Ethical responsibilities and legal liabilities of network security professionals

Abstract

Profits, losses and the attendant risks of tort litigation run to the extreme in times of great speculation in an unregulated economic environment-conditions which characterize the present enormous growth in computer networking. Public law enforcement has thus far been largely ineffectual in deterring or even detecting criminal abuses of network resources. At the same time, reliance primarily on technical solutions for preventing and redressing criminal and civil wrongs may prove to be more harmful to individual and group liberties than imaginative and ethical attempts to use the criminal and civil law traditions. The anticipated storm of civil litigation flowing from the Year 2000 (Y2K) crisis can be expected to create a critical mass in both the number of new computer literate lawyers and in their experimentation with and confidence in the use of tort law for computer security failures and other Y2K related litigation. Among the risks that prudent network security professionals need to be concerned with, as they plan to deal with the millennium bug, is the growing risk of legal liability for security failures. Computer security professionals have not yet had to answer to any moral or legal outcry for social redress of the lack of security in the networks, while the tradition of keeping secret the vulnerabilities of evolving computer network technology has only recently begun to be seriously questioned by the profession and others.