OVERVIEW OF ETHICAL ISSUES

Research work by Sana & Nayab

Keywords: Ethical issues, Security, Confidentiality, Hacking.

Abstract

Ethics are moral principles in engineering, as engineers are socially responsible for manufacturing products and processes. Ethical issues arise when actions conflict with societal standards, impacting people’s quality of life. This paper aims to understand why these issues occur and analyze tools and techniques to overcome them, focusing on their effectiveness in technology evolution.

Introduction

Ethics, initially a personal concern, were adopted in 1912–1914 to address gaps in technical practices and ethical standards in engineering.

Why Software Engineers Face Ethical Challenges

Software engineers face ethical challenges due to shortened life cycles, direct code deployment, potential misuse, security, confidentiality, and hacking concerns, particularly in the Internet age.

Background

Software engineering requires ethical decision-making, using systematic methods like flowcharts and UML diagrams. Ethical hackers protect data, while technology advances increase security threats.

Methodology and Techniques Available

Our paper uses a back study approach to examine the need for ethics in engineering, addressing security, confidentiality, and hacking issues, and discussing mitigation techniques.

Need of ethics in software Engineering

Software engineers have the power to positively impact society, but ethical decision-making is crucial. An example is a software developer's rapid development of a product leading to abnormalities in maternity wards, highlighting the need for ethical awareness and responsibility.

Security

Information security, particularly in digitalization, safeguards data assets from unauthorized access, misuse, disruption, alteration, or destruction, requiring moral judgment and confidentiality for control.

Proposed Methodology

Research Design

The study utilized Google Forms to conduct a survey among software engineering students and professionals regarding ethical issues like security, confidentiality, and hacking.

The study used a questionnaire to collect primary data from thirty respondents, primarily female and IT professionals, based on their occupational status.

Proposed Methodology

Data Collection Techniques

Hacking

Today all information is available online, accessed by a large number of users, some of them use this information to gain knowledge and others use it to know how to use this information to destroy or breach data and databases of websites without the owner’s knowledge. As computer technology advances, it also has its dark side which is hacking. Today, a large number of companies, institutions, banks and websites are subject to different types of hacker attacks by hackers.
Hacking is a method of finding loopholes or vulnerabilities in computer system or networks and using them to gain unauthorized access to data or to change the characteristics of targeted computer system or networks. Modifying computer, programs or networks to achieve specific goal are terms of hacking that are inconsistent with user goal. Hacker’s expertise include software cracking as well as hardware. A hacker is a computer enthusiast and highly skilled in programming, security and networking.

Hacking have two paths. The first one is legal and authorized work while the other path is illegal and unauthorized work. The authorized advance is also known as certified engineering .Illegal hacking is also called reverse engineering .White hat hacking is legal job assigned with the permission of organization while Black and Grey hat hacking is not approved.

According to the ways of working or according to their intension, Hackers can be classified into three groups.

White Hat Hackers
Black Hat Hackers
Grey Hat Hackers

White Hat Hackers /Ethical Hacking

Ethical hacking is an information security branch and also called as “Penetration testing” or “White Hat hacking”. They are waged professionals. To overcome the risk of being hacked by hackers, we have ethical hacker in this field, who are specialized in computer security that violates and find loop holes in protected networks or computer systems of some organizations or companies and corrects them to improve security working under set of rules and regulations by various organizations. These are the people who try to protect data while on the internet with various attacks from hackers and keep it safe with the owner. Ethical hackers use the same approaches as black hat hackers but their intention is to use their knowledge productively. Information obtained from ethical hacking is used to maintain the security of the system and to prevent system from further potential attacks.
Ethical hacking is a useful tool for the industry. Their expertise extends through penetration studies, site security assessment, and secure code reviews and security policy reviews. Mark Abene, known worldwide for his pseudonym Phiber Optik, information security expert and entrepreneur. High level hacker were in the 1980s and 1990s. He was one of the first hackers to publicly discuss and defend the positive benefits.

Need Of Ethical Hackers In software engineering:
Since each organization has its own confidential information that can be compromised or harmed by malicious hackers, therefore to protect this information, organizations employ ethical hackers and allow them to penetrate their systems ethically, find flaws or gaps in your systems and fix them before they hack your system. Ethical hacking is effective approach to overcome ethical problems in hacking

Black Hat Hackers

Cracker is the other name of Black hat Hackers. Crackers are highly skilled programmer’s breaks into someone system has malicious intent to steal or destroy their important or confidential information or compromise the security of some institution, close or change the functions of sites and networks. Crack system security for personal gain is the main goal of cracker. These people generally demonstrate their extensive knowledge of computers and commit various cybercrimes, such as identity theft, credit card fraud etc.

Student used his hacking skills to hijack webcams to catch young women pictures in various stages of undress (Humphries 2008). [2] .So this act is considered as illegal hacking which is highly unethical and affecting the lives of the common people.

Grey Hat Hackers

A Gray Hat Hacker is a security expert who frequently breach the law but has no malicious intent such as the black hat hackers. The word Gray Hat is obtained from Black Hat and White Hat because white hat hackers or ethical hacker discover weaknesses and loopholes in the networks and computer system or and do not tell anyone until it is fixed, while others hackers apart from the black hat illegally hack the computer system or the network to discover loopholes and leak the information to the third parties and the gray hat hacker does not illegally hacks and does not tell anyone how to do it. Gray Hat Hackers are amid white hat hackers who manipulate to maintain the security of the system and black hat hackers who hacks maliciously to hacks computer systems.

Despite of their positive objectives, the gray hat hacking can have upsetting social outcomes. According to Reports of CNN reported in the spring of 2015, Chris Roberts who is a consultant for cybersecurity was detained after supposedly illegally accessing the control system of exceeding twenty united Commercial airlines flights(Perez 2015).Although he profess that his act was meant purely to aware people of crucial security problems in the software of the aircraft. It is not hard to perceive the negative outcome that could rise if a malicious black hat hacker attempted the similar action.

Ways to mitigate Ethical issues

We can overcome ethical issues using different tools and techniques. At first understanding of ethical is important which can be explained by systematic methods in an effective way. Moral standards needs to be carried out without classification which come up as a foundation for morality. Systematic methods are required to facilitate the explanation of ethics. This kind of methods are very appropriate for software engineers in modeling the ethical decisions. Diagramming techniques includes such as flowcharts and UML diagrams which seems to be familiar approach for software engineers.

Nowadays, information systems are becoming large that it becomes more difficult to manage with only technological control mechanisms. Control mechanisms must therefore be built on individual control mechanisms which can be achieved by ethical frameworks. We can achieve high and potent security by incorporating ethics in control mechanisms.

Microsoft endured a break of security as for its corporate system in October 2000 in which important source code for a future item had been obtained. The inquiry, accordingly, remains: what are the full ramifications of that security penetration for the association? Could Microsoft be guaranteed that no endeavor had been made to adjust the said item or to inspect it for some type of trapdoor through which to dispatch future security penetrates? Despite the fact that they remain to a great extent unanswered, the inquiries that emerge from the over two cases, speculative and genuine, highlighting the need of ethical information security awareness inside the organization.
Societies of computer such as ACM have recommended some professional practices and code of ethics which an engineer must follow. Ethics are tightly linked to legal procedures or law if breached can leave an organization in crisis. Community plays an important role in information security by making ethical standards productive. If ethical rules and standard are given to individuals to follow and educating them on ethics will definitely improve the security layer in companies. Code of ethics provide guidelines to individuals for interacting

with the system. They can be applicable to all the people working in an organization including developers, management, end users and security experts. Organization can also specifically develop code of ethics and apply them within organization. This can be more useful and efficient due to target and additionally it can fill distinct security gaps related to information. Kluge [9] has developed a code of conduct for health information professionals. He discussed various problems in the field of health informatics and proposed a code of conduct for various information security problems, he suggested that in addition to the technical safety layer in the health information system, there should be an ethical layer that protect patient private data. By creating this layer in health information professionals.
One of these controls, Let us consider, can be applied to intrusion detection systems, and is as follows: Use of Surveillance System - Unauthorized access attempts such as alerts from proprietary intrusion detection systems, access policy violations, network gateway notifications and firewalls.
Consequently, ethics can need be applied within groups which agree upon basic ethical standards and acceptable conditions of use of information systems. This responsibility can start from a variety of factors. Agreement on common standards for the functioning of systems at the company level could be common business interests. Individually, conditions of employment or codes of ethics between the peer groups can be the determining factor. At the point when we talk about the ethics in security, it must be taken into account when developing software. Safety quality engineering (SQUARE) is a process model gives a mean to obtain, categorize and prioritize security requirements for software system. The objective of this methodology is to integrate security concepts during the early phases of the software development life cycle (SDLC). The model can also be used to document and analyze the security side of systems put into service and make improvement to software systems.
Awareness of security is an important factor in securing the information of organization. Numerous studies conducted confirms that lot of computer users have insufficient knowledge of information security. Government need to make effort to provide awareness related to security so that the people or users understand the threats and risks in security. People working in an organization are capable to make essential security decisions at the need of hour, that’s why employees should be provided proper training and awareness to cope with this problem. Awareness should be including that what are the security threats and how we can cope with these threats. All users must be educated about information security threats and understand their responsibility in the process of security.
Security problem occurs when there are weakness in the software which can be controlled by reviewing the code. Code review is an activity where the developers, coders and testing team review the code in a group. The weaknesses or loopholes in the software are observed by the code review team which is important before deployment of the software. The software engineer is a professionally responsible for the protection and confidentiality of information / data. He should not disclose his customers' personal data to unauthorized third parties. He can only release the information if that person has allowed it or it very necessary to share the information.

Bases on moral theories, one techniques that can be practically used to mitigate the issues of hacking would be to focus on piloting the moral and ethical concerns of gray hat hacking scenarios through educational programs. Ethical or white hat hackers still have the profound Skills and capabilities as black hat hackers. Basically, the laws dictate what behaviors we should follow while ethics recommend what we should follow and it also notable that for any good law, the law is based on ethics. Laws are enacted to protect the people who are innocent from the harm to boost rights. There are some laws related to hacking, if the laws are applied properly, hacking ethical issues can be mitigated to some extent. The law punishes hacking under the computer crime statutes.

Internationally, countries have started legalizing diverse laws and rules against hackers to protect people and organizations from reverse engineering attacks and other related crimes to hacking. Unfortunately, obedience to the law is the main exceptionally criminal component in IT security that prompted its initiation in any case. Individuals' have to recognize what their privileges are and the discipline to be imposed if they somehow happened to violate law. Along these lines, the UK Computer Misuse Act of 1990 ensures against all PC abuse offenses by securing against unapproved access to PC material; unapproved access with aim to submit or encourage commission of further offenses and unapproved alteration of data/information. The computer fraud and Abuses act is the main /important law against hacking that prohibits illegitimate access to third party or some other system.

Though the law was primarily intended to protect the computer systems of U.S. government entities and financial institutions, the extent of the law has extended with changes to include virtually all computers in the country (containing devices such as servers, laptops, smartphones desktops and tablets).
Civil Violations under the CFAA is the law to penalize the criminals who violates the law. But the modification made in 1994 expanded the act to take in the causes of action for to take in the causes of action for civil suits as well as to criminal prosecution. Violation in this act included the following clauses: attaining data from a computer through illegitimate means, Trafficking in a computer password that can be used to get access to a computer; spreading spam and harming the data or information stored on computer.

Professional software engineers are aware of the fact that security considerations must be taken into account in the design and during the complete software development life cycle. Their security skills can be further strengthened by developing additional skills in hacking approaches while inspecting ethical reasoning to completely understand the dividing line between white hat and gray hat hacking circumstances.