Balancing Policies, Principles, and Philosophy in Information Assurance

Balancing Policies, Principles, and Philosophy in Information Assurance

Val D. Hawks (Brigham Young University, USA) and Joseph J. Ekstrom (Brigham Young University, USA)
DOI: 10.4018/978-1-61692-245-0.ch003
OnDemand PDF Download:
No Current Special Offers


Laws, codes, and rules are essential for any community and society, public or private, to operate in an orderly and productive manner. Without laws and codes, anarchy and chaos abound and the purpose and role of the organization is lost. However, there is a potential for serious long-term problems when individuals or organizations become so focused on rules, laws, and policies that basic principles are ignored. We discuss the purpose of laws, rules, and codes, how these can be helpful to, but not substitute for, an understanding of basic principles of ethics and integrity. We also examine how such an understanding can increase in the level of ethical and moral behavior without imposing increasingly detailed rules.
Chapter Preview


Technology seems to move ahead of the legal framework and social customs that surround it. In the past, copyright infringement was relatively difficult to accomplish. It was always possible, but generally impractical to manually “copy” a book using pen and ink into a notebook. Then the copy machine made it possible to obtain a duplicate copy of a book without the purchase of a copy from the publisher. However, it was still not cost effective enough to make an issue from a copyright infringement perspective, because a published book was still less expensive and provided better quality. Today, digital media and high-speed networks have totally changed the publishing landscape. Making a digital copy can actually improve the quality of the printed material. The copy is totally portable and millions of illegal copies can be distributed quickly with very little effort.

While the legal system is still trying to address these issues, the social norm in some segments of the population seems to be acceptance of clear violations of the intent of copyright law. The ethical conflict has become even more apparent in the case of digital music. Many consider the tactics of the Recording Industry Association of America (RIAA) to be the heavy handed and intrusive (EFF, 2007; Beckerman, 2008). This coalition of large recording companies has used scare tactics and gamed the legal system to the point that judges have become adversarial (Beckerman, 2008). The press has sensationalized the lawsuits against people who simply settle out of court to avoid legal fees (Beckerman, 2008). This has led to some people behaving in ways they would normally consider unethical just to spite the ‘bullies’ (Yankovic, 2006). In addition to the RIAA’s attempts to recover damages through sometimes less than ethical approaches, Sony and BMI, two large record companies, created a public relations nightmare by illegally compromising the security of their customers’ machines while trying to protect their CD’s from digital duplication. Sony’s actions were found to be illegal in additional to being unethical and intrusive. The unethical antics of these companies fuels a sense of renewed justification to unethical file downloading of the very material they have been trying to protect (Felten & Halderman, 2006). Because it is clearly fair use of purchased material to rip a song from a CD to play on a personal listening device, and it is also illegal to share that same file without additional compensation to the copyright owners, both sides of the issue have used the other’s unethical behavior as an excuse for their own descent into illegal actions. There is clearly no technical or legal solution to the problem since any technical solution that allows fair use can be compromised by a technical attack. If you can hear the song, you can make an illegal copy.

Geographical distance has become irrelevant thanks to increasingly powerful communications technology. The amount of information now available, and the speed at which it can be communicated, requires a high degree of integrity from those who use the information and the technology. Even more important is the requirement of uncompromising integrity of those who design, build, and control information systems and technology. Misuse of information about individuals and organizations has become as least as serious an issue as the misuse of funds. It would seem that the policies and laws that govern the use of information must be well-founded and complete. However, establishing a complete and sound set of policies and laws is impractical when the technology that drives information systems is changing at such a rapid pace.

Complete Chapter List

Search this Book: