Ethical hacking or digital self-defence? A dilemma for digital citizens

In the digital world, security is no longer only a technical concern; it is a civic one. As everyday life becomes increasingly shaped by digital systems, citizens are expected to act responsibly, protect their data, and contribute to safer digital environments. Ethical hacking and digital self-defence are often presented as necessary responses to growing cyber threats. Yet at their core lies a fundamental question: can breaking into systems ever be ethical, even when it is done in the name of protection?

Ethical hacking: Authorisation, intrusion, and paradox

Ethical hacking is commonly described as an authorised attempt to gain unauthorised access to systems, applications, or data in order to identify vulnerabilities before malicious actors exploit them. Ethical hackers work with explicit authorisation from the system owner, within defined boundaries, and with the obligation to disclose findings responsibly. Their intent is defensive rather than harmful. However, they rely on the same methods used by malicious hackers: reconnaissance, exploitation, and vulnerability chaining. This creates an inherent paradox: the tools of defence and the tools of attack are often indistinguishable.

Digital self-defence, citizenship and ethical tension

Digital self-defence, particularly at the level of individual citizens, focuses on awareness, prevention, and resilience. It encourages people to secure their devices, protect their identities, and understand how digital systems influence power, risk, and privacy. Ethical hacking, by contrast, actively crosses technical boundaries to expose weaknesses in those systems in order to strengthen them and enhance their security in the future. One approach is largely preventative and personal, but the other is intrusive and systemic. The ethical line between them is not always clear.

This tension becomes especially relevant when viewed through the lens of digital citizenship. Responsible digital citizens are expected to respect privacy, legality, and the rights of others. Yet ethical hacking depends on controlled violations of these principles, justified by consent and purpose. This raises a critical concern: does legitimising ethical hacking risk normalising intrusion as acceptable behaviour in digital spaces? And if so, who decides when intrusion is justified, and who should be trusted to perform it?

Rather than offering simple answers, this dilemma highlights that ethical hacking is not only a security practice but a moral challenge for digital societies. Skills framed as “ethical” are not ethical by default. They become so only through transparency, accountability, and strong ethical frameworks. Without these, the same knowledge intended for protection can be misused.

Learning to navigate complexity: The role of DigiCity

Crucially, digital citizenship and ethical digital engagement are not innate. They are learned, practised, and explored. This is where the DigiCity project plays a key role. Through its video game and escape room experiences, DigiCity allows participants to engage directly with the tensions between digital self-defence and ethical hacking in a safe and structured environment. Players are placed in situations that require them to assess risks, respect boundaries, collaborate with others, and reflect on the consequences of their digital actions.

By transforming abstract concepts such as cybersecurity, ethics and responsibility into interactive challenges, the DigiCity project, through a video game and an escape game, along with resources for youth workers, helps young people develop a deeper understanding of what it means to act as a digital citizen. It does not eliminate the dilemma between ethical hacking and self-defence. Instead, it makes that dilemma visible, tangible, and open to discussion. In doing so, DigiCity demonstrates that ethical behaviour in digital environments is not about avoiding complexity but about learning how to navigate it responsibly and collectively.

References:

Black Duck Software. (n.d.). What is ethical hacking? Retrieved December 12, 2025, from https://www.blackduck.com/glossary/what-is-ethical-hacking.html
Council of Europe. (2019). Digital citizenship education handbook. Council of Europe Publishing.
EC-Council. (n.d.). Certified ethical hacker (CEH) official curriculum. EC-Council. https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh/
Floridi, L. (2013). The ethics of information. Oxford University Press.
Floridi, L., & Taddeo, M. (2016). What is data ethics? Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences, 374(2083). https://doi.org/10.1098/rsta.2016.0360
International Organization for Standardization. (2022). ISO/IEC 27001: Information security management systems. ISO.
Nissenbaum, H. (2010). Privacy in context: Technology, policy, and the integrity of social life. Stanford University Press.
Open Web Application Security Project. (2021). OWASP top ten web application security risks. OWASP Foundation. https://owasp.org/www-project-top-ten/
Palfrey, J., & Gasser, U. (2008). Born digital: Understanding the first generation of digital natives. Basic Books.
United Nations Educational, Scientific and Cultural Organization. (2021). Global citizenship education in a digital world. UNESCO.

You Might Also Like

Critical gaming through the eyes of Alfie Brown – Games, industry and digital ethics

Understanding digital citizenship

Do social media platforms actually eavesdrop on us ?