Privacy, Security, and Ethics

Databases contain lots of information of a personal nature. This project is centered on being classroom lab that focuses on the ease to hack a database (i.e., maliciously extracting data by a simple means), the necessity of security systems to protect the data, and the ethics involved in the protection from the exploitation of personal information. With the creation of this web server connected to a database, this lab resembles a bank's website being hacked which brings real life questions to the forefront.

The lab itself leads the students through a tutorial of what SQL injection is, how it works, and how it can be used to harm someone. Students can extract types of information like someone’s salary, address, marital status as well as many other personal details.

After the students are walked through this and learn the technical, they are then asked to reflect. The questions in this reflection guide students through ethical thinking. Just because you have the ability to hack something or someone, does that mean you should do it if it causes harm? Is it necessary for banks to ask and store all these personal details? This project, in summary, is to develop a students' understanding of how data, security and ethics must be carefully integrated to procure privacy.

Allegheny's Computer Science Department

Project Leaders:
Dr. Oliver Bonham-Carter, obonhamcarter@allegheny.edu
Dr. Janyl Jumadinova, jjumadinova@allegheny.edu
Dr. Gregory Kapfhammer, gkapfham@allegheny.edu