Dagstuhl Seminars have a longstanding tradition of bringing together leaders and visionaries that span disciplines and that advance knowledge, understanding, and practice in areas of critical importance to the field of computer science. Ethical considerations have a longstanding tradition of being critically important to the field of computer security research and, by transitivity, to society at large.

This Dagstuhl Seminar will bring together the computer security and the ethics communities and will work toward strengthening a cross-disciplinary understanding about research ethics with respect to computer security research. Namely, this seminar will nurture a cross-disciplinary Computer Security Research Ethics community that is both intra-disciplinary and interdisciplinary.

In the intra-disciplinary perspective, the subfields of each community seek to strengthen common terminologies, methods, problem descriptions, and develop case studies that can be broadly understood also outside of the subfield. In the interdisciplinary perspective, security researchers and ethics scholars will develop a mutual understanding of the ethical problems in computer security, reasoning and principles in normative ethics that have shaped past decision-making, and how normative and applied ethics can inform how to make decisions in the future in computer security research. These in turn serve as a basis for interdisciplinary discussions that focus on a common understanding. This understanding will inspire intra-disciplinary and interdisciplinary progress.

Through this seminar, we seek to ensure that all future research done within the computer security and privacy research community is done with proactive, thoughtful considerations and commitments to research ethics and general moral concerns. This is not to say that the computer security research community does not already have a commitment toward ethics and moral deliberations, nor are we saying that the community is not often extensively discussing the moral implications and making morally justifiable decisions. Further, advances ranging from the Menlo Report to Research Ethics Committees at conferences have already significantly advanced the computer security research field’s approach to ethics. Nevertheless, the computer security research field still sees challenges and uncertainty within the community on how to proceed when faced with certain ethical challenges, especially in cases where all (apparently) available options have undesirable aspects.

The seminar aims to consist of a mixture of computer security researchers (including those conducting research with human subjects, those conducting offensive security research, those conducting large scale measurements, cryptographers, and privacy researchers), industry representatives (including those who collaborate with academic security researchers, those who develop security software relevant for security, and those who frequently receive vulnerability reports from security researchers), as well as ethicists and moral philosophers (normative as well as applied ethicists across various ethics traditions, focusing on technology ethics, bioethics and animal ethics). Each of these groups has their own strengths: Computer security researchers and practitioners have a deep understanding of the ethically complex problems in their field as well as current practices for considering such problems, while ethicists and moral philosophers have a broad understanding of the ethics landscape and past and recent discussions and dilemmas.

Creative Commons BY 4.0

Yasemin Acar, Lujo Bauer, Tadayoshi Kohno, and Wulf Loh