|
|
|
|
|
|
Lesson#45
|
Importance of ethics in IS
|
|
|
|
Importance of ethics in IS
Information is a source of power. Consequently, developments in
information systems also
involve social and political relationships-- and so make ethical
considerations in how
information is used all the more important. Electronic systems
now reach into all levels of
government, into the workplace, and into private lives to such
an extent that even people
without access to these systems are affected in significant ways
by them. New ethical and legal
decisions are necessary to balance the needs and rights of
everyone.
45.1 Meaning of Ethics
Ethics are moral choices made by individuals in relation to the
rest of the community, standards
of acceptable behavior, and rules governing members of a
profession. ETHICS are principles
and rules concerning duty to society, profession and business.
Ethics is about how we ought to
live. The purpose of ethics in information systems is not
philosophical or , it can mean
the survival of a business or industry. The issues relating to
electronic information systems
include control of and access to information, privacy and misuse
of data, International
considerations. Issues of ethics and privacy have always been
there even when computerized
environments were in their natal phase. However, with the
advancement in technology, the
issues have grown sophisticated and so are the remedies.
45.2 Ethical Challenges
Information system security association of USA has listed down
following ethical challenges
1. Misrepresentation of certifications, skills
2. Abuse of privileges
3. Inappropriate monitoring
4. Withholding information
5. Divulging information inappropriately
6. Overstating issues
7. Conflicts of interest
8. Management / employee / client issues
Netiquette
Netiquette, or on-line civility, is a matter of common sense and
of remembering the context of
behavior. The etiquette guidelines for posting messages to
online services, and particularly
Internet newsgroups. Netiquette covers not only rules to
maintain civility in discussions (i.e.,
avoiding flames), but also special guidelines unique to the
electronic nature of forum messages.
Netiquette Guidelines
• In general, do not waste other
people's time, be disruptive, or threaten.
• Do not take up network storage
space with large, unnecessary files; these should be
downloaded.
• Do not look at other people's
files or use other systems without permission.
• When joining a bulletin board or
discussion group, check the FAQ (frequently asked
questions) file before asking questions.
196
• Remember that on-line
communications lack the nuances of tone, facial expression, and
body language. Write clearly. Try to spell correctly and to use
good grammar.
• Do not SHOUT needlessly. Capital
letters are the on-line equivalent of shouting.
• Use asterisks to give emphasis,
but do so *sparingly*.
• Sign messages, and include an
e-mail address when writing to strangers, just in case a
message's header is lost.
• People who become too obnoxious
can be banned from a system or simply ignored.
Many companies and professional organizations develop their own
codes of ethics. A code of
ethics is a collection of principals intended as a guide for the
members of a company or an
organization. The diversity of IT applications has increased and
the increased use of the
technology have created a variety of ethical issues.
45.3 Privacy and Ethics
Whenever one has to talk of privacy, ethics is the second half
of it. It won’t be wrong to say that
privacy may not have been an issue had it not been linked with
the ethical view a society has.
There are certain aspects which when put together formulate a
set of ethical issues. These are
1. Privacy issues
2. Accuracy issues
3. Property issues
4. Accessibility issues
Privacy issues
Following aspects should be covered when privacy is dealt with.
• What kind of surveillance should
be used by an employer on an employee?
• What things can keep to
themselves and not be forced to reveal to others?
• What information about
individuals should be kept in database and how secure is the
information there – Issues of Data Protection
• What can be revealed to others
about oneself if one is required to do so?
Accuracy Issues
Following are some of the accuracy issues.
• How can we ensure that
information will be processed and presented properly?
• Who is responsible for checking
the correctness of information collected?
• Is there any track of errors,
omissions made in the database and who has made them at
what time.
• Who is to be held accountable for
the changes made in data base, whether authorized or
unauthorized, intentional or unintentional.
Property Issues
Following are some of the property issues.
• There has to be defined owner of
the information
• Issues of software piracy
197
• Use of corporate computers for
private use
• Who should access which component
of information database.
Accessibility Issues
These mostly comprise of two aspects.
• Extent of access to be given to
various employees in the organization.
• The definition of privileges of
each person.
Privacy
Before we start of with the concept of privacy in computerized
environments let’s take a look
what privacy is in its literal terms. Privacy means the quality
or condition of being secluded from
the presence or view of others, the state of being free from
unsanctioned intrusion: a person's
right to privacy, the state of
being concealed; secrecy. Privacy is quite a subjective/relative concept.
The limits and boundaries for it are defined by everybody in his
own context.
Protecting Privacy
There are certain important considerations. The rights of
privacy must be balanced against the
needs of the society. Every society has to decide somewhere on
the gray area between hiding all
and knowing all extremes. Public’s rights to know is superior to
the individual’s rights of
privacy. Usually public and individual’s rights stand in
conflict with each other. Since
government agencies have their concerns in priority e.g.
criminal investigation, undesirable
social activities. Various aspects can be seen as a threat to
privacy.
45.4 Threats to Privacy
As technology has grown sophisticated, various aspects can be
seen as a threat to privacy.
• Electronic surveillance
• Data Profiling
• Online Privacy
• Workplace monitoring
• Location tracking
• Background checks
• Financial privacy
• Medical record and genetic
profiling
• Digital right
• Intellectual property rights
• Taxation Issues
45.5 Electronic Surveillance
Secret video surveillance is quite a common technology used at
offices and public places and
events. CCTV’s commonly known as Closed Circuit Televisions can
be seen at almost every
place. Privacy and civil liberties advocates condemn the use of
this technology for recognition
of criminals. Since, in part such technologies tend to hit
privacy of many who are productive
part of the society. Civil libertarians advocate against this
kind of monitoring. Employees have
limited protection against employers. Many countries are getting
serious on finding the right
balance between personal privacy and electronic surveillance in
terms of threats to national
198
security.
45.6 Data Profiling
As we make our way through everyday life, data is collected from
each of us, frequently without
our consent and often without our realization. We pay our bills
with credit cards and leave a
data trail consisting of purchase amount, purchase type, date,
and time. Data is collected when
we pay by check. Our use of supermarket discount cards creates a
comprehensive database of
everything we buy. When our car, equipped with a radio
transponder, passes through an
electronic toll booth, our account is debited and a record is
created of the location, date, time,
and account identification. We leave a significant data trail
when we surf the Internet and visit
websites. When we subscribe to a magazine, sign up for a book or
music club, join a
professional association, fill out a warranty card, give money
to charities, donate to a political
candidate, tithe to our church or synagogue, invest in mutual
funds, when we make a telephone
call, when we interact with a government agency.
45.7 Online Privacy and E-Commerce
News stories of Internet privacy threats are commonplace these
days. The Internet was
designed as an inherently
insecure communications vehicle. Hackers
easily penetrate the most
secure facilities of the military and financial institutions.
Internet companies have designed
numerous ways to track web users as they travel and shop
throughout cyberspace. "Cookie" is
no longer a word associated solely with sweets. It now refers to
cyber-snooping. Identity thieves
are able to shop online anonymously using the credit-identities
of others. Web-based
information brokers sell sensitive personal data, including
Social Security numbers, relatively
cheaply.
45.8 Workplace Monitoring
Privacy advocates often use these words to describe the
workplace. Many forms of monitoring
technologies are available in the marketplace and are becoming
cheaper each year video
surveillance, telephone monitoring, e-mail and voice mail
monitoring, computer keystroke
tracking, Internet Web site monitoring, location tracking using
badges worn by employees and
satellite tracking of the company fleet.
Privacy issues in Work place monitoring
What makes matters worse is that these systems can be deployed
secretly and invisibly.
Employers are not required by law to disclose to their employees
that such monitoring is being
conducted. A requirement of Employer Disclosure is not a normal
practice in various countries.
The only places where employees can expect to be free from
surveillance are in bathrooms and
locker rooms, but even this protection is not absolute.
Workplace Monitoring Justifications
Employers make several arguments to justify their use of
monitoring systems.
1. The employer owns the systems used by the employees to do
their work - primarily the
phone and computer systems.
2. Employers are responsible for the work product of their
employees. Therefore they have
a right, even a duty to monitor.
3. Employers must be able to detect and prevent the sharing or
selling of trade secrets and
other matters of corporate intellectual property.
4. Employers have been successful in making these arguments when
aggrieved workers have
filed lawsuits for privacy violations. The few court cases have
largely been decided in the
199
employers' favor.
Wireless Communication and Locations Tracking
The products and services offered by the wireless industry are
also hitting the privacy aspects.
The signals emitted by a cell phone may be used to track
location of a user from the nearest
communications towers. Cell phones these days have the ability
to pinpoint the user's location
to the nearest 100 feet for emergency assistance. Marketers also
use this cell positioning
technology to market their products. For instance if we are
passing by a food chain, we might
receive a message telling us that just off the next exit is a
restaurant that serves our favorite
cuisine or a new discount package.
Back Ground Checks
More and more organizations try to check back ground history of
the employees in certain
respects. For instance banks for issue of loans, leasing
companies, insurance companies and
employers. Usual aspects are credit profiling e.g. credit
worthiness reports by Credit
Information Bureau of SBP, Ethnic background, criminal
background, addiction and medical
records.
Issues of Privacy
The cost of background checks has decreased dramatically in
recent years. As a result, more
employers are conducting them. Mostly the retrieved information
in background checks is
either incorrect or misleading. The reason is that there is no
such thing as a perfect database.
Financial Privacy
Banks, insurance companies, and brokerage firms are now able to
affiliate with one another
under one corporate roof. Credit card companies, banks,
insurance companies, and brokerage
firms may share their respective databases with one another but
they cannot sell customer data
to third parties without prior notice to customers commonly
known as affiliate sharing. Certain
outcomes of affiliate sharing are "junk" mail, e-mail,
telemarketing solicitations and SPAM
(simultaneously produced advertised message). Elderly
individuals with cash-rich portfolios
could be vulnerable to fraud artists' promises of lucrative
returns on risky investments. In
certain countries legislation on Financial Information Privacy
has been successfully enacted
that requires an “opt in” by customers before a financial
institution can sell personal
information to third parties.
Medical Record confidentiality
Most individuals consider their medical information to be among
the most sensitive of any
information about them.
In the field of health care, another privacy issue on the
healthcare front is genetic profiling. In
many countries, the use of genetic data to discriminate in both
employment and health
insurance is of growing concern to consumers, healthcare
professionals, and policymakers
alike.
Digital Right Management
The migration of print, music, and images to the Internet has
spawned new technologies called
"digital rights management" systems (DRM) that infringe upon
intellectual freedom. Intellectual
property scholars point out that copyright and privacy have
traditionally been compatible
200
because copyright provisions control public distribution of
content. The right to explore ideas
in books, music, and movies without having to identify
ourselves. The right to anonymity is a
vital foundation stone of our democratic society.
Download of content from internet for misusage must be
controlled. Private use of copyrighted
material has been governed by various legislations. The most
recent development in this regard
is TRIPS.
45.9 TRIPS
Trips is an AGREEMENT ON TRADE-RELATED ASPECTS OF INTELLECTUAL
PROPERTY RIGHTS. The agreement has been instituted by World
Trade Organization for all
its members. The agreement sets minimal rules for national
intellectual property law in order to
prevent member nations from using intellectual property as a
hidden trade barrier against other
nations. Part II of the agreement specifically defines the scope
and use of various intellectual
property rights
1. Copyright and Related Rights
2. Trademarks
3. Geographical Indications
4. Industrial Designs
5. Patents
6. Layout-Designs (Topographies) of Integrated Circuits
7. Protection of Undisclosed Information
8. Control of Anti-Competitive Practices in Contractual Licences
Article 10.1 of TRIPS provides that computer programs, whether
in source or object code,
shall be protected as literary works under the Berne Convention
(1971).
Since Pakistan is signatory to WTO it had to take necessary
steps to ensure transfer of
intellectual property rights from / to Pakistan. Accordingly the
Electronic Data Protection Act
2005 was enacted by the parliament covering various aspects
relating to various forms of data,
privacy and consent issues of data subjects whose data is
processed, security of electronic data,
disclosure and dissemination issues and addressing complaints
and offences.
Taxation Issues
Take a situation where a transaction is done online. The server
processing the transaction for
execution may be in USA. The supplier of the product may be in
Canada. The shipment may be
made from UK. The owner of the website may be in Australia. The
person paying online may
be physically in Pakistan. The Question is where should the
transaction be taxed: at the source
of origin or the place of execution. The E-commerce while giving
convenience has also
complicated the situation. Electronic transfers are made to
foreign countries which may be
known to the banks but are hidden from tax authorities. Covert
banking channels are used.
Undisclosed assets are accumulated.
45.10 Privacy Codes and Policies
These were some of the issues developing on privacy. An
organization may think of
developing and implementing a privacy policy. One way to protect
privacy is to develop
privacy policies or codes which can help organizations avoid
legal problems. Senior
management should take acceptance of employees, customers and
suppliers and address issues
201
accordingly.
Aspects to be covered by Privacy Policy
It should cover issues like an overview on what the policy aims
to cover, scope of application of
the policy, all employees of the organization, customers both
online and offline, random visitors
registering for the information extraction in case of web
privacy, Giving customers and
employees an idea what sort and extent of processing and
handling may be performed on the
data being collected from them every time they visit, Informing
web visitors that as they visit
the website, the web server will save cookies on their terminal
and the benefit which the visitors
will get i.e. the web-server will recognize the visitor when the
website is visited next time and
the fact that IP addresses are being saved by the web server and
if combined with the ISP
address, can help to locate computer originating message. This
is not an exclusive detail of
issues. Other issues may also be added according to the need of the
organization.
<<<<< THE END >>>>>
|
|
|
|
|
|
|