Ethical Issues for Computing Professionals PC307

1
Ethical Issues for Computing ProfessionalsPC307

• Alex Reid
• IT Policy Executive Officer
• The University of Western Australia

2
CONTENTS

• A. Why is Computer Ethics Special?
• B. Some Ethical/Moral/Social Issues
• C. Requirements of a Professional
• D. ACS Code of Ethics
• E. ACS Code of Conduct/Practice
• F. Case Studies

3
Why is Computer Ethics Special?

• Computers are pervasive
• Computers are (nearly) universally affordable
• Computers are so new
• Computers are advancing so rapidly
• Computers are logically malleable
• Computers are so powerful
• Computers are so fast
• Computers introduce spatial separation
• Computers introduce temporal separation
• Computers break the chain of responsibility
• Computers have memory
• Computers manipulate information
• Computers facilitate anonymity
• Computer programs cant be proven to be correct
• Computers are not 100 reliable...

4
Catalogue of Failures

• Computers and/or software failure have figured
  in
• Hole in ozone layer undetected for 7 years
• US Air Force Blackhawk helicopter crashes 22
  deaths
• Therac-25 cancer radiotherapy machine 4 US
  deaths
• Gulf War Dhahran base Scud attack Patriot
  failure
• Hubble error compounded by computer shut-down
• Three-Mile Island
• Chernobyl
• Challenger Space Shuttle deaths
• Mt Erebus Air NZ crash
• Korean Air Lines flight 007 over Sakhalin Island
• HMS Sheffield sinking in Falklands
• Iranian airbus shot down over Persian Gulf
• etc

5
Catalogue of Failures - 2

• Why is Software so prone to Catastrophic Failure?
• Complexity
• Error Sensitivity
• Hard to Test
• Correlated failures
• Lack of professional standards no software
  engineers
• Development methodologies
• Roger Needhams Most Surprising Development
• Verification possible by
• mathematical analysis
• case analysis
• extensive testing or
• combination of the three.
• Proving software correctness
• Tony Hoares Wasted 20 Years

6
Ethical/Moral/Social Issues

• Hacking
• Viruses
• Spam email
• Backups
• Security
• Privacy
• Anonymity
• Cost estimation
• Competent Advice
• Software Agreements
• Private use of Company Internet
• Manipulating Photographs
• Webcams Privacy
• Y2K - Should it have happened?

7
Consequence of Y2K?
Cartoon to highlight potential catastrophic
effects of Y2K. From www.tedgoff.com
8
Professional Body

• Criteria
• established body of specialised knowledge
• formal accrediting criteria
• defined performance standards
• standards of conduct/ethics ( disciplinary
  procedures)
• recognition in society
• etc
• Summary
• professionals are people who have specialised
  knowledge on which others (and the public in
  general) have to place dependence the public
  have to trust those professionals in regard to
  their specialised knowledge a degree of
  trustworthiness and responsibility on the part of
  the professionals.
• Viz TRUST RESPONSIBILITY

9
ACS Code of Ethics - 1

• 1. To uphold and advance the honour, dignity and
  effectiveness of the profession of information
  technology and in keeping with high standards of
  competence and ethical conduct, a member must
• a. be honest, forthright and impartial, and
• b. loyally serve the community, and
• c. strive to increase the competence and prestige
  of the profession, and
• d. use special knowledge and skill for the
  advancement of human welfare.

10
ACS Code of Ethics - 2

• 2. The personal commitments set out in 3 and 4
  bind each member with regard to that member's
  professional conduct.

11
ACS Code of Ethics - 3

• 3. Values and Ideals I must act with
  professional responsibility and integrity in my
  dealings with the community and clients,
  employers, employees and students. I acknowledge
  
• 3.1 Priorities I must place the interests of the
  community above those of personal or sectional
  interests.
• 3.2 Competence I must work competently and
  diligently for my clients and employers.
• 3.3 Honesty I must be honest in my
  representations of skills, knowledge, services
  and products.
• 3.4 Social Implications I must strive to enhance
  the quality of life of those affected by my work.
  
• 3.5 Professional Development I must enhance my
  own professional development, and that of my
  colleagues, employees and students.
• 3.6 Information Technology Profession I must
  enhance the integrity of the information
  technology profession and the respect of its
  members for each other.

12
ACS Code of Ethics - 4

• 4. Standards of Conduct
• The standards of conduct set out in these
  National Regulations explain how the Code of
  Ethics applies to a member's professional work.
  The list of standards is not necessarily
  exhaustive and should not be read as definitively
  demarking the acceptable from the unacceptable in
  professional conduct in all practical situations
  faced by a member. The intention of the standards
  of conduct is to illustrate, and to explain in
  more detail, the meaning of the Code of Ethics in
  terms of specific behaviour. The fact that a
  member engages in, or does not engage in, these
  standards does not of itself guarantee that a
  member is acting ethically, or unethically, as
  applicable. A member is expected to take into
  account the spirit of the Code of Ethics in order
  to resolve ambiguous or contentious issues
  concerning ethical conduct.

13
ACS Code of Ethics - 5

• 5. Priorities In accordance with 3.1
• 5.1 I must endeavour to preserve continuity of
  information technology services and information
  flow in my care.
• 5.2 I must endeavour to preserve the integrity
  and security of the information of others.
• 5.3 I must respect the proprietary nature of the
  information of others.
• 5.4 I must endeavour to preserve the
  confidentiality of the information of others.
• 5.5 I must advise my client or employer of any
  potential conflicts of interest between my
  assignment and legal or other accepted community
  requirements.
• 5.6 I must advise my clients and employers as
  soon as possible of any conflicts of interest or
  conscientious objections which face me in
  connection with my work.

14
ACS Code of Ethics - 6

• 6. Competence In accordance with 3.2
• 6.1 I must endeavour to provide products and
  services which match the operational and
  financial needs of my clients and employers.
• 6.2 I must give value for money in the services
  and products I supply.
• 6.3 I must make myself aware of relevant
  standards, and act accordingly.
• 6.4 I must respect and protect my clients' and
  employers' proprietary interests.
• 6.5 I must accept responsibility for my work.
• 6.6 I must advise my clients and employers when I
  believe a proposed project is not in their best
  interest.
• 6.7 I must go beyond my brief, if necessary, in
  order to act professionally.

15
ACS Code of Ethics - 7

• 7. Honesty In accordance with 3.3
• 7.1 I must not knowingly mislead a client or
  potential client as to the suitability of a
  product or service.
• 7.2 I must not misrepresent my skills or
  knowledge.
• 7.3 I must give opinions which are as far as
  possible unbiased and objective.
• 7.4 I must give realistic estimates for projects
  under my control.
• 7.5 I must qualify professional opinions which I
  know are based on limited knowledge or
  experience.
• 7.6 I must give credit for work done by others
  where credit is due.

16
ACS Code of Ethics - 8

• 8. Social Implications In accordance with 3.4
• 8.1 I must protect and promote the health and
  safety of those affected by my work.
• 8.2 I must consider and respect people's privacy
  which might be affected by my work.
• 8.3 I must respect my employees and refrain from
  treating them unfairly.
• 8.4 I must endeavour to understand, and give due
  regard to, the perceptions of those affected by
  my work.
• 8.5 I must attempt to increase the feelings of
  personal satisfaction, competence, and control of
  those affected by my work.
• 8.6 I must not require, or attempt to influence,
  any person to take any action which would involve
  a breach of the Code of Ethics.

17
ACS Code of Ethics - 9

• 9. Professional Development In accordance with
  3.5
• 9.1 I must continue to upgrade my knowledge and
  skills.
• 9.2 I must increase my awareness of issues
  affecting the information technology profession
  and its relationship with the community.
• 9.3 I must encourage my colleagues, employees and
  students to continue their own professional
  development.

18
ACS Code of Ethics - 10

• 10. Information Technology Profession In
  accordance with 3.6
• 10.1 I must respect, and seek when necessary, the
  professional opinions of colleagues in their
  areas of competence.
• 10.2 I must not knowingly engage in, or be
  associated with, dishonest or fraudulent
  practices.
• 10.3 I must not attempt to enhance my own
  reputation at the expense of another's
  reputation.
• 10.4 I must co-operate in advancing information
  processing by communication with other
  professionals, students and the public, and by
  contributing to the efforts of professional and
  scientific societies and schools.
• 10.5 I must distance myself professionally from
  someone whose membership of the Society has been
  terminated because of unethical behaviour or
  unsatisfactory conduct.
• 10.6 I must take appropriate action if I discover
  a member, or a person who could potentially be a
  member, of the Society engaging in unethical
  behaviour.
• 10.7 I must seek advice from the Society when
  faced with an ethical dilemma I am unable to
  resolve by myself.
• 10.8 I must do what I can to ensure that the
  corporate actions of the Society are in
  accordance with this Code of Ethics.
• 10.9 I acknowledge my debt to the computing
  profession and in return must protect and promote
  professionalism in information technology.

19
ACS Code of Professional Conduct

• A1 The Public Interest
• Safeguard the interests of your clients provided
  that they do not conflict with the duties and
  loyalties owed to the community, its laws and
  social and political institutions
• A2 Integrity
• Do not breach public trust in the profession or
  the specific trust of your clients and employers
• A3 Confidentiality
• You must not disclose information acquired in the
  course of your professional work except where
  consent has been obtained from the rightful legal
  owner or where there is a legal or professional
  duty to disclose
• A4 Objectivity and Independence
• Be objective, impartial and free of conflicts of
  interest in the performance of your professional
  duties
• A5 Competence
• Accept only such work as you believe you are
  competent to perform and do not hesitate to
  obtain additional expertise from appropriately
  qualified individuals where advisable

20
ACS Code of Professional Conduct cont.

• A6 Keeping Up-To-Date
• Keep yourself, and subordinates, informed of such
  new technologies, practices and standards as are
  relevant to your duties
• A7 Subordinates
• Ensure subordinates are trained in order to be
  effective in their duties and to qualify for
  increased responsibilities
• A8 Responsibility to your Client
• Actively seek opportunities for increasing
  efficiency and effectiveness to the benefit of
  the user
• A9 Promoting Information Technology
• Endeavour to extend public knowledge,
  understanding and appreciation of Information
  Technology
• A10 The Image of the Profession and the Society
• Refrain from any conduct or action in your
  professional role which may tarnish the image of
  the Information Technology profession or
  unjustifiably detract from the good name of your
  professional body

21
Case Studies

• Each case involves various aspects of the Codes
  and/or ethical or social issues.
• They are mostly based on actual cases.
• Analyse each case for the following
• identify those to whom you owe any kind of duty
• assess the the extent of harm potentially
  incurred by each person or category
• assign priorities to the duties owed
• identify possible alternatives
• seek opportunities for negotiation and formation
  of social contracts.

22
Case Study 1

• Robbie the Killer Robot
• Industrial Robot killed its operator
• Programmer introduced an error into program
• Operator did not follow instructions correctly
• Supervisor did not ensure operator was adequately
  trained
• Management cut corners
• See http//onlineethics.org/cases/robot/robot.html

23
Case Study 2

• Quality Control Manager Quandary
• Testing possibly inadequate
• Company pressuring him to sign off
• Delays may cost the company business, him his
  job, etc
• Test pilot knows his job is risky anyway
• Danger to the test pilot and to other victims of
  any crash
• Social Contract approach
• See Brennan Handout IEEE Computer, March 1990,
  pp77-81

24
Enhancing Photos
Cartoon to highlight range of services beyond
mere develop print that Photo Shops may/now
offer. From www.tedgoff.com
25
Case Study 3

• Digital Photograph Manipulation
• Simple now for various forms of image
  enhancement to be made, eg
• Red-eye elimination
• Cropping
• Special effects (eg sepia-colour)
• Wrinkle removal
• Changing the contents in significant ways
• Photograph of Margaret River
• Not professionally done
• Personal use
• What if used in Sales Material? Do I have any
  responsibility/liability as photo manipulator?
• Photo of official opening of Oxford Materials
  Centre manipulated to move Plaque to be between
  the hand-shakers
• Photos of Celebrities
• Possible example The Mystery of Britney Spears
  Breasts http//www.liquidgeneration.com/home.html

26
Margaret River View
27
Celebrity Pics
Picture of Britney Spears (not doctored, so far
as I know, but some such photos may
be!). From www.britney-spears-portal.com
28
Spam - What is Our Responsibility?
Cartoon to highlight anti-social nature of giving
the email address of an associate to a Spamming
organisation. From www.tedgoff.com
29
Case Study 4

• Collecting Email Addresses
• Gilles Plains Primary School project 10/4/02 (see
  below)
• This could be legitimate, but also could be a
  great scam to collect (real) email addresses.
• What other anti-social aspects does this have?
• How could it be modified to allay such suspicion
  and still achieve its alleged goal?

We are Year 6 students at Gilles Plains Primary
School, situated in Adelaide South Australia. Our
teacher, Mr Small is helping us with this
project. We have decided to map the progress of
an e-mail. We are interested in finding out
"Where in the World' our e-mail will go. We are
starting our project on April 8 2002 We would
appreciate your help. If you receive this
message, we ask that you 1. Email us back at
gillesplains_at_hotmail.com and tell us your
location, by suburb city, state and country. We
will plot these locations on our map. 2. Forward
this e-mail and send it to everyone on your
address list. They, in turn, they can send it to
all their contacts. This will help us to reach as
many people as possible. After collecting the
e-mail messages and plotting them on a map, we
will graph the number of responses we have
received by state and country. With your help,
this project will be a very exciting learning
experience for us. Thank you. Amy Davis-Herbison
and Nikolai Gor
30
Spam Offer

• DATE 28 Mar 2001 12145 AM
• FROM helping009_at_netmail.kg
• Bulk e-mail can get you the best exposure on the
  net.
• What we offer
• General AOL Lists or other ISPs
• 200.00 for 1-million e-mails sent.
• 400.00 for 3-million e-mails sent.
• 600.00 for 5-million e-mails sent.
• 800.00 for 7-million e-mails sent.
• 1000.00 for 10-million e-mails sent.
• Call for bigger packages!

31
New Form of Spam
Cartoon to highlight ubiquity of email spam (like
a new form of snow). From www.tedgoff.com
32
Case Study 5

• Examining Email Contents - I
• You are the Systems Administrator at your
  medium-sized Company.
• Your Company does not allow its systems to be
  used for private email.
• Your boss requests you to obtain copies of all
  email to/from a particular employee.
• What do you do?
• Comply?
• Comply but tell the employee?
• Refuse without the employees consent?
• Take the matter higher?
• Refuse?
• Would it make any difference if
• the Company had no clear policy about private
  use?
• The Company policy made it clear it could monitor
  employees email?

33
Case Study 6

• Examining Email Contents - II
• You are the Systems Administrator at a university
  college.
• The university and the college have strict rules
  about email confidentiality.
• One of the college inmates, an underage,
  14-year-old girl, has gone missing.
• The college warden asks you to examine all email
  to/from her account for the past month, looking
  for clues as to her whereabouts and associates.
• What do you do?
• Agree?
• Agree only with the consent of the parents?
• Agree only with an official request from the
  police?
• Take some other action? What?
• Would it make any difference if the parent had
  asked, and no-one else?

34
Case Study 7

• Examining Email Contents - III
• You are the Systems Administrator at a
  medium-sized Company.
• The Company has strict rules about email
  confidentiality.
• In the course of routine system checking, you
  come across fragments of email that appear to
  indicate that your spouse is having an affair
  with a work colleague.
• What do you do?
• Ignore it?
• Monitor henceforth all email to/from your
  colleague/spouse?
• Confront either or both of them?
• Keep a record of it, bide your time, waiting for
  evidence from some other source?
• Take some other action? What?
• What difference would it make if the email
  fragment indicated instead some proposed illegal
  activity?

35
Viruses - What is Our Responsibility?
Cartoon to highlight danger (perhaps not
physical, as in cartoon!) of opening email
attachments of unknown provenance. From
www.tedgoff.com
36
Case Study 8

• Responsibility for Virus Protection
• You are the Systems Administrator for your
  medium-sized Company.
• Your Company allows private email, and has a
  strong confidentiality policy.
• The volume of viruses has been on the increase,
  and staff are not implementing the recommended
  procedures (eg keeping virus protectors up to
  date) this is creating additional workload for
  you.
• You are convinced that a straightforward, and
  ultimately less expensive, solution would be to
  check all email at entry to (end exit from) the
  Company, but the employees and the Company object
  on the grounds that this would make covert email
  snooping easier.
• What do you do?
• Comply?
• Take the matter to the CEO?
• Resign?
• Take some other action? What?

37
Bunratty Attack

• 1997 COSAC Conference in Bunratty, Ireland
  (Computer Security Audit Control Symposium)
• Standard (innocent) email messages
• Utilises standard Messaging API
• Utilises hidden folders
• All hidden from user - eg as for Calendar updates
• Covert, asynchronous, remotely upgraded, remotely
  removed
• Defence requires code on every client to identify
  false messages
• I-Love-You (followed by Kournikova) Virus based
  on some of the same vulnerabilities, but not all
• What would you do?
• Keep as quiet as possible?
• Tell Microsoft under a veil of secrecy?
• Publicise as widely as possible to ensure
  something is done?
• Take some other action? What?

38
DIY Virus

• Do It Yourself Virus
• I have unfortunately been very busy lately and
  haven't had the time to write a virus. So please
  take a couple of minutes to open Windows and
  randomly delete 10 or 12 files (including a
  minimum of 3 system files) and then send this
  e-mail on to everyone on your mailing list.
• Thank you for your co-operation.

39
Hoax Virus

• Exploits naïve users
• Exploits unusual icon for system file
• Advises user to delete file
• Advises user to forward to everyone they know
• See http//hoaxbusters.ciac.org/

Subject BAD virus - act quickly!! Date Tue, 29
May 2001 215722 -0400 Subject Please Act
Urgently VIRUS COULD BE IN YOUR COMPUTER It will
become activate on June 1st and will delete all
files and folders on the hard drive. No
Anti-Virus software can detect it because it
doesn't become a VIRUS until 1/6/2001. It travels
through the e-mail and migrate to your
computer. To find it please follow the following
directions Go To "START" button Go to "Find" or
"Search" Go to files and folders Make sure to
search in drive C Type in SULFNBK.EXE Begin
Search If it finds it, highlight it and delete
it Close the dialogue box Open the Recycle
Bin Find the file and delete it from the Recycle
Bin You should be safe. The bad part is you need
to contact everyone you sent ANY e-mail to in the
past few months.
40
Will Virus Ruin Your Computer Too?
Cartoon to highlight danger of asking a colleague
to see if a floppy disk you have also destroys
their computer. From www.tedgoff.com
41
Case Study 9

• Monitoring Employee Activity
• You are the Systems Administrator at your
  medium-sized Company.
• You have installed a system allowing a Common
  Desktop Environment to be deployed throughout
  your Company, which also provides various tools
  for remotely monitoring desktop activity -
  primarily to enable you to undertake remote
  Helpdesk functions.
• Your boss sees the potential to monitor other
  aspects of employee activity, and asks you to
  start collecting a range of statistics, such as
  keystroke rates for keyboard staff, Websites
  visited, numbers and volumes of email created,
  etc.
• What do you do?
• Agree?
• Agree only if employees are notified?
• Agree/refuse but notify employees of the
  proposal?
• Take some other action? What?

42
Case Study 10

• Supervisory Powers
• You are the Systems Administrator at your
  medium-sized Company.
• You have installed a system allowing a Common
  Desktop Environment to be deployed throughout
  your Company, which also provides various tools
  for remotely monitoring desktop activity -
  primarily to enable you to undertake remote
  Helpdesk functions.
• Your boss requests you to install this
  supervisory capability also on his PC with
  this he could monitor all sorts of employee
  activity, including snooping.
• What do you do?
• Agree?
• Agree only if employees are notified?
• Agree/refuse but notify employees of the
  proposal?
• Take some other action? What?

43
Hacker Attacks
AusCERT Reports
44
Case Study 11

• Security Competence
• You are the Systems Administrator at your
  medium-sized Company.
• Your Company is subject to increased (but not yet
  disastrously high) levels of hacker attacks.
• The IT Committee agrees that a Firewall should be
  installed ASAP, and it falls to you (as the most
  competent person) to do so - you see this as a
  great career opportunity.
• But you have no experience/knowledge at all with
  Firewalls.
• What do you do?
• Ask for time and funds to attend a suitable
  course (but none is available for some months)?
• Scan the Web for suitable information to enable
  you at least to be able to use the correct jargon
  (eg www.pcwebopedia.com or foldoc.doc.ic.ac.uk)?
• Quickly buy and devour a suitable textbook?
• Recommend employment of a firm of technical
  consultants?
• Take some other action? What?

45
2 Types of Hacker

• OLD-TIME
• Clever, addicted, insatiable quest for knowledge,
  a cooperating community, advancing the cause of
  effective computer programming, development and
  use.
• MODERN
• Gaining access to private computers
• Beating the system
• Electronic graffiti
• Personal gain, theft, data alteration, etc
• The Hackers Handbook (1985) Cornwall/Sommer
• International crime
• Espionage
• The Cuckoos Egg (1990) Clifford Stoll
• Vandalism
• Denial of Service attacks
• CERT Computer Emergency Response Team

46
Hacker Ethics and Rationale

• Ethics
• All information should be free
• Access to computers should be unlimited and total
• Mistrust authority promote decentralisation
• Judge hackers by their skill
• True hackers create art and beauty
• Computers can change your life for the better
• - Levy Hackers
• (see Open Source Initiative)
• Rationale
• Were helping to improve security
• Its the fault of the software vendors
• Its the fault of slack security
• Were not doing any harm
• No-one will listen unless we take action
• It helps keep Big Brother at bay

47
Incentives to Do the Right Thing
Destruction of World Trade Centre, 11-Sep-01. All
tenants had adequate information/system backup
arrangements in place, courtesy of previous bomb
attack.
Picture (burning Twin Towers) From The Times,
12-Sep-01
48
Case Study 12

• Systems Security Responsibility
• You are responsible for Computer Systems Security
  at your medium-sized Company.
• You have formulated and received Company approval
  for a backup policy, requiring all PC owners to
  undertake backups at least once per week.
• However, you are continually asked to retrieve
  lost files, which have not been properly backed
  up you do not have the time to do this, nor to
  constantly badger employees to undertake backups.
• What do you do?
• Just put up with it?
• Continue nagging, without much hope of
  improvement?
• Complain officially to Management, perhaps
  fingering some individual?
• Request approval to spend large amounts of money
  on automating it (centrally)?
• Take some other action? What?

49
Case Study 13

• Unintelligible Reports to Management
• You are responsible for Computer Systems Security
  at your medium-sized Company.
• You identify some areas of vulnerability, and
  prepare a Report to Management setting out the
  measures that need to be put in place to address
  these the Report is largely written in terms of
  which ports on which computers need to be barred.
• Management cannot understand the Report and will
  not act until it knows what steps you are
  advocating. You cannot think how else to express
  what you had to say. There is no-one else in the
  Company that might be able to help.
• What do you do?
• Refuse to rewrite it - be it on their own
  heads?
• Contact a colleague at another Company and ask
  for help?
• Take a course in clear English expression?
• Ask the Company to engage a technical consultant
  to rewrite it?
• Take some other action? What?

50
Taking the Blame
Cartoon of computer taking the blame for a sales
nose-dive (jumping out the window). From ENTEC
Catalogue, UK, Oct 95
51
Case Study 14

• Blaming the Computer
• You are the IT Manager at a small government
  department.
• A recent computer problem resulted in many
  regular cheques to pensioners being delayed for
  several days.
• The Minister has prepared a Press Release in
  which he blames the problem on a Computer
  Malfunction.
• However, you know that the following factors
  (only) were involved
• a rapid change to an operational system in order
  to accommodate a refinement required by the
  Minister
• a poor system specification
• a consequent programming error.
• What do you do?
• Keep quiet?
• Complain to the Ministers Office that it is
  misleading?
• Take up the matter with your Head of Department?
• Take some other action? What?

52
Clients Adding Features
Cartoon to highlight unreasonable
demands/expectations of end-users wanting to add
features. From www.tedgoff.com
53
Case Study 15

• Quick Patch versus Full Rewrite
• You are the IT Manager at a small government
  department.
• You have been requested by the relevant
  Government Minister to make some changes to a key
  operational computer system, and to make them
  within 2 weeks.
• It has already been agreed that this system
  cannot be patched any further, but must be
  completely rewritten this will take at least 6
  months, and work has already commenced.
• Any further patching of the existing system
  carries a very high degree of probability of
  failure.
• What do you do?
• Refuse the Ministers request (with all the
  political fallout that would produce)?
• Endeavour to comply as best you can?
• Comply, but make sure you have on record that you
  only did so under sufferance?
• Take some other action? What?

54
Case Study 16

• Project Estimation Errors
• You are the IT Manager for a medium-sized
  Company.
• Your team has been embarked for 4 months on the
  development of a major system of critical
  importance to the Company.
• You discover that progress is about 50 of what
  you had planned, mainly because your estimates
  had been rather optimistic, in order to ensure
  your team was awarded the contract.
• Many other parts of the Company are dependent on
  delivery of this system on-time.
• What do you do?
• Keep quiet and hope it goes away?
• Encourage your team to redouble their efforts to
  catch up for lost time?
• Take on more staff to help speed up development?
• Blame the delays on external factors, like
  programmer sickness, specification creep, etc?
• Frankly discuss/confess the matter with
  Management, thus losing much credibility?
• Take some other action? What?

55
Case Study 17

• Use of Spare PC Capacity
• Setting up idle PCs so their CPU capacity can be
  used for community projects, eg
• SETI
• Cancer Research
• Anthrax Research
• Search for Prime Numbers
• Harnesses dramatic amounts of processing power
• Potential breakthrough in AIDS Research already
  made
• Unauthorised use
• What steps should be taken before using Company
  computers for this purpose?
• See http//www.itpo.uwa.edu.au/Spare-Computer-Cycl
  es-v3.html

56
Spare PC Capacity
From Edupage, January 23, 2002 RESEARCHERS
RECRUIT PC USERS FOR ANTHRAX PROJECT The Anthrax
Research Project has launched a distributed
computing project to try to develop a cure for
anthrax, using computer-aided molecular analyses.
Individuals can download a screen saver program
and contribute some of their PC's unused
processor cycles to the effort, creating a
supercomputer that analyzes billions of
molecules, the group said. Members of the group,
including Intel, Microsoft, United Devices, the
National Foundation for Cancer Research, and
Oxford University, promise users that the system
is secure and private. The screen saver operates
whenever resources are available for computation
results are sent back to a data center run by
United Devices. (Reuters, 22 January 2002)
57
Spare PC Capacity
From Edupage, January 18, 2002 CRIMINAL CHARGES
SETTLED IN DISTRIBUTED-COMPUTING CASE David
McOwen, a former systems administrator at DeKalb
Technical College in Georgia, faces a 2,100 fine
and 12 months probation for linking a number of
the college's computers to Distributed.net in
order to break a code using idle computing
cycles. McOwen had originally faced criminal
charges, because the state had determined that
McOwen had used up hundreds of thousands of
dollars worth of the college's computing time
since installing the software in 1999. The
criminal charges came as a nasty surprise to a
lot of participants in distributed-computing
initiatives, who are also often members of
college or university computing departments.
McOwen's advocates, including the Electronic
Frontier Foundation, said the agreement reached
between McOwen and state prosecutors was a lot
better than if McOwen had been convicted in a
criminal trial. Such a conviction could have
landed the former systems administrator in jail
for several years, on top of hundreds of
thousands of dollars in restitution and fines.
(Newsbytes, 17 January 2002)
58
Case Study 18

• Investigate Suspicious Activity
• You are the Systems Administrator for your
  medium-sized company.
• Someone reports to you (anonymously) that person
  X has been using company computers and access to
  the Internet to download hard-core pornographical
  material.
• If you go to person X and confront them (or raise
  the matter in a delicate manner), hell almost
  certainly deny it and remove the evidence
• What do you do?
• Using your system privileges, first check this
  out, then confront Person X?
• Using your system privileges, first check this
  out, then take it to your or Person Xs boss?
• Ignore the allegation?
• Go to your or Person Xs boss first, even though
  this may be a hoax?
• Take some other action? What?
• Would it make any difference if it was (I)
  soft-core pornography? or (ii) child pornography?

59
Case Study 19

• Moderating Employee Discussion Forum
• You are the Systems Administrator at your
  medium-sized Company.
• Your Company has set up an on-line Discussion
  Forum to encourage employee discussion/participati
  on.
• Various employees repeatedly post comments which
  are critical of Company policies, practices, etc.
• Your boss asks you to change it to become a
  Moderated Forum, with him as the Moderator (this
  will enable him to refuse any postings he
  wishes).
• You believe this is designed to stifle criticism.
• What do you do?
• Just agree?
• Argue the toss with the Boss, but then agree?
• Take the matter higher?
• Use the existing Forum to ensure this first gets
  wide publicity within the Company?
• Go to the local Press with the story?
• Take some other action? What?

60
Case Study 20

• Identifying Author of Anonymous Message
• You are the Systems Administrator at your
  medium-sized Company.
• Your Company has set up an Anonymous on-line
  Discussion Forum to encourage employee
  discussion/participation.
• The Forum frequently receives postings which are
  critical of Company policies, practices, etc.
• Your boss asks you to identify the author(s) of
  these postings (which you are able to do, using
  your system privileges).
• What do you do?
• Just agree?
• Argue the toss with the Boss, but then agree?
• Take the matter higher?
• Use the existing Forum to ensure this first gets
  wide publicity within the Company?
• Go to the local Press with the story?
• Take some other action? What?

61
Anonymity
Cartoon of dogs using the Internet, with no-one
being the wiser. From Fortune Magazine
62
Case Study 21

• Downloading MP3 Files
• You are the Systems Administrator for your
  medium-sized Company.
• Your Company has a Policy that allows moderate
  use of Company computers and Internet access for
  private purposes.
• In the course of monitoring traffic levels, you
  notice very high incoming traffic volume to one
  computer within the Company.
• Upon investigation, you believe that one employee
  is downloading large quantities of MP3 files.
• What do you do?
• Impose a throttle on the line to that PC?
• Take up the matter with the employee?
• Report the matter to your/his boss?
• Take some other action? What?

63
Napster - 1

• Defences
• Everyones doing it
• We wont get caught
• The music industry charges too much
• They should make it impossible to copy
• It doesnt hurt anyone
• It only hurts a company, not a person
• Musicians are being exploited by multinationals
• The listening public is being exploited
• It helps increase sales
• Music should be free
• I cant afford to pay for it

64
Napster - 2

• Ethical Tests
• What laws govern the situation?
• Who gains and who suffers?
• Would you be happy for your action to be
  publicised?
• Would you tell your boss what youre doing?
• Would you tell your parents?
• What would you think if it was done to you?
• Does it violate Trust? Integrity? Truthfulness?
  Gratitude? Justice? Kindness?
• Are you treating others with respect?
• What if everyone did the same?
• - Kabay The Napster Cantata

65
Case Study 22

• SMDI Challenge
• Secure Digital Music Initiative
• Unbreakable Watermarking 4 varieties
  (Steganography)
• SDMI-compliant players
• Make copies but not MP3-compressed copies for
  distribution
• Challenge 6 September 2000 Prize Money of
  10,000
• Boycotted by some groups
• Princeton Group broke each coding scheme, but
  refused the prize
• Which approach do you think is right? Why?
• Boycott
• Solve, publish and dont collect reward
• Solve, publish and collect reward
• Solve, dont publish and collect reward

66
Case Study 23

• Use of Copied Graphics
• You are the Systems Administrator for a
  medium-sized Company.
• The responsibility for publishing material on
  Websites is distributed to many employees within
  the Company.
• As formal Webmaster for the Company, you receive
  an email from an unknown company stating that
  images owned by it have been mounted on your
  Companys Website, and that legal action will be
  taken if they are not removed within 24 hours.
• You locate the offending Website, and its owner
  states that the images are owned by this Company,
  and their presence there is essential to the
  Companys doing business (but he cant produce
  documentation in time).
• What do you do?
• Bar that Website from external access pending
  further investigations?
• Take no action - call the other companys bluff?
• Advise Management, seek legal advice, but dont
  bar the site?
• Take some other action? What?

67
Other Case Studies

• Other Relevant Case Studies
• Several are presented in the context of the ACS
  Code of Ethics in the publication below.
• Students are strongly encouraged to read these
  case studies.
• Burmeister, Oliver K Applying the ACS Code of
  Ethics, Information Age, Feb/Mar 2001, pp54-59,
  and in the subsequent 3 issues (Apr/May, Jun/Jul,
  Aug/Sep, 2001).
• Also published as
• Burmeister, Oliver K Applying the ACS Code of
  Ethics, Ethics in Computing, v32, n2, May 2000,
  pp107-119.
• This analysis is based on that which first
  appeared in 1993 as follows
• Anderson, Ronald E et al Using the New ACM
  Code of Ethics in Decision Making,
  Communications of the ACM, v36, n2, Feb 1993,
  pp98-106.

68
Competent Advice
Cartoon of janitor offering advice on Technical
Support phone after hours. From www.tedgoff.com
69
END

• QUESTIONS
• Bibliography
• http//www.general.uwa.edu.au/u/alex/Computer-Ethi
  cs-Bibliog.html