Computer Security and Ethics
Virginia Horniak
student at Department of Computer
Science and Engineering,
Mlardalen University
PO Box 883
721 23 Vsters, Sweden
vhk99001@student.mdh.se
ABSTRACT
Today there is a great concern among businesses and individuals
about privacy and security while using computers and the
Internet. The two topics, privacy and security, are closely related
in the computer-industry and on the Internet and there are many
questions that overlap each other.
Secure communication is in many cases a requirement assuring
privacy and security for businesses and individuals. One of the
security techniques used in communication is data encryption,
which prevents unwanted users to gain access of the information
that is transmitted between computer networks or on the Internet.
We will in this paper, among other things, look on the technique
of encrypting data, authentication of users in network systems and
on the ethical questions concerning privacy and security in
computer networks.
1. INTRODUCTION
This paper treats the questions concerning ethical aspects of
privacy and security in network systems. The security today is a
big issue in the use of the Internet and network systems and there
are representatives in public and in private sectors, saying that
there is a need of increasing the security or that the available
security can be enhanced. This paper will however concentrate on
the existing computer security: the encryption of data and the
authentication of users in a computer network.
As you will see there are many encryption algorithms and
authentication protocols; each of them has its own advantages and
disadvatages. But the red thread throughout the topics in this
paper is the ethical aspect. The ethical aspects in computer
security are many and the biggest aspect is a persons right to
privacy. Throughout this paper these aspects will be considered,
therefore it is good if the reader has them in the back of the head
while reading this paper.
The concepts privacy and security are often confused and overlap
each other in many contexts. These two concepts are described
and differentiated in the second chapter. There is also a
description of computer security and its goals.
The third chapter describes cryptography, what the term
cryptography includes and different encryption ciphers and
standards. To be able to encrypt and decrypt data there is a need
of a key distribution and there are many ways of distributing the
keys which are described.
In the fourth chapter the authentication and its many protocols are
described. Many of these described protocols have some kind of
flaws where intruders can come in between two communicating
parties. In the section about authentication there is a description of
these flaws and they are illustrated.
The privacy and security in computers has the last decades been a
hot topic to debate. There are many laws around the world
allowing governments to control the communication of the
countrys citizens. There are organisations, which are not satisfied
with the legislation and find that it violates the right to an
individuals privacy. The fifth chapter describes the legislation in
United States and the directives that have been stated in the
European Union. The freedom of individuals and the ethical
questions are also described.
2. PRIVACY AND SECURITY -
DEFINITIONS AND DIFFERENCES
The two concepts privacy and security often overlap each other
since they are closely related; however there are some quite
important differences between these two issues [1]. The privacy
on the Internet concerns the fact that users of the Internet are
often worried about loosing their personal information to
companies on the Internet that later on abuse the information. The
security on the Internet and in computer networks is on the other
hand an important issue concerning users who are afraid that the
communication they are having can be accessed and manipulated
by unauthorized intruders, who have no right to the information.
There are of course other concerns, besides the wire-tapping,
dealing with the security on the Internet, like for example hacking
and computer viruses attacking computer networks. This paper
will however describe the security concerning the vulnerability to
unauthorized access of data that is either placed in a computer
system or that is transmitted through computer systems, like for
example on the Internet.
The main difference between the concepts security and privacy in
computer systems is that the information is secure if the owner
has control over it. The information is on the other hand private if
the subject of the information has control over it [2].
Security may be confused with privacy because of the fact that
secure, or confidential, information is not open for unauthorized
parties, while private information is not revealed without
permission.
Anonymity is a term that combines security and privacy by
guaranteeing privacy, since anonymous information has no
subject, and requiring security so that the anonymous information
proceeds being anonymous.
The three most important goals for the security are:
integrity, which means that information cannot be
changed during transmission
authentication, which occurs when an identity is
established between two users
 confidentiality, which means that the information stays
confidential during transmission and
non repudiation, meaning that it is important to be able
to prove that a message has been sent.
To achieve the wanted security there are privacy-enhancing
technologies called PETs that protect the personal privacy [3].
One of the oldest most effective PETs is the one that protects the
content of the messages transmitted between two communicating
users on the Internet, the technique called cryptography.
Cryptography is only a tool and does not guarantee security.
There are several cryptographic tools such as hash values, public
key cryptography and private key cryptography. In the next
section the different aspects and tools of cryptography will be
described.
3. CRYPTOGRAPHY
3.1 Terminology and General Cryptography
Cryptology is the term including both the terms cryptography (i.e.
encryption), which is the name of the science of creating
cryptosystems, and cryptanalysis, which is the term of breaking
cryptosystems. A cryptosystem, or an encryption system as it is
also called, is a system that provides confidentiality to the parties
that want to communicate with each other on the Internet [4].
The message that is going to be encrypted is known as the
plaintext, see figure 1. The output of the encryption is called
cipher text and it is the cipher text that later on is transmitted
between for example computer networks [5].
Intruder
possibilities the string can be written in and automatically the
intruder will have more difficulties in finding the right key. Keys
are most often as long as 256 bits but can be up to 1000 bits long.
If the encryption- and decryption algorithms are secret there is no
need of keys since no one has the knowledge of the algorithms
but if the algorithms are known the keys have to be secret. Most
often the algorithms are known to the public and to test whether
an encryption algorithm is secure enough it is often publicized
and attempts are made by academic cryptologists to break the
algorithms. If years have passed and no one has managed to break
the system the algorithm can be assumed to be solid and then the
important aspect is to keep the keys secret.
There are two categories of encryption methods: substitution
ciphers and transposition ciphers.
3.1.1 Substitution Ciphers
In a substitution cipher each letter, or each group of letters, gets
replaced by another letter or group of letters to disguise it.
There is a general encryption system called the monoalphabetic
substitution, where the key is a 26-letter string that corresponds to
the full alphabet.
plaintext: abcdefghijklmnopqrstuvwxyz
cipher text: QWERTYUIOPASDFGHJKLZXCVB NM
The plaintext attack would after encryption with the key above
become the cipher text QZZQEA. At a first glance this seems to
be a secure system since the variation of keys can be 26! ( 4 *
1026), nevertheless the cipher can be broken easily. Languages
most often have a statistical property where certain letters are
more common than others and by making guesses at common
letters and likely patterns of vowel and consonants it is quite easy
for a cryptanalyst to build up a preliminary cipher text.

Encryption Decryption
3.1.2 Transposition Ciphers
Plaintext method method Plaintext While substitution cipher only substitutes the plaintext, the
transposition cipher does not disguise the letters but instead this
type of cipher changes the order of the letters. You can se an
example of a transposition cipher in figure 2.

Cipher text
Encryption Decryption
M E G A B U C K
key key

Figure 1. The encryption model. 7 4 5 1 2 8 3 6 Plaintext

pleasetransferonemilliondollars
If there is an intruder in the computer system he can either be a p l e a s e t r
passive intruder who only listens to the communication, or an
active intruder who records the messages, replays them, injects
a n s f e r o n
own messages or modifies the traffic passed on the network. Ciphertext
The algorithm that encrypts the plaintext into the cipher text has a afllselatooslnmoesilrnnxpaed
key as a parameter and normally the intruder does not know what e m i l l i o n
the decryption key is and therefore he cannot decrypt the message
that he has recorded while listening to the traffic passed on the d o l l a r s x
network.
To be able to encrypt and decrypt the data passed on the network Figure 2. A transposition cipher.
there is a need of two keys, which consist of a short string that can
be changed as often as it requires and it is in the keys the secrecy
can be found. The longer the key is the better since there are more
In this example the word MEGABUCK is the keyword, which
numbers the columns with its letters. The letter A in
MEGABUCK numbers the column as the first one, B as the
second one and so on. The plaintext is then written horizontally in
rows under the keyword, and the cipher text is read out by
columns, starting with the column which has the lowest key letter.
The first problem a cryptanalyst encounters while trying to break
the encryption is to disguise whether this is a substitution cipher
or a transposition cipher. The next step is to guess the number of
columns and to place the columns in right order by once again
look at the patterns of the letters and match the letters correctly.
3.2 Modern Cryptography
As you have read, cryptography used to be simple algorithms
relying on very long keys in the substitution ciphers and in the
transposition ciphers, but that was in the past. Nowadays
cryptography is based on relative short keys and complex
encryption algorithms instead and no matter how much cipher text
a cryptanalyst obtains, he will probably not make any sense of it.
3.2.1 Data Encryption Standard
Substitution and transposition ciphers are nowadays implemented
with simple circuits and an example of this kind of encryption is
used in the cipher called DES (Data Encryption Standard), which
was developed by IBM for the United States government in
1977. DES was widely used by the industry but after being
cracked and modified the usage of it has reduced.
In figure 3 there is an example of a simple monoalphabetic
substitution cipher where the 64 bit long plaintext passes an
algorithm with several steps of the same iteration. Each step uses
a different 56-bit key, and produces a 64 bit long cipher text. The
algorithm is symmetric, therefore encryption and decryption uses
the same algorithm.
64 bit plaintext
Initial transposition
Iteration 1
56 bit key Iteration 2
. In 1976 an engineer named Diffie at Sun Microsystems invented
. together with Hellman from the Stanford University the public
. key cryptography [4], also called the asymmetric cryptography,
Iteration 16
32 bit swap
Inverse transposition
Figure 3. The DES.
64 bit ciphertext
As mentioned earlier the DES was cracked and is no longer used
by the industry but it was an important intermediate goal for the
government of the United States to get a standard in the
cryptography used by most of the industries.
3.3 Key Distribution
The distribution of the encryption and the decryption key has
been one of the biggest and weakest problems in most
cryptosystems [5]. Earlier the encryption and the decryption key
were always the same, or at least they had some mathematical
connection to each other, and therefore if an intruder got hold of a
key there were no problems for him to decrypt the data passed on
the network.
To avoid the problem of key distribution there were two new
cryptosystems developed, the public key and the private key
cryptography.
3.3.1 Private Key Cryptography
In private key encryption, also called symmetric encryption, there
is one key for both encryption and decryption.
This type of cryptosystem can be used for authentication when
several persons share the same key. For example if Bob, Alice
and Carol share the same key Bob knows that it is Alice who
contacts him when she presents the key to Bob and verifies that
she is Alice. This can cause a problem called the replay attack,
because when Bob has the key Alice gave him he can present the
key to Carol and claim that he is Alice. In this type of attacks, the
authentication is replayed and the person replaying the data gives
himself out as being somebody else, which you can see in figure
4 [2].
Alice Bob Carol
{Bob, I am Alice}
A, B and Cs shared {Carol, I am Alice}
key
A, B and Cs shared
key
Figure 4. A Replay Attack.
3.3.2 Public Key Cryptography
where the encryption and decryption keys are different or cannot
be derived from each other.
Each user in a system using public key cryptography has two
keys: one public encryption key that is publicized and used by
everyone and one private decryption key that is not shared with
anyone.
When a user wants to decrypt a message he has to have a unique
pair of decryption and encryption keys. While sending a secret
message the sender has to get hold of the public encryption key
and encrypt the message with the key before sending the message.
 Only the right receiver who has the correct decryption key is able challenge. Alice encrypts the number with the key that she shares
to decrypt the message. with Bob and sends the cipher text KAB(RB) back to Bob. When
As you can see in figure 5 the replay attack is not possible in Bob receives this message he knows that the message comes from
public key encryption. Alice, because if there would be an intruder in the system he
would not know the secret key that is shared between Alice and
Bob. The largeness of the sequence number sent by Bob to Alice
Alice Bob Carol ensures that an intruder will have difficulties in overhearing the
number as plaintext and the encrypted number.
{Bob, I am Alice}
Sending the encrypted number to Bob, Alice is not sure whether it
As secret key {Bob, I am Alice} really is Bob or an intruder who has sent her the number. To find
As secret key out if it is Bob she is talking to, Alice sends him a random number
(RA) as plaintext and Bob encrypts the random number in the
same way as Alice did and sends it back to her as cipher text,
Bob, Carol is not KAB(RA). This communication can of course be shortened as in
fooled figure 7.

Alice Bob
Figure 5. A failure of a Replay Attack.
A
4. AUTHENTICATION
Authentication is the technique used when a process verifies that RB
the communication partner is who he is supposed to be [5]. To be
able to pass through the authentication without having permission KAB(RB)
to it is a difficult task. In this section there will be a short
description of the different authentication protocols that are used
in computer systems. RA
An authentication protocol starts with the event that a process, for
example a user Alice, wants to establish e secure connection with KAB(RA)
another user, Bob. Alice either sends a message directly to Bob or
to a trusted and honest key distribution centre (KDC). This Figure 6. A two-way authentication using the challenge
communication between Bob and Alice can be interrupted by an response-protocol.
intruder who replays, modifies or blocks the communication.
Nevertheless, when authentication is completed Alice and Bob Alice Bob
know they are talking to each other, not to an intruder, and there
is a secret session key established that is to be used in upcoming
conversations. This session key is established to reduce the A, RA
amount of traffic including the secret decryption key or the public
key and to reduce the amount of cipher text an intruder can get
hold of. If the process would crash and an intruder would get hold
of the core dump the damage is hopefully minimized since the RB, KAB(RA)
only obtainable key is the session key.
Authentication protocols often use public key cryptography to
establish the session key, while private key cryptography is used
to encrypt the data. KAB(RB)
The following sections are about authentication protocols that are
based on the sharing of a secret key between two users.
Figure 7. A shortened challenge-reponse protocol.
4.1 The Challenge-Response Protocol
The first protocol is called the challenge-response protocol. Let us The problem with the challenge-response protocol is that an
assume that Alice (A) and Bob (B) have exchanged a secret key intruder can easily break it with a reflection attack. The reflection
(KAB), to be sure that the authentication passes one party sends a attack can take place if Bob is able to accept simultaneous
random number to the other party, transforms it with the secret connections at once, and then the intruder can cheat Bob out of
key and sends it back. For an example see figure 6. the secret key Bob shares with Alice as you can see in figure 8.
In the example we can see the communication step by step. At The intruder starts first one session, receives a random number
first Alice sends a message with her identity to Bob, who does not from Bob (RB), which the intruder sends back in a new session as
know whether the message really comes from Alice, therefore his own random number. Bob encrypts RB in the second session
Bob sends a large number (RB) as plaintext to Alice as a

and when the intruder receives the cipher text KAB(RB), the
intruder can finish the first session by sending KAB(RB) back to
Bob.
The conclusion is that when designing an authentication protocol
it is important not to give away information that an intruder can
use and the two communicating parties have to use different keys.
Intruder Bob
A, RT
First session
RB, KAB(RT)
A, RB
Second session
RB2, KAB(RB)
First session
KAB(RB)
Figure 8. A reflection attack.
4.2 The Diffie-Hellman Key Exchange
There is another type of authentication protocol, called the Diffie-
Alice picks x
Hellman key exchange, which allows strangers to establish shared
secret keys, something Bob and Alice did not have to do in the
prior protocol. Alice and Bob have to, in this case, agree on two
large public prime numbers, n and g, where (n-1)/2 also is a prime
and certain conditions apply to g. Bob and Alice pick two large
(512-bit) numbers, x and y, that are kept secret. According to
figure 9 Bob and Alice send the different numbers to each other,
make calculations and the result of the calculations of Bob and
Alice will always be the same. This results in a shared secret key,
gxy mod n. An intruder does not have any possibilities of
computing gxy mod n, although knowing n and g, because there is
no algorithm for computing discrete logarithms modulo a very
large prime number and therefore the intruder cannot compute x
and y.
Alice picks x Bob picks y
n, g, gx mod n
gy mod n
Alice computes Bob computes
(gy mod n)x = (gx mod n)y =
gxy mod n gxy mod n
Figure 9. The Diffie-Hellman key exchange.
Although there are difficulties in computing the two large
numbers x and y, an intruder can perform a bucket brigade attack,
also called the man-in-the-middle attack. The intruder places
himself between Alice and Bob, as you can see in figure 10, and
receives Alices message that is intended for Bob. The intruder
sends a correct message with calculations to Alice and an initiate
message to Bob. Bob responds on the intruders message with
Bobs own calculations. Finally Alice and the intruder compute
the secret key gxz mod n, while Bob and the intruder compute the
secret key gyz mod n. Now every message Alice sends, to who
she thinks is Bob, can either be modified or stored by the intruder
and thereafter passed on to Bob. The same thing occurs in the
other direction.
Intruder picks z Bob picks y
n, g, gx mod n
n, g, gz mod n
gz mod n
gy mod n
Figure 10. A bucket brigade attack.
4.3 Key Distribution Center
As we have seen there are problems with protocols sharing secret
keys, but there is a trusted approach called the key distribution
centre (KDC). All authentication and session key management
between users goes through the KDC and the idea behind it is not
that complicated. As you can see in figure 11 the idea is quite
simple because all Alice does is identifying herself to the KDC
(A), picking a session key (KS), telling the KDC that she wants to
talk to Bob (B) and encrypting the message with the secret key
KA that Alice shares with the KDC. The KDC on the other hand
constructs a message to Bob including Alices identity (A), and
the session key the KDC has received from Alice (KS), encrypted
with the secret key KB that the KDC only shares with Bob.

Alice KDC Bob
A, KA(B,
KB(A, KS)
Figure 11. An authentication protocol using KDC.
The problem with this authentication protocol is the possible
replay attack made by an intruder. The intruder can in some way
copy the second message, the one from the KDC to Bob, and
replay it several times to Bob but there are solutions to this
problem. Either a timestamp can be added to the message, or a
unique identifier can be put in each message. If a message with an
old timestamp is received, the message can be discarded and if the
receiving party remembers the identifier then a message can also
be discarded if the identifier already has been received.
There are of course several other authentication protocols but
these are the most known with problems that are known and have
been taken care of.
5. ETHICS AND LAWS
The discussions about computer and network security have been
many since they relate to the difference between democracy and
the state where Big Brother is watching you [5].
There is a need for individuals to maintain some kind of privacy,
while governments most often see the need for security to be most
important.
There are several countries around the world, for example France,
that have totally forbidden nongovernmental cryptography just
because governments do not want citizens keeping secrets from
them. The legislations concerning cryptography around the world
ensures indirectly that the electronic communication structure is
wiretap-friendly and is easy to watch, but the modern
mathematical techniques of encryption are still developing,
offering electronic privacy to the people [4].
There are several cases in United States where people, not only
American citizens but also researchers that have spend some time
in the US, have been sentenced to years in prison and fines for
breaking the American legislation [5].
On the other hand many governments themselves have
eavesdropped on citizens without any permission and cases like
these make the discussion heated.
5.1 Legislation in the United States
The American debate on privacy has been burning since the
Second World War and since the first legislation of the rights of
privacy in 1941, four types of privacy right cases have been
defined in the Fourth Amendment [2].
The debate in the United States about the specific legislation of
cryptographic technologies started in 1993, when the government
announced a new encryption standard, called the Escrowed
Encryption Standard (EES), which has replaced the older standard
called Data Encryprion Standard (DES), described earlier in this
paper. This new standard was a response to the growing fear of
the government that the digitalized communication and the
widespread use of high-quality encryption would make the
governments work difficult.
The encryption standard EES was supposed to be implemented in
all digital communication equipment that was either sold or used
in the United State, by incorporating a computer chip called
Clipper into different telecommunication devices [9]. The Clipper
chip works in the following way: the Clipper chip in the sending
machine encrypts the data, without the control of the sender, and
the Clipper chip in the receiveing machine decypts the data. The
whole process is hidden from the user and the encryption
algorithm, called SkipJack, is of course classified by the National
Security Agency (NSA), since it is still considered to be reliable
and robust for use.
The feature added to the EES, was that all the decryption keys
used by the Clipper chip would be stored and only available for
authorities, like National Institute for Standards and Technology
(NIST) and the Automated Systems Division of the Department
of Treasury. This standard was met with a big opposition from
industry, civil liberties organizations and cryptologists; therefore
it was also abandoned after some time had passed.
Many organisations, like the Electronic Frontier Foundation
(EFF) [9] were opponents to the Clipper chip and the power the
authorities would have keeping all the keys. Organisations like
EFF are dedicated to protect the privacy of Americas citizens and
to educate the public about the democratic potentials of
communication technologies. The organisations find that
proposals like EES insult the fundamental rights, concerning the
citizen right to information without the interference of
authoritites.
The government managed to achieve its aim by legislating the
import and the export of munitions [4].
The law in the United States, called Export Administration
Regulations (EAR), concerns the prohibition of import and the
export of munitions, such as jet fighters and tanks, without the
permission of the Department of Defence.
United States International Traffic and Arms Regulation have
stated that cryptographic algorithms are a type of munitions and
EAR was therefore updated in 1996 prohibiting all citizens from
exporting cryptographic software. The updated version of EAR
was stated by President Clinton in 1996 in the following speech:
I have determined that the export of encryption products
described in this section could harm national security and foreign
policy interests even where comparable products are or appear to
be available from sources outside the United States, and that facts
and questions concerning the foreign availability of such
encryption products cannot be made subject to public disclosure
or judicial review without revealing or implicating classified
information that could harm the United States national security
and foreign policy interests.
The EAR was further revised and reformulated in year 2000, by
the Department of Commerce. This revision concentrates more on
the encryption and the source code than the older version and the
following amendment was added to the EAR:
Encryption items can be used to maintain the secrecy of
information, and thereby may be used by persons abroad to harm
national security, foreign policy and law enforcement interests. . .
. As the President indicated in Executive Order 13026 and in his
Memorandum of November 15, 1996, export of encryption
software, like export of encryption hardware, is controlled
because of this functional capacity to encrypt information on a
computer system, and not because of any informational or
theoretical value that such software may reflect, contain, or
represent, or that its export may convey to others abroad. For this
reason, export controls on encryption software are distinguished
from controls on other software regulated under the EAR.
This part of the law clearly states that the government sees
encryption as a threat to national security, but commercial
encryption software including symmetric algorithms using keys
with the length 64 bits or less are not prescribed by law [6].
Because of the critical and loud opposistion of the legislation, it
has become more liberalized and the exporting license has
become looser. Cryptography businesses have instead been
offered to agree on the earlier feature, which is to store the
decryption keys and make them available for authorities [4].
5.2 Directives in the European Union
While the laws in the United States are based on the privacy of
the citizens, the European Parliament decided to go the other way
and stated principles of data protection. In July 1995, the
European Parliament through the Council of Europe Convention
on Data Protection took on a memorandum that protects the
fundamental rights and freedom of individuals, concentrating on
protecting the right of privacy [7].
The aim of the directive that was stated by the European
Parliament is to protect the fundamental rights and freedom of
natural persons, and in particular the right to privacy with respect
to the processing o personal data. The second intention with this
directive was to make the flow of the personal information within
the European Union easier. Earlier legislation in the European
Union was more focused on the recording of private data, while
the existing directive is more broader, regulating all processing of
personal data, including recording of information. According to
the directive, all data is not permitted to be processed. Sensitive
personal data like the revealing of ethnical or racial origins,
political opinions, religious beliefs, and the data concerning
health or sex life, is only allowed to be processed if it is necessary
to protect the vital interest of the person who the data concerns.
There are of course other exceptions of the processing of data in
the directive; like the medical data that is permitted to be
processed in a health system for purposes of treatment.
The person whose data has been processed has the right to be
informed who the person is who controls his data, why it has been
processed and who is going to take part of it [8].
Not all the countries in the European Union follow the directive;
United Kingdom has for example a Data Protection Act, which
was stated in 1984 and does not acknowledge the right of privacy
[7].
5.3 Individual freedom
Privacy can be seen as the protection from intrusion and the
protection from information gathering made by unauthorized
persons. The individual control of personal data is also a type of
privacy that can come in conflict with the first formulation [3].
Philosophically, the two distinctions of privacy say us that a
person can have control but no privacy, or privacy but no control.
Is it possible having the right to control and the right to privacy at
the same time?
On the other hand if privacy would depend on the control of the
data of an individual there is no possibility that this individual
would have privacy since there is far too much data to have
control of. A user in a network system can only have control of
data to which he has access to, therefore is the right to privacy
better understood in terms of restricted access.
There are two sides in the ethical debate concerning computer
security. One part finds that the technology to encrypt data, and
provide confidentiality to the users in a computer networks, is out
in the open. Therefore are the attempts, made by authorities, to
prevent citizens from communicating privately, not only
undemocratic but also useless [4]. Libertarians argue that citizens
have rights to encrypt whatever they want, without governments
interfering and storaging of encryption and decryption keys.
On the other hand governments have a need of controlling
citizens for the need of the security of a country. The possibility
to be able to prevent terrorism by buging communication in
computer networks is invaluable and there are governments which
think that the right to privacy of citizens unfortunately must be
disregarded. There is a third party in the discussion [10] saying
that the existing methods of encryption are technical facts rather
than an ethical question. The ethical question lies in the way
encryption is used, where the information is crucial.
This chapter will be finished with the words of Immanuel Kant,
who has been one of the philosophers fighting for the ethical
behavior. He states that a person should "Act in such a way that
you treat humanity, whether in your own person or in the person
of another, always at the same time as an end and never simply as
a means" [9].
6. CONCLUSION
There are many ways to have a secure communication in
computer networks today. Today there are both possibilities to
encrypt the data that is transmitted in a computer network and
possibilities to control which users have authority to use network
systems. Both encryption and authentication have algorithms and
protocols that have been or are widely used.
Along with the computer security there are ethical questions that
come up. Authorities are concerned over the fact that encrypted
communication over computer networks can be misused by
terrorists and other criminals and therefore the legislation in many
countries around the world has come into force. Civil rights
organisations mean that the right to communicate with each other
using encryption is a civil right. The legislation is by many found
to be a violation of a persons right to privacy.
While we wait for the next generation of privacy-protected
technology, where there will be no one who feels that the
technology in combination with the legislation is a violation of
human right to privacy, it is important that the industry adopts a
more universal and ethical approach towards privacy.
7. REFERENCES
[1] Richard A. Spinello, Herman T. Tavani. Readings in
CyberEthics. Jones and Bartlett. ISBN 0-7637-1500-X
[2] L. Jean Camp. Web Security and Privacy: An American
Perspective. The Information Society 15, 1999
[3] Herman T. Tavani, James H. Moor. Privacy Protection,
Control of Information, and Privacy-Enhancing
Technologies. Proceedings of the Conference on Computer
Ethics-Philosophical Enquiry (CEPE 2000)
[4] Whitfield Diffie, Susan Landau. Privacy on the Line: The
Politics of Wiretapping and Encryption. The MIT Press,
1998
[5] Andrew S. Tanenbaum. Computer Networks. Prentice Hall.
ISBN 0-13-394248-1
[6] Jean Camp, K. Lewis. Code as speech: A discussion of
Bernstein v. USDOJ, Karn v USDOS, and Junger v Daley in
light of the U.S. Supreme Courts recent shift to Federalism.
Ethics and Information Technology 3, 2001
[7] James Morris-Lee. Privacy: Its everyones business now.
Direct Marketing, Apr 1996
[8] Dag Elgesem. The Structure of Rights in Directive 95/46/EC
on the Protection of Individuals with Regard to the
Processing Personal Data and the Free Movement of Such
Data. Ethics and Information Technology 1, 1999
[9] Lester Dorman, Phil Lin. Digital Privacy: The Ethics of
Encryption. Stanford University.
http://www.totse.com/en/privacy/encryption/dpcryp.ht
ml
[10] Chris Zielinski. The Ethics of Encryption and Inscription.
Ethicom 98.
http://www.iwsp.org/Ethics_of_encryption.htm