The domain of information security research is not exclusively of a technological nature as it is permeated with aspects of human behaviour. Similarly the broad field of ethics is no longer only a human issue, as is reflected by the establishment of computing ethics as a separate research area. Advances in the past decade have led to the emergence of among others, new technologies, frameworks and methodologies in the field of computing. Examples include the Internet, global connectivity and agent technology – in particular intelligent agents. The attribute intelligent brings with it a concomitant human characteristic that is assigned to an inanimate technological object. It is even plausible to think of communities of intelligent agents, inhabiting cyberspace, interacting with other entities (agents, human users and hosts) and in this way developing a social life. This raises issues concerning information security as well as the ethical and social behaviour of intelligent agents.
Agent behaviour can be analysed from a multitude of perspectives, including the security and ethical concerns. Security analyses typically focus on evaluating the application of external measures to an entity to ensure the safety of the entire community. Alternatively an ethical analysis addresses the internal behaviour of an entity in order to highlight its possible performance of actions harmful to the community. These different perspectives complement one another and may lead to a simplification of the security system.
Computer users may in general be classified as either aware or unaware of security aspects. The former group mistrusts unfamiliar agents while the latter group is not at all aware of potential security risks associated with agent computing. A framework to analyse the security risks of agent computing will create and raise awareness of how secure agents are. Similarly, it can be argued that a framework for ethical analysis will provide a more reliable basis for systematic assessment since intuitive assessment of agent behaviour may be misleading.
An a posteriori systematic analysis of the behaviour of an agent can assist developers of said agent to improve the modelling of the secure and ethical behaviour of future versions of the agent. Once the behaviour of a number of agents have been analysed in this systematic fashion, norms and criteria for the design of new agents that will exhibit acceptable secure and ethical behaviour can be formulated and continually refined. This may lead to a simplification of the security measures imposed on the agent.
In this paper we thus briefly discuss agent computing and its impact on the environment in which it is applied. In particular, we focus on security and ethical issues associated with software agent computing. For this purpose we start off by explicating what we understand under the notion of an agent and we describe the typical environments in which these agents can operate, the so-called agent community. For illustrative purposes we consider the Aglet Software Development Kit (ASDK) for development and management of network-efficient mobile agent applications. This example is used throughout the paper to illustrate both the security and ethical analyses.
We furthermore discuss a number of relevant security issues and ethical theories pertinent to agent computing and we present a framework within which the security and ethical behaviour of agents can be evaluated and analysed. As part of the evaluation phase of the security risks posed by agent computing, we consider the five security requirements, namely identification and authentication, authorisation, confidentiality, integrity, and non-repudiation as defined according to the ISO 7498-2 standard, produced by the International Standards Organisation (ISO, 1999).
Following on the security considerations we discuss some of the better-known ethics theories that may be applied in the analysis of the ethical behaviour of agents. In this respect we review the basic principles of two deontological theories, viz. duty-based and rights-based ethics, the teleological theory of utilitarianism (Spinello, 1997), and the theory of just consequentialism (Moor, 2001). Note that these theories will be discussed in the context of agent computing.
Regarding an ethical analysis of an agent’s behaviour we use the Five-step Process of Ethical Analysis of Rananu, Davies and Rogerson (Maner, 2002) as basis. Other similar procedures for ethical analysis may be found in Maner (2002). The analysis procedure of Rananu, Davies and Rogerson, originally designed primarily for the analysis of human behaviour and ethical decision-making, was chosen because it can be readily applied to the ethical analysis of agent behaviour. For the purposes of this paper we modify this process to be applicable to agent computing.
We conclude by observing that agent computing presents certain ethical and security challenges that are worthwhile investigating and require further research.
ISO 7498-2. (1999). Available online at http://www.iso.ch/cate/d14256.html, accessed on 22/05/2003.
Maner, W. (2002). Rananu, Davies and Rogerson, ‘The Five-step Process of Ethical Analysis’, in Procedural Ethics, http://csweb.cs.bgsu.edu/maner/heuristics/1996Rananu.htm, accessed on 26/11/2002.
Moor, J.H. (2001). Just consequentialism and computing, in Readings in cyberethics, (eds. R.A. Spinello and H.T. Tavani), Jones and Bartlett Publishers, Sudbury, Massachusetts.
Spinello, R. A. (1997). Case studies in information and computer ethics, Prentice Hall, Upper Saddle River, New Jersey.