The ethical issues raised by cybersecurity practices and technologies are of critical importance. However, there is disagreement about what is the best ethical framework for understanding those issues. In this paper we seek to address this shortcoming through the introduction of a principlist ethical framework for cybersecurity that builds on existing work in adjacent fields of applied ethics, bioethics, and AI ethics. By redeploying the AI4People framework, we develop a domain-relevant specification of five ethical principles in cybersecurity: beneficence, non-maleficence, autonomy, (...) justice, and explicability. We then illustrate the advantages of this principlist framework by examining the ethical issues raised by four common cybersecurity contexts: penetration testing, distributed denial of service attacks (DDoS), ransomware, and system administration. These case analyses demonstrate the utility of this principlist framework as a basis for understanding cybersecurity ethics and for cultivating the ethical expertise and ethical sensitivity of cybersecurity professionals and other stakeholders. (shrink)

Purpose Responsible research and innovation is taking a role in assisting all types of stakeholders, including industry members, in moving their research and innovation initiatives to tackle grand challenges. The literature on RRI, however, focuses little on how industry can implement RRI principles. To solve this gap, the purpose of this study is to construct a conceptual framework for managing and assessing RRI principles in the industry. Design/methodology/approach Qualitative research was used to build the RRI key performance indicator list; 30 (...) interviews were conducted to design a framework which was pilot tested in a company to identify how to align technology outcomes to the values, needs and expectations of the society. Findings This study depicts five successive RRI implementation levels and exhibits RRI key performance indicators. Drawing on extant models, this study develops RRI levels and indicators to discuss why industry should become engaged in RRI, how it can embed RRI principles into R&I processes and how RRI indicators can be managed systematically. Originality/value The connection between RRI key performance indicators and RRI levels determines how industry can integrate principles and methodologies of RRI into R&I processes. The model in the study shows how companies move from one RRI stage to another and this study aims to exhibit an ideal stage of RRI for industry. (shrink)

This article proposes a new definition of information security, the ‘Appropriate Access’ definition. Apart from providing the basic criteria for a definition—correct demarcation and meaning concerning the state of security—it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called ‘soft issues’ of information security and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting (...) attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security—the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security. (shrink)

Cognitive technology is an umbrella term sometimes used to designate the realm of technologies that assist, augment or simulate cognitive processes or that can be used for the achievement of cognitive aims. This technological macro-domain encompasses both devices that directly interface the human brain as well as external systems that use artificial intelligence to simulate or assist (aspects of) human cognition. As they hold the promise of assisting and augmenting human cognitive capabilities both individually and collectively, cognitive technologies could produce, (...) in the next decades, a significant effect on human cultural evolution. At the same time, due to their dual-use potential, they are vulnerable to being coopted by State and non-State actors for non-benign purposes (e.g. cyberterrorism, cyberwarfare and mass surveillance) or in manners that violate democratic values and principles. Therefore, it is the responsibility of technology governance bodies to align the future of cognitive technology with democratic principles such as individual freedom, avoidance of centralized, equality of opportunity and open development. This paper provides a preliminary description of an approach to the democratization of cognitive technologies based on six normative ethical principles: avoidance of centralized control, openness, transparency, inclusiveness, user-centeredness and convergence. This approach is designed to universalize and evenly distribute the potential benefits of cognitive technology and mitigate the risk that such emerging technological trend could be coopted by State or non-State actors in ways that are inconsistent with the principles of liberal democracy or detrimental to individuals and groups. (shrink)

This paper analyses the role of information security in shaping the dissemination and re-use of biomedical data, as well as the embedding of such data in the material, social and regulatory landscapes of research. We consider the data management practices adopted by two UK-based data linkage infrastructures: the Secure Anonymised Information Linkage, a Welsh databank that facilitates appropriate re-use of health data derived from research and routine medical practice in the region; and the Medical and Environmental Data Mash-up Infrastructure, a (...) project bringing together researchers from the University of Exeter, the London School of Hygiene and Tropical Medicine, the Met Office and Public Health England to link and analyse complex meteorological, environmental and epidemiological data. Through an in-depth analysis of how data are sourced, processed and analysed in these two cases, we show that IS takes two distinct forms: epistemic IS, focused on protecting the reliability and reusability of data as they move across platforms and research contexts; and infrastructural IS, concerned with protecting data from external attacks, mishandling and use disruption. These two dimensions are intertwined and mutually constitutive, and yet are often perceived by researchers as being in tension with each other. We discuss how such tensions emerge when the two dimensions of IS are operationalised in ways that put them at cross purpose with each other, thus exemplifying the vulnerability of data management strategies to broader governance and technological regimes. We also show that whenever biomedical researchers manage to overcome the conflict, the interplay between epistemic and infrastructural IS prompts critical questions concerning data sources, formats, metadata and potential uses, resulting in an improved understanding of the wider context of research and the development of relevant resources. This informs and significantly improves the re-usability of biomedical data, while encouraging exploratory analyses of secondary data sources. (shrink)