We examine the main ethical issues concerning deception in cyberspace. We first discuss the concept of deception and survey ethical theories applicable to cyberspace. We then examine deception for commercial gain such as spam, phishing, spyware, deceptive commercial software, and dishonest games. We next examine deception used in attacks on computer systems, including identity deception, Trojan horses, denial of service, eavesdropping, record manipulation, and social engineering. We then consider several types of deception for defensive purposes, less well known, including honeypots, honeytokens, defensive obstructionism, false excuses, deceptive intelligence collection, and strategic deception. In each case we assess the ethical issues pro and con for the use of deception. We argue that sometimes deception in cyberspace is unethical and sometimes it is ethical.
Deception can be verbal or nonverbal (Vrij, 2000). Verbal methods include outright lying, equivocation, failing to state key information, false claims, and false excuses. Nonverbal methods include mimicry, decoying, and various nonverbal forms of pretense. People use deception everyday without being aware of it, and many areas of human activity could not function without deliberate deception such as police work, law, politics, business negotiation, military actions, and entertainment. Much deception as practiced is unjustified, however. Hence there is an extensive literature on detection of deception (Vrij, 2000). Human deceivers try to control the information they reveal, but it is hard to control all the channels of communication, and the truth often “leaks out” through secondary channels. For instance, people who lie tend to fidget, hold their bodies rigidly, and use an unusual tone of voice. Deception can also be detected in verbal utterances from the use of vagueness, exaggeration, high frequency of negative terms, and especially inconsistency between different assertions. But deception detection is difficult in general, and attempts to build automated “lie detectors” have not been very successful.
Key Terms in this Chapter
Spoofing: Pretending to operate from a different Internet address than you really are at.
Rootkit: Software that secretly permits a cyber-attacker to control a computer remotely.
Botnet: A network of computers with rootkits that are secretly controlled by a cyber-attacker.
Social engineering: Techniques to manipulate people to obtain information from them that they would not give you voluntarily.
Information Warfare: Warfare attacking computers and networks, usually by software exploits.
Identity Deception: Pretending to be someone you are not.
Trojan Horse: Software that conceals a malicious intent.
Phishing: A deception involving email as bait to get victims to go to a Web site where their personal information can be stolen.
Disinformation: Lies or propaganda.
Spyware: Software with a Trojan horse that secretly reports user activities over the Internet to a remote site.
Hacker: An amateur attacker in cyberspace.