In recent years, the rapid technological developments coupled with the globalisation phenomenon have led to the availability of personal and professional information on the Internet and other Internet related services. This has resulted in serious potential threats to information privacy and security. As necessary precautions, there has been recently increasing global awareness of these topics and several countries are coming up with new models in order to preserve information privacy and security. In this report attempts to provide an insight into the ethical, professional, and legal issues related to information security. The infamous case of NSA and Edward Snowden is discussed as a case study.
The advancement in information technology has resulted in proliferation of computers and computing devices into both professional and personal aspects of our lives. A significant part of our daily activities is dependent on IT and IT enabled technologies. Many of our mundane daily activities like communication, shopping, entertainment, information seeking rely on computing devices in general and the Internet in particular. Each of our activities of using computers and the Internet generates information. Hence, there is an ever increasing demand for information storage. The concept of information storage became popular since the time when floppy disks were introduced. The floppy disks provided a storage capacity, as little as a couple of MBs. With progress in storage technology, the storage devices have passed a long way since then. Today, hundreds of gigabytes of data can be stored on tiny devices. Further, the activities done using Internet and related technologies have resulted in storage of our personal and professional information on third party devices. More recently, the concept of cloud computing has become popular, wherein, private companies or agencies provide “clouds” which is nothing but storage space provided over the Internet. Also, the popularity of social networking sites like Facebook, Twitter, etc. has made our personal information increasingly vulnerable.
The vulnerability of information has led to the introduction of data privacy and data security concepts. In today’s data uses, it is very difficult to stop making personal data available on the Internet. Therefore, the data privacy and security concepts aim at regulating online data and its security (Whitman, 2010). The concept of information security and the relevant ethical, professional and legal issues are discussed in certain detail in the rest of this report.
2. Information Security
In the cyberworld – the collection of accessible resources on the Internet – there is always a potential threat on the information available online. Hence, providing security to the information is an ethical, professional and legal obligation for companies holding such information (Pfleeger, 2006). However, over the years, there have been reports on misuse of information and breach of information security. One of the most notorious ones in the recent past is the breach of data privacy and security by the National Security Agency (NSA) of USA, revealed by the whistleblower Edward Snowden. In the next sections, a case study is presented on the act of NSA.
2.1 NSA and Edward Snowden
In September 2013, Edward Snowden, a former IT employee with the NSA leaked some classified documents to the press. The documents revealed that the security agency NSA has been spying on personal information of the general public, embassies of various nationals and even on the communication systems of several governments across the world by tapping on their phone calls and email services (Skiba, 2013). The revelation has led to widespread criticism of the NSA across the globe. The NSA is accused of violating privacy and data security principles. Interestingly, there were many views in favour of the NSA as well. This case can be analysed from several viewpoints. In the next sections, this case is discussed with respect to the ethical, professional, and legal views.
a. Ethical Issues
The NSA decrypted all the encrypted data obtained from its spying process. This act of NSA has violated several commandments of “The Ten Commandments of Computer Ethics” (Institute, 1992). The most significant commandments which it has violated are:
- Not to use other people’s resources without authorisation and proper compensation
- To think about the social consequences of the activity
- Not interfere with other people’s computer work
- To always use the computer in such ways that it ensures the respect and dignity of humans
It is quite obvious that NSA has used people’s resources without their authorisation or consent. Moreover, NSA has also shared the information with its British counterpart. The NSA has also ignored the social consequences of their spying activities. For instance, by spying on the embassies and governmental organisations of various countries, it has created bitter relations with its friendly countries. It is quite evident from the statements of leaders of countries like Brazil, Russia, France, etc. This may have serious implications on the foreign relations of the country. Another aspect of NSA spying is that, it collected information from private companies like Google, Yahoo, etc. This is a security violation, since the users of the services allow the companies to access their personal information with the belied that their information is safe with them. By obtaining information from the servers of different companies, NSA has made the information of the public vulnerable to the security threats.
According to Edward Snowden, the reason why he leaked the documents is because he felt that what NSA is doing is unethical and serious violation of human rights to data privacy and security. Interestingly, there are many views opposing Edward’s act. Edward has been accused of violating his ethics by not being loyal to a company and choosing wrong methods to leak classified documents which are of importance to national security. On the other hand, the spying activities of NSA are considered to ethical since they are important for the security of the country and hence the general public. The spying activities will help in preventing terrorist activities and safeguard public life and property. This view may be acceptable if NSA had limited its activities within the geographical limits of its country, however, by conducting global spying of public and governmental data, NSA loses its ethical and moral ground for its spying activities.
b. Professional Issues
Ironically, NSA is the country’s cryptographic organisation which aims at protecting the information systems related to the USA (Warren, 2005). It provides the technology and guidance for security solutions within the country. Another important functional goal of NSA is to produce foreign intelligence information, foreign language analysis and research. As a security organisation, NSA’s primary goal is to maintain the security of the country and it resorted to means of spying for the general good of its country. One may argue that NSA has carried out its operations as a necessity and benefit for the country. Since, foreign intelligence is one of their functional operations; some views suggest that NSA has worked within its professional code of conduct.
On the other hand, in the strictest sense of professional conduct, it can be said that Edward Snowden has breached his professional code of conduct. Let us consider ACM’s code of ethics and professional conduct which can be referred at (Ronald E Anderson, 1993). It can be seen that Edward has broken his professional code of conduct. As a professional employee of the NSA, Edward is bound to honour contracts, agreements and assigned responsibilities, and since he was under a contract with the NSA, he is expected to safeguard the employer’s information. By leaking the classified documents, he has not maintained the supposed confidentiality between him and the organisation. On the contrary, since Edward perceived the operations of NSA as highly unethical, it was a case of conflict of interest to him. Edward had to let go off either moral ethics or professional code of conduct. Under such a conflict of interest, he chose to inform the world about the unethical practices of NSA. Conflicts of interest are always difficult situations, especially after the incident of 9/11 (Davis, 2004).
c. Legal Issues
Analysing the legal aspects of this case is tricky, since NSA is an organisation which is under the direct control of the federal government which frames the national laws and policies. The National Information Infrastructure Protection of 1996 Act prevents organisations from using the information for criminal and commercial purposes. However, the landmark Patriot Act of 2001, works in favour of NSA. According to the Patriot act, the law enforcement agencies are empowered with the additional rights in combating terrorism related activities. One of the key points of the Patriot act was the use of public data for the purposes of national security (Kerr, 2003).
Under the purview of the Patriot act, it can be argued that NSA is legally on the right track when it comes to spying on the public data for purposes of national security within its country. However, the bigger and more serious allegations like spying on friendly nations and sharing of information with other countries is serious breach of law. The NSA has no legal right to spy on other countries diplomatic and public data. This can also be considered as an international crime and may lead to several legal implications in different countries. However, for Edward Snowden, a trial in the country may lead to sentence for a criminal activity since he leaked classified information of national interests and also broke the confidentiality agreement with NSA.
- Quote paper
- Majed Alkhammash (Author), 2014, Information security for national security: The Snowden and NSA case study, Munich, GRIN Verlag, https://www.grin.com/document/308419