Introduction
There is so much development in technology, information systems, and software in the world today. All these factors have led to the development of ways and means through which people can access and gain knowledge for themselves. People from different geographical regions can now interact and share information that they may hold concerning issues that affect them or the globe. Companies can effectively cut costs for their business as they allow the company executives to interact and make important decisions that affect them and their companies.
Most of these activities that involve the use of information technology involve the use of system security of information to ensure that the information that is exchanged remains private and is only seen by those individuals that it is meant for. With the development of technology, the government has made attempts to come up with laws that regulate and provide guidance to the private sector on the development of security software. This paper will discuss the ethical issue that involves the government’s action on this legislation.
Importance of system security software
Many people feel that the information systems and necessary software for them to run have led to positive contributions in their lives. This is because information technology and the internet have given access to these kinds of individuals and businesses to be together when they are many geographical miles apart. Thanks to the internet, there are many social networking sites such as Facebook, Twitter, My Space, and many other sites where individuals can socialize and share ideas on different issues (Zetter, 2009).
Scientists from different parts of the world can share their study results on journals, white papers, conference proceedings, and many other forms of writings and scholarly papers that can allow sharing of results on research surveys and studies that have been carried out on new and existing areas of study. Such scientists usually share sensitive and potentially expensive information when patented. It would therefore be unethical for the government to dictate the laws on the development of system security software since it would expose such individuals to loss of important data (Vance, 2010).
The action of the government on the legislation of laws and the issuance of guidelines to the private sector on the development of system security software seem unethical. The existence of privacy for the citizens of a nation is a very important aspect that is constitutionally dictated. The use of laws that would control the development of security has the potential of being abused by those in government offices. Unfortunately, not all the people in the government are as trustworthy and morally upright as they should be. This aspect of the character of human beings being untrustworthy causes a huge risk factor in government dictating the development of security software.
Security software is used for the protection of information used on information systems databases. The information that is usually stored in information databases includes; names and dates of birth, medical information, bank balances, employee records, and many other types of sensitive information. If the government was to set up laws that would guide the development of security system software, it means that the government would highly likely have access to means of decoding the system software hence giving them access to information stored in information databases. This would be unprincipled because it is an intrusion into the privacy of information about people.
If the legislation on guidance to the development of system security software was to be used, system security software used by organizations would be of no use to the companies since it would be easily possible to hack into mainframe security systems used by organizations. This brings up the ethical issue of exposing such organizations to hackers which might lead to the loss of their trade secrets. The final result is loss of business for such a corporation due to the government being corrupt.
Justification of the government’s legislation
The government feels that it would be able to control the criminals if it could be able to regulate the development of system security software. Many more criminals can now use secret codes to communicate to each other about the sites that they should visit to access pornography sites. The act of terrorism has been cited as being able to thrive internationally due to the introduction and development of system security software. Criminals can even use secret language to communicate information through which they can collect and put their funds together. “Most criminals used charitable organizations as means through which people can donate money to be used by the terrorists in their activities” (Anonymous, 2011).
One such terrorist group is Hezbollah in Palestine, which has been able to thrive for a long time through the use of donated funds, and then the terrorists use encrypted messages to communicate on their international targets. Information about ways through which recruits can be recruited for missions is also transferred to supporters and other such organizations to communicate missions such as suicide attacks which they want to carry out on innocent people in the world.
Hezbollah is one of the terrorist organizations that make use of system security software that uses encrypted messages to pass on information about targets of the terrorist group. It has been cited that maps and photographs of areas that have been classified as targets by the terrorist groups have been hidden on common websites such as those that deal with sports, entertainment news, and sports. The individuals who are required to find and use the information about the terrorist targets usually have the ‘key’ to decode the messages that are usually on these websites intended for the necessary extremist groups members and individuals and not to the whole public.
Government officials in charge of Homeland Security that deal with the terror cases cite individuals who are involved in these terror missions usually use system security software that is available on the internet to code and encrypt their message on details about terror targets and locations. For the message to be utilized by the intended individuals, the individuals have to use a code to decrypt the necessary information by using a code or key that they are usually provided with moments beforehand in their activity of decryption (Azmat, 2011).
It has also been cited that the encrypted messages are hidden in common areas but only the intended recipients can access such information. Government officials in security-based agents such as the CIA have quoted terrorist groups such as Hezbollah, Al Qaeda, and Hamas being some of the terrorist organizations that use encrypted software available on the internet to pass on their terror group activities to suicide bombers and other operational and strategic formulation members of the organization in different geographical locations all over the world.
System security software and the development of measures to control encryption of software is an important topic because it touches on what is ethical and would benefit all the members of society. The fact that various individuals in the society would use their extremist or perverted thoughts to take advantage of other people in the world, requires that individuals in the society make proper use of the information that is available on the internet.
The issue of information security on the internet is controversial because there are individuals, businesses, and institutions that need the encryption software to ensure that the information about their clients and their details remain encrypted to avoid theft of property, identity, and other financial aspects of an entity (Baase, 2008).
Encryption Export Restrictions
The Department of Commerce, Bureau of Industry and Security (2011) in the United States published new rules that changed and revised existing rules on encryption in the country. The move was done to integrate the encryption restrictions with other Export Administration Regulations. Functions involved in encryption are software and hardware that are used in encryption and technology. These items are then categorized into two categories which are Export Commodity Classification Number (ECCN) 5A002/5D002 used for high-performance encryption products and technology where software and hardware are involved (United States Encryption Export Restrictions, 2008).
The second category is ECCN 5A992/5D992 for all other substances are used in other encryption types. No license is required for shipping this category of products in comparison to the first category of encryption products. For the first category of encryption products, the company in question should alert the Bureau of Industry and Security (BIS) at least 30 days for the commodities to be reviewed, the co-coordinator at the agency has to review the actual encryption product then the company has to present their records that indicate their sales levels (Bailey, 2008).
The new rules have been set to remove the unclear differences between the encryption technology, hardware, and software. Under the new BIS rules, the review of 5A002/5D002 is different and the application to have the encryption software reviewed is also different. Unlike before, companies do not have to wait for all their encryption items for review by the coordinator of the BIS. Once the encryption items have been received at customs offices, companies can begin the transfer of the encryption items to countries that do not have strict regulations for the encryption items (United States Encryption Export Restrictions, 2008).
The IBS has also reviewed the encryption rules to ensure that, some items do not have to pass through the review list before they can be transferred to other countries and vice versa. There have been other encryption items that have been removed from the list of items that need to be reviewed when they are produced and used by specific eligible companies. The encryption products that have short-range wireless functions do not need to be reviewed and also to those products produced in other countries (United States Encryption Export Restrictions, 2008).
Items that perform ancillary cryptography have to be reviewed, unlike before when they could pass off without having to be reviewed. All these changes on the classification of encryption items have been made in an effort by the government to ensure that they have sufficient time to review those items that might pose a risk to information systems security through encryption of dangerous or illegal information when it has been coded. The government also hopes to utilize the reviewed encryption items to decipher cybercrimes that occur in the world in the present day, and how these crimes can be controlled (Encryption Export rules Department, 2008).
Control of maliciously used system security software
School-going children who are vulnerable to the cruel consequences of cybercrimes such as child pornography and kidnapping should be taught early in school and at home by their parents about the dangers that they might be exposed to. If possible, Parents should control the sites that are visited by the children.
Compromising an entities’ information security would lead to loss of confidence with clients, employees, and other stakeholders that might be involved with an entity. Ethics about information systems raises a few concerns about various issues related to the information such as what information should be considered private and which information should be considered public (Baase, 2008).
Most people prefer to have their details and information records revealed to a few individuals and only when necessary such as by medical doctors when they are ill, by institutions of learning when they require admittance, and by employees when the individuals are about to be employed (Bailey, 2008).
The issue about information systems also raises the issue about who is responsible for information being made available and who can certify and validate that, the information when made available to individuals is valid, reliable, and accurate. If the information systems are to be handled responsibly and respectfully, individuals should identify the systems, bodies, or institutions that are legally allowed to hold process and avail the necessary information (Newton, 2010).
Most individuals in society would propose and agree to the fact that it would be unethical for the government to issue legislation through regulatory policy and issuance of guidance to the private sector on the development of system security software. The issue of such control by the government creates fear and brings in many questions such as what if the governments’ information security system was to be compromised, would this not leave too many people vulnerable because their private information and personal details would be exposed to the public and some members of terrorists or gangs might use the private individual information to negatively take advantage of such people (Azmat, 2011).
Information databases that hold sensitive information like credit card information might be used by unscrupulous people to exploit people by taking their money. Such information might also be used by kidnappers to try and get the money in individuals’ accounts in exchange for the life of their beloved ones (Turpeinen, 1995). There is no doubt that the issue of information security has grown with the increased inaccessibility of information technology and the internet to many people all over the world.
A person is left wondering how life would be if restrictions were not put on the access of certain information systems, software, and access points. The government of China has made use of available resources to censor the visit to information systems that are available for example when a person types in certain words to assist with searches into accessing more information on certain areas, the information is filtered by government agencies guided servers and the information is blocked, for example, if Chinese decided to ban information systems available to people on abortion, the government servers would block the accessibility of such information to individuals. This action by the Chinese government has been criticized by many human rights organizations as being unethical and infringing on Chinese nationals (Bishop, 2003).
There are also information technology-based trained individuals who randomly access the information that is accessed by specific individuals and might even block these sites depending on laid down rules and regulations about the sites. The reason why it is expected that people would continue to ask for encryption of the information is mostly for prevention of exploitation purposes. Increases in cybercrime have been reported all over the world. Child pornography, espionage, bank robberies, credit card fraud, phished and kidnapping are some of the commonest cybercrimes that are perpetrated through the internet (Newton, 2010).
The kidnapping of children is rampant whereby, children are kidnapped as a result of chatting whereby they are told to go to a certain area from where they are kidnapped. One of the major disadvantages of cybercrime includes cases of increased highly intelligent and specially trained individuals that have dedicated their time to committing crimes (Grembi, 2008).
Microsoft, which is one of the largest and most specialized computer and internet technology Services Companies, was recently taken down by hackers. One would expect that such an organization would be immune to hacking because of the highly trained and specialized staff they have and who are probably dedicated to security systems software installations and maintenance but clearly, this is not the case or even if it is, the hackers are dedicated to their illegal and malicious activities (Spinello, 2010).
The sending of malicious viruses and spam has also been on the increase and it has been the result of many computers crashes that have taken place over the years for both personal and corporate-based computers. Wikileaks led to the hacking and revelation of a lot of government information that was possessed by the government and leaking of military secrets seems to be on the rise making individuals feel unsafe in their own countries because the enemy might know of the tactical and strategic plans their military might already be planning on taking and therefore, prepare for the necessary attack action (Vance, 2010).
Google earth software has been criticized as posing a security risk because it offers an opportunity for enemies to scan and evaluate the security systems of a nation that is feared as contributing to terror attacks all over the world. Terrorists can use the software to plan for effective attacks on their intended target. In 1984, the government came up with the Counterfeit Access Device and Computer Fraud and Abuse Act, but not much progress has been made in the apprehension of the perpetrators of internet crime. This is because internet crime is usually carried out by specialized groups that take very skilled precautionary measures to avoid being caught (Zetter, 2009).
Recommendations and possible solutions
In September 2000, President Bush put measures in place to increase the government’s efforts to crack down on criminals. He also urged parents to be more vigilant in the way their children make use of the internet to avoid taking away of innocence of the children through pornography or at times being kidnapped which sometimes turns to death. Children are not the only ones who are at risk of being involved in computer crimes or being victims. Adults and especially college students should also be guided on how to use the internet without exposing themselves or their colleagues to the danger of any cyber crimes (Clark, 2004).
Policies and guidelines should be made available in institutions of higher learning to guide the students and the staff of the institutions as well. Businesses that use the internet should use encrypted language especially when they are dealing with the credit card information of the clients. Businesses should make sure that they have used the best information technology software that is available to them. It would be considered unethical by clients and even by other businesses if a business would expose its clients to cybercrimes such as credit card fraud. The business would lose clients quickly because they would probably feel that, the business was somehow involved in the fraud (Spinello, 2010).
Individuals that might hold any information on cybercrime should be encouraged to come forward and assist in the curbing of this crime and apprehension of the criminals as they are brought to justice for misusing the internet. The public and the media should also be more vigilant in the prevention of cybercrimes. The government should collaborate with several media outlets to run stories on how cybercrime is carried out and how it can be avoided. Local offices should be set up in all regions of the United States to ensure that citizens can have places where they can go to report any suspicious activity (Turpeinen, 1995).
Conclusion
Regulation and issuance of guidance on the development of system security software would be unethical. Many benefits are available for the use of information database systems, highly developed software like encryption software, and chat systems. All these features can lead to unlimited benefits in the communication of information and the transmission of knowledge, especially in the education sector.
Instead of being unethical and dictating on rules that should be followed on the development of system security software, the government should utilize other tactics to do its duties of protecting its nationals and keeping crime levels low for example; The government should recruit highly skilled individuals in the area of decoding coded information by criminals to try and reduce cyber crimes and apprehend people who want to use the internet and information technology negatively.
The encryption of information should only be used in the transmission of business or another type of sensitive and important information. The specialized security information agency that is tasked with the apprehension of cybercriminals should be well versed with information security systems crimes. Such agencies should create networks and stimulate attacks to find out how they can be remedied while functions and weak areas that can be used by the agency to apprehend the criminals are adopted. Individuals, especially school-going children should be taught the importance of being ethical when using the internet.
The government should fund the airing of documentaries that describe how cybercrimes are carried out by criminals and the measures that the members of the public can take in trying to ensure that they are not culprits. Parents should especially be asked to control the amount of time that their children spend on the computer and the internet and ensure that they only visit safe sites. Students in public institutions should also have measures and guidelines put in place to ensure that they are ethical and responsible in the way that they use the internet. Businesses that deal with the credit card information of their clients should be one of the groups that are allowed to use encryption software to keep the information about their clients private.
References
Anonymous, (2011) Cyberethics: Computer Crime & Intellectual Property Section, United States Department of Justice Journal. Web.
Azmat, B. (2011). Cyberethics, Information System Ethics Journal. Web.
Baase, S. (2008). Gift of Fire: Social, Legal, and Ethical Issues for Computing and the Internet, 3rd edition. Ohio: Cengage.
Bailey, D. (2008). Cyber Ethics. New York, NY: Rosen.
Bishop, M. (2003). Computer Security: Art and Science. Boston, MA: Addison Wesley.
Bureau of Industry and Security. (2011). Policies and Regulations. U.S. Department of Commerce Journal. Web.
Clark, D. (2004). Technology & Terrorism. USA: Transaction Books.
Encryption Export rules Department, (2008). Encryption Export Restrictions Loosened Under New Rules That Reduce Pre-Review And Reporting Requirements, GOVCON Journal. Web.
Grembi, J. (2008). Secure Software Development: A security Programmer’s Guide. Boston, MA: Course Technology.
Newton, J. (2010). JD SUPRA, The Ethics, and Security of Cloud Computing, JDSUPRA Journal. Web.
Spinello, R.A. (2010). Cyber Ethics: Morality and Law in Cyber Space. Massachusetts: Jones & Bartlett.
Turpeinen, M. (1995). White Paper, Department of Computer Science, Helsinki University of Technology, Legal and Ethical Issues Related to Cryptography and Information Security Journal. Web.
Vance, K. (2010). Keeping Pace with Data Encryption Laws, Esecurity Planet Journal. Web.
Zetter, K. (2009). National Data Breach Laws Move through Senate, THREAT LEVEL Journal. Web.