We need to talk - opening a discussion about ethics in infosec

Presented at VB2019, Oct. 4, 2019, 2 p.m. (30 minutes)

Infosec is not like other jobs. We handle personal data, sensitive information, vulnerabilities that can affect thousands of computers. Our skills are sought after by the most powerful companies and governments. Yet we like to see ourselves as technologists; morally agnostic technicians who focus on solving virtual-world problems. *Reuters*' recent article about UAE's Project Raven evoked strong reactions in many members of the community, myself included. It showed how infosec skills can be used to make the world a worse place - that, we already knew. But it also revealed the thought processes and motivations of the people involved. Looking back at the discussions our community has been having on social media in recent years, we can see that these justifications were already echoing: * "Everything I do is legal." * "Exploits don't torture people. People torture people." * "Morality is relative." I have witnessed several professionals defending the notion that technology and ethics have nothing to do with each other. I find this alarming as this vision might in fact be the reason why some of us, deprived of an established moral compass, end up getting lost. It doesn't have to be this way: generations of thinkers such as Aristotle, Kant and Rawls have been studying the concepts of right and wrong for centuries. In this talk, I will present various schools of thought pertaining to the philosophy of justice, and explore how they could help us solve some of the dilemmas the infosec community is facing.

Presenters:

• Ivan Kwiatkowski - Kaspersky
  Ivan Kwiatkowski Ivan Kwiatkowski is an OSCP and OSCE-certified penetration tester and malware analyst working as a senior security researcher in the Global Research and Analysis Team (GReAT) at Kaspersky Lab. Ivan's day-to-day job occasionally involves incident response and delivering training. He maintains an open-source dissection tool for Windows executables and his research has been presented at several cybersecurity conferences in Europe. As a digital privacy activist, he also operates an exit node of the Tor network.

Links:

• https://www.virusbulletin.com/conference/vb2019/abstracts/we-need-talk-opening-discussion-about-ethics-infosec
• https://www.virusbulletin.com/virusbulletin/2019/11/vb2019-paper-we-need-talk-opening-discussion-about-ethics-infosec/

Similar Presentations:

• DerbyCon 8.0 Evolution (2018) / Draw a Bigger Circle: InfoSec Evolves
• 31C3 (2014) / The Invisible Committee Returns with "Fuck Off Google": Cybernetics, Anti-Terrorism, and the ongoing case against the Tarnac 10
• DeepSec 2015 „DeepSec No. 9“ / Have We Penetrated Yet??