Skip to main content

Ethics in Technology: Chapter 5. Cybersecurity, Hacking, and Digital Identity

Ethics in Technology
Chapter 5. Cybersecurity, Hacking, and Digital Identity

  • Show the following:

    Annotations
    Resources

  • Adjust appearance:

    Font
    Font style
    Color Scheme
    Light
    Dark
    Annotation contrast
    Low
    High
    Margins
  • Search within:
    • Notifications
    • Privacy
  • Project HomeEthics in Technology
  • Projects
  • Learn more about Manifold

Notes

table of contents
  1. Text Cover Page
  2. Chapter 1. Preface
  3. Chapter 2. Introduction, Ethical Frameworks and Personal Lenses
  4. Chapter 3. Defining Ethics and Related Terminology
  5. Chapter 4. Ethics for Tech Developers and Tech Consumers
  6. Chapter 5. Cybersecurity, Hacking, and Digital Identity
  7. Chapter 6. Technology, Justice, and Social Equity
  8. Chapter 7. Technology in Personal and Social Life
  9. Chapter 8. Privacy, Surveillance, and Data Ethics
  10. Chapter 9. Digital Communication, Social Media, Misinformation and Democracy
  11. Chapter 10. Intellectual Property, Digital Art, and Emerging Economies
  12. Chapter 11. Artificial Intelligence (AI), Automation and Robotics, and Algorithmic Ethics
  13. Chapter 12. Bioethics and Human Enhancement
  14. Chapter 13. Technological Disruption and the Paradox of Progress

5. Cybersecurity, Hacking, and Digital Identity

Cybersecurity; Vulnerabilities; Hacking; Digital Identity; Online Reputation

In the previous chapter, we explored some of your own personal ethical responsibilities as they relate to you as a consumer of all things ‘tech’. We also, explored some of your ethical responsibilities as they relate to your role in an organization that utilizes ‘tech’. Now, for this chapter and each of our subsequent chapters, we will look at various individual aspects of technology and try to focus on the ethical considerations within some narrower contexts. As we will quickly see, however, all of these chapters cannot be completely isolated from each other. Rather, it will be common to discover that there are aspects of each of these subsequent chapters that significantly overlap along with other chapters.

Cybersecurity

Figure 9: Graphic representing cybersecurity

To begin this discussion, once again, let’s use a generative-AI tool (Perplexity) to help us provide the ‘textbook definition’ of cybersecurity. Here is the prompt that was used:

“In a single sentence, please define the term 'Cybersecurity'.”

Here are the results we received:

Cybersecurity – The art and practice of protecting networks, devices, programs, and data from unauthorized access, cyberattacks, or criminal use, ensuring the confidentiality, integrity, and availability of information.

It seems that there may be some significant omissions from this definition: We already have a feel for ‘Why’ cybersecurity is important… But what about the other questions? ‘Who’ is responsible for effective cybersecurity? ‘When’ do we need to think about cybersecurity? ‘Where’ do we need to be cognizant of cybersecurity issues? And ‘How’ do we actually address cybersecurity concerns?

So, here is a follow-up prompt for our friend Perplexity:

“This definition answers the question of 'what' is Cybersecurity. Assuming that we already know the 'why' associated with a need for cybersecurity, in a single sentence each, what would be the answers to the questions 'when', 'where', 'how', and most importantly, 'who' that should be associated with the concept of effective cybersecurity?”

Here are the additional results:

When: Effective cybersecurity must be practiced continuously, adapting to evolving threats and technological changes, and is especially critical whenever digital systems, networks, or sensitive data are in use.

Where: Cybersecurity is required wherever digital assets exist, including on-premises networks, cloud environments, remote work setups, mobile devices, and any location where information is stored, processed, or transmitted.

How: Effective cybersecurity is achieved through a combination of risk assessments, robust security policies, technical controls like encryption and multi-factor authentication, continuous monitoring, regular training, and incident response planning.

Who: Everyone with access to digital systems – including individuals, employees, IT professionals, organizational leaders, and specialized cybersecurity teams – shares responsibility for maintaining effective cybersecurity, with organizations often relying on dedicated experts, external consultants, and collaborative initiatives like cybersecurity clinics to strengthen their defenses.

The generative AI seems to get this one nearly 100% right! (When we look into the AI systems themselves in greater detail in Chapter 11, we will see this is not always the case!) Everyone is responsible – in part at least – for effective cybersecurity. The following sub-topics of this chapter will explore just a few of the concepts related to cybersecurity where a deeper dive into the corresponding ethics can illustrate some interesting and maybe even unexpected challenges!

Vulnerabilities

Vulnerabilities in digital systems represent weaknesses or flaws that can be exploited by malicious actors to gain unauthorized access, disrupt operations, or compromise sensitive information. These vulnerabilities may be targeted through various forms of cybercrime, such as phishing, ransomware, or distributed denial-of-service (DDoS) attacks, often leveraging exploits that take advantage of unpatched software or misconfigured systems.

Ethically speaking, addressing vulnerabilities requires timely identification and remediation – typically through "fixes" or patches – to prevent harm to individuals and organizations. Without proper prevention and remediation, threats like viruses, Trojan horses, botnets, logic bombs, or blended threats that can propagate across interconnected networks. The presence of sophisticated threats, such as rootkits or phishing campaigns (including spear phishing, smishing, and vishing, etc.), underscores the ongoing responsibility of cybersecurity professionals and tech users alike to remain vigilant, promote best practices, and uphold principles of fairness, accountability, and non-maleficence in protecting digital assets and identities.

Hacking

Hacking, in its broadest sense, refers to the act of gaining unauthorized access to computer systems or networks, but the motivations and ethical implications of hacking can vary widely depending on the individuals involved. Black-hat hackers, for example, engage in hacking for malicious purposes such as stealing data, causing disruption, or committing cybercrime, often motivated by personal gain or the intent to inflict harm. In contrast, white-hat hackers use their technical skills to identify and report vulnerabilities, helping organizations strengthen their security by acting as ethical defenders – sometimes as part of formal roles like penetration testers or through coordinated vulnerability disclosure programs like hack-a-thons.

The landscape of hacking also includes figures such as crackers, who break into systems to bypass protections or copy software illegally, and hacktivists, who use hacking as a form of protest or to promote social or political causes. The actions of hacktivists can raise complex ethical questions, as their activities may be intended to expose injustice or raise awareness, yet still involve unauthorized access and potential harm to innocent parties. As technology evolves, so too do the methods and motivations of hackers, making it essential for society to continually reassess the ethical boundaries of hacking, the responsibilities of those with advanced technical knowledge, and the appropriate legal and organizational responses to both harmful and beneficial forms of hacking.

Digital Identity

Digital identity, as it relates to an individual, is the collection of digitally or electronically captured attributes, behaviors, credentials, and data points that uniquely verify and represent a person online. This identity is not static; it is dynamically shaped by both the information individuals actively provide – such as usernames, email addresses, social media profiles, and biometric data – as well as the data passively collected through their online activities, including browsing habits, search histories, and transaction records. Key aspects that make up a person's digital identity include personally identifiable information (PII) like social security numbers, dates of birth, and biometric traits; login credentials; device identifiers; behavioral patterns; and contextual signals such as location and device usage.

Bad actors often seek to access and exploit digital identities through methods like phishing, credential theft, or malware, using the compromised information for identity theft, financial fraud, or unauthorized access to sensitive accounts. Once a digital identity is breached, attackers can leverage it to impersonate individuals, commit cybercrime, or even build more convincing attacks against others by harvesting further data from compromised accounts. Ethically, individuals have a responsibility to be intentional and mindful about the information they share and the digital footprint they create, as their digital identity not only reflects on their personal reputation but also affects their privacy and security. Practicing thoughtful self-representation and safeguarding personal data are essential not just for personal protection but also for fostering a trustworthy and respectful digital environment.

Online Reputation

This leads us to our final concept for this chapter – one’s online reputation. Online reputation refers to the collective perception and judgment that others form about an individual based on their digital presence, including the content they create, share, and are associated with across various online platforms. Unlike digital identity, which is the sum of all information that identifies a person online, online reputation is shaped not only by one's own actions but also by what others post, comment, or tag about them, and is visible to third parties through search engines, forums, blogs, and especially social media. Social media usage plays a significant role in building or damaging online reputation, as posts, comments, likes, and shares contribute to the overall digital footprint, and even a single viral incident can have lasting effects – positive or negative – on how a person is viewed by peers, employers, and the broader public.

Also, in today’s society, there is often an ongoing blending of work and personal life which appears to be mostly unavoidable. At work, you may use the corporate computer to prepare for some personal meetings such as with your doctor, etc. Additionally, some organizations have bring-your-own-device (BYOD) requirements and/or policies which stipulate if and how you will use your own devices in the work setting. These kinds of intersections between what is ‘personal’ vs. what is ‘public’ introduces unique risks to one’s online reputation. When individuals commingle work and home information on shared devices, they increase the chances of accidental data leaks, inappropriate content exposure, or breaches that could affect both professional and personal reputations. For example, a security lapse on a personal device used for work could expose sensitive corporate information or inadvertently link personal social media activity with professional contacts, complicating the separation between private and public personas.

Virtual Private Networks (VPNs) are often used to enhance privacy by encrypting internet traffic and masking a user's IP address. However, using a VPN – especially one provided by a third party – does not guarantee true anonymity or untraceability. While a VPN can obscure activity from local networks or Internet Service Providers (ISPs), the VPN provider itself can potentially (and usually does!) log user activity. They do this because if the tech fails for any reason, it is only through reviewing the logs that the provider can discover and remedy the failure! As a result of this known logging, both law enforcement as well as sophisticated attackers may still trace actions back to the individual if the VPN is compromised or if endpoints are not secure. Direct-to-endpoint VPNs (such as those connecting directly to a corporate network) offer more control but still do not provide absolute anonymity, highlighting the need for individuals to remain vigilant and intentional about their online actions and the security tools they use.

Ultimately, maintaining a positive online reputation requires individuals to be mindful of their digital footprint and the potential consequences of their online behavior. Ethical self-management involves regularly reviewing privacy settings, thinking critically before posting or sharing information, and understanding that online actions can have far-reaching effects on credibility, trustworthiness, and future opportunities.

Textbook Definitions – Cybersecurity

  • cybercrime – Illegal activities conducted using computers or networks, including theft, fraud, or disruption of services.
  • phishing – A deceptive technique where attackers impersonate legitimate entities to trick individuals into revealing sensitive information, such as passwords or financial details.
  • ransomware – Malicious software that encrypts a victim's data and demands payment for its release.
  • distributed denial-of-service (DDoS) – An attack in which multiple compromised systems flood a target with traffic, overwhelming it and rendering services unavailable to legitimate users.
  • viruses – Malicious programs that attach themselves to legitimate files or programs and replicate, spreading to other systems and causing harm.
  • Trojan horse – Malicious software disguised as legitimate applications, which, when executed, enable unauthorized access or cause damage.
  • botnets – Networks of compromised computers, controlled remotely by attackers, used to perform coordinated malicious activities such as DDoS attacks or spam distribution.
  • logic bombs – Malicious code embedded in software that triggers a harmful action when specific conditions are met.
  • blended threats – Attacks that combine multiple types of malware or attack methods to exploit different vulnerabilities simultaneously.
  • rootkits – Malicious tools designed to hide the existence of certain processes or programs, allowing continued privileged access to a system.
  • spear phishing – Targeted phishing attacks aimed at specific individuals or organizations, often using personalized information to increase credibility.
  • smishing – Phishing attacks delivered via SMS text messages, aiming to trick recipients into divulging sensitive information.
  • vishing – Voice-based phishing attacks conducted over the phone to deceive individuals into providing confidential information.
  • black-hat hackers – Individuals who exploit vulnerabilities in systems for malicious purposes, personal gain, or to cause harm.
  • white-hat hackers – Ethical hackers who identify and help fix security vulnerabilities to improve system security, often with permission.
  • penetration testers – Security professionals who simulate cyberattacks on systems or networks to identify and address vulnerabilities before malicious actors can exploit them.
  • hack-a-thons – Collaborative events where programmers and security experts work intensively to solve problems, develop software, or test security in a short period.
  • crackers – Individuals who break into computer systems or software, often to bypass protections or copy software illegally.
  • hacktivists – Hackers who use their skills to promote social or political causes, often through unauthorized digital actions.
  • credentials – Usernames, passwords, or other authentication information used to verify identity and gain access to systems.
  • biometrics – Unique physical or behavioral characteristics, such as fingerprints or facial recognition, used for automated identity verification.
  • personally identifiable information (PII) – Data that can be used to uniquely identify an individual, such as name, address, social security number, or date of birth.
  • credential theft – The act of stealing authentication information, such as usernames and passwords, to gain unauthorized access to systems or data.
  • malware – Malicious software designed to disrupt, damage, or gain unauthorized access to computer systems or networks.
  • digital footprint – The trail of data and activity a person leaves behind when using digital services, including social media posts, browsing history, and online transactions.
  • bring-your-own-device (BYOD) – A policy or practice where employees use their personal devices for work purposes, often increasing security and privacy risks.
  • Virtual Private Networks (VPNs) – Services that encrypt internet traffic and route it through a secure server, providing privacy and security for online activities.
  • Internet Service Providers (ISPs) – Companies that provide individuals and organizations with access to the internet.

Annotate

Next Chapter
Chapter 6. Technology, Justice, and Social Equity
PreviousNext
CC BY NC SA
Powered by Manifold Scholarship. Learn more at
Opens in new tab or windowmanifoldapp.org