On the Role of Human Morality in Information System Security: From the Problems of Descriptivism to Non-descriptive Foundations

Abstract

This chapter argues, following the scholars of the first category, that human morality has a role as a means for ensuring security. But to achieve this goal solid theoretical foundations, on which a concrete guidance can be based, are needed. The existing proposals (e.g., Kowalski, 1990; Baskerville, 1995; Dhillon & Backhouse, 2000) do not suggest any theoretical foundation nor concrete means for using ethics as a means of ensuring security. The aim of this paper is to propose a framework for the use of ethics in this respect. To achieve this aim, a critique of the relevance of ethics must be considered. The use of human morality as a means of ensuring security has been criticized by Leiwo and Heikkuri (1998a, 1998b) on the grounds of cultural relativism (and hacker ethics/hacking culture). If cultural relativism is valid as an ethical doctrine, the use of human morality as a means of protection is very questionable. It would only be possible in certain “security” cultures, i.e., cultures in which security norms have been established–if at all. However, the objection of Leiwo and Heikkuri (1998a, 1998b) is argued to be questionable. We feel that cultural relativism has detrimental effects on our well-being and security. Things might be better if the weaknesses of cultural relativism were recognized. This paper adopts the conceptual analysis in terms of Järvinen (1997, 2000) as the research approach. An early version of this paper was presented at an international conference on information security (IFIP TC11, Beijing, China, 2000).