A colleague teaches ethics in IT. He said in a recent email regarding cyberwarfare, that he would be happy if his students thought about whether it was ethical to be involved in planning a cyber-attack.
It’s a fascinating question. In such discussions, people often get drawn into constructing hyper-detailed watertight scenarios where the only option the protagonist has is some particular action (or inaction).

The armed forces during periods of conscription were notorious for this when dealing with conscientious objectors. They would lead the (usually principled but callow) youth down a simple progression until they got him to admit that yes, there were circumstances where he would kill another person. Then they would say triumphantly “well, there you go, not so conscientious after all, it’s off to the front with you!”

This argument is a perversion of the idea that a principle not held under stress is not really a principle. There are unbearable stresses, and there are ethical dilemmas that have no answer, where any solution is as bad as any other.

Soldiers do not make their own decisions about who the enemy is. They are the tools of other minds. With rare exceptions, their scope for making ethical choices is gone.

The actual ethical decision thus has nothing to do with the duties of a soldier; the actual ethical decision is about whether it is OK to abrogate (nearly) all responsibility for your actions.

The real choice is whether to become a soldier or not.

The military runs recruitment campaigns that show smiling young people learning trades. helping out during natural disasters, sharing a close cameraderie and having enormous fun with extremely expensive hardware. But the ultimate purpose of a soldier is to kill – or help kill – other people. That is just as true of someone engaging in cyber-warfare as any other kind of warfare.

It’s a sobering starting point for ethical discussions of cyber-warfare.