PRECEPT:a framework for ethical digital forensics investigations

Purpose: Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability.Design methodology: In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure.Findings: The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this.Practical Implications: Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.Originality/value: Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other

PRECEPT: A Framework for Ethical Digital Forensics Investigations.

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability. In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure. The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this. Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced. Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other

Moral Realism and Anti-Realism outside the West: A Meta-Ethical Turn in Buddhist Ethics

In recent years, discussions of Buddhist ethics have increasingly drawn upon the concepts and tools of modern ethical theory, not only to compare Buddhist perspectives with Western moral theories, but also to assess the meta-ethical implications of Buddhist texts and their philosophical context. Philosophers aiming to defend the Madhyamaka framework in particular - its ethics and soteriology along with its logic and epistemology - have recently attempted to explain its combination of moral commitment and philosophical scepticism by appealing to various forms of meta-ethical anti-realism. This paper argues that those attempts do not succeed, even in their own terms. Their emphasis on universal compassion, among other features of their approaches, is difficult to explain normatively so long as it is embedded within an anti-realist framework. Soteriological values - such as enlightenment and liberation - also seem to require a realist account of their normativity. Though many Buddhist philosophers disagree, there is at least one form of Buddhist philosophy, that of the Yogacara school, that can be interpreted as articulating a meta-ethical realism of the kind that the broader Mahayana tradition (if not other Buddhist traditions as well) seems to require. To a greater extent than stressing common anti-realist themes would allow, the paper argues that finding common ground, where Western moral realism and Buddhist moral realism can coalesce and jointly vindicate a repertoire of shared ethical concepts, may also facilitate the efforts of those engaged in comparative ethical theory

Refining the PoinTER “human firewall” pentesting framework

PurposePenetration tests have become a valuable tool in the cyber security defence strategy, in terms of detecting vulnerabilities. Although penetration testing has traditionally focused on technical aspects, the field has started to realise the importance of the human in the organisation, and the need to ensure that humans are resistant to cyber-attacks. To achieve this, some organisations “pentest” their employees, testing their resilience and ability to detect and repel human-targeted attacks. In a previous paper we reported on PoinTER (Prepare TEst Remediate), a human pentesting framework, tailored to the needs of SMEs. In this paper, we propose improvements to refine our framework. The improvements are based on a derived set of ethical principles that have been subjected to ethical scrutiny.MethodologyWe conducted a systematic literature review of academic research, a review of actual hacker techniques, industry recommendations and official body advice related to social engineering techniques. To meet our requirements to have an ethical human pentesting framework, we compiled a list of ethical principles from the research literature which we used to filter out techniques deemed unethical.FindingsDrawing on social engineering techniques from academic research, reported by the hacker community, industry recommendations and official body advice and subjecting each technique to ethical inspection, using a comprehensive list of ethical principles, we propose the refined GDPR compliant and privacy respecting PoinTER Framework. The list of ethical principles, we suggest, could also inform ethical technical pentests.OriginalityPrevious work has considered penetration testing humans, but few have produced a comprehensive framework such as PoinTER. PoinTER has been rigorously derived from multiple sources and ethically scrutinised through inspection, using a comprehensive list of ethical principles derived from the research literature

The political dimension of animal ethics in the context of bioethics: problems of integration and future challenges

Animal ethics has reached a new phase with the development of animal ethical thinking. Topics and problems previously discussed in terms of moral theories and ethical concepts are now being reformulated in terms of political theory and political action. This constitutes a paradigm shift for Animal Ethics. It indicates the transition from a field focused on relations between individuals (humans and animals) to a new viewpoint that incorporates the political dimensions of the relationships between human communities and non-human animals. Animals are no longer seen as a heterogeneous group of sentient beings or simply as species, but as part of a common good that is simultaneously human and animal. In order to participate in this new phase, bioethics will have to face a series of challenges that have hindered the integration of animal ethics within its field. It will also need the development of a new theoretical framework based on relations between communities of individuals. This framework will be able to highlight the ethical and political dimensions that arise from interactions between human communities, non-human animals and the ecosystem

Managing the Ethical Dimensions of Brain-Computer Interfaces in eHealth: An SDLC-based Approach

A growing range of brain-computer interface (BCI) technologies is being employed for purposes of therapy and human augmentation. While much thought has been given to the ethical implications of such technologies at the ‘macro’ level of social policy and ‘micro’ level of individual users, little attention has been given to the unique ethical issues that arise during the process of incorporating BCIs into eHealth ecosystems. In this text a conceptual framework is developed that enables the operators of eHealth ecosystems to manage the ethical components of such processes in a more comprehensive and systematic way than has previously been possible. The framework’s first axis defines five ethical dimensions that must be successfully addressed by eHealth ecosystems: 1) beneficence; 2) consent; 3) privacy; 4) equity; and 5) liability. The second axis describes five stages of the systems development life cycle (SDLC) process whereby new technology is incorporated into an eHealth ecosystem: 1) analysis and planning; 2) design, development, and acquisition; 3) integration and activation; 4) operation and maintenance; and 5) disposal. Known ethical issues relating to the deployment of BCIs are mapped onto this matrix in order to demonstrate how it can be employed by the managers of eHealth ecosystems as a tool for fulfilling ethical requirements established by regulatory standards or stakeholders’ expectations. Beyond its immediate application in the case of BCIs, we suggest that this framework may also be utilized beneficially when incorporating other innovative forms of information and communications technology (ICT) into eHealth ecosystems

Ethical decision-making, passivity and pharmacy

Background: Increasing interest in empirical ethics has enhanced understanding of healthcare professionals' ethical problems and attendant decision-making. A four-stage decision-making model involving ethical attention, reasoning, intention and action offers further insights into how more than reasoning alone may contribute to decision-making. Aims: To explore how the four-stage model can increase understanding of decision-making in healthcare and describe the decision-making of an under-researched professional group. Methods: 23 purposively sampled UK community pharmacists were asked, in semi-structured interviews, to describe ethical problems in their work and how they were resolved. Framework analysis of transcribed interviews utilised the four decision-making stages, together with constant comparative methods and deviant-case analysis. Results: Pharmacists were often inattentive and constructed problems in legal terms. Ethical reasoning was limited, but examples of appeals to consequences, the golden rule, religious faith and common-sense experience emerged. Ethical intention was compromised by frequent concern about legal prosecution. Ethical inaction was common, typified by pharmacists' failure to report healthcare professionals' bad practices, and ethical passivity emerged to describe these negative examples of the four decision-making stages. Pharmacists occasionally described more ethically active decision-making, but this often involved ethical uncertainty. Discussion: The four decision-making stages are a useful tool in considering how healthcare professionals try to resolve ethical problems in practice. They reveal processes often ignored in normative theories, and their recognition and the emergence of ethical passivity indicates the complexity of decision-making in practice. Ethical passivity may be deleterious to patients' welfare, and concerns emerge about improving pharmacists' ethical training and promoting ethical awareness and responsibility

Learning in the Panopticon: ethical and social issues in building a virtual educational environment

This paper examines ethical and social issues which have proved important when initiating and creating educational spaces within a virtual environment. It focuses on one project, identifying the key decisions made, the barriers to new practice encountered and the impact these had on the project. It demonstrates the importance of the ‘backstage’ ethical and social issues involved in the creation of a virtual education community and offers conclusions, and questions, which will inform future research and practice in this area. These ethical issues are considered using Knobel’s framework of front-end, in-process and back-end concerns, and include establishing social practices for the islands, allocating access rights, considering personal safety and supporting researchers appropriately within this contex

An Introduction to the Integrated Community-Engaged Learning and Ethical Reflection Framework (I-CELER)

Cultivating ethical Science, Technology, Engineering, and Mathematics researchers and practitioners requires movement beyond reducing ethical instruction to the rational exploration of moral quandaries via case studies and into the complexity of the ethical issues that students will encounter within their careers. We designed the Integrated Community-Engaged Learning and Ethical Reflection (I-CELER) framework as a means to promote the ethical becoming of future STEM practitioners. This paper provides a synthesis of and rationale for I-CELER for promoting ethical becoming based on scholarly literature from various social science fields, including social anthropology, moral development, and psychology. This paper proceeds in five parts. First, we introduce the state of the art of engineering ethics instruction; argue for the need of a lens that we describe as ethical becoming; and then detail the Specific Aims of the I-CELER approach. Second, we outline the three interrelated components of the project intervention. Third, we detail our convergent mixed methods research design, including its qualitative and quantitative counterparts. Fourth, we provide a brief description of what a course modified to the I-CELER approach might look like. Finally, we close by detailing the potential impact of this study in light of existing ethics education research within STEM