IS 3003 Ch 4: Information Systems and Ethics

Some possible Technical solutions:

-E-mail encryption -Anonymous browsing tools -Cookie prevention and management -Browser features -"Private" browsing -"Do not track" feature -For the most part, these solutions fail to prevent users from being tracked from site to site

How does Spyware transmit, or use information?

-Sale of information to online marketers & spammers -Illegal uses such as identity theft -Modify user experience to market to the user by presenting ad banners, pop-ups, etc

Cookies: What they are:

-Small text files deposited on a computer hard drive when a user visits web sites -Identify the user's web browser SW and track visits to the web site -When the user returns to the site, the web site SW will know what the user has done in the past on that site

Cookies: Possible negative side:

-Store and transmit information about online habits including, sites visited, purchases made, etc. -Deny access to sites when cookies are refused -Collect & combine information to build a profile

Spyware

-Technology that aids in gathering information about a person or organization without their knowledge -SW that secretly gathers information about users while they browse the Web; can come hidden in free downloads; tracks online movements, mines the information stored on a computer, or uses the computer's CPU and storage for some task the user knows nothing about

Web Beacons aka web bugs

-Tiny software programs or objects invisibly embedded in e-mail messages and Web pages -Designed to monitor the behavior of the user visiting a web site or sending e-mail -The web beacon captures and transmits information such as the IP address of the user's computer, the time a web page was viewed and for how long, the type of web browser used, and previously set cookie values

What are the 4 Key Technology Trends That Raise Ethical Issues

1. Doubling of computer power - More organizations depend on computer systems for critical operations 2. Rapidly declining data storage costs - Organizations can easily maintain detailed databases on individuals 3. Networking advances and the Internet - Copying data from one location to another and accessing personal data from remote locations are much easier 4. Advances in data analysis techniques - Companies can analyze vast quantities of data gathered on an individual 5. Impact of Mobile Devices

6 Candidate Ethical Principles:

1. Golden Rule Do unto others as you would have them do unto you. 2 Immanuel Kant's Categorical Imperative If an action is not right for everyone to take, it is not right for anyone. 3. Descartes' Rule of Change If an action cannot be taken repeatedly, it is not right to take at all. 4. Utilitarian Principle Take the action that achieves the higher or greater value. 5. Risk Aversion Principle Take the action that produces the least harm or least potential cost. 6. Ethical "No Free Lunch" Rule Assume that virtually all tangible and intangible objects are owned by someone unless there is a specific declaration otherwise.

Ethical analysis: A five-step process

1. Identify and clearly describe the facts. 2. Define the conflict or dilemma and identify the higher-order values involved. 3. Identify the stakeholders. 4. Identify the options that you can reasonably take. 5. Identify the potential consequences of your options.

What are the Five Moral Dimensions of the Information Age

1. Information rights and obligations 2. Property rights and obligations 3. Accountability and control 4. System quality 5. Quality of life

What is Fair Information Practices (FIP)

A set of principles originally set forth in 1973 that governs the collection and use of information about individuals and forms the basis of most U.S. and European privacy laws.

Web Beacon

AKA web bugs, (tracking files) tine software programs that keep a record of users' online clickstreams. Monitor online behavior and report back to owner.

Which of the following is an ethical issue caused by the advancement in data storage techniques?

Access to confidential information

Digital Millennium Copyright Act (DMCA)

Adjusts copyright laws to the Internet Age by making it illegal to make, distribute, or use devices that circumvent technology based protections of copyrighted materials.

What is the dilemma surrounding employee monitoring in the workplace

An organization is placing itself at risk if it fails to monitor its employees; organizations can be held financially responsible for their employees' actions

Ethical "No Free Lunch" rule

Assume virtually all tangible and intangible objects are owned by someone else unless there is a specific declaration otherwise. Something someone else created is useful to you, it has value and you should assume the creator wants compensation for this work.

Privacy

Claim of individuals to be left alone, free from surveillance or interference from other individuals, organizations, or state. Claim to be able to control information about yourself.

Profiling

Combining data from multiple sources to create dossiers of detailed information on individuals

Non-obvious relationship awareness (NORA)

Combining data from multiple sources to find obscure hidden connections to correlate relationships that might help identify criminals or terrorists or other interesting data

__________ is the commission of acts involving a computer that may not be illegal but that are considered unethical.

Computer abuse

What are some Internet Challenges to Privacy?

Cookies Web beacons Spyware Web logs Clickstream data

Intellectual Property protections include:

Copyrights Trademarks Trade secrets Patents

Digital Millennium Copyright Act (DMCA) 1998

Created the World Intellectual Property Organization Treaty that makes it illegal to circumvent technology-based protections of copyrighted materials ISPs are required to take down sites of copyright infringers they are hosting once they are notified of the problem

Which of the following is an ethical issue caused by the doubling of computer power every 18 months?

Dependence on systems and increased vulnerability to system errors and poor data quality

Golden Rule

Do unto others as you would have them do unto you. Putting yourself in the place of others, and thinking of yourself as the object of the decision; helps with fair decision making.

U.S. CAN-SPAM ACT of 2003

Does not outlaw spamming; bans deceptive email practices, requires commercial email messages to display accurate subject lines, identify the true senders, and offer recipients an easy way to remove their names from email lists.

Challenges to intellectual property rights:

Ease of transmission/replication Ease of alteration Difficulty in classifying SW as a type of intellectual property Compactness - making theft easy Difficulties in establishing uniqueness

Privacy Differences: European Union vs. USA

European Directive on Data Protection: -Requires companies to inform people when they collect information about them and disclose how it will be stored and used -Requires informed consent of customer -EU member nations cannot transfer personal data to countries without similar privacy protection (e.g., the United States)

In the United States, privacy protected by:

First Amendment (freedom of speech) Fourth Amendment (unreasonable search and seizure) Additional federal statues (e.g., Privacy Act of 1974)

Web logs, Examples of data collected:

Host name User-agent System date Full request URL

Slippery slope rule

If an action cannot be taken repeatedly, it is not right to take at all. (action creates a small change now, but continuing brings about unacceptable changes)

Immanuel Kant's categorical imperative

If an action is not right for everyone to take, it is not right for anyone. (ask: if everyone did this, would the organization or civilization survive)

"If the action is not right for everyone to take, it is not right for anyone" refers to which ethical principle of conduct?

Immanuel Kant's Categorical Imperative

Privacy Differences: European Union vs. USA

In the U.S. -Information Privacy is not highly legislated or regulated -There is no all-encompassing law that regulates the use of personal data or information -Access to public information is considered culturally acceptable, such as obtaining credit reports for employment and housing purposes

Which of the following statements is true about privacy and freedom in the Internet age?

Individual claims to privacy are threatened by the cheap availability of information.

Intellectual Property:

Intangible property that results from an individual's or corporation's creative activity

Information systems raise new ethical questions because they create opportunities for:

Intense social change - threatening existing distributions of power, money, rights, and obligations. Invasion of privacy. New kinds of crime.

Spam

Is legal in the U.S. if it does not involve fraud and the sender and subject of the e-mail are properly identified accounts for 80% to 90% of most organizations' e-mail and costs U.S. businesses over $50 billion a year

Which of the following is a limitation to protecting intellectual property through trade secret laws?

It is difficult to prevent ideas from falling into the public domain.

Spam -

Junk e-mail/unsolicited e-mail sent by an organization or individual to a mass audience of Internet users that promotes a product or service or makes some other type of solicitation

Workplace monitoring is a concern for many employees

Monitoring - tracking people's activities by such measures as number of keystrokes, error rate, and number of transactions processed some people feel that monitoring employees is unethical, an invasion of privacy

Current FIP Principles:

Notice/awareness (core principle) - web sites must disclose practices before collecting data Choice/consent (core principle) - consumers must be able to choose how information is used for secondary purposes Access/participation - consumers must be able to review, contest accuracy of personal data Security - data collectors must take steps to ensure accuracy, security of personal data Enforcement - there must be mechanisms to enforce FIP principles

Which of the following is an ethical concern due to the advances in data analysis techniques?

Organizations selling consumer profiles to other organizations

Which of the following statements is true about equality in access to information technology?

Ownership of computers and digital devices has broadened, but the digital divide still exists.

Definitions of Ethics

Principles of right and wrong that individuals, acting as free moral agents, use to make choices to guide their behaviors, Moral guidelines that people or organizations follow in dealing with others, and Principles and standards that guide our behavior toward others

Which of the following ethical issues in information systems has become a greater concern because of the rise of the Internet?

Protection of personal privacy

Which of the following is an impact of information technology on employment?

Redesigning business processes has caused many employees to lose their jobs.

ergonomic issues associated with computer use

Repetitive stress injury (RSI) Computer vision syndrome (CVS) Technostress Role of radiation, screen emissions, low-level electromagnetic fields

Basic concepts for ethical analysis:

Responsibility: - Accepting the potential costs, duties, and obligations for decisions Accountability: - Mechanisms for identifying responsible parties Liability: - Permits individuals (and firms) to recover damages done to them Due process: - Laws are well known and understood, with an ability to appeal to higher authorities

U.S. businesses must use Safe Harbor framework

Safe harbor - private, self-regulating policy and enforcement mechanism that meets objectives of government legislation but does not involve government regulation or enforcement

Impacts on Equity and Access: Impacts

Services to communities; education, skills Access to information, healthcare, etc. Impact on the individual, community, country, society

Professional Codes of Conduct

Set forth by associations of professionals - Examples - AMA, ABA, AITP, ACM Promises by professions to regulate themselves in the general interest of society

Fair Information Practices (FIP):

Set of principles governing the collection and use of information Basis of most U.S. and European privacy laws Based on mutuality of interest between record holder and individual - Restated and extended by FTC in 2009 to provide guidelines for behavioral targeting - Used to drive changes in privacy legislation (COPPA, Gramm- Leach-Bliley Act, HIPAA) Opt-out vs. Opt-in policies Opt-out: permits the collection of personal information until/unless the consumer specifically requests that the data NOT be collected (businesses want this) Opt-in: a business is prohibited from collecting any personal information unless the consumer specifically takes action to approve the information collection and use (individuals want this)

Threats/Crimes include:

Software Piracy - illegal copying of SW that is protected by copyright laws Cybersquatting - registering, selling, or using a domain name to profit from someone else's trademark or branding

Three principal sources of poor system performance:

Software bugs, errors HW or facility failures Poor quality of data input

What is Technostress?

Stress induced by computer use; symptoms include aggravation, hostility toward humans, impatience, and enervation. (enervation - to deprive of force or strength; destroy the vigor of; weaken.)

Utilitarian principle

Take the action that achieves the higher or greater value; prioritize values in a ranked order, and understand consequences of the various courses of action.

Risk Aversion Principle

Take the action that produces the least harm or the least potential cost.

Intellectual Property

Tangible or intangible products of the mind created by individuals or corporations.

How has technology changed ethical reasoning of Information Systems?

Technology allows us to do things we were unable to do in the past, and may cause us to think differently about the ethical and/or legal impacts.

Common monitoring technologies include:

Telephone monitoring E-mail, IM and Text Messaging monitoring Internet monitoring Social Network monitoring Video surveillance "Smart" ID cards for tracking location GPS tracking

__________ is putting yourself into the place of others and thinking of yourself as the object of the decision.

The Golden Rule

To take the action that produces the least harm or the least potential cost refers to which ethical principle of conduct?

The Risk Aversion Principle

To take the action that achieves the higher or greater value refers to which ethical principle of conduct?

The Utilitarian Principle

Which of the following is a threat posed by the Internet to individual privacy?

The ability to track user information based on browsing data

Which of the following best describes privacy?

The claim of individuals to be left alone, free from surveillance

The principle that virtually all tangible and intangible objects are owned by someone else unless there is a specific declaration otherwise refers to which ethical principle of conduct?

The ethical "no free lunch" rule

Which of the following is true about the social costs of information technology?

The traditional boundaries that separate work from family and just plain leisure have been weakened.

__________ are tiny software programs that keep a record of users' online clickstream.

Web beacons

Piggybacking or Tailgating -

allows a fraudster to enter a restricted area by following closely behind a legitimate user and following them in

Negative social consequences of systems Balancing power -

although computing power is decentralizing, key decision making remains centralized

Defining privacy is difficult -

and information technologies have increased ease of access to information

U.S. CAN-SPAM Act of 2003 -

bans deceptive practices (not Spam itself) but ...

Negative social consequences of systems Rapidity of change -

businesses may not have enough time to respond to global competition

Spam filtering SW

can be used to block suspicious e-mail but can also block legitimate messages and does not always catch fraudulent ones

Computer Abuse -

commission of acts involving a computer that may not be illegal but are unethical

Computer Crime/Fraud -

commission of illegal acts through use of a computer or against a computer system - computer may be the object (target) or the instrument of crime "any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution" [defined by U.S. Department of Justice]

Using an algorithm to potentially determine people with shorter commute are more likely to stay in a job longer than those with longer commmutes could be part of _________________ that filters applicants.

computerized targeting / hiring

Negative social consequences of systems Maintaining boundaries -

computing, Internet use lengthens work-day, infringes on family, personal time

Web logs -

consist of one line of information for every visitor to a web site; usually stored on a web server

Copyright -

gives the creator exclusive rights, no one else can reproduce, distribute, or perform the work without permission, granted for the life of the author plus 70 years; corporate copyrights 95 years

Health risks -

health problems associated with the environment in which computers are used

Trade Secrets -

intellectual work or product belonging to a business - not in the public domain (formula, device, pattern, etc.)

Patent -

protects new innovations, processes, designs; grants the owner an exclusive monopoly for 20 years

Trademark -

protects product names and identifying marks (logos); a unique symbol or word used by a business to identify their product or service

Negative social consequences of systems Dependence and vulnerability -

public and private organizations ever more dependent on computer systems

Dumpster diving -

searching the trash for important information that can help gain access to a company's or individual's important information

Employee monitoring policies -

should explicitly state how, when, and where the company monitors its employees

Shoulder surfing -

standing next to someone and watching as they fill out personal information on a form or listening as they verbally provide the information

Mailbox diving -

taking mail from your postal box

Social engineering -

talking a person into revealing critical information that can be used to obtain personal information; using one's social skills to trick people into revealing access to credentials or other information valuable to the attacker

Monitoring of Social Networking Sites

the act of using a tool to listen to what is being said across the internet; monitoring media not just from traditional publishers, but on millions of social sites too.

Information systems affect ethical principles because __________.

they raise concerns about the use of intellectual property

Digital divide -

when those with access to technology have great advantages over those without access to technology; large disparities in access to computers and the Internet among different social groups and locations Computers & high speed Internet access still aren't affordable for many - society of technology "haves" and "have-nots"