chap 12 IS 3003

Card Set Information

chap 12 IS 3003
2011-10-30 18:56:47
chap 12 3003

chap 12 IS 3003
Show Answers:

  1. Information systems raise new ethical questions because they create opportunities for
    •Intense social change, threatening existing distributions of power, money, rights, and obligations

    •Invasion of privacy

    •New kinds of crime

    •Technology allows us to do things we were unable to do in the past, and may cause us to think differently about the ethical and/or legal impacts
  2. Recent cases of failed ethical judgment in business
    •Bear Stearns, Galleon Group, Pfizer

    •Information systems may have been instrumental in many of these frauds

    •In many, information systems have been used to bury decisions from public scrutiny
  3. Ethics
    •Principles of right and wrong that individuals, acting as free moral agents, use to make choices to guide their behaviors

    •Moral guidelines that people or organizations follow in dealing with others

    •Principles and standards that guide our behavior toward others

    •Ethical decision-making – more difficult to determine than legal vs illegal
  4. FIVE moral dimensions of the Information Age
    1.Information rights and obligations

    2.Property rights and obligations

    3.Accountability and control

    4.System quality

    5.Quality of life
  5. 4 key technology trends that raise ethical issues
    •Doubling of computer power - More organizations depend on computer systems for critical operations

    •Rapidly declining data storage costs - Organizations can easily maintain detailed databases on individuals

    •Networking advances and the Internet - Copying data from one location to another and accessing personal data from remote locations are much easier

    •Advances in data analysis techniques - Companies can analyze vast quantities of data gathered on individuals

    •Profiling -combing data from multiple sources to create dossiers of detailed info on individuals

    •Nonobvious relationship awareness -combining data from multiple sources to find obscure hidden connections that might help identify criminals or terroists
  6. Ethics is about individual choice
    main features are:
    •Basic concepts for ethical analysis

    •Ethical Analysis

    •Candidate Ethical Principles

    •Professional Codes of Conduct
  7. Basic concepts for ethical analysis

    •Accepting the potential costs, duties, and obligations for decisions


    •Mechanisms for identifying responsible parties


    •Permits individuals (and firms) to recover damages done to them

    • •Due process:

    •Laws are well known and understood, with an ability to appeal to higher authorities
  8. Ethical analysis: A five-step process
    1.Identify and clearly describe the facts.

    2.Define the conflict or dilemma and identify the higher-order values involved.

    3.Identify the stakeholders.

    4.Identify the options that you can reasonably take.

    5.Identify the potential consequences of your options.
  9. Basic concepts for ethical analysis
    • •Responsibility:
    • •Accepting the potential costs, duties, and obligations for decisions

    • •Accountability:
    • •Mechanisms for identifying responsible parties

    • •Liability:
    • •Permits individuals (and firms) to recover damages done to them

    • •Due process:
    • •Laws are well known and understood, with an ability to appeal to higher authorities
  10. Ethical analysis: A five-step process
    1.Identify and clearly describe the facts.

    2.Define the conflict or dilemma and identify the higher-order values involved.

    3.Identify the stakeholders.

    4.Identify the options that you can reasonably take.

    5.Identify the potential consequences of your options.
  11. 6 Candidate Ethical Principles
    •Golden Rule

    •Do unto others as you would have them do unto you.

    • •Immanuel Kant’s Categorical Imperative
    • •If an action is not right for everyone to take, it is not right for anyone.

    • •Descartes’ Rule of Change
    • •If an action cannot be taken repeatedly, it is not right to take at all.

    • •Utilitarian Principle
    • Take the action that achieves the higher or greater value.

    • •Risk Aversion Principle
    • •Take the action that produces the least harm or least potential cost.

    •Ethical “No Free Lunch” Rule

    •Assume that virtually all tangible and intangible objects are owned by someone unless there is a specific declaration otherwise.
  12. Professional codes of Conduct
    promises of professions to regulate themselves in the general interest of society.
  13. Privacy
    Claim of individuals to be left alone, free from surveillance or interference from other individuals, organizations, or state. Claim to be able to control information about yourself

    •First Amendment (freedom of speech)

    •Fourth Amendment (unreasonable search and seizure)

    •Additional federal statues (e.g., Privacy Act of 1974)
  14. Concerns about privacy in the workplace
    –Employers search social networking sites

    –Employee monitoring systems
  15. Misuse & abuse of information gathered by
    –Healthcare organizations

    –Financial institutions

    –Legal firms
  16. Defining privacy is difficult
    –Information technologies have increased ease of access to information
  17. Current FTC FIP Principles
    •Notice/awareness (core principle) - web sites must disclose practices before collecting data

    Choice/consent (core principle) - consumers must be able to choose how information is used for secondary purposes

    •Access/participation - consumers must be able to review, contest accuracy of personal data

    •Security - data collectors must take steps to ensure accuracy, security of personal data

    •Enforcement - must be mechanism to enforce FIP principles
    In the U.S.

    •Information privacy is not highly legislated or regulated

    •There is no all-encompassing law that regulates the use of personal data or information

    •Access to public information is considered culturally acceptable, such as obtaining credit reports for employment or housing purposes

    •European Directive on Data Protection:

    •Requires companies to inform people when they collect information about them and disclose how it will be stored and used.

    •Requires informed consent of customer.

    •EU member nations cannot transfer personal data to countries without similar privacy protection (e.g., the United States).

    •U.S. businesses use safe harbor framework.

    •Self-regulating policy and enforcement that meets objectives of government legislation but does not involve government regulation or enforcement
  19. Internet Challenges to Privacy
    • •Cookies-
    • Small text files with a unique ID tag .Embedded in a Web browser .Saved on the user’s hard drive
    • •Do have legitimate uses but they also can:

    Can Store and transmit information about online habits including, sites visited, purchases made, etc.

    Can Prevent accessing sites when cookies are refused

    Can Collect and combine information with other information to build a personal profile

    •Web bugs-Tiny graphics embedded in e-mail messages and Web pages .Designed to monitor who is reading message and transmit information to another computer

    • •Spyware-
    • SW that secretly gathers information about users while they browse the Web; can come hidden in free downloads & tracks online movements, mines the information stored on a computer, or uses the computer’s CPU and storage for some task the user knows nothing about

    • sale information
    • illegal uses
    • modify user experience

    • •Web logs-
    • consist of one line of information for every visitor to a web site; usually stored on a web server

    Examples of data collected:

    – Hostname

    – User-agent

    – system date

    – Full request

    – URL

    • •Clickstream data
    • records information about a customer during a web session such as what web sites were visited, how long the visit was, what ads were viewed, what was purchased, etc
  20. Adware
    –Form of spyware

    –Collects information about the user to display advertisements in the Web browser based on information it collects from the user’s browsing habits

    –Install antivirus SW and an ad-blocking feature in Web browser
  21. other ways confidential information is obtained
    •Social engineering – talking a person into revealing critical information that can be used to obtain personal information; using one’s social skills to trick people into revealing access to credentials or other information valuable to the attacker

    • •Shoulder surfing - standing next to someone and watching as they fill out personal information on a form or listening as they verbally provide the information

    •Dumpster diving – searching the trash for important information that can help gain access to a company’s or individual’s important information

    •Mailbox diving – taking mail from your postal box

    • •Monitoring of Social Networking Sites
  22. The Platform for Privacy Preferences (P3P
    •Allows Web sites to communicate privacy policies to visitor’s Web browser—user

    •User specifies privacy levels desired in browser settings

    •E.g., “medium” level accepts cookies from first-party host sites that have opt-in or opt-out policies but rejects third-party cookies that use personally identifiable information without an opt-in policy
  23. workplace privacy/monitoring
    •Workplace monitoring is a concern for many employees; organizations can be held financially responsible for their employees’ actions

    • •Monitoring – tracking people’s activities by such measures as number of keystrokes, error rate, and number of transactions processed
    • The dilemma surrounding employee monitoring in the workplace is that an organization is placing itself at risk if it fails to monitor its employees, however, some people feel that monitoring employees is unethical, an invasion of privacy

    •Employee monitoring policies – explicitly state how, when, and where the company monitors its employees
  24. Computer Crime and Abuse
    •Computer Crime – commission of illegal acts through use of computer or against a computer system – computer may be the object or the instrument of crime

    •Computer Abuse – unethical (not illegal) acts

    •Examples –

    •Stealing or altering files or data

    •Theft of resources


    •Identity theft


    •Intellectual property crimes
  25. Identity Theft
    •the forging of someone’s identity for the purpose of fraud

    •the stealing of another person’s private information (SSN, credit card numbers, etc.) for the purpose of using it to gain credit, borrow money, buy merchandise, or otherwise run up debt that is never paid

    –is invisible to the victim, they don’t know it is happening

    –is very difficult to correct…credit agencies are involved

    –can cause unrecoverable losses and legal costs
  26. SPAM
    •Unsolicited e-mail that promotes a product or service or makes some other type of solicitation

    •Spam accounts for 40% to 60% of most organizations’ e-mail and cost U.S. businesses over $14 billion in 2005

    •Anti-spam policy – simply states that e-mail users will not send unsolicited e-mails (or spam)
  27. Intellectual property: intangible property of any kind created by individuals or corporations
    •Three main ways that intellectual property is protected

    •Trade secret: intellectual work or product belonging to business, not in the public domain

    •Copyright: statutory grant protecting intellectual property from being copied for the life of the author, plus 70 years

    •Patents: grants creator of invention an exclusive monopoly on ideas behind invention for 20 years
  28. Intellectual property rights
    •Copyright – gives the creator exclusive rights, no one else can reproduce, distribute, or perform the work without permission, granted for the life of the author plus 70 years

    •Trademark – protects product names and identifying marks (logos)

    •Trade Secrets – intellectual work or product belonging to a business – not in the public domain (formula, device, pattern, etc.)

    •Patent – protects new processes, designs; grants the owner an exclusive monopoly for 20 years

    •Software piracy – illegal copying of SW that is protected by copyright laws

    •Cybersquatting – registering, selling, or using a domain name to profit from someone else’s trademark
  29. Challenges to intellectual property rights
    • •Digital media different from physical media (e.g., books)
    • •Ease of replication

    •Ease of transmission (networks, Internet)

    •Difficulty in classifying software


    •Difficulties in establishing uniqueness

    • •Digital Millennium Copyright Act (DMCA)
    • •Makes it illegal to circumvent technology-based protections of copyrighted materials
  30. Quality of Life: Equity, Access, and Boundaries

    Negative social consequences of systems
    •Balancing power: although computing power decentralizing, key decision making remains centralized

    •Rapidity of change: businesses may not have enough time to respond to global competition

    •Maintaining boundaries: computing, Internet use lengthens work-day, infringes on family, personal time

    •Dependence and vulnerability: public and private organizations ever more dependent on computer systems
  31. •Impacts on Employment:
    •Reengineering work resulting in lost jobs

    •Job deskilling

    •Job upgrading

    •Creation of new jobs

  32. Impacts on Equity and Access
    Digital divide – when those with access to technology have great advantages over those without access to technology

    –Computers & hi speed Internet access still aren’t affordable for many people – technology “haves” and “have-nots”

    • •Impacts
    • –Services to communities; education, skills

    –Access to information, healthcare, etc.

    –Impact on the individual, community, country, society
  33. Health risks
    •health problems associated with the environment in which computers are used; ergonomic issues associated with computer use

    •Repetitive stress injury (RSI)

    •Computer vision syndrome (CVS)


    •Role of radiation, screen emissions, low-level electromagnetic fields
  34. If software fails, who is responsible
    •If seen as part of machine that injures or harms, software producer and operator may be liable.

    •If seen as similar to book, difficult to hold author/publisher responsible.
  35. What is an acceptable, technologically feasible level of system quality?
    •Flawless software is economically unfeasible.
  36. •Three principal sources of poor system performance:
    •Software bugs, errors

    •Hardware or facility failures

    •Poor input data quality (most common source of business system failure)