What does ethics have to do with computer security in the new millennium? What, for that matter, did it have to do with computer security in the old millennium? To answer these two questions, we will start with a more fundamental question: what is ethics? In the first part of this chapter, we will briefly review ethics as a part of philosophy. We will examine three approaches that have been taken for hundreds of years as humans have tried to decide what is the right way to behave. We will then examine business ethics, which is an applied subset of the more general topic. Finally, we will explore specific issues which currently present themselves as matters of ethical concern in the world of computer security, and provide a framework for analyzing issues which have not yet presented themselves, but will do so at some future date. Is it ethical to lend a friend a set of discs which contain a three hundred dollar program that you have purchased, knowing that he intends to load the program onto his computer before returning the discs? Is it ethical to hack into computer systems, as long as you don’t disrupt or corrupt the systems? Is it ethical to monitor the e-mail of your employees? In order to answer these and a host of other questions, it is useful to think about the common element in all these questions: is it ethical?