Ethical Issues for Computing Professionals PC307 - PowerPoint PPT Presentation

1 / 69
About This Presentation

Ethical Issues for Computing Professionals PC307


Alex Reid. IT Policy Executive Officer. The University of ... Amy Davis-Herbison and Nikolai Gor. 16-Apr-02. Ethical Issues - Alex Reid, University of WA ... – PowerPoint PPT presentation

Number of Views:221
Avg rating:3.0/5.0
Slides: 70
Provided by: alex115


Transcript and Presenter's Notes

Title: Ethical Issues for Computing Professionals PC307

Ethical Issues for Computing ProfessionalsPC307
  • Alex Reid
  • IT Policy Executive Officer
  • The University of Western Australia

  • A. Why is Computer Ethics Special?
  • B. Some Ethical/Moral/Social Issues
  • C. Requirements of a Professional
  • D. ACS Code of Ethics
  • E. ACS Code of Conduct/Practice
  • F. Case Studies

Why is Computer Ethics Special?
  • Computers are pervasive
  • Computers are (nearly) universally affordable
  • Computers are so new
  • Computers are advancing so rapidly
  • Computers are logically malleable
  • Computers are so powerful
  • Computers are so fast
  • Computers introduce spatial separation
  • Computers introduce temporal separation
  • Computers break the chain of responsibility
  • Computers have memory
  • Computers manipulate information
  • Computers facilitate anonymity
  • Computer programs cant be proven to be correct
  • Computers are not 100 reliable...

Catalogue of Failures
  • Computers and/or software failure have figured
  • Hole in ozone layer undetected for 7 years
  • US Air Force Blackhawk helicopter crashes 22
  • Therac-25 cancer radiotherapy machine 4 US
  • Gulf War Dhahran base Scud attack Patriot
  • Hubble error compounded by computer shut-down
  • Three-Mile Island
  • Chernobyl
  • Challenger Space Shuttle deaths
  • Mt Erebus Air NZ crash
  • Korean Air Lines flight 007 over Sakhalin Island
  • HMS Sheffield sinking in Falklands
  • Iranian airbus shot down over Persian Gulf
  • etc

Catalogue of Failures - 2
  • Why is Software so prone to Catastrophic Failure?
  • Complexity
  • Error Sensitivity
  • Hard to Test
  • Correlated failures
  • Lack of professional standards no software
  • Development methodologies
  • Roger Needhams Most Surprising Development
  • Verification possible by
  • mathematical analysis
  • case analysis
  • extensive testing or
  • combination of the three.
  • Proving software correctness
  • Tony Hoares Wasted 20 Years

Ethical/Moral/Social Issues
  • Hacking
  • Viruses
  • Spam email
  • Backups
  • Security
  • Privacy
  • Anonymity
  • Cost estimation
  • Competent Advice
  • Software Agreements
  • Private use of Company Internet
  • Manipulating Photographs
  • Webcams Privacy
  • Y2K - Should it have happened?

Consequence of Y2K?
Cartoon to highlight potential catastrophic
effects of Y2K. From
Professional Body
  • Criteria
  • established body of specialised knowledge
  • formal accrediting criteria
  • defined performance standards
  • standards of conduct/ethics ( disciplinary
  • recognition in society
  • etc
  • Summary
  • professionals are people who have specialised
    knowledge on which others (and the public in
    general) have to place dependence the public
    have to trust those professionals in regard to
    their specialised knowledge a degree of
    trustworthiness and responsibility on the part of
    the professionals.

ACS Code of Ethics - 1
  • 1. To uphold and advance the honour, dignity and
    effectiveness of the profession of information
    technology and in keeping with high standards of
    competence and ethical conduct, a member must
  • a. be honest, forthright and impartial, and
  • b. loyally serve the community, and
  • c. strive to increase the competence and prestige
    of the profession, and
  • d. use special knowledge and skill for the
    advancement of human welfare.

ACS Code of Ethics - 2
  • 2. The personal commitments set out in 3 and 4
    bind each member with regard to that member's
    professional conduct.

ACS Code of Ethics - 3
  • 3. Values and Ideals I must act with
    professional responsibility and integrity in my
    dealings with the community and clients,
    employers, employees and students. I acknowledge
  • 3.1 Priorities I must place the interests of the
    community above those of personal or sectional
  • 3.2 Competence I must work competently and
    diligently for my clients and employers.
  • 3.3 Honesty I must be honest in my
    representations of skills, knowledge, services
    and products.
  • 3.4 Social Implications I must strive to enhance
    the quality of life of those affected by my work.
  • 3.5 Professional Development I must enhance my
    own professional development, and that of my
    colleagues, employees and students.
  • 3.6 Information Technology Profession I must
    enhance the integrity of the information
    technology profession and the respect of its
    members for each other.

ACS Code of Ethics - 4
  • 4. Standards of Conduct
  • The standards of conduct set out in these
    National Regulations explain how the Code of
    Ethics applies to a member's professional work.
    The list of standards is not necessarily
    exhaustive and should not be read as definitively
    demarking the acceptable from the unacceptable in
    professional conduct in all practical situations
    faced by a member. The intention of the standards
    of conduct is to illustrate, and to explain in
    more detail, the meaning of the Code of Ethics in
    terms of specific behaviour. The fact that a
    member engages in, or does not engage in, these
    standards does not of itself guarantee that a
    member is acting ethically, or unethically, as
    applicable. A member is expected to take into
    account the spirit of the Code of Ethics in order
    to resolve ambiguous or contentious issues
    concerning ethical conduct.

ACS Code of Ethics - 5
  • 5. Priorities In accordance with 3.1
  • 5.1 I must endeavour to preserve continuity of
    information technology services and information
    flow in my care.
  • 5.2 I must endeavour to preserve the integrity
    and security of the information of others.
  • 5.3 I must respect the proprietary nature of the
    information of others.
  • 5.4 I must endeavour to preserve the
    confidentiality of the information of others.
  • 5.5 I must advise my client or employer of any
    potential conflicts of interest between my
    assignment and legal or other accepted community
  • 5.6 I must advise my clients and employers as
    soon as possible of any conflicts of interest or
    conscientious objections which face me in
    connection with my work.

ACS Code of Ethics - 6
  • 6. Competence In accordance with 3.2
  • 6.1 I must endeavour to provide products and
    services which match the operational and
    financial needs of my clients and employers.
  • 6.2 I must give value for money in the services
    and products I supply.
  • 6.3 I must make myself aware of relevant
    standards, and act accordingly.
  • 6.4 I must respect and protect my clients' and
    employers' proprietary interests.
  • 6.5 I must accept responsibility for my work.
  • 6.6 I must advise my clients and employers when I
    believe a proposed project is not in their best
  • 6.7 I must go beyond my brief, if necessary, in
    order to act professionally.

ACS Code of Ethics - 7
  • 7. Honesty In accordance with 3.3
  • 7.1 I must not knowingly mislead a client or
    potential client as to the suitability of a
    product or service.
  • 7.2 I must not misrepresent my skills or
  • 7.3 I must give opinions which are as far as
    possible unbiased and objective.
  • 7.4 I must give realistic estimates for projects
    under my control.
  • 7.5 I must qualify professional opinions which I
    know are based on limited knowledge or
  • 7.6 I must give credit for work done by others
    where credit is due.

ACS Code of Ethics - 8
  • 8. Social Implications In accordance with 3.4
  • 8.1 I must protect and promote the health and
    safety of those affected by my work.
  • 8.2 I must consider and respect people's privacy
    which might be affected by my work.
  • 8.3 I must respect my employees and refrain from
    treating them unfairly.
  • 8.4 I must endeavour to understand, and give due
    regard to, the perceptions of those affected by
    my work.
  • 8.5 I must attempt to increase the feelings of
    personal satisfaction, competence, and control of
    those affected by my work.
  • 8.6 I must not require, or attempt to influence,
    any person to take any action which would involve
    a breach of the Code of Ethics.

ACS Code of Ethics - 9
  • 9. Professional Development In accordance with
  • 9.1 I must continue to upgrade my knowledge and
  • 9.2 I must increase my awareness of issues
    affecting the information technology profession
    and its relationship with the community.
  • 9.3 I must encourage my colleagues, employees and
    students to continue their own professional

ACS Code of Ethics - 10
  • 10. Information Technology Profession In
    accordance with 3.6
  • 10.1 I must respect, and seek when necessary, the
    professional opinions of colleagues in their
    areas of competence.
  • 10.2 I must not knowingly engage in, or be
    associated with, dishonest or fraudulent
  • 10.3 I must not attempt to enhance my own
    reputation at the expense of another's
  • 10.4 I must co-operate in advancing information
    processing by communication with other
    professionals, students and the public, and by
    contributing to the efforts of professional and
    scientific societies and schools.
  • 10.5 I must distance myself professionally from
    someone whose membership of the Society has been
    terminated because of unethical behaviour or
    unsatisfactory conduct.
  • 10.6 I must take appropriate action if I discover
    a member, or a person who could potentially be a
    member, of the Society engaging in unethical
  • 10.7 I must seek advice from the Society when
    faced with an ethical dilemma I am unable to
    resolve by myself.
  • 10.8 I must do what I can to ensure that the
    corporate actions of the Society are in
    accordance with this Code of Ethics.
  • 10.9 I acknowledge my debt to the computing
    profession and in return must protect and promote
    professionalism in information technology.

ACS Code of Professional Conduct
  • A1 The Public Interest
  • Safeguard the interests of your clients provided
    that they do not conflict with the duties and
    loyalties owed to the community, its laws and
    social and political institutions
  • A2 Integrity
  • Do not breach public trust in the profession or
    the specific trust of your clients and employers
  • A3 Confidentiality
  • You must not disclose information acquired in the
    course of your professional work except where
    consent has been obtained from the rightful legal
    owner or where there is a legal or professional
    duty to disclose
  • A4 Objectivity and Independence
  • Be objective, impartial and free of conflicts of
    interest in the performance of your professional
  • A5 Competence
  • Accept only such work as you believe you are
    competent to perform and do not hesitate to
    obtain additional expertise from appropriately
    qualified individuals where advisable

ACS Code of Professional Conduct cont.
  • A6 Keeping Up-To-Date
  • Keep yourself, and subordinates, informed of such
    new technologies, practices and standards as are
    relevant to your duties
  • A7 Subordinates
  • Ensure subordinates are trained in order to be
    effective in their duties and to qualify for
    increased responsibilities
  • A8 Responsibility to your Client
  • Actively seek opportunities for increasing
    efficiency and effectiveness to the benefit of
    the user
  • A9 Promoting Information Technology
  • Endeavour to extend public knowledge,
    understanding and appreciation of Information
  • A10 The Image of the Profession and the Society
  • Refrain from any conduct or action in your
    professional role which may tarnish the image of
    the Information Technology profession or
    unjustifiably detract from the good name of your
    professional body

Case Studies
  • Each case involves various aspects of the Codes
    and/or ethical or social issues.
  • They are mostly based on actual cases.
  • Analyse each case for the following
  • identify those to whom you owe any kind of duty
  • assess the the extent of harm potentially
    incurred by each person or category
  • assign priorities to the duties owed
  • identify possible alternatives
  • seek opportunities for negotiation and formation
    of social contracts.

Case Study 1
  • Robbie the Killer Robot
  • Industrial Robot killed its operator
  • Programmer introduced an error into program
  • Operator did not follow instructions correctly
  • Supervisor did not ensure operator was adequately
  • Management cut corners
  • See http//

Case Study 2
  • Quality Control Manager Quandary
  • Testing possibly inadequate
  • Company pressuring him to sign off
  • Delays may cost the company business, him his
    job, etc
  • Test pilot knows his job is risky anyway
  • Danger to the test pilot and to other victims of
    any crash
  • Social Contract approach
  • See Brennan Handout IEEE Computer, March 1990,

Enhancing Photos
Cartoon to highlight range of services beyond
mere develop print that Photo Shops may/now
offer. From
Case Study 3
  • Digital Photograph Manipulation
  • Simple now for various forms of image
    enhancement to be made, eg
  • Red-eye elimination
  • Cropping
  • Special effects (eg sepia-colour)
  • Wrinkle removal
  • Changing the contents in significant ways
  • Photograph of Margaret River
  • Not professionally done
  • Personal use
  • What if used in Sales Material? Do I have any
    responsibility/liability as photo manipulator?
  • Photo of official opening of Oxford Materials
    Centre manipulated to move Plaque to be between
    the hand-shakers
  • Photos of Celebrities
  • Possible example The Mystery of Britney Spears
    Breasts http//

Margaret River View
Celebrity Pics
Picture of Britney Spears (not doctored, so far
as I know, but some such photos may
be!). From
Spam - What is Our Responsibility?
Cartoon to highlight anti-social nature of giving
the email address of an associate to a Spamming
organisation. From
Case Study 4
  • Collecting Email Addresses
  • Gilles Plains Primary School project 10/4/02 (see
  • This could be legitimate, but also could be a
    great scam to collect (real) email addresses.
  • What other anti-social aspects does this have?
  • How could it be modified to allay such suspicion
    and still achieve its alleged goal?

We are Year 6 students at Gilles Plains Primary
School, situated in Adelaide South Australia. Our
teacher, Mr Small is helping us with this
project. We have decided to map the progress of
an e-mail. We are interested in finding out
"Where in the World' our e-mail will go. We are
starting our project on April 8 2002 We would
appreciate your help. If you receive this
message, we ask that you 1. Email us back at and tell us your
location, by suburb city, state and country. We
will plot these locations on our map. 2. Forward
this e-mail and send it to everyone on your
address list. They, in turn, they can send it to
all their contacts. This will help us to reach as
many people as possible. After collecting the
e-mail messages and plotting them on a map, we
will graph the number of responses we have
received by state and country. With your help,
this project will be a very exciting learning
experience for us. Thank you. Amy Davis-Herbison
and Nikolai Gor
Spam Offer
  • DATE 28 Mar 2001 12145 AM
  • FROM
  • Bulk e-mail can get you the best exposure on the
  • What we offer
  • General AOL Lists or other ISPs
  • 200.00 for 1-million e-mails sent.
  • 400.00 for 3-million e-mails sent.
  • 600.00 for 5-million e-mails sent.
  • 800.00 for 7-million e-mails sent.
  • 1000.00 for 10-million e-mails sent.
  • Call for bigger packages!

New Form of Spam
Cartoon to highlight ubiquity of email spam (like
a new form of snow). From
Case Study 5
  • Examining Email Contents - I
  • You are the Systems Administrator at your
    medium-sized Company.
  • Your Company does not allow its systems to be
    used for private email.
  • Your boss requests you to obtain copies of all
    email to/from a particular employee.
  • What do you do?
  • Comply?
  • Comply but tell the employee?
  • Refuse without the employees consent?
  • Take the matter higher?
  • Refuse?
  • Would it make any difference if
  • the Company had no clear policy about private
  • The Company policy made it clear it could monitor
    employees email?

Case Study 6
  • Examining Email Contents - II
  • You are the Systems Administrator at a university
  • The university and the college have strict rules
    about email confidentiality.
  • One of the college inmates, an underage,
    14-year-old girl, has gone missing.
  • The college warden asks you to examine all email
    to/from her account for the past month, looking
    for clues as to her whereabouts and associates.
  • What do you do?
  • Agree?
  • Agree only with the consent of the parents?
  • Agree only with an official request from the
  • Take some other action? What?
  • Would it make any difference if the parent had
    asked, and no-one else?

Case Study 7
  • Examining Email Contents - III
  • You are the Systems Administrator at a
    medium-sized Company.
  • The Company has strict rules about email
  • In the course of routine system checking, you
    come across fragments of email that appear to
    indicate that your spouse is having an affair
    with a work colleague.
  • What do you do?
  • Ignore it?
  • Monitor henceforth all email to/from your
  • Confront either or both of them?
  • Keep a record of it, bide your time, waiting for
    evidence from some other source?
  • Take some other action? What?
  • What difference would it make if the email
    fragment indicated instead some proposed illegal

Viruses - What is Our Responsibility?
Cartoon to highlight danger (perhaps not
physical, as in cartoon!) of opening email
attachments of unknown provenance. From
Case Study 8
  • Responsibility for Virus Protection
  • You are the Systems Administrator for your
    medium-sized Company.
  • Your Company allows private email, and has a
    strong confidentiality policy.
  • The volume of viruses has been on the increase,
    and staff are not implementing the recommended
    procedures (eg keeping virus protectors up to
    date) this is creating additional workload for
  • You are convinced that a straightforward, and
    ultimately less expensive, solution would be to
    check all email at entry to (end exit from) the
    Company, but the employees and the Company object
    on the grounds that this would make covert email
    snooping easier.
  • What do you do?
  • Comply?
  • Take the matter to the CEO?
  • Resign?
  • Take some other action? What?

Bunratty Attack
  • 1997 COSAC Conference in Bunratty, Ireland
    (Computer Security Audit Control Symposium)
  • Standard (innocent) email messages
  • Utilises standard Messaging API
  • Utilises hidden folders
  • All hidden from user - eg as for Calendar updates
  • Covert, asynchronous, remotely upgraded, remotely
  • Defence requires code on every client to identify
    false messages
  • I-Love-You (followed by Kournikova) Virus based
    on some of the same vulnerabilities, but not all
  • What would you do?
  • Keep as quiet as possible?
  • Tell Microsoft under a veil of secrecy?
  • Publicise as widely as possible to ensure
    something is done?
  • Take some other action? What?

DIY Virus
  • Do It Yourself Virus
  • I have unfortunately been very busy lately and
    haven't had the time to write a virus. So please
    take a couple of minutes to open Windows and
    randomly delete 10 or 12 files (including a
    minimum of 3 system files) and then send this
    e-mail on to everyone on your mailing list.
  • Thank you for your co-operation.

Hoax Virus
  • Exploits naïve users
  • Exploits unusual icon for system file
  • Advises user to delete file
  • Advises user to forward to everyone they know
  • See http//

Subject BAD virus - act quickly!! Date Tue, 29
May 2001 215722 -0400 Subject Please Act
become activate on June 1st and will delete all
files and folders on the hard drive. No
Anti-Virus software can detect it because it
doesn't become a VIRUS until 1/6/2001. It travels
through the e-mail and migrate to your
computer. To find it please follow the following
directions Go To "START" button Go to "Find" or
"Search" Go to files and folders Make sure to
search in drive C Type in SULFNBK.EXE Begin
Search If it finds it, highlight it and delete
it Close the dialogue box Open the Recycle
Bin Find the file and delete it from the Recycle
Bin You should be safe. The bad part is you need
to contact everyone you sent ANY e-mail to in the
past few months.
Will Virus Ruin Your Computer Too?
Cartoon to highlight danger of asking a colleague
to see if a floppy disk you have also destroys
their computer. From
Case Study 9
  • Monitoring Employee Activity
  • You are the Systems Administrator at your
    medium-sized Company.
  • You have installed a system allowing a Common
    Desktop Environment to be deployed throughout
    your Company, which also provides various tools
    for remotely monitoring desktop activity -
    primarily to enable you to undertake remote
    Helpdesk functions.
  • Your boss sees the potential to monitor other
    aspects of employee activity, and asks you to
    start collecting a range of statistics, such as
    keystroke rates for keyboard staff, Websites
    visited, numbers and volumes of email created,
  • What do you do?
  • Agree?
  • Agree only if employees are notified?
  • Agree/refuse but notify employees of the
  • Take some other action? What?

Case Study 10
  • Supervisory Powers
  • You are the Systems Administrator at your
    medium-sized Company.
  • You have installed a system allowing a Common
    Desktop Environment to be deployed throughout
    your Company, which also provides various tools
    for remotely monitoring desktop activity -
    primarily to enable you to undertake remote
    Helpdesk functions.
  • Your boss requests you to install this
    supervisory capability also on his PC with
    this he could monitor all sorts of employee
    activity, including snooping.
  • What do you do?
  • Agree?
  • Agree only if employees are notified?
  • Agree/refuse but notify employees of the
  • Take some other action? What?

Hacker Attacks
AusCERT Reports
Case Study 11
  • Security Competence
  • You are the Systems Administrator at your
    medium-sized Company.
  • Your Company is subject to increased (but not yet
    disastrously high) levels of hacker attacks.
  • The IT Committee agrees that a Firewall should be
    installed ASAP, and it falls to you (as the most
    competent person) to do so - you see this as a
    great career opportunity.
  • But you have no experience/knowledge at all with
  • What do you do?
  • Ask for time and funds to attend a suitable
    course (but none is available for some months)?
  • Scan the Web for suitable information to enable
    you at least to be able to use the correct jargon
    (eg or
  • Quickly buy and devour a suitable textbook?
  • Recommend employment of a firm of technical
  • Take some other action? What?

2 Types of Hacker
  • Clever, addicted, insatiable quest for knowledge,
    a cooperating community, advancing the cause of
    effective computer programming, development and
  • Gaining access to private computers
  • Beating the system
  • Electronic graffiti
  • Personal gain, theft, data alteration, etc
  • The Hackers Handbook (1985) Cornwall/Sommer
  • International crime
  • Espionage
  • The Cuckoos Egg (1990) Clifford Stoll
  • Vandalism
  • Denial of Service attacks
  • CERT Computer Emergency Response Team

Hacker Ethics and Rationale
  • Ethics
  • All information should be free
  • Access to computers should be unlimited and total
  • Mistrust authority promote decentralisation
  • Judge hackers by their skill
  • True hackers create art and beauty
  • Computers can change your life for the better
  • - Levy Hackers
  • (see Open Source Initiative)
  • Rationale
  • Were helping to improve security
  • Its the fault of the software vendors
  • Its the fault of slack security
  • Were not doing any harm
  • No-one will listen unless we take action
  • It helps keep Big Brother at bay

Incentives to Do the Right Thing
Destruction of World Trade Centre, 11-Sep-01. All
tenants had adequate information/system backup
arrangements in place, courtesy of previous bomb
Picture (burning Twin Towers) From The Times,
Case Study 12
  • Systems Security Responsibility
  • You are responsible for Computer Systems Security
    at your medium-sized Company.
  • You have formulated and received Company approval
    for a backup policy, requiring all PC owners to
    undertake backups at least once per week.
  • However, you are continually asked to retrieve
    lost files, which have not been properly backed
    up you do not have the time to do this, nor to
    constantly badger employees to undertake backups.
  • What do you do?
  • Just put up with it?
  • Continue nagging, without much hope of
  • Complain officially to Management, perhaps
    fingering some individual?
  • Request approval to spend large amounts of money
    on automating it (centrally)?
  • Take some other action? What?

Case Study 13
  • Unintelligible Reports to Management
  • You are responsible for Computer Systems Security
    at your medium-sized Company.
  • You identify some areas of vulnerability, and
    prepare a Report to Management setting out the
    measures that need to be put in place to address
    these the Report is largely written in terms of
    which ports on which computers need to be barred.
  • Management cannot understand the Report and will
    not act until it knows what steps you are
    advocating. You cannot think how else to express
    what you had to say. There is no-one else in the
    Company that might be able to help.
  • What do you do?
  • Refuse to rewrite it - be it on their own
  • Contact a colleague at another Company and ask
    for help?
  • Take a course in clear English expression?
  • Ask the Company to engage a technical consultant
    to rewrite it?
  • Take some other action? What?

Taking the Blame
Cartoon of computer taking the blame for a sales
nose-dive (jumping out the window). From ENTEC
Catalogue, UK, Oct 95
Case Study 14
  • Blaming the Computer
  • You are the IT Manager at a small government
  • A recent computer problem resulted in many
    regular cheques to pensioners being delayed for
    several days.
  • The Minister has prepared a Press Release in
    which he blames the problem on a Computer
  • However, you know that the following factors
    (only) were involved
  • a rapid change to an operational system in order
    to accommodate a refinement required by the
  • a poor system specification
  • a consequent programming error.
  • What do you do?
  • Keep quiet?
  • Complain to the Ministers Office that it is
  • Take up the matter with your Head of Department?
  • Take some other action? What?

Clients Adding Features
Cartoon to highlight unreasonable
demands/expectations of end-users wanting to add
features. From
Case Study 15
  • Quick Patch versus Full Rewrite
  • You are the IT Manager at a small government
  • You have been requested by the relevant
    Government Minister to make some changes to a key
    operational computer system, and to make them
    within 2 weeks.
  • It has already been agreed that this system
    cannot be patched any further, but must be
    completely rewritten this will take at least 6
    months, and work has already commenced.
  • Any further patching of the existing system
    carries a very high degree of probability of
  • What do you do?
  • Refuse the Ministers request (with all the
    political fallout that would produce)?
  • Endeavour to comply as best you can?
  • Comply, but make sure you have on record that you
    only did so under sufferance?
  • Take some other action? What?

Case Study 16
  • Project Estimation Errors
  • You are the IT Manager for a medium-sized
  • Your team has been embarked for 4 months on the
    development of a major system of critical
    importance to the Company.
  • You discover that progress is about 50 of what
    you had planned, mainly because your estimates
    had been rather optimistic, in order to ensure
    your team was awarded the contract.
  • Many other parts of the Company are dependent on
    delivery of this system on-time.
  • What do you do?
  • Keep quiet and hope it goes away?
  • Encourage your team to redouble their efforts to
    catch up for lost time?
  • Take on more staff to help speed up development?
  • Blame the delays on external factors, like
    programmer sickness, specification creep, etc?
  • Frankly discuss/confess the matter with
    Management, thus losing much credibility?
  • Take some other action? What?

Case Study 17
  • Use of Spare PC Capacity
  • Setting up idle PCs so their CPU capacity can be
    used for community projects, eg
  • SETI
  • Cancer Research
  • Anthrax Research
  • Search for Prime Numbers
  • Harnesses dramatic amounts of processing power
  • Potential breakthrough in AIDS Research already
  • Unauthorised use
  • What steps should be taken before using Company
    computers for this purpose?
  • See http//

Spare PC Capacity
From Edupage, January 23, 2002 RESEARCHERS
Research Project has launched a distributed
computing project to try to develop a cure for
anthrax, using computer-aided molecular analyses.
Individuals can download a screen saver program
and contribute some of their PC's unused
processor cycles to the effort, creating a
supercomputer that analyzes billions of
molecules, the group said. Members of the group,
including Intel, Microsoft, United Devices, the
National Foundation for Cancer Research, and
Oxford University, promise users that the system
is secure and private. The screen saver operates
whenever resources are available for computation
results are sent back to a data center run by
United Devices. (Reuters, 22 January 2002)
Spare PC Capacity
From Edupage, January 18, 2002 CRIMINAL CHARGES
McOwen, a former systems administrator at DeKalb
Technical College in Georgia, faces a 2,100 fine
and 12 months probation for linking a number of
the college's computers to in
order to break a code using idle computing
cycles. McOwen had originally faced criminal
charges, because the state had determined that
McOwen had used up hundreds of thousands of
dollars worth of the college's computing time
since installing the software in 1999. The
criminal charges came as a nasty surprise to a
lot of participants in distributed-computing
initiatives, who are also often members of
college or university computing departments.
McOwen's advocates, including the Electronic
Frontier Foundation, said the agreement reached
between McOwen and state prosecutors was a lot
better than if McOwen had been convicted in a
criminal trial. Such a conviction could have
landed the former systems administrator in jail
for several years, on top of hundreds of
thousands of dollars in restitution and fines.
(Newsbytes, 17 January 2002)
Case Study 18
  • Investigate Suspicious Activity
  • You are the Systems Administrator for your
    medium-sized company.
  • Someone reports to you (anonymously) that person
    X has been using company computers and access to
    the Internet to download hard-core pornographical
  • If you go to person X and confront them (or raise
    the matter in a delicate manner), hell almost
    certainly deny it and remove the evidence
  • What do you do?
  • Using your system privileges, first check this
    out, then confront Person X?
  • Using your system privileges, first check this
    out, then take it to your or Person Xs boss?
  • Ignore the allegation?
  • Go to your or Person Xs boss first, even though
    this may be a hoax?
  • Take some other action? What?
  • Would it make any difference if it was (I)
    soft-core pornography? or (ii) child pornography?

Case Study 19
  • Moderating Employee Discussion Forum
  • You are the Systems Administrator at your
    medium-sized Company.
  • Your Company has set up an on-line Discussion
    Forum to encourage employee discussion/participati
  • Various employees repeatedly post comments which
    are critical of Company policies, practices, etc.
  • Your boss asks you to change it to become a
    Moderated Forum, with him as the Moderator (this
    will enable him to refuse any postings he
  • You believe this is designed to stifle criticism.
  • What do you do?
  • Just agree?
  • Argue the toss with the Boss, but then agree?
  • Take the matter higher?
  • Use the existing Forum to ensure this first gets
    wide publicity within the Company?
  • Go to the local Press with the story?
  • Take some other action? What?

Case Study 20
  • Identifying Author of Anonymous Message
  • You are the Systems Administrator at your
    medium-sized Company.
  • Your Company has set up an Anonymous on-line
    Discussion Forum to encourage employee
  • The Forum frequently receives postings which are
    critical of Company policies, practices, etc.
  • Your boss asks you to identify the author(s) of
    these postings (which you are able to do, using
    your system privileges).
  • What do you do?
  • Just agree?
  • Argue the toss with the Boss, but then agree?
  • Take the matter higher?
  • Use the existing Forum to ensure this first gets
    wide publicity within the Company?
  • Go to the local Press with the story?
  • Take some other action? What?

Cartoon of dogs using the Internet, with no-one
being the wiser. From Fortune Magazine
Case Study 21
  • Downloading MP3 Files
  • You are the Systems Administrator for your
    medium-sized Company.
  • Your Company has a Policy that allows moderate
    use of Company computers and Internet access for
    private purposes.
  • In the course of monitoring traffic levels, you
    notice very high incoming traffic volume to one
    computer within the Company.
  • Upon investigation, you believe that one employee
    is downloading large quantities of MP3 files.
  • What do you do?
  • Impose a throttle on the line to that PC?
  • Take up the matter with the employee?
  • Report the matter to your/his boss?
  • Take some other action? What?

Napster - 1
  • Defences
  • Everyones doing it
  • We wont get caught
  • The music industry charges too much
  • They should make it impossible to copy
  • It doesnt hurt anyone
  • It only hurts a company, not a person
  • Musicians are being exploited by multinationals
  • The listening public is being exploited
  • It helps increase sales
  • Music should be free
  • I cant afford to pay for it

Napster - 2
  • Ethical Tests
  • What laws govern the situation?
  • Who gains and who suffers?
  • Would you be happy for your action to be
  • Would you tell your boss what youre doing?
  • Would you tell your parents?
  • What would you think if it was done to you?
  • Does it violate Trust? Integrity? Truthfulness?
    Gratitude? Justice? Kindness?
  • Are you treating others with respect?
  • What if everyone did the same?
  • - Kabay The Napster Cantata

Case Study 22
  • SMDI Challenge
  • Secure Digital Music Initiative
  • Unbreakable Watermarking 4 varieties
  • SDMI-compliant players
  • Make copies but not MP3-compressed copies for
  • Challenge 6 September 2000 Prize Money of
  • Boycotted by some groups
  • Princeton Group broke each coding scheme, but
    refused the prize
  • Which approach do you think is right? Why?
  • Boycott
  • Solve, publish and dont collect reward
  • Solve, publish and collect reward
  • Solve, dont publish and collect reward

Case Study 23
  • Use of Copied Graphics
  • You are the Systems Administrator for a
    medium-sized Company.
  • The responsibility for publishing material on
    Websites is distributed to many employees within
    the Company.
  • As formal Webmaster for the Company, you receive
    an email from an unknown company stating that
    images owned by it have been mounted on your
    Companys Website, and that legal action will be
    taken if they are not removed within 24 hours.
  • You locate the offending Website, and its owner
    states that the images are owned by this Company,
    and their presence there is essential to the
    Companys doing business (but he cant produce
    documentation in time).
  • What do you do?
  • Bar that Website from external access pending
    further investigations?
  • Take no action - call the other companys bluff?
  • Advise Management, seek legal advice, but dont
    bar the site?
  • Take some other action? What?

Other Case Studies
  • Other Relevant Case Studies
  • Several are presented in the context of the ACS
    Code of Ethics in the publication below.
  • Students are strongly encouraged to read these
    case studies.
  • Burmeister, Oliver K Applying the ACS Code of
    Ethics, Information Age, Feb/Mar 2001, pp54-59,
    and in the subsequent 3 issues (Apr/May, Jun/Jul,
    Aug/Sep, 2001).
  • Also published as
  • Burmeister, Oliver K Applying the ACS Code of
    Ethics, Ethics in Computing, v32, n2, May 2000,
  • This analysis is based on that which first
    appeared in 1993 as follows
  • Anderson, Ronald E et al Using the New ACM
    Code of Ethics in Decision Making,
    Communications of the ACM, v36, n2, Feb 1993,

Competent Advice
Cartoon of janitor offering advice on Technical
Support phone after hours. From
  • Bibliography
  • http//
Write a Comment
User Comments (0)