Negative Impacts of using Software
Engineering to Implement New
Technology
:
•
•
•
•
•
•
Unemployment.
Alienation.
Poor Customer Service.
Crime.
Loss of Privacy.
Errors.
1
Benefits of Computer Application
Development
•
•
•
•
•
•
Development of better peripheral devices.
Time-saving.
Cost-saving.
Less effort than older technologies.
Development of better sound quality.
Creation of computer-generated art and special
effects.
• Improved accuracy.
• Improved customer service/satisfaction.
• Entertainment/fun.
2
Some Important Issues
Privacy
Intellectual Property
Computer Crime
Security
Workplace Issues
3
Privacy and Personal Information
The Impact of Computer Technology
“Big Brother is Watching You”
Consumer Information
More Privacy Risks
Protecting Privacy: Education, Technology, and Markets
Protecting Privacy: Law and Regulation
4
Invisible Information Gathering
Examples:
• Satellite surveillance.
• Caller ID.
• 800- or 900-number calls.
• Loyalty cards.
• Web-tracking data; cookies.
• Peer-to-peer monitoring.
• Others…
5
Secondary Use
and Computer Matching
Using information for a purpose other than the one for which it
was obtained. A few examples:
• Sale (or trade) of consumer information to other
businesses.
• Credit check by a prospective employer.
• Government agency use of consumer database
.
Combining and comparing information from more than one
database. Some examples:
• Sharing of government agencies’ databases to detect fraud by
recipients of government programs.
• Creating consumer dossiers from various business databases.
6
Consumer Databases
Gathering Information:
•
•
•
•
•
•
Warranty cards.
Purchasing records.
Membership lists.
Web activity.
Change-of-address forms.
Much more…
Limiting Collection, Use, Sharing, and Sale of Personal Data:
• Consumers can take measures to restrict the use of their personal
information.
• Some information sharing is prohibited by law.
• Some information sharing is prohibited by published, privacy policies.
7
Marketing: Using Consumer Information
•
•
•
•
•
•
Trading/buying customer lists.
Telemarketing.
Data Mining.
Mass-marketing.
Web ads.
Spam (unsolicited e-mail).
8
Credit Bureaus
Uses of consumer information:
• Evaluate credit risk of applicant.
• Marketing.
Regulation:
• FCRA (Fair Credit Reporting Act)
• Self-regulated by privacy principles.
9
More Privacy Risks
Social Security Numbers (SSNs)
Appear in:
•
•
•
•
•
•
Employer records.
Government databases.
School records.
Credit reports.
Consumer applications.
Many other databases.
10
More Privacy Risks
National ID Card System
If implemented, the card could contain your:
•
•
•
•
•
Name.
Address.
Telephone number(s).
Photo.
SSN.
11
More Privacy Risks
National ID Card System
If implemented, the system could allow access to your:
•
•
•
•
•
Medical information.
Tax records.
Citizenship.
Credit history.
Much more…
12
More Privacy Risks
Personal Health and Medical Information
Data can include:
•
•
•
•
•
•
•
History of substance abuse.
Treatment for sexually transmitted disease.
Extent of psychiatric help received.
Any suicide attempt(s).
Diagnosis of diseases (diabetes, angina, cancer, etc.).
Use of prescribed medicines.
Much more…
13
More Privacy Risks
Public Records
Available in paper form and/or online:
•
•
•
•
•
•
•
•
Bankruptcy.
Arrest.
Marriage-license application.
Divorce proceedings.
Property ownership.
Salary (if employed by state or federal government).
Wills and Trusts.
Much more…
14
Can we TRUST the Computer?
What Can Go Wrong?
Case Study: The Therac-25
Increasing Reliability and Safety
Perspectives on Failures, Dependence, Risk, and Progress
Computer Models
15
What Can Go Wrong?
Facts About Computer Errors
• Error-free software is not possible.
• Errors are often caused by more than one
factor.
• Errors can be reduced by following good
procedures and professional practices.
16
What Can Go Wrong?
The Roles of People in Computer-related
Problems:
Computer User
• At home or work, users should understand the limitations of computers
and the need for proper training and responsible use.
Computer Professional
• Understanding the source and consequences of computer failures is
valuable when buying, developing, or managing a complex system.
Educated Member of Society
• Personal decisions and political, social, and ethical decisions depend
on understanding computer risks.
17
What Can Go Wrong?
Categories of Computer Errors and Failures
Problems for Individuals:
• usually in their role as consumers.
• who are incorrectly identified by inaccurate law
enforcement databases.
System Failures:
• affecting large numbers of people and/or costing large
amounts of money.
Safety-Critical Applications:
• where people may be injured or killed.
18
What Can Go Wrong?
Problems for Individuals
Billing Errors
• Lack of tests for inconsistencies and inappropriate
amounts.
Database Accuracy Problems
• Incorrect information resulting in wrongful treatment or
acts.
19
What Can Go Wrong?
Problems for Individuals (cont’d)
Causes:
•
•
•
•
•
•
Large population.
Human common sense not part of automated processing.
Overconfidence in the accuracy of data from a computer.
Errors in data entry.
Information not updated or corrected.
Lack of accountability for errors.
20
What Can Go Wrong?
System Failures
Communications:
• Telephone, online, and broadcast services.
Business:
• Inventory and management software.
Financial:
• Stock exchange, brokerages, banks, etc..
Transportation:
• Reservations, ticketing, and baggage handling.
21
What Can Go Wrong?
System Failures (cont’d)
Causes:
•
•
•
•
Insufficient testing and debugging time.
Significant changes in specifications (during and after project begun).
Overconfidence in system.
Mismanagement of the project.
22
What Can Go Wrong?
Safety-Critical Applications
Military
Power Plants
Aircraft
Trains
Automated Factories
Medicine
…others.
23
What Can Go Wrong?
Safety-Critical Applications
Causes:
•
•
•
•
•
Overconfidence.
Lack of override features.
Insufficient testing.
Sheer complexity of system.
Mismanagement.
24
Case Study: The Therac-25
The Therac-25 was a software-controlled
radiation-therapy machine used to treat
people with cancer.
Overdoses of radiation
• Normal dosage is 100–200 rads.
• It is estimated that 13,000 and 25,000 rads were given to six people.
• Three of the six people died.
25
Case Study: The Therac-25
Therac-25 Radiation Overdose
Multiple Causes:
•
•
•
•
•
•
Poor safety design.
Insufficient testing and debugging.
Software errors.
Lack of safety interlocks.
Overconfidence.
Inadequate reporting and investigation of accidents.
26
Increasing Reliability and Safety
What Goes Wrong?
Computer Systems Fail Because:
• The job they are doing is inherently difficult, and
• The job is done poorly.
Compounding the Reliability Issue:
• Developers and users exhibit overconfidence in the system.
• Reused system software may not work in different environments.
27
Increasing Reliability and Safety
Professional Techniques
•
•
•
•
•
•
•
Follow good software practices.
Exhibit professional responsibility at all levels of development and use.
Construct well-designed user interfaces.
Take human factors into account.
Include built-in redundancy.
Incorporate self-checking where appropriate.
Follow good testing principals and techniques.
28
Perspectives on Failures,
Dependence, Risk, and Progress
Failures
• What are acceptable rates of failures?
• How accurate should software be?
Dependence
• How dependent on computer systems are our ordinary activities?
• How useful are computer systems to our ordinary activities?
Risk and Progress
• How do new technologies become safer?
• Can progress in software safety keep up with the pace of change in
computer technology?
29
Intellectual Property and
Software Engineering
Intellectual Property Is:
• Intangible creative work—not necessarily the physical form on
which it is stored or delivered.
• Given legal protection in the form of copyright, patent,
trademark, and trade secret laws.
30
Copyrights
Copyrights are granted for a limited, but long,
time.
With some exceptions, copyright owners have
the exclusive right to:
•
•
•
•
•
Make copies of the work,
Produce derivative works,
Distribute copies,
Perform the work in public, and
Display the work in public.
31
Software
Improved digital technologies contribute to unauthorized
(commercial and non-commercial) copying of software.
Individuals and whole businesses, here and overseas, continue
to produce, transport, and sell (or give away) copies of
software, manuals and supporting material.
Software Information Industry Association (SIIA) as well as
other software industry organizations and companies battle
software piracy in the U.S. and abroad.
32
Solutions (Good and Bad)
Technology, Markets and Management, and
Regulations and Enforcement
Technological Solutions:
•
•
•
•
•
Expiration date encoded.
Hardware dongle required.
Copy-protection schemes.
“Activation” features.
Encryption schemes; digital-rights management (DRM).
33
Solutions (Good and Bad)
Technology, Markets and Management, and
Regulations and Enforcement (cont’d)
Markets and Management:
•
•
•
•
•
Subscribe to services.
Collect fees from users and large organizations.
Meter usage of intellectual property on a network.
Offer discounts to educational users.
Educate the public about the value of intellectual property belonging to
creators and publishers.
34
Solutions (Good and Bad)
Technology, Markets and Management, and
Regulations and Enforcement (cont’d)
Regulations and Enforcement:
•
•
•
•
The Digital Millennium Copyright Act (DMCA) and other laws.
Identify abusers and shut them down in high-publicity raids.
Monitor abuses.
Enforce current laws and punish abusers.
35
Solutions (Good and Bad)
Restrictions and Bans on Technology
In the past, lawsuits have delayed, restricted, or banned the
release of new technologies, including:
•
•
•
•
•
CD-recording devices.
Digital Audio Tape (DAT) systems.
DVD recorders.
DVD players.
MP3 players.
36
Solutions (Good and Bad)
Restrictions and Bans on Technology (cont’d)
In an attempt to reduce or prevent unauthorized copying and
distribution of intellectual property, some governments have
levied taxes on:
•
•
•
•
•
Audio tapes.
CD recorders.
Personal computers.
Printers.
Scanners.
37
Solutions (Good and Bad)
Restrictions and Bans on Technology (cont’d)
Digital rights management (DRM), combined with laws such as the
DMCA, can result in heavy fines and imprisonment for violators.
The legal and monetary consequences can be applied to both pirates
of intellectual works as well as to scientists and researchers of
technology.
38
Solutions (Good and Bad)
The Future of Copyright
Challenges to the principles of copyright:
• Methods to circumvent copy-protection schemes.
• Peer-to-peer (P2P) file transfer.
• The view among some people that if copying is easy, or if cheap online
access is absent, then it is okay to copy.
Challenges to Fair Use:
• Technological (DRM) and legal (the DMCA) restrictions.
• Conflicting outcomes (e.g. reverse engineering) in the courts.
• Non-traditional uses (e.g. online teaching materials) or blurring of the
guidelines associated with Fair Use.
39
Free Software
Free Software (or Open Source) Means Free
From Copyright Restrictions
The notion of free software was created by Richard Stallman.
Examples:
•
•
•
•
•
GNU project.
Emacs.
“Free” compilers and utilities.
Linux.
Many others.
40
Issues For Software Developers
Should You Copyright or Patent Software?
Copyrights:
• Protect the expression of an idea in a fixed and tangible form.
• Are cheap, easy to obtain, and last a long time.
• Allow fair-use of the intellectual property.
Patents:
• Protect new, non-obvious, and useful processes.
• Are expensive, difficult to obtain, and last for short periods of time.
• Allow licensing to other developers.
41
Computer Crime
Introduction
Hacking
Online Scams
Fraud, Embezzlement, Sabotage, Information Theft, and Forgery
Crime Fighting Versus Privacy and Civil Liberties
42
Introduction
Computers Are Tools
Computers assist us in our work, expand our thinking, and
provide entertainment.
Computers Are Used to Commit Crimes
Preventing, detecting, and prosecuting computer crime is a
challenge.
43
Hacking
The Phases of Hacking
Phase One: The early years
• 1960s and 1970s.
• Originally, hacker referred to a creative programmer wrote clever code.
• The first operating systems and computer games were written by
hackers.
• The term hacking was a positive term.
• Hackers were usually high-school and college students.
44
Hacking
The Phases of Hacking (cont’d)
Phase Two: Hacking takes on a more negative meaning.
• 1970s through 1990s.
• Authors and the media used the term hacker to describe someone who
used computers, without authorization, sometimes to commit crimes.
• Early computer crimes were launched against business and
government computers.
• Adult criminals began using computers to commit their crimes.
45
Hacking
The Phases of Hacking
Phase Three: The Web Era
• Beginning in the mid-1990s.
• The increased use of the Internet for school, work, business
transactions, and recreation makes it attractive to criminals with basic
computer skills.
• Crimes include the release of malicious code (viruses and worms).
• Unprotected computers can be used, unsuspectingly, to accomplish
network disruption or commit fraud.
• Hackers with minimal computer skills can create havoc by using
malicious code written by others.
46
Hacking
Hactivism
…is the use of hacking expertise to promote a political cause.
• This kind of hacking can range from mild to destructive activities.
• Some consider hactivism as modern-age civil disobedience.
• Others believe hactivism denies others their freedom of speech and
violates property rights.
47
Hacking
The Law
Computer Fraud and Abuse Act (CFAA, 1986)
• It is a crime to access, alter, damage, or destroy information on a
computer without authorization.
• Computers protected under this law include:
– government computers,
– financial systems,
– medical systems,
– interstate commerce, and
– any computer on the Internet.
48
Hacking
The Law (cont’d)
USA Patriot Act (USAPA, 2001)
• Amends the CFAA.
• Allows for recovery of losses due to responding to a hacker attack,
assessing damages, and restoring systems.
• Higher penalties can be levied against anyone hacking into computers
belonging to criminal justice system or the military.
• The government can monitor online activity without a court order.
49
Hacking
Security
Security weaknesses can be found in the computer systems
used by:
• businesses,
• government (classified and unclassified), and
• personal computers.
Causes of security weakness:
• characteristics of the Internet and Web,
• human nature,
• inherent complexity of computer systems.
50
Hacking
Security can be improved by:
•
•
•
•
•
Ongoing education and training to recognize the risks.
Better system design.
Use of security tools and systems.
Challenging “others” to find flaws in systems.
Writing and enforcing laws that don’t stymie research and
advancement.
51
Fraud, Embezzlement, Sabotage,
Identity Theft, and Forgery
Some Causes of Fraud
Credit-Card
• Stolen receipts, mailed notices, and cards.
• Interception of online transaction or weak e-commerce security.
• Careless handling by card-owner.
ATM
• Stolen account numbers and PINs.
• Insider knowledge.
• A counterfeit ATM.
Telecommunications
• Stolen long-distance PINs.
• Cloned phones.
52
Fraud, Embezzlement, Sabotage,
Identity Theft, and Forgery
Some Defenses Against Fraud
Credit-Card
•
•
•
•
Instant credit-card check.
Analysis of buying patterns.
Analysis of credit card applications (to detect identity theft).
Verify user with Caller ID.
ATM
• Redesigned ATMs.
• Limited withdrawal.
Telecommunications
• match phone “signature” with serial number.
• identify phone without broadcasting serial number.
53
Fraud, Embezzlement, Sabotage,
Identity Theft, and Forgery
Embezzlement and Sabotage
Some Causes
•
•
•
•
Insider information.
Poor security.
Complex financial transactions.
Anonymity of computer users.
Some Defenses
•
•
•
•
Rotate employee responsibility.
Require use of employee ID and password .
Implement audit trails.
Careful screening and background checks of employees.
54
Fraud, Embezzlement, Sabotage,
Identity Theft, and Forgery
Identity Theft
Some Causes of Identity Theft
•
•
•
•
Insecure and inappropriate use of Social Security numbers.
Careless handling of personally identifiable information.
Weak security of stored records.
Insufficient assistance to identity theft victims.
Some Defenses for Identity Theft
• Limit use of personally identifiable information.
• Increase security of information stored by businesses and government
agencies.
• Improve methods to accurately identify a person.
• Educate consumers.
55
Fraud, Embezzlement, Sabotage,
Identity Theft, and Forgery
Forgery
Some Causes
• Powerful computers and digital manipulation software.
• High-quality printers, copiers, and scanners.
Some Defenses
•
•
•
•
Educate consumers and employees.
Use anti-counterfeiting techniques during production.
Use counterfeit detection methods.
Create legal and procedural incentives to improve security.
56
The Changing Nature of Work
Impact of Computers on Work:
Some jobs have been eliminated.
Other jobs have been created.
Repetitious or boring jobs are now done with computers.
There is more time for creativity.
Some workers “telecommute.”
Employers can better monitor their workers.
Health issues have been associated with computer usage.
57
The Impact on Employment
Job Destruction and Creation
Computers and Unemployment:
• Automation leads to loss of jobs.
• Computerization eliminates some jobs.
• Computer efficiency means fewer jobs.
Computers and Employment:
• The need for computer designers, builders, and programmers creates
jobs.
• Growing computer networks creates jobs for administrators.
• The need for training, sales and technical support creates jobs.
• In general, computers make many products affordable to more people .
Thus, more jobs are created to make those products.
58
The Impact on Employment
Job Destruction and Creation (cont’d)
Technology, Economic Factors, and Employment:
• Technology is often blamed for massive unemployment.
• The Luddites feared weaving looms would take away jobs—they did
not.
• Likewise, Neo-Luddites fear technology will eliminate jobs.
• The Great Depression was not caused by technology taking away jobs.
• Instead, complicated economic and political factors contribute to job
destruction.
59
The Impact on Employment
Job Destruction and Creation (cont’d)
How Have Computer Technology and Other Technologies
Affected:
•
•
•
•
•
•
•
Hourly wages?
Fringe benefits?
Spending on leisurely activities?
The number of working hours?
The percentage of taxes we owe?
Our productivity?
Employer productivity?
60
The Impact on Employment
Job Destruction and Creation (cont’d)
A Global Workforce
• Some jobs moved from wealthy countries to less wealthy ones.
• Pay rates are lower in less wealthy countries.
• The Internet and Web reduce the need for transportation of people (e.g.
teleconferencing) and paper (e.g. e-mail and attachments).
• The Internet and Web make it easier for information technology (e.g.
software updates) and some service jobs (e.g. technical support) to be
far from customers or employers.
61
The Impact of Employment
Changing Skills and Jobs
Optimistic Outlook:
• The educational system adapts rapidly to create newly trained workers.
• Technology can be used to retrain displaced workers.
Pessimistic Outlook:
• Advanced software will eliminate many jobs requiring high skills.
• Automation and the Web will lead to mass unemployment.
62
The Work Environment
Changing Business Structures
Trends That May Impact the Size and Structure of Business:
•
•
•
•
•
•
•
•
Smaller businesses.
More independent consultants and contractors.
More self-employment.
Small businesses operating globally.
Multi-national corporations and mergers.
Decline in number of employees per firm.
Flattened hierarchies.
Empowered workers.
63
Employee Monitoring
Background
Categories of Employee Monitoring:
• Data entry, phone work, and retail.
• Location.
• E-mail, Web surfing, and voice mail.
64
Employee Monitoring
Data entry, Phone Work, and Retail
Types of Monitoring:
• Keystroke: to determine if quotas are met or employee is on task.
• Phone: to determine customer satisfaction and proper use of phone
resources.
• Transactions: to reduce theft.
65
Employee Monitoring
Location
Types of Monitoring:
• Badges: to replace worker keys or track down workers.
• GPS tracking systems: to locate vehicles; employee driving speed and
driving habits.
66
Employee Monitoring
E-mail, Web Surfing, and Voice Mail
Some Reasons Employees Are Monitored:
•
•
•
•
•
•
•
Find needed business information when employee is not available.
Protect proprietary information.
Prevent or investigate possible criminal activities.
Prevent personal use of employer’s facilities.
Check for violations of company policy.
Investigate complaints of harassment.
Check for illegal software.
67