Social engineering from a normative ethics perspective

Abstract

Social engineering is deeply entrenched in both computer science and social psychology. Knowledge on both of these disciplines is required to perform social engineering based research. There are several ethical concerns and requirements that need to be taken into account whilst performing social engineering research on participants to ensure that harm does not come to the participants. These requirements are not yet formalised and most researchers are unaware of the ethical concerns whilst performing social engineering research. This paper identifies several ethical concerns regarding social engineering in public communication, penetration testing and social engineering research. This paper discusses the identified ethical concerns with regards to two different normative ethics approaches namely utilitarianism and deontology. All of the identified ethical concerns and their corresponding ethical perspectives are provided as well as practical examples of where these formalised ethical concerns for social engineering research can be utilised.