Section 8.1 & 8.2

Ethical questions with information technology

Does IT make society better or worse?

Is it acceptable to participate in a tech society without understanding IT?

Do decision-makers have an obligation to understand technology?

How much should governments regulate IT?

How do tech decisions affect future generations?

How should education evolve with technology?

How can tracked personal data be used responsibly without abuse?

Challenges with laws regulating computing

Many laws were based on older, physical models and don't account for unique features of computing.

Determining jurisdiction for cybercrimes is complicated because data may cross multiple countries.

Character-based ethics (virtue ethics)

This approach suggests good behavior comes naturally from good character, not just from following rules. IT professionals often study ethical case studies to raise awareness instead of memorizing abstract theories.

5 major ethical considerations in IT

Privacy

Ownership

Control

Accuracy

Security

Ten Commandments of Computer Ethics

Do not use a computer to harm others.

Do not interfere with others' work.

Do not snoop in others' files.

Do not steal with a computer.

Do not bear false witness with a computer.

Do not use unlicensed software.

Do not use others' computer resources without permission.

Do not appropriate others' intellectual work.

Think about the social consequences of your programs.

Use computers with respect for other humans.

Asimov's Three Laws of Robotics (1940s)

A robot may not harm a human or allow harm through inaction.

A robot must obey human orders unless they conflict with Law 1.

A robot must protect its own existence as long as it doesn't conflict with Laws 1 or 2.

5 ethical robot principles proposed by UK councils in 2011

Engineering and Physical Sciences Research Council (EPSRC) and the Arts and Humanities Research Council (AHRC)

Robots should not be designed primarily to kill or harm.

Humans are responsible; robots are tools.

Robots should be designed for safety/security.

Robots must not exploit vulnerable users or ************* human.

It must always be possible to identify who is legally responsible for a robot.

IEEE Code of Ethics

IEEE members commit to prioritize safety, health, and welfare of the public,

avoid conflicts of interest,

be honest with claims and estimates,

reject bribery,

improve public understanding of technology,

maintain competence and disclose limitations,

accept honest criticism and correct errors,

treat all persons fairly and without discrimination,

avoid harming others' property or reputation, and

support colleagues' professional growth.

8 principles of the ACM Software Engineering Code of Ethics

Public - Act in the public interest;

Client/Employer - Act in their best interests consistent with public interest;

Product - Ensure high standards in software;

Judgment - Maintain integrity and independence;

Management - Promote ethical management of software work;

Profession - Advance the profession's integrity;

Colleagues - Be fair and supportive of colleagues;

Self - Commit to lifelong learning and ethical practice.

Key guidelines from the American Statistical Association's ethics

Ethical statisticians

avoid bias and undue influence,

use valid sampling and analysis methods,

respect intellectual property of others,

disclose authorship rules clearly,

manage conflicts of interest,

take responsibility for their work, and

avoid discrimination, bullying, or harassment.

Main points of the AITP (Association of Information Technology Professionals) Code of Ethics

Members acknowledge obligations to Management (explain IT clearly),

Fellow members (act honestly/respectfully),

Society (share knowledge responsibly),

Employer (guard interests, act wisely),

College/university (uphold principles), and

Country (honor national values).

Organizational culture in ethics

is shaped by values, philosophy, and behaviors. It includes ethical codes of conduct (like Acceptable Use Policies) that guide employees in handling IT responsibly.

Acceptable Use Policy (AUP)

details how computer systems owned by the organization can be used

• legal considerations, including data security laws, jurisdiction, the ownership of systems and data, and proper use of intellectual property

• data security provisions, including personal responsibilities of users, ways the systems can and cannot be used, and types of unacceptable web content

• liability considerations, outlining disclaimers that remove an organization’s responsibilities for data breaches, information theft, or misuse of the internet

Conflict of interest in IT

A conflict of interest occurs when a professional's loyalties are divided between two parties (e.g., employer vs. family business), risking impartiality and ethical behavior.

CIA triad

Confidentiality, Integrity, and Availability - the three core pillars of information security.

if the confidentiality of data is emphasized, the integrity of data is less likely to be compromised

Ways to enforce confidentiality

Access controls, strong password policies (min. 8 characters with numbers/special symbols, changed at least every three months), and user training on phishing/social engineering.

Integrity in IT systems

maintained by ensuring accuracy and trustworthiness of data through file permissions, user controls, version control, and redundant copies, preventing unauthorized changes or corruption.

Availability in IT systems

ability to provide reliable access to the data/information for authorized individuals

ensured through checks, and keeping systems patched/up to date to guarantee reliable access for authorized users.

Regulations

Legal requirements from governing bodies, violations result in fines, penalties, or criminal charges.

Ethics

Personal or organizational morals guiding behavior, not legally enforced but influence conduct.

Control

Balancing access needs of users with restricting unauthorized access.

Privacy

Protecting confidential data (e.g., medical records).

the right to control how personal data is collected, shared, and used

Ownership

Who owns/controls data created by employees or contractors.

Accuracy

Ensuring data integrity, free from tampering.

Security

protecting data from unauthorized access or exploitation.

Applying appropriate controls, sensitivity labels, and policies.

HIPAA (Health Insurance Portability and Accountability Act)

Governs healthcare data privacy and access.

PCI DSS (Payment Card Industry Data Security Standard)

Regulates credit card data storage and use.

Big data

poses security risks because of the volume of data and information that needs to be safeguarded, the multiple places these data are stored, and the different forms in which the data exist.

IoT

includes numerous connected devices, often unpatched or using weak credentials, e.g., a smart lightbulb exploited to compromise a network.

Association for Women in Computing (AWC)

is dedicated to promoting the advancement of women in the computing professions. It supports education, networking, and professional development opportunities to increase women's participation and leadership in IT and computing fields.

Association for the Advancement of Artificial Intelligence (AAAI)

is devoted to advancing the scientific understanding of the mechanisms behind thought and intelligent behavior and their embodiment in machines. It promotes AI research, publishes professional journals, and supports conferences, education, and collaboration in the AI field.

(The Accreditation Board for Engineering and Technology) ABET

certifies the quality of undergraduate educational programs in computing, engineering, and technology disciplines. ABET's standards ensure programs meet professional and academic requirements, often developed with input from organizations like ACM and IEEE.

International Association of Privacy Professionals (IAPP)

helps organizations design and implement appropriate privacy practices. It provides training, certifications, resources, and networking to professionals handling sensitive data, ensuring compliance with privacy laws and ethical data use.

Data Stages

at rest- where the server is located

in transit-locations the data passed through

in use- where the data was temporarily stored)

Laws of robotics

a set of laws, rules, or principles that are intended as a fundamental framework to underpin the behavior of robots designed to have a degree of autonomy.

ethical code of conduct

a written policy that assists employees in identifying ethical behaviors as defined by the organization

Information privacy

the right to control how your personal information is collected, used, and exchanged

Social engineering

a general term that describes any attack that takes advantage of humans' trusting nature (ex. phising)

Phishing

method of capturing the victim’s valuable information (e.g., username and password, personally identifiable information) by sending emails that mimic real emails from businesses