Location Information Algorithms; A Virtue Ethics Analysis of the NSA’s EternalBlue Exploit 814 views

The work in my STS research paper and technical paper are related through the field of cybersecurity. The field of cybersecurity is a part of computer science that deals with the protection of the technological infrastructure that is evolving and growing every day. Both works highlight the need for careful analysis when creating tools that could have repercussions beyond the original intent of the software. My technical work involved creating algorithms that used sensitive data, while my STS work centered around the implications of unethical decision making when creating a software tool. Though the projects were unique, both required an understanding of how important it is to develop tools that are secured from malicious actors. My technical research dealt with creating two algorithms that were geared towards using data to generate insights about locations by using large amounts of data. The first task dealt with location data to predict the time and place where a city has the likelihood of the most human interactions. Given the prevalence of the COVID-19 pandemic, the goal was to provide an additional tool to combat the virus by identifying hotspots in a city. The second task dealt with creating a machine learning model to predict the energy consumption of a building at a given time in the day in order to understand how energy is used and can be more efficiently utilized. This project helped with ongoing research in the computer science department, and I hope that it can be safely used to fulfill the intended goals to some capacity. My STS research explores the case of the National Security Agency (NSA) developing and safeguarding an exploitation tool called EternalBlue. Through the lens of virtue ethics and Michael Pritchard’s “Virtues for Morally Responsible Engineers,” my work evaluated the morality of the NSA’s decision to stockpile this exploit rather than appropriately dealing with the vulnerability. My claim was that the NSA lacked virtues of competence, cooperativeness, and seeing the “big picture,” which means they did not act virtuously in this case and therefore were unethical. By doing so, I hoped to contribute to the discourse of how to be ethical in the field of cybersecurity. Completing both projects simultaneously proved beneficial as it forced me to consider the importance of deeply analyzing the societal risks of software. This was evident through my STS work which illustrated how the NSA’s decisions surrounding EternalBlue led to billions of dollars of damages. As a result, I realized I needed to truly understand the implications of creating the tools in my technical project that dealt with real world data. On the other hand, my technical project showed me that thoroughly analyzing software can reveal its unintended consequences. This helped me develop the case in my STS work as it allowed me to see it was possible for the NSA to do the same with their tool in order to make ethical decisions. Overall, working on both projects furthered my understanding of the criticality of developing software tools that could involve large groups of people. This new and unique perspective on software security enabled me to produce more well-rounded and thorough projects.

BS (Bachelor of Science)

EternalBlue, stockpiling exploits, cybersecurity, virtue ethics, location data processing, LSTM, ethics

School of Engineering and Applied Science Bachelor of Science in Computer Science Technical Advisor: Haiying Shen STS Advisor: Benjamin Laugelli

English

2021-05-17