Ethical and Social Issues in Information Systems

Chapter 3 Summary: Competitive Forces, IS, and Business Strategies

• Porter’s Five Forces: These include traditional competitors, new market entrants, substitute products or services, customers, and suppliers. These forces determine the intensity of competition and profitability in an industry.

• Information Systems and Business Strategies:

  • Alignment of IT with business goals is crucial.
  • Low-cost leadership: Utilizing IT to reduce operational costs.
  • Product differentiation: Creating unique offerings through IT.
  • Market niche focus: Targeting specialized customer segments.
  • Customer/Supplier intimacy: Enhancing relationships using IT.

• Internet’s Impact: The Internet facilitates new products and services, reduces barriers to entry, and disrupts existing industries by altering competitive dynamics.

• Business Models:

  • Value Chain: IT can improve the efficiency of internal operations, optimizing each step from input to output.
  • Value Web: IT enhances collaborative relationships among businesses, enabling more flexible and adaptive value creation.

Disruptive Technologies, Globalization, and IS Quality

• Disruptive Technologies and Globalization:

  • Technologies like AI, IoT, and digital banking are transforming industries.
  • The Internet expands market access, exemplified by e-commerce successes like Noon.com.

• Information Systems and Quality:

  • Total Quality Management (TQM): Emphasizes continuous improvement in efficiency, precision, and customer experience.
  • IS role: Enhances product quality, reduces cycle times, and optimizes production processes.

• Business Process Management (BPM) and Business Process Reengineering (BPR):

  • BPM: Involves continuous, incremental improvements to existing business processes.
  • BPR: Focuses on radically redesigning old processes to implement new, more effective ones.

Chapter 4: Ethical and Social Issues in Information Systems

• Ethical, social, and political issues are intrinsic to information systems due to their capacity to create significant social change, potentially threatening existing power structures, monetary systems, rights, and obligations.

Learning Objectives

• Identify ethical, social, and political issues raised by information systems.
• Describe principles for conduct that can be used to guide ethical decisions.
• Explain how contemporary information systems technologies and the Internet pose challenges to the protection of individual privacy and intellectual property.
• Discuss the issues that contemporary information systems raise with respect to system quality, accountability and control, and the quality of everyday life.

Apps That Track: A Double-Edged Sword

• Issue: New technologies present opportunities but may operate within a weak legal environment concerning privacy.

• Information System: Mobile Location Tracking systems.

  • These systems monitor the location and behavior of mobile users.
  • The collected data is often sold for analysis.

• Ethical Dilemma: Balancing the benefits of increased customer service and revenue against the invasion of privacy.

Case Studies: Ethical Implications of Data Use

• Case 1: Fitness App Sharing Data

  • Problem: A fitness app shares users’ running routes and health data with advertisers.
  • Opportunity: AI-based health tracking and personalized fitness coaching are available but raise privacy concerns.
  • Legal Environment: Sharing anonymized health data lacks regulation.
  • Technology: Mobile GPS and biometric data collection are utilized.

• Case 2: Ride-Hailing App and Data Monetization

  • Problem: A ride-hailing company (e.g., Uber) sells passenger location history to third parties.
  • Opportunity: AI and data analytics could improve route suggestions and driver efficiency.
  • Legal Environment: Selling location data is not legally restricted.
  • Technology: GPS tracking and behavioral analytics are employed.

Discussion Points

• Should businesses be allowed to track and sell user location data without explicit, informed consent?
• Is personalized marketing an enhancement or an intrusion into users’ lives?
• How should governments regulate mobile location tracking to balance innovation with privacy?

Ethical Failures in Business

• Recent cases of failed ethical judgment in business

  • Robinhood: Fined $70$ million by FINRA in 2021 for systemic failures, including misleading customers and system outages.
  • Volkswagen AG: Installed "defeat-device" software on 11 million cars, leading to $35$ billion in penalties, $9.5$ billion to U.S. car owners, and criminal charges against executives.
  • Danske Bank: Paid $2.1$ billion in 2022 for money laundering through its Estonia branch.
  • Takata Corporation: Executives admitted to covering up faulty airbags, resulting in a $1$ billion fine and bankruptcy in 2017.

• Ethics

  • Principles of right and wrong that individuals, acting as free moral agents, use to make choices to guide their behaviors

Ethics Defined

• Ethics are moral principles that govern a person's behavior or the conducting of an activity. Ethics or moral philosophy is a branch of philosophy that involves systematizing, defending, and recommending concepts of right and wrong behavior. Ethics seeks to resolve questions of human morality by defining concepts such as good and evil, right and wrong, virtue and vice, justice and crime

Ethical, Social, and Political Issues in IS

• Information systems raise new ethical questions because they create opportunities for:
  • Intense social change, threatening existing distributions of power, money, rights, and obligations
  • New kinds of crime
  • Threats to cherished social values

Five Moral Dimensions of the Information Age

• The five moral dimensions include information rights and obligations, property rights and obligations, accountability and control, system quality, and quality of life.

System Quality: Data Quality and System Errors

• What constitutes an acceptable level of system quality, given technological feasibility?

  • Flawless software is economically unfeasible.
    • Three principal sources of poor system performance:
      • Software bugs, errors
      • Hardware or facility failures
      • Poor input data quality (most common source of business system failure)

• System quality is the degree to which the system is easy to use and complies with functionality, reliability, flexibility, data quality, and integration. This is based on the IS Success Model (W. H. DeLone & McLean, 2003).

Quality of Life: Equity, Access, Boundaries

• Negative social consequences of systems:
  • Big Tech: concentrating economic and political power
  • Rapidity of change: reduced response time to competition
  • Maintaining boundaries: family, work, and leisure
  • Dependence and vulnerability
  • Computer crime and abuse

Property Rights: Intellectual Property

• Intellectual property
  • Tangible and intangible products of the mind created by individuals or corporations.
  • Protected in four main ways:
    • Copyright: Exclusive right to copy, distribute, adapt, display, and perform a creative work, usually for a limited time.
    • Patents: Gives its owner the legal right to exclude others from making, using, or selling an invention for a limited period of time in exchange for publishing an enabling disclosure of the invention.
    • Trademarks: A recognizable sign, design, or expression that identifies products or services from a particular source and distinguishes them from others.
    • Trade secrets: The secret formula for Coca-Cola, which is locked in a vault, is an example of a trade secret that is a formula or recipe. Since it has not been patented, it has never been revealed.

Basic Concepts: Responsibility, Accountability, and Liability

• Responsibility: Accepting the potential costs, duties, and obligations for decisions.

• Accountability: Mechanisms for identifying responsible parties.

• Liability: Permits individuals (and firms) to recover damages done to them.

• Due process: Laws are well-known and understood, with an ability to appeal to higher authorities.

Key Technology Trends That Raise Ethical Issues

• Computing Power Doubles Every 18 Months

  • Ethical Issue: Enables powerful surveillance and AI tools that can infringe on privacy.
  • Example: Facial recognition systems used by governments for mass surveillance.

• Organizations Depend on Systems, Increasing Vulnerability

  • Ethical Issue: Critical infrastructure becomes prone to cyberattacks, risking public safety.
  • Example: The 2021 Colonial Pipeline ransomware attack disrupted U.S. fuel supplies.

• Data Storage Costs Decline, Enabling Big Data

  • Ethical Issue: Massive data collection without limits threatens privacy.
  • Example: Facebook storing detailed user data for targeted advertising.

• Detailed Databases on Individuals

  • Ethical Issue: Organizations can track and profile individuals without consent.
  • Example: Credit bureaus like Equifax collecting financial data on millions.

• Data Analysis Advances Enable Profiling

  • Ethical Issue: Companies create behavioral profiles, enabling manipulation.
  • Example: Amazon using purchase history to predict and influence buying behavior.

• Networking Advances Make Data Accessible Everywhere

  • Ethical Issue: Data breaches and unauthorized access become more likely.
  • Example: The 2017 Equifax breach exposed sensitive data of 147 million people.

• Mobile Devices Proliferate and Track Users

  • Ethical Issue: Constant tracking without user knowledge violates privacy.
  • Example: Google Maps tracking location even when the app is closed.

• AI Replaces Human Judgment

  • Ethical Issue: Bias and lack of transparency in automated decision-making.
  • Example: AI hiring tools discriminating against certain demographics.

• Profiling: Combining data from multiple sources to create dossiers of detailed information on individuals.

  • Example: Google Marketing Platform, LexisNexis Risk Solutions.
  • AI is increasingly being used as a substitute for human judgment.

Ethical Analysis

• Five-step process for ethical analysis:
  • Identify and clearly describe the facts.
  • Define the conflict or dilemma and identify the higher-order values involved.
  • Identify the stakeholders.
  • Identify the options that you can reasonably take.
  • Identify the potential consequences of your options.

Information Rights: Privacy

• Privacy is the claim of individuals to be left alone, free from surveillance or interference from other individuals, organizations, or state; claim to be able to control information about yourself.

• In the United States, privacy protected by:

  • First Amendment (freedom of speech and association)
  • Fourth Amendment (unreasonable search and seizure)
  • Additional federal statues (e.g., Privacy Act of 1974)

Fair Information Practices (FIP)

• Fair Information Practices (FIP) are a set of principles governing the collection and use of information.

• Basis of most U.S. and European privacy laws.

• Used to drive changes in privacy legislation:

  • COPPA
  • Gramm-Leach-Bliley Act
  • HIPAA

• FTC FIP principles:

  • Notice/awareness (core principle)
  • Choice/consent (core principle)
  • Access/participation
  • Security
  • Enforcement

Personal Data Protection Law (PDPL) - Saudi Arabia

• Legal framework

  • A comprehensive legal framework for:

    • Protection of personal data
    • Regulating collection of personal data
    • Regulating processing of personal data
    • Regulating storage of personal data

• Consent framework

  • The law mandates that data subjects must provide informed consent for the processing of their personal data

  • It must be:

    • Freely given
    • Specific, and
    • Informed
    • The individuals have the right to withdraw their consent at any time

• Data transfer restrictions

  • The law imposes restrictions on the transfer of personal data outside of Saudi Arabia

  • It requires data controllers to ensure that such transfers comply with specified conditions to ensure the protection of data subject’s rights

• Data subject rights

  • The legislation grants data subjects various rights

    • Right to access their personal data
    • Right to rectify inaccurate information
    • Right to erasure (the ”right to be forgotten”)
    • Right to data portability (moving data from one service or platform to another)

• Benefits for individuals

  • Control over personal data
  • Privacy protection
  • Rights and remedies
  • Increased transparency
  • Promotion of trust

• Non-compliance consequences

  • Fines and penalties for non-compliance

    • May result in penalties for up to SAR 3.000.000

  • Reputational damage

    • Negative publicity
    • Loss of customers trust
    • Decreased brand loyalty
    • Loss of business opportunities

  • Legal action

    • Data subjects or affected individuals may take legal action against the business for violations of their privacy rights

  • Business disruption

    • Regulatory investigations, legal proceedings and other efforts can disrupt business operations and divert resources

  • Loss of business opportunities

    • May prevent businesses from participating in certain markets or partnering with other companies

  • Regulatory sanctions

    • Regulatory authorities may impose additional sanctions
    • Suspensions of operations
    • Revocation of licenses

EU General Data Protection Regulation (GDPR)

• Requires unambiguous explicit informed consent of customer.

• EU member nations cannot transfer personal data to countries without similar privacy protection.

  • Applies across all EU countries to any firms operating in EU or processing data on EU citizens or residents.
  • Strengthens right to be forgotten.

• Privacy shield: Countries processing EU data must conform to GDPR requirements

• Heavy fines: 4% of global daily revenue

GDPR: Measures Protecting Personal Data

• Individual:

  • Increases the rights
  • More control over his/her information

• Organizations:

  • Obligated to obtain consent from individuals they collect information about
  • If asked by individuals, they are obligated to provide their data within a month
  • In the event of a data breach, obliged to notify authorities within 72 hours
  • Found to be in violation will result in fines

GDPR Principles for Processing Personal Data

• Method of Processing: Data must be processed lawfully and fairly, in a transparent way.
• Accurate: The collected personal data must be precise and error-free.
• Collected for Specific Purposes: The purpose of collecting personal data should be clearly specified to the data subjects.
• Relevant Data: Collect only relevant data for the purpose of processing.
• Storage of Personal Data: Personal Information of the users must be stored securely in an encrypted form.
• Integrity and Confidentiality: The personal information should be kept confidential and integrity of the data must be maintained
• Accountability of the controllers: Data controllers must hold accountability for the security of the personal data of users.

Internet Challenges to Privacy

• Cookies:

  • Identify browser and track visits to site
  • First-party versus third-party

• Web beacons (web bugs):

  • Tiny graphics embedded in emails and web pages
  • Monitor who is reading email message or visiting site

• Spyware:

  • Surreptitiously installed on user’s computer
  • May transmit user’s keystrokes or display unwanted ads

• Google services and behavioral targeting

Technical Solutions for Privacy Protection

• Solutions include:

  • Apple App Tracking Transparency (ATT)
  • Apple Intelligent Tracking Prevention (ITP)
  • Google Privacy Sandbox
  • Differential privacy software
  • Privacy default browsers and anonymous surfing
  • Email and message encryption; public key encryption
  • Anonymity remailers
  • Spyware and ad blockers
  • Cookie managers

• For most part, technical solutions have failed to provide effective protection for online privacy

Web Site Privacy Policy

• Organizations need to create a policy that describes how it gathers, stores, shares, and sells data about visitors.

• Such a policy should contain the following:

  • Notice (what personal information is being collected on the website)
  • Choice (what options the customer has about how/whether personal data is collected and used)
  • Access (how a customer can see what data has been collected and change/correct it if necessary)
  • Security (state how any data that is collected is stored/protected)
  • Redress (what customer can do if privacy policy is not met)

Individual Efforts to Protect Privacy

• Not all companies have a privacy policy

• What an individual can do to protect personal privacy?

  • Find out what is stored about you in existing databases
  • Be careful when sharing information about yourself
  • Do not do online shopping or banking over public Wi-Fi networks
  • Keep personal info (birth date, place of birth, home address, and phone number) off social media platforms

• Be proactive in protecting your privacy

  • Destroy copies of your charge card bills
  • Shred monthly financial statements before disposing of them
  • Take extra care when purchasing anything from a Website
  • Safeguard your credit card numbers, passwords, and personal info
  • Do not do any business with a website unless you know it handles credit card info securely
  • Check if the Web address begins with https

System Quality: Data Quality and System Errors

• What is an acceptable, technologically feasible level of system quality?

  • Flawless software is economically unfeasible

• Three principal sources of poor system performance

  • Software bugs, errors
  • Hardware or facility failures
  • Poor input data quality (most common source of business system failure)

Accountability and Control: Software and Internet Liability Problems

• Computer crime

  • Commission of illegal acts by using a computer or against a computer

• Computer abuse

  • Commission of acts involving a computer that may not be illegal but are considered unethical
    • Spam
      • More tightly regulated in Europe than in U.S.
      • U.S.: CAN-SPAM Act has had negligible impact