Ethical analysis of a security-related scenario

File: misc/ethics.pdf (or .txt)

Goals

Rubric

1 - author name(s) 5 - addressing at least minimally all the questions in the assignment 5 - depth, persuasiveness, and thoroughness of your responses

Solo or with a partner

This assignment involves a computer security scenario with potential ethical implications. Your job is to analyze the ethics of the scenario. I have presented two scenarios: pick one of them, whichever you prefer, to analyze.

Scenario #1: responsible reporting of security vulnerabilities

You have discovered a bug in the InstaToonz music-sharing app. This bug is a nasty one that would allow an attacker to read the contents of all the private InstaToonz direct messages for anyone who has ever posted a public InstaToonz message. This bug threatens the privacy of hundreds of millions of InstaToonz users.

You want to report this bug to InstaToonz, Inc. to protect their customers, but you know that the last time somebody reported a security bug to them privately, InstaToonz sued the bug-reporter in North Carolina and also called in the FBI, causing the person significant hassle and expense. The case was briefly a cause célèbre in the tech world, with calls for boycotts and state and Congressional action. Eventually, after a fair amount of sabre-rattling, InstaToonz dropped the suit. But at the same time, they released a statement articulating their belief that all security researchers (which InstaToonz always put inside scare quotes) are engaging in attempted thievery of trade secrets. After a brief investigation upon being first contacted by InstaToonz, the FBI declined to pursue the matter further. InstaToonz has refused all demands that they establish a bug bounty program.

This scenario has an interesting legal twist if it occurs in the US. If you choose to analyze this scenario, take into account in your analysis two possible options:

Scenario #2: your company's customers' personal data

Your company, Beerz, is an early-stage startup with the world-changing vision of connecting people to local breweries. When a user launches version 1.0 of the Beerz app, the app sends the user's location to the beerz.com API, which sends a map of local breweries back to the app. The server immediately discards the user's location once the map is generated.

You joined the Beerz development team recently, drawn certainly by your love of beer and app-building, but also in part by pitch the CTO gave you. In particular, she said that Beerz was dedicated to providing a simple, useful service to users in exchange for a modest subscription fee. "We're not going to participate in surveillance capitalism. We protect our users' data while we have it, and we discard it when we're done with it." You were sold right then, and you have now been put in charge of feature development for Beerz 2.0. (The Beerz 1.1 team is currently whacking bugs as fast as they can go. It's a startup; the code is a mess.)

On your list of potential new features for Beerz 2.0 are these ideas:

You give a presentation to the bosses about your team's proposed new features, including the ones described above. When you get to those two features, you spend several slides talking about the fact that these features will require storing users' location data, and your plan for how to preserve their privacy (mostly via a strict policy of scrubbing all user data that is more than one week old).

The bosses love your presentation and give their blessing to you to push forward to design and implementation. But then the CEO says "Let's wait a bit on the data-scrubbing. I was at a conference last week, and some of the people there were talking about how much additional revenue they've been able to generate by bundling anonymized location data for sale." Replying to the CEO, one of your development colleagues (a deeply annoying and profoundly clueless fellow) enthusiastically says "You know, I think we could probably get all the old location data out of the API's archived web logs, since we send the user's location as a GET parameter so it's in the URL that gets stored in the log." The CEO is super-excited about this and the meeting ends. The CTO, who has not yet commented on this last part of the meeting, congratulates you on an excellent presentation and then gives you a worried look before heading back to her office.

You like your job, you love working with nearly all your co-workers, and you really believe in the vision of Beerz that the CTO shared with you during your interview. But you also care about your customers' privacy.

Now what?

What to hand in

The goal of this assignment is to get you to think seriously about the ethics of a tricky situation. To give some structure to your analysis, I'd like you to organize your report around the following questions.

  1. Identify the main ethical question or questions faced by the main character ("you") in the scenario. This will certainly include "what should you do?", but there may be other interesting questions to consider.
  2. For each stakeholder (or category of stakeholders) in the scenario, identify the stakeholder's relevant rights.
  3. List any information missing from the scenario that you would like to have to help you make better choices.
  4. Describe your possible actions, and discuss the likely consequences of those actions.
  5. Discuss whether the ACM Code of Ethics and Professional Conduct offers any relevant guidance.
  6. Describe and justify your recommended action, as well as your answers to any other questions you presented in part A.

Keep your write-up concise but detailed. At a rough guess, I'd expect your write-up to take 2-3 pages.