Ch 4 - Managing the MIS Function
75) Although online tracking gathers an enormous amount of information on individual users, it is anonymous and can't be tied to a specific person.
75-F
76) Web beacons are tiny, invisible software programs hidden in email messages and web pages that are used to track and report a user's online behavior.
76-T
92) Gaining unapproved access to a computer is a federal crime.
92-T
93) Spam is a form of computer abuse
93-F
94) Some experts believe that exposure to computers reduces intelligence.
94-T
95) Computer abuse refers to acts involving a computer that may not be illegal but are considered unethical.
95-T
81) ________ are not held liable for the messages they transmit.
A) Regulated common carriers
16) ________ means that you accept the potential costs and obligations for the decisions you make.
A) Responsibility
25) Which ethical rule states that if an action cannot be taken repeatedly, it is not right to take at all?
A) Slippery slope rule
34) Which of the following is considered the most important U.S. federal statute setting forth conditions for handling information about individuals?
A) The Privacy Act
19) All of the following are steps in the process for analyzing an ethical issue except:
A) assigning responsibility.
53) Advertisers use ________ in order to display more relevant ads based on a user's search and browsing history.
A) behavioral targeting
42) The Online Privacy Alliance:
A) encourages self-regulation to develop a set of privacy guidelines for its members.
90) CVS refers to:
A) eyestrain related to computer display screen use.
88) Redesigning and automating business processes can be seen as a double-edged sword because:
A) increases in efficiency may be accompanied by job losses.
21) A man steals from a grocery store in order to feed his starving family. Which of the following best expresses the utilitarian principle in evaluating this situation?
B) His action is acceptable, because the higher social value is the survival of the family.
2) Which of the following best describes the effect that new information technology has on society?
B) It has a ripple effect, raising new ethical, social, and political issues.
49) The NAI is an industry association formed to help with which of the following?
B) Online privacy issues
54) ________ prohibits an organization from collecting any personal information unless the individual specifically takes action to approve information collection and use.
B) The opt-in model
1) Which of the following best describes how new information systems can result in legal gray areas?
B) They result in new situations that are not covered by old laws.
56) In an examination of 50 of the most popular websites, researchers discovered that which of the following was the only one that had no tracking files?
B) Wikipedia
40) When a cookie is created during a website visit, it is stored:
B) on the hard drive of the visitor's computer.
43) In the ________ model of informed consent, personal information can be collected until the consumer specifically requests that his or her data not be collected.
B) opt-out
86) The U.S. CAN-SPAM Act:
B) requires commercial email senders to identify themselves.
48) "Look and feel" copyright infringement lawsuits are concerned with:
B) the distinction between an idea and its expression.
24) According to ________, you should take the action that produces the least harm.
B) the risk aversion principle
5) Which of the following is not one of the current key technology trends that raises ethical issues?
C) Increase in data quality
35) FIP principles are based on a belief in which of the following?
C) Mutuality of interest between the record holder and the individual
8) Which of the following is a data analysis technology that finds hidden connections between data in disparate sources?
C) NORA
55) ________ grants the owner exclusive ownership of the ideas behind an invention for 20 years.
C) Patent law
91) Which of the following occurs when muscle groups are forced through tens of thousands of repetitions under low-impact loads?
C) RSI
6) All of the following are factors in U.S. federal sentencing guidelines with respect to business executives except: A) the monetary value of the crime. B) the presence of a conspiracy to prevent discovery of the crime. C) the use of technology to commit the crime. D) the use of structured financial transactions to hide the crime. E) the failure to cooperate with prosecutors.
C) the use of technology to commit the crime.
39) All of the following laws apply to actions by the federal government except: A) the Freedom of Information Act. B) the Privacy Act. C) the Computer Security Act. D) the Children's Online Privacy Protection Act. E) the E-Government Act.
D) the Children's Online Privacy Protection Act.
26) Which of the following ethical guidelines suggests that you put yourself in the place of others, and think of yourself as the object of the decision?
D) the Golden Rule
41) Which of the following replaced the U.S. Department of Commerce safe harbor framework that enabled U.S. businesses to legally use personal data from EU countries?
E) Privacy Shield
36) The FIP principle of Notice/Awareness states that:
E) websites must disclose their information practices before collecting data.
12) Ethics describes the principles of right and wrong that can be used by individuals to make choices to guide their behavior.
12-True
62) The European Parliament has banned unsolicited commercial messaging.
62-T
87) Which of the five moral dimensions of the information age does spamming involve?
A) Quality of life
79) How does protection of privacy in Europe differ from the United States?
Answer: In Europe, privacy protection is much more stringent than in the United States. Unlike the United States, European countries do not allow businesses to use personally identifiable information without consumers' prior consent. On October 25, 1998, the European Commission's Directive on Data Protection went into effect, requiring companies in the European Union (EU) nations to inform people when they collect information about them and disclose how it will be stored and used. Customers must provide their informed consent before any company can legally use data about them, and they have the right to access that information, correct it, and request that no further data be collected. Informed consent can be defined as consent given with knowledge of all the facts needed to make a rational decision. EU member nations must translate these principles into their own laws and cannot transfer personal data to countries, such as the United States, that do not have similar privacy protection regulations. In 2009, the European Parliament passed new rules governing the use of third-party cookies for behavioral tracking purposes. These new rules require website visitors to give explicit consent to be tracked by cookies and to have highly visible warnings on their pages if third-party cookies are being used. In January 2012, the EU changed its data protection rules to apply to all companies providing services in Europe and require Internet companies such as Amazon, Facebook, Apple, Google, and others to obtain explicit consent from consumers about the use of their personal data, delete information at the user's request, and retain information only as long as absolutely necessary. In 2014, the European Parliament extended greater control to Internet users by establishing the "right to be forgotten," which gives EU citizens the right to ask Google and social network sites to remove their personal information. Although the privacy policies of U.S. firms (in contrast to the government's) are largely voluntary, in Europe, corporate privacy policies are mandated and more consistent across jurisdictions. In June 2015, the European Council approved a new EUGeneral Data Protection Regulation (GDPR) to replace the existing Data Protection Directive. The concept of safe harbor was replaced by a policy called Privacy Shield. When it takes effect, the GDPR will apply across all EU countries, rather than the current situation where each member-state regulates privacy matters within its own borders. The GDPR will apply to any firm operating in any EU country, require unambiguous consent to use personal data for purposes like tracking individuals across the web, and limit the ability to use data for purposes other than those for which it was collected (such as constructing user profiles). It will also strengthen the right to be forgotten by allowing individuals to remove personal data from social platforms like Facebook and prevent such companies from collecting any new information. Companies operating in the EU will have to delete personal information once it no longer serves the purpose for which it was collected. The Privacy Shield places stronger obligations on U.S. companies to comply with EU privacy protections while still allowing data on EU citizens to be processed and used in the United States. The current privacy environment has turned decidedly against American firms like Facebook, Google, and others whose business model requires nearly unfettered use of personal information to support advertising revenues. Five EU nations—the Netherlands, Germany, France, Spain, and Belgium—have initiated a series of coordinated investigations into these firms' privacy and data policies.
17) ________ is a feature of social institutions that means mechanisms are in place to determine responsibility for an action.
B) Accountability
18) ________ is a feature of law-governed society and involves having laws that are known and understood, along with the ability to appeal to higher authorities to ensure that the laws are applied correctly.
B) Due process
47) Which of the following protects the authors of a book from having their work copied by others?
C) Copyright law
89) Which of the following terms refers to significant disparities in access to computers and the Internet among different social groups and different locations?
C) Digital divide
52) Which of the following is the world's largest collector of online user data?
C) Google
61) Which of the following is not a file-sharing service?
D) Pandora
4) The obligations that individuals and organizations have regarding the preservation of existing values and institutions fall within which of the following moral dimensions of the information age?
E) Quality of life
85) Which of the following statements about spam is not true?
E) Spamming is more tightly regulated in Europe than in the United States.
57) Which of the following is not a difficulty in establishing patent protection?
E) The requirement that the work must be a secret
45) Which of the following forms of protection of intellectual property requires that the property be the subject of a nondisclosure agreement?
E) Trade secret
46) All of the following are technical solutions to protecting user privacy except: A) email encryption. B) anonymous surfing. C) anonymous email. D) preventing client computers from accepting cookies. E) data use policies.
E) data use policies.
59) Digital media differs from a physical book in all of the following ways except:
E) ease of establishing uniqueness.
50) Which of the following is not protected by copyright law?
E) Machines
73) Some forms of illegal sharing of music files have declined as legitimate online music stores have expanded.
73-T
74) COPPA is a set of five principles developed by the FTC that most American and European privacy law is based on.
74-F
10) Advances in data storage and rapidly declining data storage costs have been responsible for multiplying databases on individuals maintained by private and public organizations.
10-True
11) In today's legal environment, managers who are convicted for the misuse of information systems are likely to be given a prison sentence.
11-True
27) Identifying the stakeholders—people who have a vested interest in the outcome of the decision—is the last step in analyzing an ethical issue.
27-False
28) Because of their special claims to knowledge, wisdom, and respect, professionals take on special rights and obligations.
28-T
29) Due process is a feature of political systems and allows individuals to recover damages done to them by others.
29-F
63) A Facebook user's visit to a website can be tracked even if they do not click a Like button.
63-T
64) Malicious software that is installed secretly on your computer by other applications and that tracks your online movements is called spyware.
64-T
65) Most Internet businesses do very little to protect the privacy of their customers.
65-T
66) Microsoft's Internet Explorer 11 web browser no longer includes an opt-out of tracking policy as the default.
66-T
67) Any intellectual work product that isn't based on public knowledge can be classed as a trade secret.
67-T
68) Copyright is a legal protection given to creators of certain types of intellectual property.
68-T
69) Software programs were unprotected by copyright law until the early 1990s.
69-F
70) The problem with web browsers' Do Not Track options is that websites aren't obligated to honor these settings.
70-T
71) European countries do not allow businesses to use personally identifiable information without consumers' prior consent.
71-T
72) One of the key concepts in patent law is originality.
72-T
14) Describe three technology trends that pose ethical issues, giving an example for each of its ethical or moral impact.
: Key technology trends include the following: (1) Computer power doubling every 18 months: ethical impact—because more organizations depend on computer systems for critical operations, these systems are vulnerable to computer crime and computer abuse; (2) Data storage costs are rapidly declining: ethical impact—it is easy to maintain detailed databases on individuals—who has access to and control of these databases?; (3) Data analysis advances: ethical impact—vast databases full of individual information may be used to develop detailed profiles of individual behavior; (4) Networking advances and the Internet: ethical impact—it is easy to copy data from one location to another. Who owns data? How can ownership be protected?; (5) Mobile device growth impact: ethical impact—individual cell phones may be tracked without user consent or knowledge.
7) The use of computers to assemble data from different sources to create digital dossiers of detailed information about individuals is known as which of the following?
A) Profiling
82) Which of the following resulted in an outage for Netflix customers on Christmas Eve 2012?
A) A failure of Amazon's cloud computing service
51) Which of the following adjusts copyright laws to the Internet age by making it illegal to circumvent technology-based protections of copyrighted materials?
A) Digital Millennium Copyright Act
37) Which of the following U.S. laws gives patients access to personal medical records and the right to authorize how this information can be used or disclosed?
A) HIPAA
20) A colleague at work takes small amounts of office supplies for her own personal use, saying that this is a tiny loss to the company. You tell her that if everyone were to take office supplies, then the loss would no longer be minimal. Your rationale expresses which of the following ethical principles?
A) Kant's Categorical Imperative
3) The obligations that individuals and organizations have concerning rights to intellectual property involve which of the following moral dimensions of the information age?
A) Property rights and obligations
100) What are some of the potential health risks associated with use of computers?
Answer: A common occupational disease today is repetitive stress injury (RSI). RSI occurs when muscle groups are forced through repetitive actions often with high-impact loads (such as tennis) or tens of thousands of repetitions under low-impact loads (such as working at a computer keyboard). The incidence of repetitive stress syndrome is estimated to be as much as one-third of the labor force and accounts for one-third of all disability cases. The single largest source of RSI is computer keyboards. The most common kind of computer-related RSI is carpal tunnel syndrome (CTS), in which pressure on the median nerve through the wrist's bony structure, called a carpal tunnel, produces pain. The pressure is caused by constant repetition of keystrokes. Symptoms of carpal tunnel syndrome include numbness, shooting pain, inability to grasp objects, and tingling. Millions of workers have been diagnosed with carpal tunnel syndrome. It affects an estimated 3 percent to 6 percent of the workforce. RSI is not the only occupational illness computers cause. Back and neck pain, leg stress, and foot pain also result from poor ergonomic designs of workstations. Computer vision syndrome (CVS) refers to any eyestrain condition related to display screen use in desktop computers, laptops, e-readers, smartphones, and handheld video games. CVS affects about 90 percent of people who spend three hours or more per day at a computer. Its symptoms, which are usually temporary, include headaches, blurred vision, and dry and irritated eyes.
78) Describe how a cookie works.
Answer: A cookie works as follows: A user opens a web browser and selects a website to visit. The user's computer sends a request for information to the server running the website. At the same time the server sends a cookie—a data file containing information like an encrypted user ID and information about when the user visited and what he did on the site. The user's computer receives the cookie and places it in a file on the hard drive. Whenever the user goes back to the website, the server running the site retrieves the cookie to help identify the user.
98) How does the use of electronic voting machines act as a "double-edged sword?" What moral dimensions are raised by this use of information technology?
Answer: Electronic voting machines can be seen as beneficial by making voting easy to accomplish and tabulate. However, it may be easier to tamper with electronic voting machines than with countable paper ballots. In terms of information rights, it seems possible that methods could be set up to determine how an individual has voted and to store and disseminate this knowledge. Manufacturers of voting machines claim property rights to the voting software, which means that if the software is protected from inspection, there is no regulation in how the software operates or how accurate it is. In terms of accountability and control, if an electronic voting system malfunctions, will it be the responsibility of the government, of the company manufacturing the machines or software, or the programmers who programmed the software? The dimension of system quality raises questions of how the level of accuracy of the machines is to be judged and what level is acceptable? In terms of quality of life, while it may make voting easier and quicker, does the vulnerability to abuse of these systems pose a threat to the democratic principle of one person, one vote?
80) Discuss the history of Apple's and Samsung's patent battle against each other.
Answer: In 2011, Apple sued Samsung for violating its patents for iPhones, iPads, and iPods. On August 24, 2012, a California jury in federal district court delivered a decisive victory to Apple and a stunning defeat to Samsung. The jury awarded Apple $1 billion in damages. The decision established criteria for determining just how close a competitor can come to an industry-leading and standard-setting product like Apple's iPhone before it violates the design and utility patents of the leading firm. The same court ruled that Samsung could not sell its new tablet computer (Galaxy 10.1) in the United States. In a later patent dispute, Samsung won an infringement case against Apple. In June 2013, the United States International Trade Commission issued a ban for a handful of older iPhone and iPad devices because they violated Samsung's patents from years ago. In 2014, Apple sued Samsung again, claiming infringement of five patents. The patents cover hardware and software techniques for handling photos, videos, and lists used on the popular Galaxy 5. Apple sought $2 billion in damages. In 2015, the U.S. Court of Appeals reaffirmed that Samsung had copied specific design patents but dropped the damages, Apple was granted $930 million. To make matters more complicated, Apple has been one of Samsung's largest customers for flash memory processors, graphic chips, solid-state drives, and display parts that are used in Apple's iPhones, iPads, iPod Touch devices, and MacBooks. The Samsung and Apple patent cases are indicative of the complex relationships among the leading computer firms.
15) What is NORA and how does it work?
Answer: NORA stands for nonobvious relationship awareness. NORA has given both the government and the private sector even more powerful profiling capabilities. NORA can take information about people from many disparate sources, such as employment applications, telephone records, customer listings, and wanted lists, and correlate relationships to find obscure connections that might help identify criminals or terrorists. NORA technology scans data and extracts information as the data are being generated so that it could, for example, instantly discover a man at an airline ticket counter who shares a phone number with a known terrorist before that person boards an airplane. The technology is considered a valuable tool for homeland security but does have privacy implications because it can provide such a detailed picture of the activities and associations of a single individual.
77) What are the major issues concerning privacy in the information age? Do you believe the need for homeland security should overrule some of the personal privacy and information rights we have previously taken for granted? Why or why not?
Answer: One answer might be that we should depend upon the Federal Trade Commission Fair Information Practice Principles and that as long as these principles are not ignored or overset, personal privacy does not conflict with homeland security. This is a weak argument. Other issues involve online privacy, employee monitoring, tradeoffs between security and privacy and good business results versus privacy.
32) Define the basic concepts of responsibility, accountability, and liability as applied to ethical decisions. How are these concepts related?
Answer: Responsibility is the first key element of ethical action. Responsibility means that an individual, group, or organization accepts the potential costs, duties, and obligations for decisions made. Accountability is a feature of systems and social institutions. It means that mechanisms are in place to determine who took responsible action; i.e., who is responsible for the action. Liability is a feature of political systems in which a body of law is in place that permits individuals to recover the damages done to them by others. These concepts are related as follows: I will assume the blame or benefit for the actions I take (responsibility); this blame or benefit accrues to me through the requirement that I be able to explain why I have taken the actions I have (accountability) for actions traceable to me by defined mechanisms in the organization, and if those actions result in harm to another, I will be held by law to reparations for those actions (liability).
96) One of the capabilities of Internet communication is the ability of the individual to appear essentially anonymous by using made-up user names. Is anonymity the same thing as privacy, and should it be a right? What ethical issues are raised by increased anonymity?
Answer: Student answers will vary, but should include a definition of privacy and an attempt to differentiate between anonymity and privacy, as well as an understanding that anonymity can result in a breakdown of clear accountability or responsibility for actions. A sample answer is: Privacy is the claim to be left alone, free from surveillance. This is different from anonymity, in which nobody knows who you are or what actions you take even in a public arena. Some individuals, if they feel they are anonymous, may have lapses in ethical behavior because anonymity means they are no longer accountable for their actions. I don't know if anonymity should be a right, but perhaps anonymity should not be permissible for some types of communication.
97) What do you consider to be the primary ethical, social, and political issues regarding the quality of a software product?
Answer: Student answers will vary, but should include a description of the software manufacturer's responsibility in software quality and an understanding of the difference between social concerns (culture, lifestyle effects) and political concerns (legal, institutional effects). A sample answer is: The central quality-related ethical issue that software quality raises is what responsibility does a software manufacturer have in the performance of its software? At what point can the manufacturer conclude that its software achieves an adequate level of quality? The leading social issue raised by quality is: how is our society affected by low-quality software and is this a concern? And how much accountability should the software manufacturer have? The central political concern raised by software quality is whether and how to enforce software quality minimums and standards, and what institutions are thus also held accountable.
13) Identify the five moral dimensions that are involved in political, social, and ethical issues and briefly describe each. Of these, which do you think is the most difficult for society to deal with? Support your opinion.
Answer: The five moral dimensions are: (1) Information rights and obligations. What rights do individuals and organizations have with respect to information pertaining to them? (2) Property rights and obligations. How can intellectual property rights be protected when it is so easy to copy digital materials? (3) Accountability and control. Who will be held accountable and liable for the harm done to individual and collective information and property rights? (4) System quality. What standards of data and system quality should we demand to protect individual rights and the safety of society? (5) Quality of life. What values should be preserved? What institutions must we protect? What cultural values can be harmed? Individual answers for determining the most difficult for society to deal with will vary. One answer might be: Quality of life issues will be most difficult for society to deal with in societies that are comprised of many different cultural and ethnic groups, such as the United States. It is difficult to regulate concerns that are based on subjective values.
31) Identify and discuss the six ethical principles discussed in the chapter.
Answer: The six ethical principles are the Golden Rule, Kant's categorical imperative, the slippery slope rule, the utilitarian principle, the risk aversion principle, and the "no free lunch" rule. The Golden Rule proposes: do unto others as you would have them do unto you. Immanuel Kant's categorical imperative proposes that if an action is not right for everyone to take, it is not right for anyone. The slippery slope rule says: If an action cannot be taken repeatedly, it is not right to take at all. The utilitarian principle is: Take the action that achieves the higher or greater value. The risk aversion principle is: Take the action that produces the least harm or the least potential cost. The "no free lunch" rule says: Assume that virtually all tangible and intangible objects are owned by someone else unless there is a specific declaration otherwise. Tangible objects are owned by someone else unless there is a specific declaration otherwise.
30) What are the steps in conducting an ethical analysis?
Answer: The steps are: (1) Identify and describe clearly the facts; (2) define the conflict or dilemma and identify the higher-order values involved; (3) identify the stakeholders; (4) identify the options that you can reasonably take; and (5) identify the potential consequences of your options.
22) Which of the following best describes Immanuel Kant's categorical imperative?
D) If an action is not right for everyone to take, it is not right for anyone to take.
84) Which of the following is a primary drawback to the "do anything anywhere" computing environment?
D) It blurs the traditional boundaries between work and family time.
44) What percent of global Internet users use Google Search and other Google services?
D) Nearly 80 percent
58) Which of the following is not true about the GDPR? A) The GDPR requires Internet companies to obtain explicit consent from consumers for the use of their personal data. B) The GDPR requires Internet companies to delete information at the user's request. C) The GDPR requires Internet companies to retain information only as long as absolutely necessary. D) The GDPR rejects the right to be forgotten. E) The GDPR applies only to all companies providing services in Europe.
D) The GDPR rejects the right to be forgotten.
33) In 2010, the FTC added all of the following recommendations to its privacy guidelines except: A) firms should build products and services that protect privacy. B) firms should increase the transparency of their data collection. C) firms should require consumer consent and provide clear options to opt out of data collection. D) firms should limit the length of time that any personal data is stored to six months or less. E) consumers should be able to review and contest the accuracy and completeness of data.
D) firms should limit the length of time that any personal data is stored to six months or less.
23) The ethical "no free lunch" rule states that:
D) if something someone else has created is useful to you, it has value, and you should assume the creator wants compensation for this work.
9) Which of the following is not an example of the potential dark side of big data?
E) Analyzing data from sensors installed in local parks to monitor soil moisture
60) Which of the following were involved in what has been called the patent trial of the century?
E) Apple and Samsung
38) Which of the following is not a U.S. federal law affecting private institutions?
E) Computer Matching and Privacy Protection Act
83) Which of the following is the most common reason that business systems fail?
E) Data quality