Ethics in Information Technology

Ethical Issues
Gaining competitive advantage by the use of IT may involve unethical or even legal actions. IT is used in the companies: To monitor the activities of other companies May invade the privacy of individuals

While using business intelligence i.e. spying on competitors, firms may engage itself in many unethical tactics by pressurizing competitors employees to reveal information or using software which is the intellectual property of other companies, without the latters knowledge. Many a times such as actions are legal so to say due to fact that IT is new and its legal environment is not well developed yet. The spread of IT has created many new ethical situations. Issue of a company monitoring electronic mail is supported by only 47 percent of the readers of information week, 53 percent disagree. There are major difference even with companies and individuals with respect to what is right and wrong. So also with different countries what is unethical is one culture may be perfectly acceptance to others. Most of the western countries have much higher concern for individual and their rights to privacy than some of the Asian countries. Big companies and professional organizations develop their own codes of ethics; which is a collection of principles intended as a guide for members of a company or an association.

It is different things for different people. Four stages of privacy are: Solitude an individuals desire to be left alone, away from outside interference. Intimacy the state of privacy one wants to enjoy from the outside world. Anonymity - a persons wish to be free from external surveillance. Reserve an individuals desire to control Information about himself.

Security Threats
Information systems have many components, which are at several locations. It is therefore, these are vulnerable to many potential hazards. The hazards may be: Accidental such as errors or natural disasters Intentional such as theft, viruses and malicious attacks on a computer centre.

The latter is serious due to the large number of potential computer criminals, both internal and external to the organization. Criminals have various motives and cannot be predicted why they would do.

Specific Threats
Some specific threats to information systems are: Loss, theft or corruption of data Inappropriate use of data(manipulating inputs) Theft of mainframe computer crime Theft of equipment and/or programs Errors in handling, entering, processing, transferring or programming of data Equipment malfunctions Accidental or malicious damage to computer resources and Destruction from viruses and similar attacks.

Attacks on Computer Systems

Two basic approaches are in deliberate attacks on computers systems. These are Data tampering (Data deddling) and Programming technique. 1. Data Diddling: It involves performing unauthorized modifications to data stored within the computer system. Example: An employee in an organization used his privileged access to falsify his academic record. The employee was subsequently discharged without tracing, criminal charges to avoid embarrassment to the victimized institution. Another common data diddling crime is when a clerk changes the destination address of shipment of goods, diverting them to accomplices. 2. The Trojan Horse Technique: The name Trojan horse in greek mythology represents a large wooden horse left by the Greeks upon their pretended retreat of the siege of troy. The Trojans, thinking it was a sacrifice to Athena, let the horse into the city gates. In the night, Greek soldiers hidden within the horse opened the gates to the Greek army, which conquered the city. In todays electronic age, similar to the above example is a block of computer code, buried wiyhin an authorized program that performs unauthorized actssuch as transferring money to a criminals bank account.

3. Salami Slicing: This technique works on the assumption that if small quantities of money are shaved from a lot of balances that are not closely checked and these shavings are combined in a central account which would swell to a large amount overtime. The finance sector is particularly vulnerable to the shaver. Internet posted to the bank or security accounts is often not checked by its owners down to the nearest paise- hence a criminal with access to an interest payment program could divert into his account all hundredths of paise in interest that should be credited to the real owners accounts. 4. Super Zap Programs: It can bypass regular system controls if a malfunction or significant error in the computer system exists. Example: If a vital update program crashes and the account balances updating are operative only when the programs runs, to fulfil the shortage, it has to be reconstructed by other methods. Before superzap programs allow their users privileged operations, only certain key personnel are authorized to use them. In the hands of the wrong person, they could be used to perform various criminal acts. 5. Trapdoor Routines: These are routines used in program development to allow developers access to various parts of the computers system in order to see that the program to view various sections of RAM, as a check that the program is storing data correctly. Trapdoors are supposed to be criminals accessed passwords through a trapdoor that was not removed and later used the passwords to break into the system. 6. Logic Bombs: It is a routine that causes part of tha computer system to become inoperative or to malfunction as soon as the routine is executed. Such malicious logic bombs are written by disgruntled programmers who are often on the verge of being forced to erase key files or programs or to cause programs to halt or process data incorrectly. Some of the software vendors may purposely incorporate logic bombs into programs usually to disable a software package after a certain time period.

Computer Viruses- How it spreads?

A virus starts when some one writes a programme that embeds itself in a host programme. The virus attaches itself to the host pprogramme or data and travels anywhere that the host programme or piece of data travels. Transmission can occurs on floppy disk, over communications network, or though electronic bulletin boardsIf undetected by virus scanning and eradication software, the virus is set off by either a time limit or some set or circumstances possibly a simple sequence of computer operations by the user. If undetected by virus scanning and eradication software, the virus is set off by either a time limit or some set or circumstances possibly a simple sequence of computer operations by the user.

Then it does whatever the virus programmer intended, whether it is to print phrases such as Beat the Vikings, erase date or damage the system.

Just as a biological virus causes disease by disrupting the normal operations of living cells in an organism, a computer virus invades the inner workings of computers and disrupts normal operations. The term computer virus is used to describe a logic bomb at which a piece of unauthorized code acts as a parasite that attaches itself to a host programme during a copy operation. Computer virus code to make it reproduce and transmit commands may be inserted to spread the virus from one computer to others on its network. Virus code is often implanted by the Trojan Horse technique. Virus Problems Virus infections gives raise to the following problems: Loss of productivity Screen messages and lockup Unreliable applications Loss of user confidence Corrupted files Loss data System crashes

Prventing Computer Crime Hire carefully Encrypt data and programs Beware of malcontents Monitor system transactions Separate employee functions Conduct frequent audits Restrict system use Protect sources with password or access cards and Educate people in security measures

Software Packages
These are: Central point antivirus Flu shot plus Viruscan Dr.Solomons antivirus tool kit Virucide

Scavenging Techniques Someone browses through garbage for information that can be used to perform a criminal activity. In one case, a scavenger looked through trash cans containing computer output and illegally ordered thousands of dollars worth of communications equipment before being caught. Leakage Leakage results when important data, programs or computer resources normally safeguardedleave a site without reason. Exsmple: Sensitive data can be transported to 3 1/2 diskette, which can be put in an employees pocket and never noticed when he/she leaves the work.Mathematical algorithms can be used to hash programs or data so that they look like garbage and are allowed to leave the company undetected. Eaves dropping Eaves Dropping allows a person to observe transmissions intended for other people. Micro to main frame telecommunication links and local area networks are unreliable to eavesdroppers. Their security features are improving over time. The primary targets of the eavesdropper are protected passwords and account numbers Wire Tapping Wire Tapping is a special case of eavesdropping, consists of setting up a special transmission path to divert the flow of data. Example: A wire/unauthorized acts such as: Espionage Stealing programs Altering data and so on.

Satellite facilities are especially vulnerable to wire tapping. Fibre optic cable, om the other hand is relatively safe from wiretaps because cutting the cable in any way deflects the transmitted light beams and garbles data completely.

Software Piracy Software Privacy refers to the unauthorized copying or use of programs. The most familiar form of software privacy is when people make unauthorized copies of such programs as LOTUS 1-2-3 or dBASE for their own use. Several law suits have evolved from such abuses. The costly form of software privacy to organizations, however is where professional thieves make thousands of copies of a software program and sell them illegally. Hacking The term hacker originally referred to computer professionals who solved complex computer problems. Today, the term Hacker has a negative meaning. Hacking is computer crime in which the criminal breaks into a computer system just for the challenge of doing so. Example: High school hackers in Milwaukee Computer Club broke into computers at the Sloan-Kellering Cancer Institute and at the Los Almos National Laboratory. However, hacking though receives wide publicity, it constitutes a relatively small percentage of computer crime.

Computer Crime Prevention

HIRE CAREFULLY - the most logical way to prevent them is by hiring trust worthy people. However, would be criminals cannot be spotted easily at the time of hiring. Trust worthy people. Trust worthiness are to check references and- for people required to work in sensitive environments- conduct background checks. BEWARE OF MALCONTENTS Crime experts put at the top of their list is the disgruntled employee. They may steal disks containing the companys most important financial records by using his after-hours access to a computer installation and locating the same. Example: An editor for encyclopedia Britannica sought revenge for dismissal by substituting names of Britannica employees with historical figures and Allah for Jesus in numerous passages of that company electronic storage banks. SEPARATE EMPLOYEE FUNCTIONS Crimes are difficult to commit when some of the people are made to work together. Exampl: A person who issues pay cheques should not be permitted to update pay roll data. Cheque takers in some companies employ a procedure of makers. checkers and signers to prevent abuses in this area. Those who have update privileges are not permitted to audit the financial data. Rotate workers from critical positions. Force employees to take vacations.

The other preventions are: Restrict system use. Protect resources with passwords or other user authorization checks. Encrypt data and programmes. Monitor system transactions Conduct frequent audits

Intellectual Property
It refers to creations of the mind inventions, literary and artistic works, symbols, names, images, and designs used in commerce. Intellectual Property Rights is the exclusive right to inventions, writings and artistic creations shall be secured to inventors, authors, and artists for a limited period Intellectual property is divided into two categories: Industrial property, which includes inventions (patents), trademarks, industrial designs, and geographic indications of source A patent is the right granted to an inventor by a State, which allows the inventor to exclude anyone else from commercially exploiting his invention for a limited period. By granting an exclusive right, patents provide incentives to individuals, offering them recognition for their creativity and material reward for their marketable inventions. A trademark is a sign, or a combination of signs, which distinguishes the goods or services of one enterprise from those of another. Service mark a trademark used in connection with services A commercial or trade name is the name or designation that identifies an enterprise.

Copyright, which includes literary and artistic works such as novels, poems and plays, films, musical works, artistic works such as drawings, paintings, photographs and sculptures, and architectural designs. According to the law, a copyright protection extends to original works of authorship fixed in any tangible medium or expression, now known or later developed, from which they can be perceived, reproduced, or otherwise communicated, either directly or with the aid of a machine or device. The use of copyright materials that does not violate or infringe the exclusive rights of the copyright holder. Limitations of Copyright 1. Copyright does not protect the authors creative idea. 2. Copyright protects only fixed, original and creative expressions, not the ideas or facts upon which the expression is based For Example: Copyright may protect a film but it cannot protect the underlying theme of the film. 3. Copyright does not protect facts, whether scientific, historical, biographical, or news of the day. Any facts that an author discovers in the course of research are in public domain.

Relationship among Ethical, Social and Political Issues raised by Information Systems
Details 1. Closely related in an Information Society 2. How develops? Ethical issues Yes Social issues Yes Political issues Yes

Confronts individuals who must choose of action, in a situation in which two or more ethical principles are in conflict (Ethical dilemma)

Spring from ethical issues. Societies must develop expectations in individuals about the correct course of action. Social issues often become debates about the kind of situations and expectations that societies should develop so that individuals behave correctly.

Spring from social conflict. Have to do largely with laws that prescribe behavior and seek to create situations in which individuals behave correctly

Main Moral Dimensions of an Information Society

Following are five that tie together ethical, social and political issues in an information society. These are: Information rights and obligations-spell out corporate privacy and due process policies. Property rights and obligations-clarify how corporation will treat property rights of software owners. Accountability and control-clarify who is responsible and accountable for information. System Quality-Identify methodologies and quality standards to be achieved. Quality of life-Identify corporate politics on family, computer crime, decision making, vulnerability, job loss and health risks.

Ethical Analysis as a five-step methodology for analyzing a situation

The method involves: Identifying the facts Identifying the values Identifying the stakeholders

Identifying the options Consequences of actions

After completion, you can consider what ethical principle you should apply to a situation to arrive at a judgement.

Internet Crime and Computer Abuse

1. Hacking: Hackers exploit weakness in website security to obtain access to proprietary data such as customer information and passwords. They may use Trojan Horse, as a legitimate software 2. Jamming: They use software routines to tie up the computer hosting a website so that legitimate visitors cant access the site 3. Malicious Software: Cyber vandals use data flowing through the Internet to transmit computer viruses to desirable computers 4. Sniffing: A form of electronic caves dropping, involves placing a piece of software to intercept information passing from a user to the computer hosting a website (includes credit cards numbers and other confidential data) 5. Spoofing: Fraudulently misrepresent themselves as other organizations, setting up false websites where they can collect confidential information from unsuspecting visitors to the site.

Candidate Ethical Principles

Following are the few ethical principles with deep roots in many cultures that have survived throughout recorded history. 1. Golden rule Do unto others as you would have them do unto you putting yourself into the place of others and thinking of yourself as the object of the decision, can help you think about fairness in decision making. 2. Kants categorical imperative If an action is not right for everyone to take, then it is not right for anyone. 3. Descartes rule of change (slippery-slope rule) If an action cannot be taken repeatedly, then it is not right to take at all. An action may bring about a small change now that is acceptable, but if repeated at would bring unacceptable changes in the long run. It might be stated as once started down a slippery path, you may not be able to stop.

4. Utilitarian principle Take the action that achives the higher or greater value. This rule assumes you can prioritise values in a rank order and understand the consequences of various courses of action. 5. Risk Aversion principle Take the action that produces the least harm or the least potential cost. Some actions have extremely high failure costs of very low probability (e.g. Building a nuclear generating facility in Urban areas) or extremely high failure costs of moderate probability ( speeding and automobile accidents). Avoid these high failure cost actions, paying greater attention to high failure cost potential of moderate to high probability. 6. No free lunch Rule Assume that all tangible and intangible objects virtually are owned by someone alse unless there is a specific declaration otherwise and that the creator wants compensation for this work. If something someone else has created is useful to you, it has value and you should assume the creator wants compensation for the work. You have to decide which ethical principle you have to follow and decide how to prioritise them. These ethical rules cannot beabsolute guides to action; Actions that do not easily pass these rules deserve some very close attention and a great deal of caution.

Effect of Threat from Computer Crimes

1. Denial of service It is becoming a common networking prank. By hammering a websites equipment with too many requests for information, an attacker can effectively log the system showing performance or even crashing the site. This method of overloading computers is used sometimes to cover up an attack. 2. Backdoors In case the original entry point has been detected, having a few hidden a few hidden ways back makes reentry easy-and difficult to detect. 3. Password Crackers Software that can guess passwords. 4. War dialing Programmes that automatically dial thousands of telephone numbers in search of a way in through a modern connection. 5. Buffer overflow A technique for crashing or gaining control of a computer by sending too much data to the buffer in a computers memory 6. Social Engineering A tactic used to gain access to the computer system by talking unsuspecting company employees out of variable information such as passwords.

7. Dumpster Diving Sifting through a companys garbage to find information to help break into their computers. Sometimes the information is used to make a stab at social engineering more credible. 8. Malicious Applets Tiny programmes, sometimes written in the popular java computer language, that misuse computers resources, modify files on the hard disk, send take e-mail, or steal passwords. Information technologies can support both beneficial and detrimental effects The use of information technologies in business has had major impacts on society and thus raise ethical issues in the areas of: Crime Individuality Health Privacy Employment Working conditions