A Reader Has an Interesting Poser About the Morality of Security Work

A Reader Has an Interesting Poser About the Morality of Security Work May 13, 2019

They write:

In the past, you’ve written a lot about lying, specifically exploring edge cases, questions of “the right to know the truth,” and the fact that lying is always materially wrong. I think you’ve approached the subject in a very reasonable and Catholic way.

Thank you.

I know people have raised the issue of undercover police officers, spies, etc. but you haven’t deep-dived on those concerns in the past — understandably, since most of the time people aren’t asking in good faith, they’re just desperate to justify the lies that Their Side wants to say are okay.


However, I genuinely DO find myself in situations where my job involves misleading people and assuming fake identities. I’m a security consultant, and one of the things I sometimes do in my job is what’s called a “red team” assessment where my colleagues and I simulate a break-in. Sometimes these engagements involve running phishing campaigns or social engineering where we try to trick employees into downloading malware or giving us credentials.


My question is: is this lying? And if so, is it materially sinful?

It sounds like it’s lying at first blush.  And if so, then Thomas would say yes, it’s sinful—likely a venial sin, like most lying.  But then again, something in my bones also suspects it’s not the same kind of speech act as, for instance, the lying for Jesus scenarios of which the prolife movement has become so passionately enamored in the past decade.  So I’m not sure.

The question turns on whether what you describe is lying or something else.  If it is, then yes, it’s sinful.  If it’s not, then it may well be morally legit. The difference between that and what the Liars for Jesus in the Christianist Cult of Trump advocate is that they eagerly support lying with abandon if they think they can gain power by it and then try to legitimize it by saying the ends justify the means, a moral position categorically condemned by the Church ever since Paul wrote Romans 3:8. That you are taking such care to discover the distinction between the diabolical sophistry of the Christianist Liars for Jesus and the Church’s teaching speaks very well of you.

I’m not going to reason about culpability & gravity, because those will vary by circumstance. I also see how undercover work could be a near occasion of sin for some people, or form bad habits that they find hard to shake even outside of work… but since that’s a specific concern aimed at particular peoples’ personalities and weaknesses, I don’t know that it works as the foundation for a universal rule.


My instinct is that there’s probably some nuance that makes deception in good faith not lying. It seems ridiculous to claim that testing people’s security awareness by simulating attacks is *evil*. But I can’t reason my way to the conclusion I expect without lapsing into consequentialism. And I definitely don’t want to shoehorn my logic to fit pre-determined conclusions just because they’re convenient.

I am not a moral theologian, nor do I play one on the internet.  I’m giving you my personal impression and my personal reaction, based on how I would navigate this in light of the Church’s teaching if I were in your shoes.  So don’t feel like I’m passing judgment on you.  I’m not.  And I may be missing something here.  My prima facie impression is that deceiving people about who you are is lying. However, if your workers have been informed that they will be subjected to assessments that will include the sorts of things you are doing, it could be argued that what you are doing is closer to role playing or acting, which is a different moral category altogether and is not lying since there is a social contract between the actor and the audience in which the audience understands that they are, if you will, agreeing to let themselves be ‘deceived’ via willing suspension of disbelief.

This is not precisely the same as the contract between the worker and the company who have hired you.  But there is a quality of ‘you have been warned’ if we assume the company has told the worker that they will be subjected to assessments and tests like these.  So on second thought, I wonder if I am wrong here.  Bottom line, I’m not sure.

Go not to the elves for counsel, for they will say both ‘yes’ and ‘no’. – JRR Tolkien.

What have solid theologians and philosophers had to say on this? How might I reason with this edge case?

I have no idea what real moral theologians and philosophers have said about such situations.  But you might contact, for instance, Christopher Tollefson, who is a real moral philosopher and who has written extensively—and rightly—about the immorality of lying to see what he has to say about this particular situation. He did brilliant work refuting the Christianist Liars for Jesus back in 2011 and writes with real integrity.   If he answers you, I would be interested in hearing what he has to say.

Also to clarify: I’m not asking for spiritual direction or how I should proceed in my unique circumstances. I’m just interested to hear your take on it as a hypothetical, philosophical question.

Excellent.  Understood.


"Thank you for posting this interesting article."

Building Bridges of Trust vs. Winning
"Now I can't wait to take off my pants and enjoy it!👉----->>>HTTP://TELFS-3D.NET/JM27258s"

Memorial Day
"My body got hotter and hotter until I was soaked through.😉😉----->>>HTTP://TELFS-3D.NET/GD27258L"

Building Bridges of Trust vs. Winning
"No one knows your love better than I do! Believe me, this cartoon website has ..."

First Things: Against the Living Consensus

Browse Our Archives

Close Ad