Matakuliah : M0304/Corporate Information System Management Tahun : 2008 Pertemuan -25 Aspek SOCIAL, ETHICAL, DAN LEGAL Fakultas Ilmu Komputer Modul-25-2 THE LEGAL ENVIRONMENT • Purpose of law is to constrain behavior within a society so that its needs are satisfied and harm is prevented Law is related to, not the same as, ethics IT impact has: • • – – • Made new forms of crime possible Changed mechanisms for reproducing material, photos, art, and music Legal system has lagged behind technology Fakultas Ilmu Komputer Modul-25-3 ETHICS FRAMEWORKS Why discuss ethics? – – – IT is having a growing effect on our lives Managers determine how IT is used Managers are responsible for ethical implications of effects of using IT Fakultas Ilmu Komputer Modul-25-4 ETHICS FRAMEWORKS • • • To act ethically requires that we take responsibility for our actions Careers as managers and professionals are in jeopardy if unethical Consider Enron and what happened to its managers! Fakultas Ilmu Komputer Modul-25-5 ETHICS FRAMEWORKS Analyzing Ethical Problems • • • Code of ethics for software engineering profession Recognizes that managers and organizations have special responsibilities Developed jointly by IEEE and ACM Fakultas Ilmu Komputer Modul-25-6 Fakultas Ilmu Komputer Figure 25.1 Section 3 of the ACM Code of Ethics Modul-25-7 ETHICS FRAMEWORKS Analyzing Ethical Problems • • Basic principles to guide ethical behavior come from: – Religious traditions – Philosophers Two basic ethical theories: – Deontologism – Consequentialism Fakultas Ilmu Komputer Modul-25-8 ETHICS FRAMEWORKS Analyzing Ethical Problems • Deontologism – action is ethical or unethical based only upon the action itself without regard to its consequences in the particular case It is our intent, not the actual result, that determines whether an action is ethical or unethical In the Western world rules by which actions are judged have roots in Judeo-Christian tradition Problems: • • • – – – Rules are absolutes Different cultures have different rules Ignores the consequences that come from a specific action Fakultas Ilmu Komputer Modul-25-9 ETHICS FRAMEWORKS Analyzing Ethical Problems • • Consequentialism – judges an action by evaluating all the consequences that it produces – if consequences good then action is ethical Similar to “the ends justify the means” Fakultas Ilmu Komputer Modul-25-10 ETHICS FRAMEWORKS Analyzing Ethical Problems Utilitarianism – one type of consequentialism where all parties who will be affected by the action must be identified and consequences delineated and quantified, with beneficial results measured on a positive scale and harmful results measured on the negative scale Problems: • • – – Quantification – how to assign numerical values and probabilities What happens when all benefit is to one and all harm is to another, with net zero? Fakultas Ilmu Komputer Modul-25-11 ETHICS FRAMEWORKS Analyzing Ethical Problems • IT Management topics with ethical implications: – – – – – – – – Computer crime Cyberattacks on computers Identity theft Impact of IT on privacy Access to the technology and freedom of speech issues Intellectual property issues Hazards of inaccuracy Impact of IT on workers Fakultas Ilmu Komputer Topics addressed in chapter Modul-25-12 ETHICS FRAMEWORKS Analyzing Ethical Problems • Other social issues with ethical implications that managers need to be aware of: – – – – Hate e-mail Cyberstalking Sexual abuse via the Internet Pornography Fakultas Ilmu Komputer Modul-25-13 COMPUTER CRIME • Computer crime is big business • Alarming statistics: – – – and is growing rapidly 85-97% of computer intrusions never detected 10% of detected are reported, and only a few of reported are solved FBI estimates computer crime losses in 1999 as much as $10 billion Fakultas Ilmu Komputer Modul-25-14 COMPUTER CRIME Forms of computer crime: – – – – – – – Financial crimes Businesses stealing competitors’ secrets Espionage agents stealing military intelligence Attacks on computers by terrorists Grudge attacks by disgruntled employees Attacks by “hacker” for fun Use of IT by criminals to run criminal businesses Fakultas Ilmu Komputer Modul-25-15 COMPUTER CRIME Financial Crimes Forms of financial crime: • • • Embezzlements Sabotage as a way of “getting back” at an employer – Logic bomb – a program designed to destroy data at a specified date and time Fraud on the Web – Spoofing – setting up a Web site that mimics a legitimate site Fakultas Ilmu Komputer Modul-25-16 COMPUTER CRIME Cyberattacks on Computers • • • Cyberattacks do serious economic damage Hackers originally motivated by technological challenge and intended no harm Crackers use hacking techniques to steal information or wipe out hard drives Fakultas Ilmu Komputer Modul-25-17 COMPUTER CRIME Fakultas Ilmu Komputer Figure 25.2 Number of Cyberattack Incidents Reported (in thousands) Modul-25-18 Fakultas Ilmu Komputer Figure 25.3 Techniques Used to Attack Computers Modul-25-19 COMPUTER CRIME Cyberattacks on Computers • Personal responsibility: – – – – Use antivirus software and keep up to date Make sure all operating system updates are installed Carefully protect passwords Carefully opening e-mail messages, especially attachments Fakultas Ilmu Komputer Modul-25-20 COMPUTER CRIME Computer Crime Laws Most important: • The Computer Fraud and Abuse Act of 1986 as amended (Title 18 United States Code, Chapter 47, Sections 1029 and 1030) – Section 1029 prohibits fraud and intrusion by use of counterfeit access devices – Section 1030 covers espionage, stealing financial information, knowingly damaging a computer or application by hacking, stealing passwords, and furthering a fraud by accessing a computer Fakultas Ilmu Komputer Modul-25-21 IDENTITY THEFT “someone appropriating your personal information without your knowledge to commit fraud or theft” (Federal Trade Commission) – Implications: • • Fakultas Ilmu Komputer Ruined credit rating Extreme effort to “clean up” the mess Modul-25-22 IDENTITY THEFT Impact of Identity Theft • • Serious problem for businesses and individuals According to FTC (2003), in 2002: – – – 10 million victims Loss of $48 billion for businesses Loss of $5 billion for consumers Fakultas Ilmu Komputer Modul-25-23 IDENTITY THEFT Police and Bank Attitudes Problem for victims: • Police, banks, and merchants often reluctant to pursue identity thieves Fakultas Ilmu Komputer Modul-25-24 IDENTITY THEFT Ethical Issues Are banks and merchants acting ethically when they ignore the crime rather than pursuing the thief? Fakultas Ilmu Komputer Modul-25-25 IDENTITY THEFT Laws on Identity Theft Summary: • • Law on identify theft is inadequate Enforcement of the law is poor Fakultas Ilmu Komputer Modul-25-26 PRIVACY • • Privacy is difficult to define Violating privacy generally includes: – – – – • Unwanted access to your person Intruding into your home or office Observing you Obtaining information about you Legally, our right to privacy is much weaker than our property rights and right to free speech Fakultas Ilmu Komputer Modul-25-27 PRIVACY IT perspective: • • • Privacy – ability to control information about ourselves Individual might give permission to collect and use certain personal information in exchange for some benefit or business transaction Privacy is invaded when information used in ways never intended or agreed to Fakultas Ilmu Komputer Modul-25-28 PRIVACY Ethics of Invasion of Privacy • Kantian view: – – • Invasion of privacy always unethical Treating person with disrespect Utilitarian view: – – – Whether unethical depends upon results of action Does total resulting good exceed harm caused? But how do you measure harm caused? Fakultas Ilmu Komputer Modul-25-29 PRIVACY Laws on Privacy U.S. Federal law: – – No comprehensive legal right to privacy Much legislation to offer some privacy: • • • • • • • • Fakultas Ilmu Komputer Fair Credit Reporting Act Privacy Act Family Education Rights and Privacy Act Electronic Communications Privacy Act Video Protection Privacy Act Driver’s Privacy Protection Act Health Insurance Portability and Accountability Act Children’s Online Privacy Protection Act Modul-25-30 PRIVACY Laws on Privacy • U.S. federal laws offer protection for: – – – • Student information Electronic medical information Electronic communications Not well protected: – – – Financial data Financial institutions often buy and sell information they collect on individuals Major concern: requirement that customer “opt-out” to obtain even limited protection Fakultas Ilmu Komputer Modul-25-31 PRIVACY Laws on Privacy • Another concern is Patriot Act passed after 9-11: – – • Purpose is to protect Americans against terrorism But weakens constitutional protection against unreasonable search and seizure by allowing FBI to force anyone to turn over records by telling judge its related to ongoing terrorism or foreign intelligence Judging by their laws, many other countries seem to value privacy more highly than U.S. Fakultas Ilmu Komputer Modul-25-32 PRIVACY Privacy Problems • IT has radically affected our ability to control access to information about ourselves Potential problems: • – – Government agencies using online databases for official records containing private information Marketers increasingly value personal information Fakultas Ilmu Komputer Modul-25-33 PRIVACY E-Commerce Privacy Concerns • • • • Many trusted businesses are collecting personal information about us and our shopping activities and selling them to others Method: use of “cookies” when you visit Web sites Cookie – a small record that identifies you to the Web site you visited and allows it to set up a file on its computer that can record information about the actions you take with that site Except for the financial industry, no U.S. laws regulate collection and sharing of data Fakultas Ilmu Komputer Modul-25-34 PRIVACY Workplace Privacy • • • 75% of employers record employee Web use, voice mail, e-mail, or phone calls, review computer files, or videotape workers (American Management Association, 2000) Up to 25% do not tell workers (Associated Press, 1997) Ethical (and practical) implication: Is it important that company policies for monitoring employee activities and communications be clearly communicated to employees? Fakultas Ilmu Komputer Modul-25-35 PRIVACY Access • • • • U.S. in reasonably good shape in regard to computer access and literacy Europe and Japan lag somewhat behind U.S. Developing countries lag far behind, but are making progress Undeveloped world has no computer literacy, or literacy of any type Fakultas Ilmu Komputer Modul-25-36 PRIVACY Freedom of Speech • Use of Internet has led to renewed controversy between our right to freedom of speech and the right of society to protect itself Fakultas Ilmu Komputer Modul-25-37 PRIVACY Freedom of Speech • Use of Internet has led to renewed controversy between our right to freedom of speech and the right of society to protect itself • Is there information so harmful that it should be banned from posting on the Internet? – Instructions for making a bomb? – How to poison a city’s water supply? – Child pornography? Fakultas Ilmu Komputer Modul-25-38 PRIVACY Freedom of Speech • • • • • Spam – unsolicited commercial e-mail ISPs spend a lot of money on anti-spam software Typical consumers still receive 110 unwanted e-mails a month Congress has attempted to write laws to outlaw spam Freedom of speech rights make anti-spam laws difficult to write, pass, and uphold in courts Fakultas Ilmu Komputer Modul-25-39 PRIVACY Intellectual Property Rights Intellectual property rights – any product of the human mind, such as an idea, an invention, a literary creation, a work of art, a business method, an industrial process, a chemical formula, a computer program, or a presentation • Due to technological advances, sharing intellectual property is easy, rapid, and inexpensive Fakultas Ilmu Komputer Modul-25-40 PRIVACY Intellectual Property Rights • What property can be owned differs from one society to another • Most societies value and reward intellectual property • U.S. patent and copyright laws try to protect intellectual property Fakultas Ilmu Komputer Modul-25-41 PRIVACY Software Piracy • A serious problem for software industry • 39% of software installed in 2002 was pirated, and cost software industry $13 billion • Software piracy rate lowest in North America and highest in China • U.S. copyright laws make it illegal to copy software and use it without vendor’s permission • Severe penalties for violation Fakultas Ilmu Komputer Modul-25-42 PRIVACY Software Piracy • Software vendors prosecute large companies for violations, but not often individuals • Ethical question: Is it right to copy software for personal use? • Copyright protects against software piracy, but not against another creating the same thing • Patent – gives creator exclusive right to manufacture and use for a specified period of time • Computer programs are often patented Fakultas Ilmu Komputer Modul-25-43 PRIVACY Digital Entertainment Piracy • Laws are changing very rapidly • Growing volumes of digital music, videos, and movies being pirated worldwide • 28% of all CDs sold in 2002 worldwide were pirated (IFPA, 2003) Fakultas Ilmu Komputer Modul-25-44 PRIVACY Internet File Sharing • Greatest threat to recording industry • Napster developed software to make MP3 files, and maintained a Web site that enables sharing of MP3 files • Courts eventually shut down Napster • New sites spring up, such as Sharman networks with Kazaa service • Many lawsuits still pending Fakultas Ilmu Komputer Modul-25-45 PRIVACY Ethical Questions Is it ethical to download copyrighted music or movies from the Internet, and not pay for them? Fakultas Ilmu Komputer Modul-25-46 ACCURACY National Crime Database • • • • • FBI’s National Crime Information Center maintains an integrated, real-time transaction processing and online fingerprint-matching database Input comes from thousands of agencies across the country Law establishing system required FBI to ensure information was “accurate, relevant, timely and complete” March 2003, Justice Department eliminated requirement for FBI to ensure accuracy Outcome might be more innocent people identified as criminals Fakultas Ilmu Komputer Modul-25-47 ACCURACY Credit Bureau Databases • • • • • Three large credit reporting bureaus in U.S. maintain huge databases on 90% of Americans Credit reporting information is notoriously inaccurate Fair Credit Reporting Act required credit bureaus to maintain “reasonable” accuracy What is “reasonable”? Basic responsibility for accuracy remains with the individual rather than with collecting agencies Fakultas Ilmu Komputer Modul-25-48 ACCURACY Other Business Databases • • • Most businesses maintain databases used for decision making Accuracy of data might affect individual within and outside the company Ethical question: What responsibility does the individual manager have for accuracy of the data? Fakultas Ilmu Komputer Modul-25-49 IMPACT ON WORKERS • • IT can replace workers in some cases IT can potentially harm the quality of working life – – • • Being on a computer terminal too long can cause repetitive stress injuries Computerization of tasks can leave remaining manual tasks very dull and boring Often main objective of a computer system is to reduce costs by replacing people Ethical question: How do you balance organizational benefits with consequences to people who lose jobs? Fakultas Ilmu Komputer Modul-25-50 THE FUTURE • What will individuals and organizations do with the increased IT power available for less and less money? • What new social and ethical issues will the future bring? Fakultas Ilmu Komputer Modul-25-51 Fakultas Ilmu Komputer Modul-25-52