Cybersecurity, Ethics, and Collective Responsibility

Abstract

Abstract The advent of the internet, the exponential growth in computing power and the rapid developments in artificial intelligence have given rise to numerous ethical questions in relation to cybersecurity across various domains, not least by virtue of the dual-use character of cybertechnology—it can be used to provide great benefits to humankind, but also to do great harm. The domains in question intersect and include business (e.g., data security, data ownership and privacy), public communication (e.g., disinformation and computational propaganda), health (e.g., privacy, ransomware attacks), law enforcement (e.g., data security, predictive policing), and interstate conflict (e.g., cyberwar, autonomous weapons). This work undertakes analyses of the key ethical concepts in play, such as privacy, freedom of communication, security, and the right to self-defence. This work also develops sets of ethical guidelines to give direction to the regulation of cyberspace in these various domains. It does so from a liberal democratic perspective that seeks to protect individual rights while ensuring the collective good of cybersecurity. A central informing idea is that of institutionally embedded collective moral responsibilities that function as “webs of prevention” against cyberattacks. Cybersecurity is, in the end, a collective moral responsibility of both individual citizens and organizations, but a collective responsibility the discharging of which requires new regulation and the redesign of institutional roles, as well as technical countermeasures to cyberattacks, such as passwords, encryption, firewalls, patching, and the like. It also involves at times, we suggest, offensive as well as defensive measures.