IC 112 – PROFESSINAL ETHICS IN COMPUTING

MODULE 2

Ethics in Information & Society

Module Overview:

In this Module

o Computer and Internet Crime

o Privacy
o Freedom of Expression

This module introduces you to the importance of ethics in information

to society and the relationship between these two concepts. Also introduces
you to computer and internet crimes, privacy, and freedom of expression.

Module Outcomes:

Upon completion of this module, you shall be able to:

o Discuss the key trade-offs and ethical issues associated with safeguarding
the data and information system.
o Identify the different types of computer security attacks, perpetrators of
computer crimes
o Understand the right of privacy, privacy law, and the associated ethical
issues.
o Explore the protection of freedom of expression and the importance of
freedom of expression issues related to the use of information technology

49 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

Computer and Internet Crime

Introduction
This lesson will introduce you to the ethical issues that are associated
with the safeguarding of data and information systems. Also, introduce to you
the type of computer security attacks as well as the perpetration of computer
crime and computer forensics and what role it plays in responding to a
computer incident.
Objectives:
o Explain and understand why business ethics is becoming
increasingly important.
o Discuss why corporations are interested in fostering good
business ethics and why is it important to act according to a code
of principles.
o Write insights and updates on what corporations are doing to
improve business ethics and give an example of approaches one
can take to ensure ethical decision making.
o Discuss why trends have increased the risk of using information
technology unethically.

Let’s Get Started!

Using the across and down clues, Write the correct words in the number grid
below.
Across
2. (making a) copy of a file, program, etc.
5. The part of the computer that you look at
7. a secret computer program used to damage or to destroy another program
8. a portable personal computer
9. a small problem
10. computer programs
14. a person who uses the internet
15. a type of communication system that sends messages via the internet

Down:
1. person who always using and constantly online
3. a place on the internet with an address
4. on the internet
6. the imaginary place where electronic messages, etc. are being sent
between computers.
11. an area on the Internet where people can communicate with each other.
12. A person who secretly finds a way of looking at and/or changing the
information on somebody else’s computer without permission
13. Instructions for a computer to follow

50 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

Let’s Think About it!

Consider the following questions:

1. Have you solved the puzzle? Did you enjoy it?
_______________________________________________________
_______________________________________________________
_______________________________________________________
2. Do you have an answer that relates to computer perpetrator?
_______________________________________________________
_______________________________________________________
_______________________________________________________
3. Do you have an answer that relates to browsing activity?
_______________________________________________________
_______________________________________________________
_______________________________________________________

4. Do you have an idea now what our topic is all about? Are you excited
to discuss the word that you’ve answered in the puzzle?
_______________________________________________________
_______________________________________________________
_______________________________________________________

51 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

Let’s Explore!

 IT Security Incidents: A Major Concern

• Security of information technology is of utmost importance

• Safeguard:
• Confidential business data
• Private customer and employee data
• Protect against malicious acts of theft or disruption
• Balance against other business needs and issues
• The number of IT-related security incidents is increasing around the world
 Why Computer Incidents Are So Prevalent

• Increasing complexity increases vulnerability

– The computing environment is enormously complex
• Continues to increase in complexity
• The number of entry points expands continuously
• Cloud computing and virtualization software
• Higher computer user expectations
– Computer help desks under intense pressure
• Forget to verify users’ IDs or check authorizations
• Computer users share login IDs and passwords
• Expanding/changing systems equal new risks
– Network era
• Personal computers connected to networks with millions of other computers
• All capable of sharing information
– Information technology
Ubiquitous

52 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

• A necessary tool for organizations to achieve goals

• Increasingly difficult to match the pace of technological change
• Increased reliance on commercial software with known vulnerabilities
Exploit
– Attack on information system
– Takes advantage of system vulnerability
– Due to poor system design or implementation
Patch
– “Fix” to eliminate the problem
– Users are responsible for obtaining and installing
– Delays expose users to security breaches
Zero-day attack
• Before a vulnerability is discovered or fixed
• U.S. companies rely on commercial software with known vulnerabilities

Types of Exploits
– Computers, as well as smartphones, can be the target
• Types of attacks
– Virus
– Worm
– Trojan horse
– Distributed denial of service
– Rootkit
– Spam
– Phishing (spear-phishing, smishing, and vishing)
Viruses
– Pieces of programming code
– Usually disguised as something else
– Cause unexpected and undesirable behavior
– Often attached to files
– Deliver a “payload”
– Spread by actions of the “infected” computer user
• Infected email document attachments
• Downloads of infected programs
• Visits to infected Websites
Worms
– Harmful programs
• Reside in the active memory of a computer
• Duplicate themselves
– Can propagate without human intervention
– The negative impact of a worm attack
• Lost data and programs
• Lost productivity
• Additional effort for IT workers
Trojan Horses
• Malicious code hidden inside seemingly harmless programs
• Users are tricked into installing them

53 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

• Delivered via email attachment, downloaded from a Web site, or

contracted via a removable media device
• Logic bomb
– Executes when triggered by a certain event

Distributed Denial-of-Service (DDoS) Attacks

Rootkits
– Set of programs that enables its user to gain administrator-level
access to a computer without the end user’s consent or
knowledge
– An attacker can gain full control of the system and even obscure
the presence of the rootkit
– The fundamental problem in detecting a rootkit is that the
operating system currently running cannot be trusted to provide
valid test results
Spam
– Abuse of email systems to send unsolicited email to large
numbers of people
• Low-cost commercial advertising for questionable products
• Method of marketing also used by many legitimate
organizations
– Controlling the Assault of Non-Solicited Pornography and
Marketing (CAN-SPAM) Act
• Legal to spam if basic requirements are met
– Completely Automated Public Turing Test to Tell Computers and
Humans Apart (CAPTCHA)
• Software generates tests that humans can pass but
computer programs cannot
Phishing
– Act of using email fraudulently to try to get the recipient to reveal
personal data
– Legitimate-looking emails lead users to counterfeit Websites
– Spear-phishing
• Fraudulent emails to an organization’s employees
– Smishing
• Phishing via text messages
Vishing
• Phishing via voice mail messages

54 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

Types of Perpetrators

• Perpetrators include:
– Thrill-seekers wanting a challenge
– Common criminals looking for financial gain
– Industrial spies trying to gain an advantage
– Terrorists seeking to cause destruction
• Different objectives and access to varying resources
• Willing to take different levels of risk to accomplish an objective

55 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

Hackers and Crackers

– Hackers
• Test limitations of systems out of intellectual curiosity
• Some smart and talented
• Others inept; termed “lamers” or “script kiddies”
– Crackers
• Cracking is a form of hacking
• Clearly criminal activity
Malicious Insiders
– Major security concerns for companies
– Fraud within an organization is usually due to weaknesses in
internal control procedures
– Collusion
• Cooperation between an employee and an outsider
– Insiders are not necessarily employees
• Can also be consultants and contractors
– Extremely difficult to detect or stop
• Authorized to access the very systems they abuse
– Negligent insiders have the potential to cause damage
Industrial Spies
– Use illegal means to obtain trade secrets from competitors
– Trade secrets are protected by the Economic Espionage Act of
1996
– Competitive intelligence
• Uses legal techniques
• Gathers information available to the public
– Industrial espionage
• Uses illegal means
• Obtains information not available to the public

Cybercriminals
– Hack into corporate computers to steal
• Engage in all forms of computer fraud
– Chargebacks are disputed transactions
– Loss of customer trust has more impact than fraud
– To reduce the potential for online credit card fraud:
• Use encryption technology
• Verify the address submitted online against the issuing
bank
• Request a card verification value (CVV)
• Use transaction-risk scoring software
– Smart cards
• Contain a memory chip
• Updated with encrypted data each time card is used
• Used widely in Europe
• Not widely used in the U.S.

Hacktivists and Cyberterrorists

– Hacktivism
• Hacking to achieve a political or social goal

56 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

– Cyberterrorist
• Attacks computers or networks in an attempt to intimidate
or coerce a government to advance certain political or
social objectives
• Seeks to cause harm rather than gather information
• Uses techniques that destroy or disrupt services

Federal Laws for Prosecuting Computer Attacks

Implementing Trustworthy
Computing
– Trustworthy computing
• Delivers secure, private, and reliable computing
• Based on sound business practices

57 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

– Security of any system or network

• Combination of technology, policy, and people
• Requires a wide range of activities to be effective
– Systems must be monitored to detect possible intrusion
– Clear reaction plan addresses:
• Notification, evidence protection, activity log maintenance,
containment, eradication, and recovery
Risk Assessment
– Process of assessing security-related risks:
• To an organization’s computers and networks
• From both internal and external threats
– Identifies investments that best protect from most likely and
serious threats
– Focuses security efforts on areas of highest payoff
– Eight-step risk assessment process
• #1 Identify assets of most concern
• #2 Identify loss events that could occur
• #3 Assess the likelihood of each potential threat
• #4 Determine the impact of each threat
• #5 Determine how each threat could be mitigated
• #6 Assess the feasibility of mitigation options
• #7 Perform cost-benefit analysis
• #8 Decide which countermeasures to implement

Establishing a Security Policy

– A security policy defines:
• Organization’s security requirements
• Controls and sanctions needed to meet the requirements
– Delineates responsibilities and expected behavior
– Outlines what needs to be done
• Not how to do it
– Automated system policies should mirror written policies

58 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

• Trade-off between:
• Ease of use
• Increased security
– Areas of concern
• Email attachments
• Wireless devices
– VPN uses the Internet to relay communications but maintains
privacy through security features
– Additional security includes encrypting originating and receiving
network addresses

Educating Employees, Contractors, and Part-Time Workers

– Educate and motivate users to understand and follow the policy
– Discuss recent security incidents
– Help protect information systems by:
• Guarding passwords
• Not allowing sharing of passwords
• Applying strict access controls to protect data
• Reporting all unusual activity
• Protecting portable computing and data storage devices
Prevention
– Implement a layered security solution
• Make computer break-ins harder
– Installing a corporate firewall
• Limits network access
– Intrusion prevention systems
• Block viruses, malformed packets, and other threats
– Installing antivirus software
• Scans for a sequence of bytes or virus signature
• United States Computer Emergency Readiness Team (US-
CERT) serves as a clearinghouse

59 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

Safeguards against attacks by malicious insiders

– Departing employees and contractors
• Promptly delete computer accounts, login IDs, and
passwords
– Carefully define employee roles and separate key responsibilities
– Create roles and user accounts to limit the authority
– Defending against cyberterrorism
• Department of Homeland Security and its National Cyber
Security Division (NCSD) is a resource
• Builds and maintains a national security cyberspace
response system
• Implements a cyber-risk management program for
the protection of critical infrastructure, including

60 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

banking and finance, water, government operations,

and emergency services
– Conduct periodic IT security audits
• Evaluate policies and whether they are followed
• Review access and levels of authority
• Test system safeguards
• Information Protection Assessment kit is available from the
Computer Security Institute
Detection
– Detection systems
• Catch intruders in the act
– Intrusion detection system
• Monitors system/network resources and activities
• Notifies the proper authority when it identifies:
• Possible intrusions from outside the organization
• Misuse from within the organization
• Knowledge-based approach
• Behavior-based approach
Response
– Response plan
• Develop well in advance of any incident
• Approved by:
• Legal department
• Senior management
– Primary goals
• Regain control and limit damage
• Not to monitor or catch an intruder
– Only 56% have a response plan
– Incident notification defines:
• Who to notify
• Who not to notify
– Security experts recommend against releasing specific
information about a security compromise in public forums
– Document all details of a security incident
• All system events
• Specific actions are taken
• All external conversations
– Act quickly to contain an attack
– Eradication effort
• Collect and log all possible criminal evidence
• Verify necessary backups are current and complete
• Create new backups
– Follow-up
• Determine how security was compromised
• Prevent it from happening again
– Act quickly to contain an attack
– Eradication effort
• Collect and log all possible criminal evidence
• Verify necessary backups are current and complete
• Create new backups
– Follow-up

61 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

• Determine how security was compromised

• Prevent it from happening again
– Review
• Determine exactly what happened
• Evaluate how the organization responded
– Weigh carefully the amount of effort required to capture the
perpetrator
– Consider the potential for negative publicity
• Legal precedent
– Hold organizations accountable for their own IT security weaknesses
Computer Forensics
• Combines elements of law and computer science to identify, collect,
examine, and preserve data and preserve its integrity so it is admissible
as evidence
• Computer forensics investigation requires extensive training and
certification and knowledge of laws that apply to a gathering of criminal
evidence.

Let’s Do It!
Self- Assessment Questions (AA2) : Answer the following:
1. Which of the following techniques do not help prevent computer crimes?
A. Backups
B. Digital forensic analysis
C. Firewalls
D. Encryption

2. Which of the following describes a firewall?

A. A copy of data
B. Data that cannot be lost
C. Digital forensic analysis
D. Device or software that acts as a checkpoint between a network or
stand-alone computer and internet.

3. In which of the following is a computer not incidental to the crime?

A. Computer manipulation
B. Money laundering
C. Criminal enterprises
D. Sex crimes

4. What is “Hacktivist”?
A. Politically motivated hacker // these on-line vandals typically attack
corporation and ISP’s
B. Denial of service attacker
C. A proponent of Napster
D. A person engaging in an intentional act involving a computer in which
the person may have gained at the victim’s expenses

62 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

5. Which of the following is an example of computer manipulation crime?

A. An intruder removes valuable information from a computer
system.
B. Hacking
C. A person alters payroll records to attain a higher rate of pay // this
describe unauthorized entry into a computer system
D. Medical records are altered

6. An intruder removes valuable information from a computer system. What

term describes this crime?
A. Computer vandalism// this describes unauthorized entry into a
computer system.
B. Hacking
C. A person alters payroll records to attain a higher rate of pay
D. Medical alteration

7. Which of the following is not similar between real-world stalking and

cyberstalking?
A. Most victims are women
B. Most stalkers are men
C. The stalker and victim are near to each other
D. Stalker is generally motivated by the desire to control the victim

8. Which of the following is NOT a worm?

A. Storm B. I LOVE YOU C. Red Code D. SirCam

9. A Trojan horse is like a ______ that executes when it is triggered by a specific

event.
A. Botnets B. Logic bomb C. Zombies D. Rootkit

10. It is an attack on an information system that takes advantage of a particular

system vulnerability.
A. Zero-day Attack C. Worms
B. Distributed Denial-of-Service Attack D. Exploit

Closure
Wow!!! Well-done my dear student! You probably did great for this
lesson. You have got lots of things about computer and internet crimes. Now,
you’re able to proceed to the next lesson.

63 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

Privacy

Introduction
This lesson will introduce you to the right to privacy and the basis for
protecting personal privacy. Also, explore the laws that protect the privacy of
personal data and associated ethical issues. Furthermore, discuss the
capabilities of advanced surveillance technologies.

Objectives:
o Explain the right of privacy, and what is the basis for protecting
personal privacy under the law
o Discuss the laws that authorize electronic surveillance by the
government, and the associated ethical issues.
o Understand the two fundamental forms of data encryption, and how
each work.
o Articulate the various strategies for consumer profiling and the
associated ethical issues.

Let’s Get Started!

Let’s visit your Facebook account. I want you to open your FB account. Then
answer the series of questions below.
1. How many friend requests do you have?
2. How many friends do you have?
3. Do you accept friend requests even if you did not know the person?
4. Do you have birthdate information in your FB account?
5. Does your birth date information is the right date for your birthday?
6. Does your Fb name is your real name?
7. Did you set your privacy setting on your FB account?

Let’s Think About it!

Considered the questions that follow:
1. Do you experience that your account was hacked?
2. Does your FB account have a strong password and do not relate to your
personal information? Such as your last name and your birthdate.
3. Have you realized that your information was exposed to the public?
4. Do you realize that setting privacy is very important? And do not display
more information to the public? With that, are you excited to explore the
topic?

64 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

Let’s Explore!
 PRIVACY PROTECTION AND THE LAW

• Systems collect and store key data from every interaction with customers
to make better decisions
• Many objects to data collection policies of government and business
• Privacy
– A key concern of Internet users
– The top reason why non-users still avoid the Internet
• Reasonable limits must be set
• Historical perspective on the right to privacy
– Fourth Amendment reasonable expectation of privacy

Information Privacy
• Definition of privacy
– “The right to be left alone—the most comprehensive of rights, and the
right most valued by a free people”
• Information privacy is a combination of:
– Communications privacy
• Ability to communicate with others without being monitored by other
persons or organizations
– Data privacy
• Ability to limit access to one’s data by other individuals and organizations
to exercise a substantial degree of control over that data and its use

Privacy Laws, Applications, and Court Rulings

• Legislative acts passed over the past 40 years
– Most address invasion of privacy by the government
– No protection of data privacy abuses by corporations
– No single, overarching national data privacy policy
• Financial data
– Fair Credit Reporting Act (1970)
• Regulates operations of credit-reporting bureaus
– Fair and Accurate Credit Transactions Act (2003)
• Allows consumers to request and obtain a free credit
report once each year from each of the three primary
consumer credit reporting companies
• Right to Financial Privacy Act (1978)
• Protects the financial records of financial institution
customers from unauthorized scrutiny by the federal
government
– Financial data
• Gramm-Leach-Bliley Act (1999)
• Bank deregulation that enabled institutions to offer
investment, commercial banking, and insurance
services
• Three key rules affecting personal privacy
• Financial Privacy Rule

65 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

• Safeguards Rule
• Pretexting Rule
– Opt-out policy
• Assumes that consumers approve of companies collecting
and storing their personal information
• Requires consumers to actively opt-out
• Favored by data collectors
– Opt-in policy
• Must obtain specific permission from consumers before
collecting any data
• Favored by consumers
– Health information
• Health Insurance Portability and Accountability Act (1996)
• Improves the portability and continuity of health
insurance coverage
• Reduces fraud, waste, and abuse
• Simplifies the administration of health insurance
• American Recovery and Reinvestment Act (2009)
• Included strong privacy provisions for electronic
health records
• Offers protection for victims of data breaches
– State laws related to security breach notification
• Over 40 states have enacted legislation requiring
organizations to disclose security breaches
• For some states, these laws are quite stringent
– Children’s data
• Children’s Online Privacy Protection Act (1998)
• Web sites catering to children must offer
comprehensive privacy policies, notify parents or
guardians about its data-collection practices, and
receive parental consent before collecting personal
information from children under 13
• Family Education Rights and Privacy Act (1974)
• Assigns rights to parents regarding their children’s
education records
• Rights transfer to student once the student becomes
18
– Electronic surveillance
• Communications Act of 1934
• Established the Federal Communications
Commission
• Regulates all non-federal-government use of radio
and television plus all interstate communications
• Title III of the Omnibus Crime Control and Safe Streets
Act (Wiretap Act)
• Regulates interception of telephone and oral
communications
• Has been amended by new laws
• Foreign Intelligence Surveillance Act (FISA) of 1978
• Describes procedures for electronic surveillance
and collection of foreign intelligence information in

66 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

communications between foreign powers and

agents of foreign powers
• Electronic Communications Privacy Act of 1986
(ECPA)
• Protects communications in transfer from sender to
receiver
• Protects communications held in electronic storage
• Prohibits recording dialing, routing, addressing, and
signaling information without a search warrant
• Pen register records electronic impulses to identify
numbers dialed for outgoing calls
• Trap and trace records originating number of
incoming calls

– Communications Assistance for Law Enforcement Act

(CALEA) 1994
• Amended both the Wiretap Act and ECPA
• Required the telecommunications industry to build tools
into its products so federal investigators could eavesdrop
and intercept electronic communications
• Covered emerging technologies, such as:
• Wireless modems
• Radio-based electronic mail
• Cellular data networks
– USA PATRIOT Act (2001)
• Increased ability of law enforcement agencies to search
telephone, email, medical, financial, and other records
• Critics argue law removed many checks and balances that
ensured law enforcement did not abuse its powers
• Relaxed requirements for National Security Letters (NSLs)
• Export of personal data
– Organization for Economic Co-operation and Development Fair
Information Practices (1980)
• Fair Information Practices
• Set of eight principles
• Model of ethical treatment of consumer data
– Export of personal data (cont’d.)
• European Union Data Protection Directive
• Requires companies doing business within
the borders of 15 European nations to
implement a set of privacy directives on the
fair and appropriate use of information
• Goal to ensure data transferred to non-European
countries is protected
• Based on a set of seven principles for data privacy
• Concern that the U.S. government can invoke the
USA PATRIOT Act to access data
• BBBOnLine and TRUSTe
– Independent initiatives that favor an industry-regulated approach
to data privacy

67 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

– BBBOnLine reliability seal or a TRUSTe data privacy seal

demonstrates that Website adheres to a high level of data privacy
– Seals
• Increase consumer confidence in the site
• Help users make more informed decisions about whether
to release personal information

• Access to government records

• Freedom of Information Act (1966 amended 1974)
• Grants citizens the right to access certain information and records
of the federal government upon request
• Exemptions bar disclosure of information that could:
– Compromise national security
– Interfere with active law enforcement investigation
– Invade someone’s privacy
• The Privacy Act of 1974
– Prohibits government agencies from concealing the
existence of any personal data record-keeping system
– Outlines 12 requirements that each record-keeping agency
must meet
– CIA and law enforcement agencies are excluded from this
act
– Does not cover the actions of private industry
–
 Key Privacy and Anonymity Issues

• Identity theft
• Electronic discovery
• Consumer profiling

68 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

• Treating customer data responsibly

• Workplace monitoring
• Advanced surveillance technology

Identity Theft
• Theft of key pieces of personal information to impersonate a person,
including:
– Name
– Address
– Date of birth
– Social Security number
– Passport number
– Driver’s license number
– Mother’s maiden name
• Fastest-growing form of fraud in the United States
• Consumers and organizations are becoming more vigilant and proactive in
fighting identity theft
• Four approaches used by identity thieves
• Create a data breach
• Purchase personal data
• Use phishing to entice users to give up data
• Install spyware to capture keystrokes of victims
– Data breaches of large databases
• To gain personal identity information
• May be caused by:
• Hackers
• Failure to follow proper security procedures
– Purchase of personal data
• Black market for:
• Credit card numbers in bulk—$.40 each
• Logon name and PIN for a bank account—$10
• Identity information—including DOB, address,
SSN, and telephone number—$1 to $15
– Phishing
• Stealing personal identity data by tricking users into
entering information on a counterfeit Website
– Spyware
• Keystroke-logging software
• Enables the capture of:
• Account usernames
• Passwords
• Credit card numbers
• Other sensitive information
• Operates even if infected computer is not online
– Identity Theft and Assumption Deterrence Act of 1998 was
passed to fight fraud
– Identity Theft Monitoring Services
• Monitor the three major credit reporting agencies
(TransUnion, Equifax, and Experian)
• Monitor additional databases (financial institutions,
utilities, and DMV)

69 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

 Electronic Discovery

 Collection, preparation, review, and production of electronically stored

information for use in criminal and civil actions
 Quite likely that information of a private or personal nature will be
disclosed during e-discovery
 Federal Rules of Procedure define e-discovery processes
 E-discovery is complicated and requires extensive time to collect,
prepare, and review data
 Raises many ethical issues
o Should an organization attempt to destroy or conceal incriminating
evidence?
o To what degree must an organization be proactive and thorough in
providing evidence?
o Should an organization attempt to “bury” incriminating evidence in
a mountain of trivial, routine data?
 Consumer Profiling

 Companies openly collect personal information about Internet users

 Cookies
o Text files that a Web site can download to visitors’ hard drives so
that it can identify visitors later
 Tracking software analyzes browsing habits
 Similar controversial methods are used outside the Web environment
 Aggregating consumer data
o Databases contain a huge amount of consumer behavioral data
o Affiliated Websites are served by a single advertising network
 Collecting data from Web site visits
o Goal: provide customized service for each consumer
o Types of data collected
 GET data
 POST data
 Click-stream data
 Four ways to limit or stop the deposit of cookies on hard drives
o Set the browser to limit or stop cookies
o Manually delete them from the hard drive
o Download and install a cookie-management program
o Use anonymous browsing programs that don’t accept cookies
 Personalization software
o Used by marketers to optimize the number, frequency, and
mixture of their ad placements
 Rules-based
 Collaborative filtering
 Demographic filtering
 Contextual commerce
 Consumer data privacy
o A platform for Privacy Preferences (P3P)
 Shields users from sites that don’t provide the level of
privacy protection desired

Treating Consumer Data Responsibly

70 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

 Strong measures are required to avoid customer relationship problems

 Companies should adopt:
o Fair Information Practices
o 1980 OECD privacy guidelines
 Federal Trade Commission responsible for protecting the privacy of U.S.
consumers
 Chief privacy officer (CPO)
o Executive to oversee data privacy policies and initiatives

 Workplace Monitoring

• Employers monitor workers

– Protect against employee abuses that reduce worker productivity or
expose the employer to harassment lawsuits
• Fourth Amendment cannot be used to limit how a private employer treats
its employees
– Public-sector employees have far greater privacy rights than in the private
industry
• Privacy advocates want federal legislation
– To keep employers from infringing upon privacy rights of employees
• Employers monitor workers
– Protect against employee abuses that reduce worker productivity or
expose the employer to harassment lawsuits
• Fourth Amendment cannot be used to limit how a private employer treats
its employees
– Public-sector employees have far greater privacy rights than in the private
industry
• Privacy advocates want federal legislation
– To keep employers from infringing upon privacy rights of employees

 Advanced Surveillance Technology

71 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

 Camera surveillance
o Many cities plan to expand surveillance systems
o Advocates argue people have no expectation of privacy in a public
place
o Critics concerned about potential for abuse
 Global positioning system (GPS) chips
o Placed in many devices
o Precisely locate users
o Banks, retailers, airlines eager to launch new services based on
knowledge of consumer location
Let’s Do It!
Self- Assessment Questions (AA2) : Answer the following questions:
1. Which of the following describe the Information privacy?
A. The combination of communications privacy and data privacy
B. The ability to communicate with others without those communications
being monitored by another person or organization.
C. The ability to limit access to one’s personal data by other individuals
and organizations in order to exercise a substantial degree of control
over that data and its use
D. None of the above

2. A law passed in 1970 that regulates the operations of credit-reporting

bureaus, including how they collect, store, and use credit information.
A. Fair Information Practices
B. Fair Credit Reporting Act
C. Right to Financial Privacy Act
D. Financial Data

3. The collection, preparation, review, and production of electronically stored

information for use in criminal and civil legal actions and proceedings.
A. Electronic discovery
B. Electronic Health Record
C. Education Rate Program
D. Electronically Stored Information (ESI)

4. Any form of digital information, including emails, drawings, graphs, Web

pages, photographs, word-processing files, sound recordings, and
databases stored on any form of magnetic storage device, including hard
drives, CDs, and flash drives.

A. Electronic discovery
B. Electronic Health Record
C. Education Rate Program
D. Electronically Stored Information (ESI)

5. An electronic text file that a Web site downloads to visitors’ hard drives so it
can identify them on subsequent visits.

72 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

A. Electronic Discovery
B. Communication Assistance for Law Enforcement Act
C. Cookies
D. Downloads

6. Which of the following names of the software used by U.S. Food and Drug
Administration(FDA) captured some 80,000 pages of email including users’
email passwords and bank account information.?
A. Mkeystroke Monitoring
B. Ukeystroke monitoring
C. Keystroke monitoring
D. Xkeystroke monitoring

7. How much the number of many closed circuits TV cameras (CCTV) in

operation throughout Great Britain – which amount to 1 CCTV camera for
every 14 people.
A. 4.1 million
B. 4.2 million
C. 4.3 million
D. 4.4 million

8. How many citizens of every 1 CCTV camera in china?

A. 469,000
B. 470, 000
C. 472,000
D. 474,000

9. A device that records vehicle and occupant data for a few seconds before,
during, and after any vehicle crash that is severe enough to deploy the
vehicle’s air bags.
A. Vehicle event data recorder
B. Block box
C. Virtualization software
D. Vehicle event software

10. Which of the following is NOT spy software?

A. Mobile Spy
B. ePhone Tracker
C. FlexSPY
D. Mobile Nanny

Closure
Wow!!! Well-done my dear student! You probably did great for this
lesson. You have got lots of things about Privacy. Now, you’re able to
proceed to the next lesson.

73 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

Freedom of Expression

Introduction
This lesson will introduce you to the protection of freedom of
expression and what type of expression is not protected under the law. Also,
introduce to you some of the key federal laws that affect online freedom of
expression and freedom of expression issues related to the use of
information technology.
Objectives:
o Articulate the legal basis for the protection of freedom of speech, and
what types of are not protected under the laws
o Explain the ways that the Internet presents new challenges in the
area of freedom of expression.
o Explain the key free-speech issues relate to the use of information
technology

Let’s Get Started!

SAY SOMETHING! I want you to describe briefly the following picture:
1. Which human right is represented in this picture?

2. Which human right is represented in this picture?

74 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

3. Which human right is represented in this picture?

Let’s Think About it!

Considered the questions that follow:
1. What are some of the underlying ideas and values of the three (3) pictures?
____________________________________________________________
____________________________________________________________
____________________________________________________________

2. Based on the three (3) pictures, what are the human rights that we have?
____________________________________________________________
____________________________________________________________
____________________________________________________________

3. Who do you think should be responsible for upholding the rights? Are you
sure that the right is protected and respected?
____________________________________________________________
____________________________________________________________
____________________________________________________________
____________________________________________________________

75 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

Let’s Explore!
First Amendment Rights

 Right to freedom of expression

o Important right for free people everywhere
o Guaranteed by the First Amendment
 Definition of free speech includes:
o Nonverbal, visual, and symbolic forms of expression
o Right to speak anonymously
 Not protected by the First Amendment
o Perjury
o Fraud
o Defamation
o Obscene speech
o Incitement of panic
o Incitement to crime
o “Fighting words”
o Sedition
 Obscene Speech

 Based on Miller v. California, speech is considered obscene when:

o Average person finds the work appeals to the prurient interest
o Work depicts or describes sexual conduct in an offensive way
o Lacks serious literary, artistic, political, or scientific value
 Defamation
 Oral or written statement of alleged fact that is:
o False

76 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

o Harms another person

 Harm is often of a financial nature
 Slander
o Oral defamatory statement
 Libel
o Written defamatory statement

Freedom of Expression: Key Issues

o Controlling access to information on the Internet

o Anonymity on the Internet
o Defamation and hate speech
o Corporate blogging
o Pornography

 Controlling Access to Information on the Internet

 Freedom of speech on the Internet is complicated by the ease by which

children can access the Internet
 Communications Decency Act (CDA)
o Aimed at protecting children from pornography
o Broad language and vague definition of indecency
o Found unconstitutional in 1997
 Child Online Protection Act (COPA)
o Applies to communication for commercial purposes
o Imposes penalties for exposing minors to harmful material on the
Web
o Found unconstitutional in 2004
 Internet filtering
o Software installed with a Web browser
o Blocks access to certain Web sites deemed to contain
inappropriate or offensive material

77 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

 URL filtering
o Blocks objectionable URLs or domain names
 Keyword filtering
o Blocks keywords or phrases
 Dynamic content filtering
o Web site’s content is evaluated immediately before being
displayed
o Uses
 Object analysis
 Image recognition
 Top-rated Internet filters for home users
o NetNanny Parental Controls
o PureSight PC
o CYBERsitter
o SafeEyes
o CyberPatrol
 ICRA rating system
o Questionnaire for Web authors
o Generates a content label
 Platform for Internet Content Selection (PICS)
o Users configure browsers to read the label
o Relies on Web authors to rate their site
o Complement to other filtering techniques
 ISP blocking
o Blocking is performed on the ISP server
o ClearSail/Family.NET prevents access to certain Websites
 Children’s Internet Protection Act (CIPA)

 Federally financed schools and libraries must block computer access to:
o Obscene material
o Pornography
o Anything considered harmful to minors

78 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

 Schools and libraries subject to CIPA do not receive Internet access

discounts unless they:
o Put in place measures to filter obscene pictures, contain child
pornography, or are harmful to minors
o Adopt a policy to monitor the online activities of minors
o Adopt a policy restricting minors’ access to materials harmful to
them
 CIPA does not require the tracking of Internet use by minors or adults
 Acceptable use policy agreement is an essential element of a successful
program in schools
o Signed by:
– Students
– Parents
– Employees
• Difficulty implementing CIPA in libraries because their services
are open to people of all ages
• Including adults with First Amendment rights
• CIPA has been upheld as constitutional by U.S. Supreme Court
(U.S. v American Library Association)
 Anonymity on the Internet

• Anonymous expression is an expression of opinions by people

who do not reveal their identity
• Freedom to express an opinion without fear of reprisal is an
important right in a democratic society
• Anonymity is even more important in countries that do not allow
free speech
• Played an important role in the early formation of the U.S.
• In the wrong hands, it can be a tool to commit illegal or unethical
activities
• Anonymous remailer service
– Computer program that strips the originating address from
the email message
– Forwards the message to the intended recipient

79 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

– Ensures no header information can identify the author

– Keeps what is communicated anonymous
– What is communicated and whether it is ethical or
unethical, legal or illegal, is up to the sender
• John Doe lawsuit
– Defendant communicates using a pseudonym or
anonymously so the identity of the defendant is temporarily
unknown
– Common in Internet libel cases
– Once John Doe lawsuit is filed, the company may request
court permission to issue subpoenas
– ISPs frequently subpoenaed to provide the identity of
anonymous “John Does”
– Anonymity on the Internet cannot be guaranteed

 Defamation and Hate Speech

Hate speech that can be prosecuted includes:

o Clear threats and intimidation against specific citizens
o Sending threatening private messages over the Internet to a
person
o Displaying public messages on a Web site describing intent to
commit acts of hate-motivated violence against specific
individuals
o Libel directed at a particular person
 Many ISP's reserve right to remove content that does not meet their
standards
 Such actions do not violate the subscriber’s First Amendment rights
because these prohibitions are in terms of service
o ISPs must monitor the use of their service
o Take action when terms are violated
 Public schools and universities are legally considered agents of the
government and must follow the First Amendment prohibition against
speech restrictions

80 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

 Corporations, private schools, and private universities not part of state or

federal government
o May prohibit students, instructors, and employees from engaging
in offensive speech

 Corporate Blogging

 Some organizations allow employees to create their blogs too:

o Reach out to partners, customers, and employees
o Improve their corporate image
 Blogs can provide uncensored commentary and interaction
o Criticism of corporate policies and decisions
 Could involve risk that employees might:
o Reveal company secrets
o Breach federal security disclosure laws
Pornography
 The Internet has been a boon to the pornography industry
o More than 4.2 million porn Web sites are accessible
o The sites generate an estimated $1 to $7 billion a year in revenue
o 72 million estimated visitors to porn Web sites monthly
 Individuals free to produce and publish what they want; however, if what
they distribute is judged obscene, they are subject to prosecute
o California v Miller set precedent for what is obscene
 Many organizations take steps to stop access in the workplace
o Establishing a computer usage policy that prohibits access to
pornography sites
o Identifying those who violate the policy
o Taking action against those users
o Failure to take action against pornography could result in a sexual
harassment lawsuit
 Numerous federal laws address child pornography
o Federal offense to produce or distribute
o Most states outlaw possession as well
 At least seven states require computer technicians to report child
pornography on clients’ computers

81 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

 Sexting is sending of sexual messages, nude or seminude photos, or

sexually explicit videos over a cell phone
o Fast-growing trend
 CAN-SPAM Act
o Specifies requirements that commercial retailers must follow
when sending messages
o Each violation can result in $250 - $750 fine
o Federal Trade Commission charged with enforcing the act but has
not done so effectively
o Deterrent in fighting the dissemination of pornography

Let’s Do It!
Self- Assessment Questions (AA2) : Answer the following questions.
1. The following key issues related to freedom of expression except ____.
A. Controlling access to information on the internet
B. Anonymity on the internet
C. Defamation and hate speech
D. Social Media Bullying

2. Which of the following is NOT part of the controlling Access to information on

the internet?
A. Communications Decency Act
B. American Civil Liberties Union
C. Child Online Protection Act
D. Children’s Internet Protection Act
3. The Communication Decency Act aims is to protect children from
pornography on the internet. How much is the fine once the person convicted
of the transmission of “indecent” material over the internet?
A. $250,000
B. $350,000
C. $450,000
D. $550,000
4. In what section of the CDA that gives immunity to the social media companies
that will not be sued for user postings that appear on their sites?
A. Section 30
B. Section 130
C. Section 230
D. Section 330
5. A software that can be used to block access to certain Web sites that contain
material deemed inappropriate or offensive.
A. Firewall
B. Internet Filtering
C. Controlling access to information on the internet
D. Internet Censorship

82 | P a g e
 IC 112 – PROFESSINAL ETHICS IN COMPUTING

6. Base June 30, 2012 on the Top five countries with the highest number of
internet users. Which of the following countries rank the highest percentage
result of internet users.
A. China
B. United States
C. India
D. Japan (79.5%)
7. What country that their government demands have closed more Google
Gmail accounts and more blogger sites than in any other country.
A. Brazil
B. China
C. Cuba
D. Egypt
8. Despite the importance of anonymity in early America, it took nearly
______ years for the Supreme Court to render rulings that addressed
anonymity as an aspect of the Bill of Rights.
A. 50 years
B. 100 years
C. 150 years
D. 200 years
9. It involves the examination of Internet records in an attempt to reveal the
identity of an anonymous poster is called ____.
A. Transparency
B. Internet censorship
C. Doxing
D. Anonymous remailer service
10. A lawsuit in which the identity of the defendant is temporarily unknown,
typically because the defendant is communicating anonymously or using a
pseudonym.
A. John Doe Lawsuit
B. Jacob Watterling Lawsuit
C. Miller v. California
D. Intrusion Detection Lawsuit

Closure

Wow!!! Well-done my dear student! You probably did great for this
lesson. You have got lots of things about freedom of expression. Now, you’re
able to proceed to the next lesson.

83 | P a g e