that her privacy is not compromised. For instance, Mary ensures that Tom is not in the ease of access to her house and locks the door once she enters. However, she is not aware that Tom had followed him silently to his house.
Apart from the perspective of the user, the other perspective that can be applied in this case is the perspective of the attacker. In this case, the intruder finds it awkward for Mary to be secretive to her login credentials. In this regard, such a person, that is Tom, thinks that he should not be prevented from accessing the system and takes it as a violation of his right, thus taking all the possible steps to include following Mary up to her house to ensure that he gains access to the hidden details.
Besides that, the other perspective that can be used in the analysis of this case study is that of an observer or a neutral person who is not a party to the case. In this scenario, the observer finds it unethical for Tom to be so much into Mary. Precisely, it is not right in the eyes of the observer for Tom to keep following Mary. In this perspective, Mary has the right to ensure that her information is not shared with anyone unless she decides otherwise.
The central technical problem, in this case, is the unauthorized access to login credentials by the attacker. This is related to ethics in that it is not ethical for a user of the system to have his privacy compromised. In our case study, Tom is acting in an unethical manner by trying to peep in with the aim of getting the credentials. The technicality, in this case, is brought about by the login credentials.
A deeper analysis of the case study shows that the central problem is that of lack of privacy. Much as Mary may think that she is safe, she is actually not. This can be supported by the second part of the case study, which is entitled normative privacy. Under this section, the actions by Tom are questionable. Such actions are tiptoeing with the aim of retrieving information access. The central ethical problem, in this regard, is that Tom wants to interfere or rather compromise the privacy of Mary. In this case, there is a violation of the ethical principle of confidentiality. The reason behind this claim is based on the fact that the privacy by Mary is interfered.
As mentioned earlier, the ethical principle that applies in this case study is that of confidentiality, and this applies to all the three perspectives, which are the users, the attacker and the observer perspectives. The latter stated principle is usually applied when the privacy of the user of the system is interfered with. This kind of principle is known to withstand obvious criticisms from other perspectives. One of these criticisms is that Tom should have access to the login credentials belonging to Mary. This is because Mary may be in need of Tom’s help when she may not be able to have access to the system. Apart from that, the other criticism is that Tom should be given authorized access as this may not necessarily compromise her.
In our ethical problem, the rule that is applicable in the 5 Miller’s rules is the second rule. This rule stipulates that the shared responsibility of computing artifacts is not a zero-sum game. The responsibility of an individual is not reduced simply because more people become involved in designing, developing, deploying, or using the artifact. Instead, a person’s responsibility includes being answerable for the behaviours of the artifact and the artifact’s effects after deployment, to the degree to which these effects are reasonably foreseeable by that person. The part of this rule that is more relevant to our case study at hand is that which states that the responsibility of an individual is not reduced simply because more people become involved. From an overall overview, I do not see any criticisms that withstand this rule.
In conclusion, it is recommended that the users of the system should ensure that they uphold privacy. For instance, they should consider using the system in an enclosed place where they cannot be easily attacked. Apart from that, they should also ensure that they put multiple encryptions that cannot be easily remembered or crammed by hackers.