Ethics in Handling Plain-Text Information
Cipher-text information is data that was encrypted (scrambled) in ordered to prevent unauthorized subjects from accessing said data. Plain-text information is data that is not encrypted and is inherently readable by subjects with access to it. The ethical dilemma of accessing and processing someone else’s plain-text information should be grounded using four principles: (1) maximization, (2) harmlessness, (3) fairness, and (4) openness [1].
Maximization requires the needs of “the collective” be prioritized over the needs of “the individual.” For example, if processing plain-text information leads to the disruption of a security incident, then there may be a benefit. Harmlessness ensures security functions like network monitoring are performed without interfering with an end-user’s entitlement to basic privacy. Adhering to this principle also facilitates “fairness,” which demands everyone be treated the same. If the web browsing activities of the human resources department is logged and analyzed, so should every department (to include executive staff and information security personnel).
Lastly, organizations should be upfront about their surveillance techniques. End-users deserve to know who, how, and when their transmissions are being scrutinized.
References
- Analyzing Computer Security by Charles P. & Shari Lawrence Pfleeger