The ethics of coexistence: Can I learn to stop worrying and love the logic bomb?

Abstract

Computer security attacks are frequent fodder for ethical analyses, but the ethics of computer security defenses are not often examined. We address this by considering a topical problem in computer security. In an age of so-called “advanced persistent threats” that lurk undetected on computer systems for long periods of time, it is increasingly unrealistic to expect a computer system to be permanently free of malicious software. Recognizing this, we posit the idea of a “cosecure system” - a cosecure system, by design, would allow legitimate software and malicious software to coexist safely on the same machine. We take an unusual tack to software design and use ethical concerns to guide the design of a cosecure system, rather than building a cosecure system and then performing an ex post facto ethical analysis. The principal tenets of security that must be upheld are confidentiality, integrity, and availability, and any system purporting to be secure has an ethical duty to the system user to uphold these. This is the starting point for our design process, and we proceed to look at how a cosecure system may be implemented. What we arrive at by going through this ethics-based software design becomes a proof by contradiction: we are forced to conclude that it is not possible, in fact, for malicious and legitimate software to coexist; a cosecure system as we have described it cannot be built. This allows us to see traditional computer security defenses in a new light. If we cannot uphold key security properties in the best case, where a system is expressly designed to allow coexistence of malicious and legitimate software, what does that imply about the defenses of the actual computer systems we use? We propose that a community defense is an alternative that eludes previous ethical issues, as well as being defensible from an information ethics point of view.