A Unicorn in Cybersecurity
Among the ethical challenges in cybersecurity research is the dual-use dilemma. This is because even research that is socially beneficial can, under certain circumstances, be used for malicious purposes. While, for example, uncovering vulnerabilities in hardware and software advances cybersecurity, there is also a risk that these research findings might be exploited for attacks. To mitigate this risk, re- searchers follow established processes of responsible disclosure, inform the manufacturers of the vulnerable components, provide guidance on closing the security gaps, and present their findings to the public only afterward.
From the very beginning, Helfer and Zeiser have been working toward establishing CISPA’s own Research Ethics Review Board (ERB), together with CISPA-Faculty Dr. Katharina Krombholz and Prof. Dr. Sascha Fahl. Both Faculty conduct research in the field of empirical and behavioral security. “The challenges of digital security and data protection present themselves in our research as a socio-technical problem—they arise from the interaction between humans and machines in the real world,” Krombholz explains. They often deal with ethical questions, not least because they rely on human participants for their studies.
Ethical risk assessments, however, are also relevant even when research does not involve the collection of user data, Krombholz says: “Almost everything we research at CISPA regarding cybersecurity and artificial intelligence has the potential to impact society. We must absolutely address these implications right from the start of the research process. Only in this way can we ensure that technical systems built on our findings do not cause unexpected harm to society.”
The newly established ERB at CISPA does not only review research projects that involve human participants or analyze personal data. In all cases, it seeks to minimize risks and weighs them against the societal opportunities the project opens up. The ERB assesses the ethical justifiability of the projects without, however, relieving researchers of responsibility for their own work. Since major scientific conferences recommend ERB approval for many submissions, the committee has systemic as well as ethical relevance.
The philosophers of the Research Ethics Office aim to raise awareness of ethical issues among young researchers and train them in addressing these issues in a practical manner. Their educational offerings include the Ethics Sandbox, a forum where scenarios from IT research are discussed. They also advocate for a broader debate on research ethics within the global community. “We want to learn from researchers about their research so that we can solve ethical challenges together,” says Zeiser, explaining the mission of the CISPA Research Ethics Office. And thus describes both the curiosity and the sense of community that make excellent research possible.
Find out more about research ethics at CISPA in our latest CISPA Zine.