Ethical dilemmas in teaching computer and internet security

Abstract

This paper could be subtitled "Are we teaching the next generation of computer criminals and internet terrorists"? This issue was raised by the Security Services as part of the collaborative network meeting in the area of IT Forensics and Data Analysis hosted by City University. These are valid concerns about the nature of material taught to computer science students in the area of security. The questions are also important ethical dilemmas for any professional working in the computer and internet security field. These are also applicable when discussing such security risks with the media, members of the public and even legislators. Information on vulnerabilities has to be presented so that it informs programmers and computer users about the areas of risk, but without providing recipes for them to use to conduct criminal activities or mischief themselves. The paper will look at several case studies from the curriculum at the University of Hull at both undergraduate and postgraduate level. Some specific problem areas of email forgery, security of the Windows operating system and exploitation of buffer overflows, and deception in online auctions, will be explored.