ethics by wanghonghx


									The Personal and Social
 Impact of Computers
 Why Learn About Security, Privacy, and Ethical
Issues in Information Systems and the Internet?
 Many nontechnical issues associated with ISs
 Human Resource employees need to:
    Prevent computer waste and mistakes
    Avoid privacy violations
    Comply with laws about:
       Collecting customer data
       Monitoring employees
 Employees, IS users, and Internet users need to:
    Avoid crime, fraud, privacy invasion
  Computer Waste and Mistakes
 Computer waste: Inappropriate          Computer-related mistakes:
  use of computer technology and          Errors, failures, and other
  resources                               computer problems that make
 Cause: improper management of           computer output incorrect or not
  information systems and                 useful
  resources                              Causes
    Discarding old software and even       Failure by users to follow proper
     complete computer systems when          procedures
     they still have value                  Unclear expectations and a lack
                                             of feedback
    Building and maintaining complex
                                            Program development that
     systems that are never used to
                                             contains errors
     their fullest extent
                                            Incorrect data entry by data-
    Using corporate time and                entry clerk
     technology for personal use
    Spam
    Prevention Methods: Policies and
 Establishing --                      Implementing --
 Establish policies and procedures    Policies often focus on:
  regarding efficient acquisition,        Implementation of source data
  use, and disposal of systems and         automation and the use of data
  devices                                  editing to ensure data accuracy
 Training programs for individuals        and completeness
  and workgroups                          Assignment of clear
 Manuals and documents on how             responsibility for data accuracy
  computer systems are to be               within each information system
  maintained and used
                                       Training is often the key to
 Approval of certain systems and       acceptance and implementation
  applications to ensure
                                        of policies and procedures
  compatibility and cost-
          Policies and Procedures
 Monitoring --                 Reviewing --
 Monitor routine practices     During review, people should ask
  and take corrective action     the following questions:
                                   Do current policies cover
  if necessary                      existing practices adequately?
 Implement internal audits         Were any problems or
                                    opportunities uncovered during
  to measure actual results         monitoring?
  against established goals        Does the organization plan any
 Follow requirements in            new activities in the future? If
                                    so, does it need new policies or
  Sarbanes-Oxley Act                procedures on who will handle
                                    them and what must be done?
                                   Are contingencies and disasters
           Computer Crime
Often defies detection
Amount stolen or diverted can be substantial
Crime is “clean” and nonviolent
Number of IT-related security incidents is
 increasing dramatically
Computer crime is now global
    The Computer as a Tool to
         Commit Crime
 Criminals need two capabilities to commit most
  computer crimes
   Knowing how to gain access to the computer system
   Knowing how to manipulate the system to produce the
    desired result
 Examples
   Social engineering
   Dumpster diving
   Counterfeit and banking fraud using sophisticated
    desktop publishing programs and high-quality printers
 Cyberterrorist
   Someone who intimidates or coerces a government or
    organization to advance his or her political or social
    objectives by launching computer-based attacks against
    computers, networks, and the information stored on them
 Homeland Security Department’s Information
  Analysis and Infrastructure Protection Directorate
   Serves as governmental focal point for fighting
               Identity Theft
 Imposter obtains key pieces of personal
  identification information, such as Social Security
  or driver’s license numbers, in order to impersonate
  someone else
   Information is then used to obtain credit, merchandise,
    and/or services in the name of the victim or to provide
    the thief with false credentials
 Identity Theft and Assumption Deterrence Act of
  1998 passed to fight identity theft
 9 million victims in 2005
  The Computer as the Object
          of Crime
Crimes fall into several categories such as:
  Illegal access and use
  Data alteration and destruction
  Information and equipment theft
  Software and Internet piracy
  Computer-related scams
  International computer crime
            Illegal Access and Use
                                      Virus: computer program file capable of
 Hacker: learns about and uses        attaching to disks or other files and
  computer systems                     replicating itself repeatedly, typically
                                       without the user’s knowledge or
 Criminal hacker (also called a       permission
  cracker): gains unauthorized use    Worm: parasitic computer program that
  or illegal access to computer        can create copies of itself on the
                                       infected computer or send copies to
  systems                              other computers via a network
 Script bunnies: automate the job    Trojan horse: malicious program
  of crackers                          that disguises itself as a useful
                                       application and purposefully does
 Insider: employee who                something the user does not expect
  compromises corporate systems       Logic bomb: type of Trojan horse
 Malware: software programs           that executes when specific
                                       conditions occur
  that destroy or damage
                                          Triggers for logic bombs can include
  processing                               a change in a file by a particular
                                           series of keystrokes or at a specific
                                           time or date
        Illegal Access and Use
 Tips for avoiding viruses and worms
   Install antivirus software on your computer and configure
    it to scan all downloads, e-mail, and disks
   Update your antivirus software regularly
   Back up your files regularly
   Do not open any files attached to an e-mail from an
    unknown, suspicious, or untrustworthy source
   Do not open any files attached to an e-mail unless you
    know what it is, even if it appears to come from a friend
    or someone you know
   Exercise caution when downloading files from the
      Ensure that the source is legitimate and reputable
Information and Equipment Theft
 Obtaining identification numbers and passwords to
  steal information or disrupt systems
   Trial and error, password sniffer program
 Software theft
 Computer systems and equipment theft
   Data on equipment is valuable
      Software and Internet
         Software Piracy
Software piracy: act of illegally duplicating
Internet software piracy: illegally
 downloading software from the Internet
  Most rapidly expanding type of software piracy
  Most difficult form to combat
  Examples: pirate Web sites, auction sites that
   offer counterfeit software, peer-to-peer
  Penalties can be severe
    Computer-Related Scams
Examples of Internet scams
  Get-rich-quick schemes involving bogus real
   estate deals
  “Free” vacations with huge hidden costs
  Bank fraud
  Fake telephone lotteries
  Gaining access to personal information by
   redirecting user to fake site
 International Computer Crime
Computer crime is an international issue
Software industry loses about $9 billion in
 revenue annually to software piracy
 occurring outside the United States
Terrorists, international drug dealers, and
 other criminals might use information
 systems to launder illegally obtained funds
  Preventing Computer-Related Crime
 All states have passed computer        State and federal agencies
  crime legislation                       have begun aggressive
 Some believe that these laws are        attacks on computer
  not effective because:
    Companies do not always actively
     detect and pursue computer          Computer Fraud and Abuse
     crime                                Act, 1986
    Security is inadequate
    Convicted criminals are not
                                         Computer Emergency
     severely punished                    Response Team (CERT)
 Individual and group efforts are       Many states are now
  being made to curb computer             passing new, comprehensive
  crime, and recent efforts have
  met with some success
                                          bills to help eliminate
                                          computer crimes
Crime Prevention by Corporations
 Public key infrastructure (PKI): enables users of
  an unsecured public network such as the Internet
  to securely and privately exchange data
   Uses a public and a private cryptographic key pair that is
    obtained and shared through a trusted authority
 Biometrics: measurement of one of a person’s
  traits, whether physical or behavioral
 Security & Biometric Video
    Using Intrusion Detection
Intrusion detection system (IDS):
 software that monitors system and network
 resources and notifies network security
 personnel when it senses a possible intrusion
  Suspicious activities: failed login attempts,
   attempts to download program to server,
   accessing a system at unusual hours
  Can provide false alarms
  E-mail or voice message alerts may be missed
     Internet Laws for Libel and
       Protection of Decency
 Filtering software helps screen Internet content
   Also prevents children from sending personal information
    over e-mail or through chat groups
 Internet Content Rating Association (ICRA)
   Rates Web sites based on authors’ responses from
 Children’s Internet Protection Act (CIPA), 2000
   Required filters in federally funded libraries
 Libel is an important legal issue on the Internet
   Publishing Internet content to the world can subject
    companies to different countries’ laws
       Preventing Crime on the
 Develop effective Internet     Monitor managers and
  usage and security policies     employees to make sure
  for all employees               that they are using the
 Use a stand-alone firewall      Internet for business
  (hardware and software)         purposes
  with network monitoring        Use Internet security
  capabilities                    specialists to perform
 Deploy intrusion detection      audits of all Internet and
  systems, monitor them, and      network activities
  follow up on their alarms
              Privacy Issues
 With information systems, privacy deals with the
  collection and use or misuse of data
 More data and information are produced and used
  today than ever before
 Data is constantly being collected and stored on
  each of us
 This data is often distributed over easily accessed
  networks and without our knowledge or consent
 Concerns of privacy regarding this data must be
      Privacy and the Federal
 U.S. federal government is perhaps the largest
  collector of data
 Over 4 billion records exist on citizens, collected
  by about 100 federal agencies
 U.S. National Security Agency (NSA) had secretly
  collected phone call records of tens of millions of
  U.S. citizens after the September 11, 2001
  terrorist attacks
   Ruled unconstitutional and illegal by a federal judge in
    August 2006
             Privacy at Work
 There is conflict between rights of workers who
  want their privacy and the interests of companies
  that demand to know more about their employees
 Workers might be monitored via computer
  technology that can:
   Track every keystroke made by a worker
   Know when the worker is not using the keyboard or
    computer system
   Estimate how many breaks he or she is taking
 Many workers consider monitoring dehumanizing
            E-Mail Privacy
Federal law permits employers to monitor e-
 mail sent and received by employees
E-mail messages that have been erased from
 hard disks can be retrieved and used in
Use of e-mail among public officials might
 violate “open meeting” laws
     Privacy and the Internet
 Huge potential for privacy invasion on the Internet
   E-mail is a prime target
 Platform for Privacy Preferences (P3P): screening
  technology that shields users from Web sites that
  do not provide the level of privacy protection they
 Children’s Online Privacy Protection Act (COPPA),
  1998: require privacy policies and parental consent
 Potential dangers on social networking Web sites
    Corporate Privacy Policies
 Should address a customer’s knowledge, control,
  notice, and consent over the storage and use of
 May cover who has access to private data and when
  it may be used
 A good database design practice is to assign a
  single unique identifier to each customer
   Single record describing all relationships with the
    company across all its business units
   Can apply customer privacy preferences consistently
    throughout all databases
Individual Efforts to Protect Privacy

 Find out what is stored about you in existing
 Be careful when you share information about
 Be proactive to protect your privacy
 When purchasing anything from a Web site, make
  sure that you safeguard your credit card numbers,
  passwords, and personal information
                     Health Concerns
 Working with computers can
  cause occupational stress            Many computer-related
 Training and counseling can often     health problems are caused
  help the employee and deter           by a poorly designed work
  problems                              environment
 Computer use can affect physical     Ergonomics: science of
  health as well
                                        designing machines,
    Strains, sprains, tendonitis,
     repetitive motion disorder,        products, and systems to
     carpal tunnel syndrome             maximize the safety,
 Concerns about emissions from         comfort, and efficiency of
  improperly maintained and used        the people who use them
  equipment, display screens, and
  cell phones
 Principles of right and wrong used by
  individuals as free moral agents to guide
 Moral dimensions of the information age
   Information rights & obligations
   Property rights
   Accountability & control
   System quality
   Quality of life
      Moral dimensions of the
         information age
Information rights & obligations
Property rights
Accountability & control
System quality
Quality of life
     Ethics in an information
Ethical analysis:
 Identify, describe facts
 Define conflict, identify values
 Identify stakeholders
 Identify options
 Identify potential consequences
   Ethics in an information
Ethical principles:
 Treat others as you want to be treated
 If action not right for everyone, not right For
 If action not repeatable, not right at any time
 Put value on outcomes, understand consequences
 Incur least harm or cost
 No free lunch
             Information rights
   Privacy: right to be left alone
   Fair information practices (FIP):
   No secret personal records
   Individuals can access, amend information about them
   Use info only with prior consent
   Managers accountable for damage done by systems
   Governments can intervene
          Intellectual property
 Intellectual property: intangible creations protected by law
 Trade secret: intellectual work or product belonging to
  business, not in public domain
 Copyright: statutory grant protecting intellectual property
  from copying by others
 Trade Mark: legally registered mark, device, or name to
  distinguish one’s goods
 Patent: legal document granting owner exclusive monopoly on
  an invention for 17 years
 Ethical Issues in Information
 Code of ethics: states the principles and core
  values that are essential to a set of people and
  thus governs their behavior
 ACM code of ethics and professional conduct
   Contribute to society and human well-being
   Avoid harm to others
   Be honest and trustworthy
   Be fair and take action not to discriminate
   Honor property rights including copyrights and patents
   Give proper credit for intellectual property
   Respect the privacy of others
   Honor confidentiality

To top