Ethics in the Digital Age
By Dean Lane, Chief Information Officer, The Institute of World Politics
As any modern citizen living in the 21st century knows, the digital world is as much a part of our daily lives, sometimes more, as the physical world. Just as society has implicit expectations that guide our conduct and ethical behavior when we are offline, there is an increasing expectation for similar standards to be upheld when one is visiting the digital world. These are known as Cyber Ethics.
Cyber Ethics is simple enough to define when you unpack the two words: Cyber and Ethics. “Cyber” encompasses the realm of computers, information technology, gaming, virtual reality, and artificial intelligence. “Ethics,” on the other hand, refers to a set of rules, standards, or behaviors that are expected in a given activity – moral conduct within a particular context. In essence, Cyber Ethics defines the etiquette and moral behaviors to be followed in the digital world.
Identifying unethical behavior is often a straightforward process. Malicious actions like hacking, or gaining unauthorized access to a computer system, clearly cross the line and are unethical. These illegal acts are perpetrated by hackers, bad actors with harmful intent and often cause substantial harm to individuals or organizations. Other Cyber Crimes such as “phishing” or acts of Cyber Terrorism are also plainly unethical.
There is an uptick in legislation to codify and enforce ethical behavior in the cyber domain, particularly in areas surrounding user and entity privacy. These stem from an increasing expectation that individuals have a right to their privacy, which includes having their digital data protected. The U.S. Department of Health and Human Services (HHS) has set national standards in the form of the HIPPA Security Rule to safeguard electronic personal health information.
Organizations who ignore these cyber privacy regulations do so at their own risk and can incur substantial fines. In 2018, the European Union enacted General Data Protection Regulation (GDPR), described as “the toughest privacy and security law in the world. Though it was passed by the European Union (EU), it imposes its obligations onto organizations anywhere, so long as they target or collect data related to people in the EU…The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.” Other countries, states, and provinces have taken note and many are following suit.
Some areas regarding Cyber Ethics are less straightforward and still evolving. Certainly, much has been in the news recently about the ethical questions surrounding AI. But in a recent interview, HP Federal CTO and IWP’s Cyber Ethics’ instructor Dr. Thomas Gardner emphasizes that organizations should also be paying attention to the broader category of Cyber Ethics, not just AI. With technology underpinning everything organizations do today, understanding the ethical implications and establishing an ethical framework is crucial.
As technology continues to evolve, each organization must continue to define its individual framework. Deloitte’s survey on the state of technology ethics explores how organizations and individuals’ attitudes are changing regarding key ethical areas regarding the use of technology: responsible, safe and secure, transparent and explainable, robust and reliable, accountable, fair and impartial, and private. Organizations, depending on their industry, may have unique considerations for each of these areas.
Our rapidly changing digital landscape requires organizations to focus on the related ethical considerations and be willing to define and adapt their ethical framework to meet this pace of change. Just like Cyber Security overall, organizations that adopt a proactive and responsible approach are much better positioned to steer clear of expensive and reputation-threatening incidents. Embracing this ethical mindset is not just a safeguard for today but a strategic investment for the future.