Big Idea 5: Impact of Computing - Exhaustive AP CSP Study Guide

Overview of Big Idea 5: Impact of Computing Big Idea 5 focuses on the intersection of computing and global society, accounting for between 21%21\% and 26%26\% of the AP Computer Science Principles exam. This domain explores how computing influences communication, education, healthcare, and government services, as well as the economic shifts caused by automation and artificial intelligence. Key considerations include the effect of computing on privacy and security, environmental impacts like the energy consumption of data centers, and the empowerment of communities that previously lacked technology. It also addresses how algorithms influence social behaviors and cultural trends, and the ways computing can both reduce and exacerbate societal inequality. Developers must consider how design choices reflect ethical considerations and enable the analysis of global issues like climate change or pandemics. This Big Idea serves as the connective tissue between technical computing systems and their real-world consequences for individuals and societies. # Access, Participation, and Sharing Patterns The digital divide remains a significant barrier to global participation, representing the gap between those with modern computing access and those without. This divide is driven by factors such as income level, geographic location (urban versus rural), education, disability, age, and government infrastructure. For example, students without reliable internet struggle with remote learning, and rural populations may lack high-speed broadband for telemedicine. Access is defined not just by device ownership, but by the quality, speed, and reliability of the connection, as well as the digital literacy of the user. Crowdsourcing is another core concept, defined as the practice of obtaining ideas, services, or data through contributions from a large group of online volunteers. Prominent examples include Wikipedia, ReCAPTCHA, and OpenStreetMap. While crowdsourcing allows for rapid, large-scale problem solving and diverse perspectives, it faces limitations regarding inconsistent data quality, contributor bias, and potential unfair compensation for workers. Citizen science is a specialized form of crowdsourcing where the public assists in scientific research, such as tracking bird populations via eBird or classifying galaxies in astronomy projects. While it provides researchers with otherwise unattainable scales of data, it requires validation by professionals to ensure accuracy. Creative Commons (CC) is a licensing framework that permits creators to share their work while maintaining copyright and specifying usage terms. Common features include Attribution (giving credit), Non-commercial use, No derivatives (no modifications), and Share Alike (derivatives must use the same license). This system encourages ethical sharing and collaboration while reducing copyright violations, though it differs from the public domain because the creator retains control over specific permissions. # Cybersecurity Threats and Malware Malware, short for malicious software, is an overarching term for software designed to exploit, harm, or gain unauthorized access to computer systems. A virus is a specific type of malware that attaches to legitimate files and requires human intervention (such as opening an email attachment) to spread. In contrast, a worm is self-replicating and spreads automatically across networks by exploiting security vulnerabilities without any user interaction. Social engineering attacks like phishing involve tricking users into revealing sensitive information by pretending to be a trusted source, such as a bank or government agency. These attacks are effective because they exploit human psychology rather than technical flaws. Keylogging is another threat where software secretly records every keystroke to steal passwords and credit card numbers. Other specialized attacks include Ransomware, which encrypts a user's files and demands payment for the decryption key; Spyware, which monitors activity without consent; and Denial-of-Service (DoS) attacks, which overwhelm servers with traffic to make them unavailable. Man-in-the-Middle attacks involve intercepting or altering communications between two parties. To reduce risk, individuals should avoid suspicious links, use Multi-Factor Authentication (MFA), and keep software updated. # Openness, Trust, and Ethics in Computing Plagiarism in computing involves using another person's code, images, or ideas without proper credit. Open-source software provides a legal alternative, where the source code is publicly available for anyone to view, modify, and redistribute under specific licenses (e.g., Linux or Python). This transparency encourages innovation and security through peer review, though support may be inconsistent. Open access refers to digital research or educational content that is free to read online without paywalls, supporting global education equity. Trust models form the framework for how users and systems verify reliability. This includes trusting websites with valid digital certificates through HTTPS or trusting applications vetted by app stores. Trust models can fail if systems are compromised or if users misinterpret security cues. Digital certificates are electronic credentials that verify the identity of a website, preventing impersonation attacks and establishing secure connections. Intellectual property refers to creations of the mind, such as code or digital art, which are protected by law; unauthorized use or pirated software is considered a violation of the creator's rights. PII, or Personally Identifiable Information, is any data (or combination of data points like name and address) that can identify a specific person. Protecting PII is critical to preventing identity theft and fraud. Multi-Factor Authentication (MFA) enhances security by requiring at least two different factor types: something you know (password), something you have (phone), or something you are (biometric scan). Two passwords do not count as MFA because they are of the same factor type. # Encryption and Secure Communication Models Encryption is the process of converting plaintext into ciphertext using an algorithm and a key. Symmetric encryption uses a single shared key for both encryption and decryption, making it fast but difficult to distribute the key securely. Public Key (Asymmetric) Encryption uses two separate keys: a Public Key for encryption (shared with everyone) and a Private Key for decryption (kept secret by the owner). Any message encrypted with the Public Key can only be decrypted by the matching Private Key, which solves the key distribution problem. The core model for encryption involves Plaintext+Algorithm+KeyCiphertext\text{Plaintext} + \text{Algorithm} + \text{Key} \rightarrow \text{Ciphertext}. Decryption reverses this process: Ciphertext+KeyPlaintext\text{Ciphertext} + \text{Key} \rightarrow \text{Plaintext}. Encryption can be applied as Block Encryption, where data is processed in fixed-size chunks (like 128-bit128\text{-bit} blocks), or Stream Encryption, where data is encrypted continuously for live transmissions. Encryption protects data at rest (stored on devices) and data in transit (moving across a network). If the wrong key is used, data remains unreadable. Longer keys are generally more secure because they increase the mathematical complexity of guessing the key. Modern security relies on the secrecy of the keys, not the secrecy of the algorithm. # Bias and Fairness in Computing Bias occurs when systems produce unfairly skewed results, often due to the data used during development. Data bias occurs when training sets are not representative, such as facial-recognition software trained primarily on light-skinned faces performing poorly on darker-skinned users. Algorithmic bias results when a program's logic reflects flawed assumptions or biased historical records, such as hiring software repeating past discriminatory patterns. There are several categories of bias: Sampling Bias (collecting data from non-representative groups), Measurement Bias (incorrect or inconsistent data collection), Exclusion Bias (forgetting specific groups during design), and Confirmation Bias (developers making assumptions that favor their expectations). Automation Bias occurs when people trust a computer's output regardless of its accuracy. Unintended consequences are outcomes developers did not plan for, like a fitness app accidentally revealing sensitive location data. Strategies to reduce bias include using diverse datasets, testing with various user groups, and conducting regular fairness audits. # Additional Impacts: Accessibility, Automation, and Transparency Accessibility involves designing technology so people with disabilities can use it, utilizing features like screen readers, alt text for images, and closed captions. Automation uses machines or code to perform tasks with minimal human intervention, which improves efficiency and reduces error but risks job displacement. Algorithmic transparency concerns how clearly a system explains its decision-making; "black-box" algorithms that hide their reasoning make it impossible to challenge unfair outcomes. Data brokers are companies that collect and sell detailed profiles of individuals, including browsing history and location data, often without user knowledge. Terms of Service (TOS) are legal agreements users must accept, though they are often long and complex, leading users to unknowingly consent to extensive data collection. Safe online practices include using MFA, checking for HTTPS, and recognizing phishing, whereas unsafe practices include reusing passwords or using unsecure public Wi-Fi. # Glossary and Vocabulary Review The glossary includes critical definitions for the AP CSP exam: Digital Divide (access gap), Crowdsourcing (group contributions), Citizen Science (public research), Creative Commons (reuse licenses), Open Access (free digital content), PII (identifying personal data), MFA (multi-proof security), Encryption (data scrambling), Symmetric Encryption (one same key), Public Key Encryption (two different keys), Cookie (browser file for settings), Virus (human-spread malware), Phishing (social engineering scam), Rouge access Point (unauthorized fake Wi-Fi), Malware (harmful software), Decryption (restoring plaintext), Digital Certificate (verified website ID), Open Source (publicly editable code), Plagiarism (unearned credit), Intellectual Property (creative legal rights), Worm (self-replicating malware), Private Key (secret decryption key), Public Key (open encryption key), Trust Model (network reliability framework), and Keylogging (keystroke recording). # Practice Questions and Answer Key Multiple-choice practice questions focus on various scenarios: (1) Factors persisting the digital divide (skills and literacy), (2) Education impacts of the divide (internet access for homework), (3) Crowdsourcing advantages (quick input from many users), (4) Citizen science vs general crowdsourcing (focus on scientific research), (5) Creative Commons license terms (ND means No Derivatives/no modifications), (6) Malware vs Virus vs Worm (worms spread without user action), (7) MFA requirements (must be different factor types, e.g., password and fingerprint), (8) Public key logic (Alice's public key only works with Alice's private key), (9) Identifying bias types (training data on specific age groups is sampling/data bias), (10) Accessibility features (alt text and keyboard navigation). The provided answer key confirms that for the Digital Divide questions, B, B, and C are correct for the first three; for malware, the answers are C, B, and C; for trust/intellectual property, they are B, B, and B; for encryption, they are A, B, and B. Challenge questions address speech-to-text bias (unrepresentative training datasets), black-box algorithms (missing input transparency), and the risks of rogue access points (intercepting sensitive data). Detailed scenario responses explain that storing PII unencrypted leads to identity fraud risks and that reusing passwords creates a chain-reaction vulnerability if one account is compromised.