Growing Compatibility Issues: Computers and User Privacy Essay

Introduction

A crucial part of the ethics of business is computer ethics or information ethics. Most corporations today are teetering on whether computer improprieties are a violation of professional ethic rather than a legal ethics issue. The purpose of this paper will be to examine some of the ethical issues of the Internet as it relates to the theft of private or personal information from the material sent over the Internet. Professional ethics can best be defined as learning what is right or wrong as it relates to the workplace and then doing the right thing. This code of professional ethics lays down the standards of integrity, professionalism and confidentiality which all members of that particular profession shall be bound to respect in their work. Where as legal ethics is best defined as principles of conduct that members of the profession are expected to observe in the constraints of the governing laws.

The right to privacy in Internet activity, especially in creating databases out of personal information, is a serious issue facing society. As such it raises serious ethical issues. An additional example is of the people on the Internet who use anonymous servers as a way to avoid responsibility for controversial and inappropriate behavior. Cases of harassment and abuse have become increasingly frequent, aided by a cloak of anonymity. There are also problems with fraud and scam artists who elude law enforcement authorities through anonymous mailings and postings. These types of examples describe the ethical issues created by technology and the people or corporations that control them (Tavani, pp. 179-85).

ISP’s Role in Cyber Ethics

ISPs have rightfully asserted that prescreening would be especially burdensome, they have not made the same argument that post screening would impose similar economic or administrative burdens. ISPs act like publishers when they sponsor or operate newsletters or other online publications over which they exercise editorial control. At other times, when they are simply functioning as a conduit for other information content providers, their role is equivalent to a distributor. Clearly there must be a higher standard of liability when they assume a publisher like role. If an ISP functions as a publisher it must be held to a higher standard of liability; that is, it must be held accountable for defamatory remarks in the same way that the New York Times or other media would be held accountable.

In most situations, however, ISPs will not be acting as publishers but as distributors, passive conduits for the exchange of information by their legions of subscribers. In this context, ISPs should assume responsibility for post screening even if the law allows them to do otherwise. They should not take refuge in misguided policies and questionable legal precedents. But the policy should also be changed so that no one is victimized by an intransigent ISP that fails to live up to its moral obligations. Unless we abandon blanket immunity for ISPs and reach the type of compromise sketched out here, it is likely that ISPs will become the unwitting accomplices of many Internet defamers, who are often hiding behind the cloak of anonymity. Libelous speech is different from pornography and hate speech; it cannot be regulated from the bottom up through code. It requires some regulation from the top down through carefully crafted statutes. Unfortunately, the current statute is inimical to the interests of the Internet community.

Lessig (1999) argues that both fair use and the entry of works into the public domain will be jeopardized by these systems, since nothing requires that the balance now provided by copyright law be preserved. The problem is that those writing the rights-management code can embed their own intellectual property regulations into that code: They can program the system to charge a fee for any use and ignore any fair use or first-sale considerations by anchoring the content to a specific user. It is possible, of course, that rights-management systems will be constructed that will at least try to strike the right balance. (Lessing, pp. 133-36) Lessig seems to deny this, but some developers of DRM may realize that there are moral and social issues at stake here and will work to preserve fair use or its equivalent in their systems.

It would be irresponsible and imprudent to design these rights-management systems without allowing for fair use and without respecting other safety values such as first-sale. There is a lively debate about the technological feasibility of developing a system that would include a realistic provision for fair use, but that discussion is beyond the scope of this analysis. Suffice it to say that doing so will be a challenge, since system developers will need to anticipate the myriad array of fair use requests without being duped by those trying to manipulate the system. According to industry analysts Ashish Singh, “Fair use algorithms could be written into the code and that would become the hook, the attractiveness of the product” (Howe, pp. 10-11).

Anonymity And Cyber Ethics

One of the biggest security problems for the Net is the fact that individuals and organizations can still misrepresent themselves with impunity. At present, there is no uniform system or mechanism for identifying users who frequent cyberspace. The Internet does support architectures that facilitate identification, such as password protections, biometric systems, and digital certificates. It is still quite possible for users to interact in cyberspace anonymously, and it can be difficult to trace the real identity of users who are deliberately trying to conceal their identity. While anonymity supports privacy and free-speech rights, it also interferes with security and the curtailment of cyber crime. Hence, the lack of an identifying infrastructure has sometimes been detrimental for electronic commerce and for effective law enforcement in the realm of cyberspace.

The interconnected issues of digital identity and anonymity are highly charged ones that stir deep emotions. This was evidenced by the heated response to Intel Corporation’s announcement in February 1999 about its plan to embed identification numbers in its next generation of computer chips, the Pentium III. The primary purpose of the embedded serial numbers was to authenticate a user’s identity in e-mail communications, enhance security for electronic commerce by reducing the risk of fraud, and allow organizations to better track their computer equipment. Privacy advocates, on the other hand, argued that this unique identifier would enable direct marketers and others to surreptitiously track a user’s meandering through various Web sites. While Intel capitulated to this intense pressure and agreed to ship its products with the serial numbers turned off, the incident seemed to elevate awareness about the tenuous future of electronic anonymity. Also, the incorporation of identity features into chip technology has not been abandoned by Intel.

Despite Intel’s quick response, there is growing anxiety that these serial numbers are “harbingers of a trend toward ever more invasive surveillance networks” (Markoff, C1). What if governments throughout the world attempt to mandate the deployment of such invasive identifying numbers in order to keep better track of their respective citizens? According to security expert Vernor Vinge, “The ultimate danger is that the government will mandate that each chip will have a special logic added to track identities in cyberspace” (Markoff, C1).

The Intel incident also graphically illustrates the difficult dilemma faced by policy makers involving an unavoidable trade-off between security and anonymity or privacy. Security and anonymity seem to be mutually exclusive goods. If we really want to make the Internet a more secure environment it is necessary to suppress anonymous transactions and hold users accountable for what they say and what they do. For example, thanks to a tracking mechanism installed in Microsoft’s Office software, the rogue programmer who released the destructive Melissa virus was swiftly apprehended. But the cost of security and better accountability is a loss of privacy and perhaps the termination of untraceable Internet communications.

There is a cost to preserving anonymity; its central importance in human affairs is certainly beyond dispute. From a moral perspective, it is a positive good, and it is valued as highly instrumental in helping to realize two other goods that are vital for human fulfillment, freedom and privacy. Anonymous communication in cyberspace is enabled largely through the use of anonymous remailers in conjunction with cryptography. A brief word about these is in order. According to Lohr (1999), an anonymous remailer functions like a “technological buffer.” It strips off the identifying information on an e-mail message and substitutes an anonymous code or a random number. By encrypting a message and then routing that message through a series of anonymous remailers a user can rest assured that his or her message will remain anonymous and confidential. This process is known as “chained remailing.” (Lohr, 5-6) The process is quite effective, because none of the remailers will have the key to read the encrypted message, neither the recipient nor any remailers (except the first) in the chain can identify the sender, and the recipient cannot connect the sender to the message unless every single remailer in the chain cooperates. This would assume that each remailer kept a log of their ingoing and outgoing mail, and that is highly unlikely.

According to Froomkin, this technique of chained remailing is about as close as we can come on the Internet to “untraceable anonymity”; that is, “a communication for which the author is simply not identifiable at all.” (Froomkin, p. 245) If someone clandestinely leaves a bunch of political pamphlets in the town square with no identifying marks or signatures, that communication is also characterized by untraceable anonymity. In cyberspace things are a bit more complicated, and even the method of chained remailing is not foolproof: If the anonymous remailers join together in some sort of conspiracy to reveal someone’s identity there is not much anyone can do to preserve anonymity. Anonymity can also be useful for revealing trade secrets or violating other intellectual property protections. In general, secrecy and anonymity are not beneficial for society if they are used improperly.

Thus, anonymity can be exploited for many forms of mischief. There are concerns about anonymity abuses from both the private and public sectors. In the private sector there are worries about libel, fraud, and theft, while the state is worried about the use of anonymity to launder money, to evade taxes, to manipulate securities markets, and so forth. Hence, there is the temptation for governments or even digital infrastructure providers, such as ISPs or companies like Intel and Microsoft, to develop and utilize architectures that will make Internet users more accountable and less able to hide behind the shield of anonymity (Nissenbaum, pp. 141-44).

In response to these concerns, there are several options available for more comprehensive digital identity systems. The most thorough system would ensure that there is always an indissoluble link between one’s cyberspace identity and one’s real identity. This is accomplished by somehow mandating the traceability of all Internet transactions. The use of technologies such as chained remailers helps protect anonymous communications so that they are untraceable. But what mechanisms might be adopted to mandate traceability; that is, to make the untraceable traceable? One way to achieve mandatory traceability is to demand a user’s identification as a precondition of Internet access. The government might also implement such a system by law, by requiring that all ISPs demand verifiable identification as a prerequisite for access to the Internet. There are many variations on these two broad approaches.

The basic idea behind any system of mandatory traceability is that speakers entering cyberspace would be required to deposit (e.g., with the ISP), or attach to their communications, a means of tracing their identities. One can conceptualize mandatory traceability by positing a regime in which an encrypted fingerprint automatically would be attached to every transaction in cyberspace. In such a regime, the fingerprint could be encrypted with the government’s public key such that properly authorized law enforcement officials could access the private key necessary for decryption while participants in the cyber-transaction would not be able to strip away the speaker’s anonymity. Digital certificate technology could also play some role in the development of such an identity infrastructure. (Fitzgerald, pp. 77-80) It would provide a feasible method of authenticating individuals and verifying the integrity of their transmissions. Recall that digital certificates allow individuals or organizations that use the Internet to verify each other’s identity.

Conclusion

The Net’s inherent vulnerabilities have been exploited by hackers and other miscreants who frequent cyberspace. Among the architectures that accomplish this goal, there are firewalls, powerful encryption software and digital identity systems. Paradoxically, some of the architectures like encryption code that secure the Net and safeguard privacy obstruct the efforts of law-enforcement authorities to deal with cyber crime and computer-related crime. The protection of public safety can sometimes conflict with respect for basic civil liberties. There is a tension between a perfectly secure Internet, where all transactions are traceable and users are held accountable, and an Internet that respects the values of privacy and anonymous free expression. Anonymous expression is an important social value worth preserving in cyberspace. Therefore, architectures and technical standards utilized to implement a digital identity system or other security mechanisms must not preclude the possibility for anonymous expression or create serious new privacy hazards.

We can preserve the integrity of the Internet as a tool of autonomy and a forum for creativity if we comport ourselves in cyberspace in an ethical manner. Each member of the cyber community must engage in activities that support the collective values of that community and refrain from activities that regard it as a commodity. The Internet, like all public goods, is vulnerable to abuses and excesses that can endanger its fragile ecology and some of those abuses can be the result of poorly crafted code. The global nature of the Internet makes addressing the legal issues associated with Internet or information privacy daunting and complex. It is a legal arena without walls or physical boundaries, where the laws vary from country to country. Even within the United States there is dissent and disagreement about the definitions of Internet Privacy, who owns that information and what constitutes appropriate or inappropriate use of that information. Perhaps the issues that have been unsuccessfully resolved through the law can be resolved through the creation of moral and ethical guidelines that will frame the issues, at which point legal protections can be put in place.

Works Cited

1. Fitzgerald, A. (2000). Going Digital 2000: Legal Issues for E-Commerce, Software and the Internet. St. Leonard’s, Australia: Prospect Media. 77-80
2. Froomkin, M. (1996). “Flood Control on the Information Ocean: Living with Anonymity, Digital Cash, and Distributed Data Bases.” University of Pittsburgh Journal of Law and Commerce 395:245.
3. Howe, Jacob and Andy King. Three Optimisations for Sharing. Technical Report, Computing Laboratory, University of Kent at Canterbury, 2001. 10-11
4. Lessig, L. (1999), Code and Other Laws of Cyberspace, New York: Basic Books.133-36
5. Lohr, S. (1999). “Privacy on the Internet Poses Legal Puzzle.” New York Times. 5-6
6. Markoff, J. (1999). “Growing Compatibility Issues: Computers and User Privacy.” New York Times, C1.
7. Nissenbaum, H. “The Meaning of Anonymity in an Information Age” The Information Society 15: 1999; 141-144
8. Tavani, H. (2001). “Defining the Boundaries of Computer Crime: Piracy, Break-Ins, and Sabotage in Cyberspace.” In Readings in Cyberethics, edited by R.Spinello and H.Tavani. Sudbury, Mass.: Jones and Bartlett.179-85