how ethics relates to my scenario

advertisement
Schaub 6:00
L01
ETHICS OF PROJECT LOON
Audrey Clarke (ajc174@pitt.edu)
ETHICS IN ENGINEERING
Engineers have a moral obligation to the world because
their actions can directly impact others. The technology we
develop has the potential to improve or undermine our
quality of life so it is important that we use the ethical codes
available to us to make the best decisions we can. The main
principles an engineer should live by are "to hold paramount
the safety, health, and welfare of the public, perform
services only in areas of their competence, act for each
employer or client as faithful agents or trustees, avoid
deceptive acts, and conduct themselves honorably,
responsibly, ethically, and lawfully so as to enhance the
honor, reputation, and usefulness of the profession” [1].
Companies also have a moral, social, and environmental
responsibility. They have a social responsibility to give back
to the community that they profit from and to behave
ethically so that everyone benefits.
PROJECT LOON
Project Loon aims to bring the internet to people in rural
and remote areas of the world and can also be deployed in
disaster areas to quickly restore communications. As
described by Google, Project Loon is a moving network of
balloons carrying wireless transmitters that beam the internet
down to Earth. Each balloon can provide internet
connectivity to a 40Km diameter area on the ground. In
addition to wireless transmitters, the balloons are also
equipped with high definition cameras for mapping
applications. To control the location of the balloons, Project
Loon takes advantage of the different layers of wind in the
stratosphere, which varies in direction and speed.
Sophisticated software algorithms determine where the
balloons need to go and when to move the balloons up or
down to catch the wind blowing in the correct location.
Because Project Loon connects directly to smart phones, it is
possible to use the signal strengths received from multiple
balloons to calculate the exact location of transmission.
With complex software algorithms, Loon can lock onto a
particular smart phone to capture transmission and location
data. Special software algorithms then package this
information, encrypt it, and send it back to Google over the
global internet for analysis if needed.
MY SCENARIO
I am a software programmer for Google’s next
generation of Project Indoor Maps. I am in a group of 10
software developers working on Project Indoor Map in the
Pittsburgh, PA office. Our local manger, Ima Nerd, reports
University of Pittsburgh, Swanson School of Engineering 1
2015-11-3
to Mike Cassidy who is a vice president at Google and who
is currently the project leader on Google X’s Project Loon.
Indoor maps focuses on mapping and navigation which
allows users to be guided through indoor spaces. Indoor
Google Maps can guide a new engineering student to
Benedum Hall and with point-by-point navigation on his
smartphone; he can get from Benedum’s main entrance to a
certain classroom, computer lab, reading or study area,
restroom, or even a labeled bookshelf [2]. Project Indoor
Maps can also be used by first responders and firefighters to
locate people in a building for search and rescue when
needed. Part of my job is to interact with the software
algorithm team on Project Loon to collect the user’s
coordinates which can then be uploaded and aligned over
existing Google Map satellite and Project Loon imagery. I
have unrestricted access to Project Loon’s software
algorithms and have recently discovered that Google is
tracking and storing the location of Google and non-Google
users along with personally identifiable information. The
resolution of the tracking and imagery mapping is good
enough to identify where the user has been and you can even
determine which counters or aisles in a store the user
browsed. It appears that this information is used by Google
for target marketing in their search engine. I am bothered by
the fact that we are storing the location history of our users.
As an engineer, it is my duty to determine if it is ethical to
store detailed location history on users if we don’t clearly
disclose we are doing this and don’t give the user an option
to opt out. I will consult the codes of ethics from the
National Society of Professional Engineers (NSPE) and the
Institute of Electrical and Electronics Engineers (IEEE) to
determine my course of action.
GOOGLE’S PROMISE TO USERS
Users have free access to Google’s suite of tools as long
as they agree to the collection of personal information.
Google’ privacy policy assures users that: “When you use
our services, you trust us with your information. We want to
start by telling you what we do with it: Data enables us to
provide our services like Search, Gmail, and Maps. Data
also helps us show relevant ads, so we can make our services
free for everyone. Know that we do not sell your
personal information. And you control the types of
information we collect and use. Lastly, no one does more to
keep you and your information safe and secure [3].”
Audrey Clarke
to our company outweighs the risk to the users. If we store a
history of where a user has been, Google benefits by being
able to intelligently select advertisements aimed at the user’s
interests and can target stores local to you. For example, if
Google knows that you spent time browsing at the gun
showcase in a sporting goods store, it can display ads from
other related stores in your vicinity or online stores the next
time you use their search engine. However, if this
information gets into the wrong hands, it could be
catastrophic for the user who was breached and also for the
company. As we have seen in the Ashley Madison breach
example, when embarrassing information is exposed, users
could be faced with extortion or resort to taking their own
lives. If users discover how detailed the location information
is through a breach, Google will be put in the awkward
position of trying to justify their actions and they will lose
customer trust.
The NSPE code of ethics states that we should avoid
deceptive acts. Is it reasonable to assume that your location
history would be stored and be used in search engines? What
if you are not a Google user? Should Google clearly disclose
they are storing your location data and give you an option to
opt out? Google’s promise to its users is vague and leaves
Google a wide range of freedom. If Google gives customers
the ability to opt out, everyone may take the option and then
Google may not be able to generate the income needed
through ads to make their services free. If the positional data
is intended for advertising, it should be saved in a format
useful for selecting advertisers and not in a form that can be
linked to a specific user and that can be used to recreate your
morning routine. Location filtering is an option but it is
probably not possible to filter all the locations that users
would want to keep private. Knowing how ethical issues
have been decided in the past are also valuable resources to
consider. In 2007, Google admitted that it had violated
people’s privacy during its mapping project when their
Street View cars snooped data containing passwords, e-mail
and other personal information from unencrypted wireless
networks along the way [8]. As part of the settlement,
Google paid a fine of $7 million, agreed to educate its own
employees on privacy issues and to inform the public how to
avoid privacy violations like this one [8]. Based on this
lawsuit, the storing of data locations for non-Google users
would be considered unauthorized and therefore not legal to
store.
The IEEE code of ethics states that we should strive to
improve the understanding of technology; its appropriate
application, and potential consequences. Many users are not
aware of the enormous amounts of personal information that
is collected and how this information can be used to paint a
surprisingly complete picture of them. Google Earth can be
used to locate a user’s house which can be used to estimate
income level, types of cars they drive, whether they need
lawn and landscaping work, or house repair. When search
engine queries are analyzed, you can infer if someone is
depressed, has health related issues, or what they are
THE IMPACT OF DATA BREACHES
How secure is the data that we trust companies to protect
and what is the impact to the community and the respective
company if that information is breached? Hackers seem to
have an infinite amount of time and resources on their hands
and are driven by monetary gain, revenge, and by their own
self-righteous morality. During the holiday season of 2013,
Target was hacked for monetary gains. 42 million Target
customers had their credit card information stolen and
another 61 million people had their personal data including
names, mailing addresses, phone numbers and email
addresses stolen [4]. The victims had to show “reasonable
documentation” of the impacts of the breach to participate in
Target’s $10 million class-action settlement [4]. The CEO at
the time of the breach, Greg Steinhafel, resigned shortly
after the breach. The motivation for hacking can also be for
revenge. In 2010, Google was the victim of a sophisticated
attack by Chinese hackers who gained information and email
addresses of human rights activists within China for the
purpose of punishing them [5]. In 2014, North Korea
decided they did not like the way their country was depicted
in the Seth Rogen and James Franco movie, “The
Interview”, and threatened to attack movie theaters if the
movie was shown. The hackers downloaded emails from
top executives, personal information, and unreleased movies
and posted them online for all to see. The 3,000 employees
affected by the breach filed a class action lawsuit against the
company for its failure to secure its networks and for not
protecting employees after their personal information was
compromised [6]. The lawsuit has been settled for an
undisclosed amount and the co-chairman of Sony
Pictures Entertainment and chairman of the Motion Picture
Group, Amy Pascal, resigned shortly after. Hacking can also
be driven by morality. The extramarital affairs website
Ashley Madison, was hacked in 2015 and personal
information like e-mail addresses and account details from
32 million members was posted online [7]. The hackers have
claimed two motivations: they are morally against arranging
affairs between married individuals and they don’t like the
business practice of requiring users to pay for the privilege
of their data to be removed from the site [7]. At least two
suicides and many extortion attempts have been linked to
this breach. Companies have a huge responsibility to its
users to safeguard the data they collect because settlements
can be costly, jobs can be lost, reputations can be ruined, and
lives can be destroyed.
HOW ETHICS RELATES TO MY
SCENARIO
According to the NSPE code of ethics for engineers,
“engineers shall at all times strive to serve the public
interest.” In order to serve the public interest, we need to
review the information that we store to make sure the benefit
2
Audrey Clarke
interested in buying. Google Loon data location services can
be used to tell where users have been. It is up to engineers to
protect the users who are not tech savvy and could be hurt or
victimized if their information were to be breached.
Companies like Google have an obligation to society to
educate users so they understand the information being
collected about them and how it can be misused. The
downside of educating users is that Google may lose
customers worried about privacy issues.
interest and what is morally right and ethical. If handled
correctly, it can be viewed as a win-win situation. When
you find yourself in this situation, I recommend following
the steps of Problem Solving in Engineering Ethics which
are outlined below [10]:
 State the Problem: Clearly define what the ethical
engineering problem is.
 Get the Facts: Obtain all relevant facts to the matter
including different moral viewpoints and then analyze
them all.
 Identify and Defend Competing Moral Viewpoints:
Analyze the pro and cons of different moral viewpoints
and pick the best course of action.
 Come up with a Course of Action: Pick the best course
of actions and answer all un-answered questions.
 Qualify the course of Action: Back up the course of
action with facts or statistics.
Whenever I’m in doubt about what to do, I always ask
myself how I would feel if everything I knew and did were
published on the front page of the newspaper. If I’m
embarrassed or ashamed of my knowledge and lack of
action, then it is necessary to take action to change the
course of events.
MY ACTIONS
Since some hackers are backed by governments with
unlimited resources, it is impossible to guarantee that the
data you collect won’t be breached. Therefore, we need to be
careful about the kinds of information we collect and store.
If hackers breach our data and make it public, we are liable
as a company and at minimum will be fined. As we have
seen in other data breaches, the senior manager is also
usually dismissed. Our users may lose confidence in Google
and may start using other search engines and mapping
applications. Each breach that happens causes users to lose
more and more faith in the whole cyber industry and makes
it more difficult to regain their trust.
To make my final decision, I have reviewed the code of
ethics from NSPE and IEEE, looked at previous litigation
from a similar scenario involving Google, analyzed the
personal and corporate harm done from previous data
breaches, and discussed and validated my concerns with
colleagues. My recommendation includes: fully disclosing
the information we collect and how it is used in our privacy
policy, providing users the ability to opt out of the location
collection, stop storing any information on non-Google
users, converting the location information into target
marketing data prior to storage, and educating users to the
benefits and risks of internet data collection. For the
purposes of disaster recovery, the location information
should not be stored until after a disaster occurs.
It is my duty as an engineer to make sure the senior
manager of my project is aware of all the risks we face as an
engineering team. My recommendations and concerns will
be emailed to my manager, Ima Nerd, and the project lead,
Mike Cassidy. If my managers don’t act on my
recommendations, I will send them to the human resource
director at Google who deals with ethical issues. If the
human resource manager does not act on my concerns, I will
contact the Federal Trade Commission who is responsible
for safeguarding consumer privacy. As a corporation, we
must be aware that, “trust is hard to earn, easy to lose, and
nearly impossible to win back [9].”
REFERENCES
[1] (2007). “Code of Ethics for Engineers.” National Society
of
Professional
Engineers.
(website).
http://www.nspe.org/sites/default/files/resources/pdfs/Ethics/
CodeofEthics/Code-2007-July.pdf.
[2] C. Mairn. (2014). “Help Patrons Find Their Way With
Indoor Google Maps.” Information Today, Inc. (article).
http://www.infotoday.com/cilmag/apr14/Mairn--HelpPatrons-Find-Their-Way-With-Indoor-Google-Maps.shtml.
[3] (2015). “We keep your personal information private and
safe.” Google. (website). https://privacy.google.com/.
[4] M. Parks. (2015). “Target Offers $10 Million Settlement
In Data Breach Lawsuit.” NPR. (online article).
http://www.npr.org/sections/the
twoway/2015/03/19/394039055/target-offers-10-millionsettlement-in-data-breach-lawsuit.
[5] B. Yu. (2013). “Speaking against the Silence: An ethical
analysis of Censorship practices within China today.”
Global
Ethics.
(online
article).
http://www.globalethicsnetwork.org/profiles/blogs/speakingagainst-the-silence-a-look-inside-the-censorship.
[6] D. Patten. (2015). “Sony Hacking Class Action Lawsuit
Reaches Settlement.”
Deadline.
(online
article).
http://deadline.com/2015/09/sony-hacking-lawsuitsettlement-employees-identity-theft-1201513280/.
[7] R. Hackett. (2015). “What to know about the Ashley
Madison
hack.”
Fortune.
(online
article).
http://fortune.com/2015/08/26/ashley-madison-hack/.
[8] D. Streitfeld. (2013). “Google Concedes That Drive-By
Prying Violated Privacy.” New York Times. (online article).
http://www.nytimes.com/2013/03/13/technology/google-
RECOMMENDATIONS TO ENGINEERS
Every engineer will eventually find themselves caught
between doing what’s in the company’s short term financial
3
Audrey Clarke
pays-fine-over-street-view-privacybreach.html?pagewanted=all&_r=0.
[9] E. Mills. (2007). "Google balances privacy, reach."
CNET. (Online Document). http://www.news.com.M.
Popalzai.
[10] Jonassen, D. H., Shen, D., Marra, R. M.,…Lohani, V.
K. (2009). Engaging and Supporting Problem Solving in
Engineering Ethics. Journal of Engineering Education.
98(3), 235–254. DOI: 10.1002/j.2168-9830.2009.tb01022.x
ADDITIONAL SOURCES
A. Mcnamee. (2005). “Ethical Issues arising from the Real
Time Tracking and Monitoring of People Using GPS-based
Location Services” University of Wollongong. (Online
Document).
http://ro.uow.edu.au/cgi/viewcontent.cgi?article=1003&cont
ext=thesesinfo
(2009). “Cases and Scenarios.” Online Ethics Center for
Engineering. National Academy of Engineering. (online case
report). http://www.onlineethics.org/Resources/Cases.aspx
“Ethics
Case
Studies.”
Webguru.
(website).
http://www.webguru.neu.edu/professionalism/researchintegrity/ethics-case-studies
(2015) “7.8 IEEE Code of Ethics” ieee. (website).
http://www.ieee.org/about/corporate/governance/p7-8.html
ACKNOWLEDGMENTS
I’d like to thank the librarian, Judy Brink, for helping me
find valuable resources, the writing instructors for helping
me organize my thoughts and correcting my grammar, and
Google for allowing me to search on items quickly and for
not filtering their own dirty laundry.
4
Audrey Clarke
5
Download