Discuss the ethical implications of using laws to promote cybersecurity, in particular on the protection of data and how government and corporations gather, store and use data in response to hacking and ransomware incidents.
Offer an example of how a particular corporation or municipality was affected by ransomware and whether the ransom was or wasn’t paid. You can draw from recent news, historical events or cases discussed in the readings.
Share any personal experiences or observations concerning the payment or non-payment of ransoms. What would the loss of data mean to an entity like a school system or healthcare organization? Do the laws sufficiently address the severity of the criminal acts and/or prohibit the payment of ransoms?
Sample Answer
The use of legislation to enforce cybersecurity creates a complex ethical tug-of-war between collective security and individual privacy. While laws are intended to protect citizens, the methods used to gather and store data in response to threats often raise significant moral concerns.The use of legislation to enforce cybersecurity creates a complex ethical tug-of-war between collective security and individual privacy. While laws are intended to protect citizens, the methods used to gather and store data in response to threats often raise significant moral concerns.
When governments and corporations respond to hacking or ransomware, they often prioritize "threat intelligence." This creates three primary ethical dilemmas:
Function Creep: Data gathered specifically for cybersecurity (such as IP addresses or communication metadata) may eventually be used by governments for surveillance or by corporations for behavioral profiling.
The "Honeypot" Risk: Laws that mandate the long-term storage of user data for investigative purposes essentially force corporations to create massive "honeypots" of information that, if breached, cause more harm than the original threat.