The Personal and Social
Impact of Computers
Why Learn About Security, Privacy, and Ethical
Issues in Information Systems and the Internet?
 Many nontechnical issues associated with ISs
 Human Resource employees need to:
 Prevent computer waste and mistakes
 Avoid privacy violations
 Comply with laws about:
 Collecting customer data
 Monitoring employees
 Employees, IS users, and Internet users need to:
 Avoid crime, fraud, privacy invasion
Computer Waste and Mistakes
 Computer waste: Inappropriate
use of computer technology and
resources
 Cause: improper management of
information systems and
resources
 Discarding old software and even
complete computer systems when
they still have value
 Building and maintaining complex
systems that are never used to
their fullest extent
 Using corporate time and
technology for personal use
 Spam
 Computer-related mistakes:
Errors, failures, and other
computer problems that make
computer output incorrect or not
useful
 Causes
 Failure by users to follow proper
procedures
 Unclear expectations and a lack
of feedback
 Program development that
contains errors
 Incorrect data entry by dataentry clerk
Prevention Methods: Policies and
Procedures
 Establishing - Establish policies and procedures
regarding efficient acquisition,
use, and disposal of systems and
devices
 Training programs for individuals
and workgroups
 Manuals and documents on how
computer systems are to be
maintained and used
 Approval of certain systems and
applications to ensure
compatibility and costeffectiveness
 Implementing - Policies often focus on:
 Implementation of source data
automation and the use of data
editing to ensure data accuracy
and completeness
 Assignment of clear
responsibility for data accuracy
within each information system
 Training is often the key to
acceptance and implementation
of policies and procedures
Policies and Procedures
 Monitoring - Monitor routine practices
and take corrective action
if necessary
 Implement internal audits
to measure actual results
against established goals
 Follow requirements in
Sarbanes-Oxley Act
 Reviewing - During review, people should ask
the following questions:
 Do current policies cover
existing practices adequately?
Were any problems or
opportunities uncovered during
monitoring?
 Does the organization plan any
new activities in the future? If
so, does it need new policies or
procedures on who will handle
them and what must be done?
 Are contingencies and disasters
covered?
Computer Crime
Often defies detection
Amount stolen or diverted can be substantial
Crime is “clean” and nonviolent
Number of IT-related security incidents is
increasing dramatically
Computer crime is now global
The Computer as a Tool to
Commit Crime
 Criminals need two capabilities to commit most
computer crimes
 Knowing how to gain access to the computer system
 Knowing how to manipulate the system to produce the
desired result
 Examples
 Social engineering
 Dumpster diving
 Counterfeit and banking fraud using sophisticated
desktop publishing programs and high-quality printers
Cyberterrorism
 Cyberterrorist
 Someone who intimidates or coerces a government or
organization to advance his or her political or social
objectives by launching computer-based attacks against
computers, networks, and the information stored on them
 Homeland Security Department’s Information
Analysis and Infrastructure Protection Directorate
 Serves as governmental focal point for fighting
cyberterrorism
Identity Theft
 Imposter obtains key pieces of personal
identification information, such as Social Security
or driver’s license numbers, in order to impersonate
someone else
 Information is then used to obtain credit, merchandise,
and/or services in the name of the victim or to provide
the thief with false credentials
 Identity Theft and Assumption Deterrence Act of
1998 passed to fight identity theft
 9 million victims in 2005
The Computer as the Object
of Crime
Crimes fall into several categories such as:
Illegal access and use
Data alteration and destruction
Information and equipment theft
Software and Internet piracy
Computer-related scams
International computer crime
Illegal Access and Use
 Hacker: learns about and uses
computer systems
 Criminal hacker (also called a
cracker): gains unauthorized use
or illegal access to computer
systems
 Script bunnies: automate the job
of crackers
 Insider: employee who
compromises corporate systems
 Malware: software programs
that destroy or damage
processing
 Virus: computer program file capable of
attaching to disks or other files and
replicating itself repeatedly, typically
without the user’s knowledge or
permission
 Worm: parasitic computer program that
can create copies of itself on the
infected computer or send copies to
other computers via a network
 Trojan horse: malicious program
that disguises itself as a useful
application and purposefully does
something the user does not expect
 Logic bomb: type of Trojan horse
that executes when specific
conditions occur
 Triggers for logic bombs can include
a change in a file by a particular
series of keystrokes or at a specific
time or date
Illegal Access and Use
 Tips for avoiding viruses and worms
 Install antivirus software on your computer and configure
it to scan all downloads, e-mail, and disks
 Update your antivirus software regularly
 Back up your files regularly
 Do not open any files attached to an e-mail from an
unknown, suspicious, or untrustworthy source
 Do not open any files attached to an e-mail unless you
know what it is, even if it appears to come from a friend
or someone you know
 Exercise caution when downloading files from the
Internet
 Ensure that the source is legitimate and reputable
Information and Equipment Theft
 Obtaining identification numbers and passwords to
steal information or disrupt systems
 Trial and error, password sniffer program
 Software theft
 Computer systems and equipment theft
 Data on equipment is valuable
Software and Internet
Software Piracy
Software piracy: act of illegally duplicating
software
Internet software piracy: illegally
downloading software from the Internet
Most rapidly expanding type of software piracy
Most difficult form to combat
Examples: pirate Web sites, auction sites that
offer counterfeit software, peer-to-peer
networks
Penalties can be severe
Computer-Related Scams
Examples of Internet scams
Get-rich-quick schemes involving bogus real
estate deals
“Free” vacations with huge hidden costs
Bank fraud
Fake telephone lotteries
Phishing
Gaining access to personal information by
redirecting user to fake site
International Computer Crime
Computer crime is an international issue
Software industry loses about $9 billion in
revenue annually to software piracy
occurring outside the United States
Terrorists, international drug dealers, and
other criminals might use information
systems to launder illegally obtained funds
Preventing Computer-Related Crime
 All states have passed computer
crime legislation
 Some believe that these laws are
not effective because:
 Companies do not always actively
detect and pursue computer
crime
 Security is inadequate
 Convicted criminals are not
severely punished
 Individual and group efforts are
being made to curb computer
crime, and recent efforts have
met with some success
 State and federal agencies
have begun aggressive
attacks on computer
criminals
 Computer Fraud and Abuse
Act, 1986
 Computer Emergency
Response Team (CERT)
 Many states are now
passing new, comprehensive
bills to help eliminate
computer crimes
Crime Prevention by Corporations
 Public key infrastructure (PKI): enables users of
an unsecured public network such as the Internet
to securely and privately exchange data
 Uses a public and a private cryptographic key pair that is
obtained and shared through a trusted authority
 Biometrics: measurement of one of a person’s
traits, whether physical or behavioral
 Security & Biometric Video
 http://www.youtube.com/watch?v=CkRAUnFLYKA
Using Intrusion Detection
Software
Intrusion detection system (IDS):
software that monitors system and network
resources and notifies network security
personnel when it senses a possible intrusion
Suspicious activities: failed login attempts,
attempts to download program to server,
accessing a system at unusual hours
Can provide false alarms
E-mail or voice message alerts may be missed
Internet Laws for Libel and
Protection of Decency
 Filtering software helps screen Internet content
 Also prevents children from sending personal information
over e-mail or through chat groups
 Internet Content Rating Association (ICRA)
 Rates Web sites based on authors’ responses from
questionnaire
 Children’s Internet Protection Act (CIPA), 2000
 Required filters in federally funded libraries
 Libel is an important legal issue on the Internet
 Publishing Internet content to the world can subject
companies to different countries’ laws
Preventing Crime on the
Internet
 Develop effective Internet
usage and security policies
for all employees
 Use a stand-alone firewall
(hardware and software)
with network monitoring
capabilities
 Deploy intrusion detection
systems, monitor them, and
follow up on their alarms
 Monitor managers and
employees to make sure
that they are using the
Internet for business
purposes
 Use Internet security
specialists to perform
audits of all Internet and
network activities
Privacy Issues
 With information systems, privacy deals with the
collection and use or misuse of data
 More data and information are produced and used
today than ever before
 Data is constantly being collected and stored on
each of us
 This data is often distributed over easily accessed
networks and without our knowledge or consent
 Concerns of privacy regarding this data must be
addressed
Privacy and the Federal
Government
 U.S. federal government is perhaps the largest
collector of data
 Over 4 billion records exist on citizens, collected
by about 100 federal agencies
 U.S. National Security Agency (NSA) had secretly
collected phone call records of tens of millions of
U.S. citizens after the September 11, 2001
terrorist attacks
 Ruled unconstitutional and illegal by a federal judge in
August 2006
Privacy at Work
 There is conflict between rights of workers who
want their privacy and the interests of companies
that demand to know more about their employees
 Workers might be monitored via computer
technology that can:
 Track every keystroke made by a worker
 Know when the worker is not using the keyboard or
computer system
 Estimate how many breaks he or she is taking
 Many workers consider monitoring dehumanizing
E-Mail Privacy
Federal law permits employers to monitor email sent and received by employees
E-mail messages that have been erased from
hard disks can be retrieved and used in
lawsuits
Use of e-mail among public officials might
violate “open meeting” laws
Privacy and the Internet
 Huge potential for privacy invasion on the Internet
 E-mail is a prime target
 Platform for Privacy Preferences (P3P): screening
technology that shields users from Web sites that
do not provide the level of privacy protection they
desire
 Children’s Online Privacy Protection Act (COPPA),
1998: require privacy policies and parental consent
 Potential dangers on social networking Web sites
Corporate Privacy Policies
 Should address a customer’s knowledge, control,
notice, and consent over the storage and use of
information
 May cover who has access to private data and when
it may be used
 A good database design practice is to assign a
single unique identifier to each customer
 Single record describing all relationships with the
company across all its business units
 Can apply customer privacy preferences consistently
throughout all databases
Individual Efforts to Protect Privacy
 Find out what is stored about you in existing
databases
 Be careful when you share information about
yourself
 Be proactive to protect your privacy
 When purchasing anything from a Web site, make
sure that you safeguard your credit card numbers,
passwords, and personal information
Health Concerns
 Working with computers can
cause occupational stress
 Training and counseling can often
help the employee and deter
problems
 Computer use can affect physical
health as well
 Strains, sprains, tendonitis,
repetitive motion disorder,
carpal tunnel syndrome
 Concerns about emissions from
improperly maintained and used
equipment, display screens, and
cell phones
 Many computer-related
health problems are caused
by a poorly designed work
environment
 Ergonomics: science of
designing machines,
products, and systems to
maximize the safety,
comfort, and efficiency of
the people who use them
Ethics
 Principles of right and wrong used by
individuals as free moral agents to guide
behavior
 Moral dimensions of the information age
 Information rights & obligations
 Property rights
 Accountability & control
 System quality
 Quality of life
Moral dimensions of the
information age
Information rights & obligations
Property rights
Accountability & control
System quality
Quality of life
Ethics in an information
society
Ethical analysis:
 Identify, describe facts
 Define conflict, identify values
 Identify stakeholders
 Identify options
 Identify potential consequences
Ethics in an information
society
Ethical principles:
 Treat others as you want to be treated
 If action not right for everyone, not right For
anyone
 If action not repeatable, not right at any time
 Put value on outcomes, understand consequences
 Incur least harm or cost
 No free lunch
Information rights







Privacy: right to be left alone
Fair information practices (FIP):
No secret personal records
Individuals can access, amend information about them
Use info only with prior consent
Managers accountable for damage done by systems
Governments can intervene
Intellectual property
 Intellectual property: intangible creations protected by law
 Trade secret: intellectual work or product belonging to
business, not in public domain
 Copyright: statutory grant protecting intellectual property
from copying by others
 Trade Mark: legally registered mark, device, or name to
distinguish one’s goods
 Patent: legal document granting owner exclusive monopoly on
an invention for 17 years
Ethical Issues in Information
Systems
 Code of ethics: states the principles and core
values that are essential to a set of people and
thus governs their behavior
 ACM code of ethics and professional conduct
 Contribute to society and human well-being
 Avoid harm to others
 Be honest and trustworthy
 Be fair and take action not to discriminate
 Honor property rights including copyrights and patents
 Give proper credit for intellectual property
 Respect the privacy of others
 Honor confidentiality