Professional Ethics Definition

Professional ethics are standards set by professional organizations for the behavior and values of
people working within a specific field.

Professional and Ethical Standards

It is advised that all professionals must be able to demonstrate that they act with integrity. They
shall be honest, straightforward and trustworthy in all their dealings. Professional shall be
conveying appropriate and necessary information in a way that is understandable to the recipient.
Confidential information shall not be divulged to unintended receivers at the same time they have
to be open and transparent to the concerned parties in all their works. A professional shall act
impartially, without any bias and in the event of any conflicting interest or any potential conflict of
interest; the same shall be informed to the relevant parties. Public interests need to be taken care
prior to making any decisions and a professional shall not accept a gift if it may create an improper
obligation.

A professional shall always provide the best possible service within the context of scope of
engagement. They should clearly understand the employer’s requirements. An efficient and
effective communication system shall be in place. Always try to provide a fair and reasonable
treatment.
Not only the professional life but the activities in personal life of a professional are also equally
important. Always try to keep promises; do what is said and say only what can be done.
Treat others with courtesy, politeness, consideration and respect immaterial of their race, religion,
size, age, gender, disability, country of origin, cultural differences etc. Never discriminate against
anyone for whatever reason. Always try to provide a fair and respectful treatment as part of
business culture.
A professional shall be accountable for all their actions; they have to take responsibility whether it
is right or wrong. They are supposed to act with skill, care and diligence. A proper Complaints
handling mechanism shall be established and all the complaints are to be attended to and resolved
in a constructive and professional manner.
What is professionalism?
Professionalism describes how you conduct yourself when you're at work so that you represent
both yourself and your organization positively. In many workplaces, the leadership outlines the
expectations for behavior and appearance of the staff. Part of being professional is adhering to
these requirements. It's also about embodying professional characteristics and the values of your
organization so that you're a good representative and role model.

Top 10 professionalism characteristics

There are several important professionalism characteristics. These characteristics are about the
way you present yourself and interact with others in your career. Regardless of your industry, job
or the stage you're at in your career, demonstrating professionalism can help you access
opportunities and create an excellent reputation for yourself and your employer. These are some
important characteristics of professionalism:
1. Appearance
Having a tidy appearance is one quality of a professional. This is about the way you dress for
work and maintaining good personal hygiene. Having a professional appearance means
conforming to the dress code of your workplace and paying special attention to your appearance if
you're attending an interview or an important meeting. When you're representing yourself and
your employer, looking smart and professional is important for making a good impression.
Related: A guide to business professional attire: definition and tips
2. Manners
Having professional manners means being polite and well-spoken when interacting with clients
and colleagues. Professional behavior means having good manners with everyone you engage
with, including more junior staff members. It also means being respectful towards others. Being
professional means putting your personal feelings aside and treating everyone with the same level
of respect and manners.
3. Competence
Professionals are competent in their field and in their job. This helps to set that person apart from
others. You can take steps to continually improve your competence as a professional. This could
involve undergoing further training or education, attending industry events and seminars or
gaining professional certifications in your field.
4. Reliability
Another characteristic of professionalism is reliability. You can assure others they can rely on you
by responding to clients or colleagues in a consistent manner and following through on promises
that you make. Being reliable means that you meet and exceed expectations so that others have
confidence in you. Having strong communication skills so that you can clarify information with
others can help you meet expectations and gain a reputation as a reliable professional.
5. Ethics
Professionals also behave ethically. In some industries, like law or medicine, they expect you to
adhere to industry-wide ethical codes. Even if you work in a different industry, it's important to still
behave ethically. This means following correct procedures, being accountable for your actions and
showing trust and respect towards your colleagues.
Related: 8 ethical issues in business and how to manage them
6. Poise
Another significant characteristic of professionalism is poise. This means remaining calm and
focused, even in challenging or stressful situations. When a difficult situation arises, it's important
to present your arguments in a clear and structured way. Showing poise in challenging situations
can improve your reputation and demonstrate your credibility as a professional.
7. Communication
Professionalism requires appropriate communication skills both verbally and in writing. During
telephone calls, this means clearly introducing yourself, giving the other person opportunities to
speak and actively listening to them. In written communication, professional behavior involves
sharing information clearly and concisely, with a polite tone. Think carefully about what to say in
written communication, like emails. Checking spelling and grammar before sending written
communications is also important.
8. Organization
Being professional also means being well organized, especially when you're handling multiple
tasks and priorities. Effective time management and prioritization skills, plus keeping your
workspace tidy and well organized, can help with this. Being organized helps you to respond to
others promptly and find information quickly.
9. Accountability
Accountability means taking responsibility for your own actions, and this is an important
characteristic of professionalism. This means admitting mistakes and taking steps to rectify them.
Taking ownership of your mistakes shows that you have integrity and are likely to benefit your
professional relationships. You can also use mistakes and setbacks as an opportunity to learn.
10. Timeliness
While being reliable means that people trust you to show up, complete your assigned tasks or be
available in a tough situation, being timely is also a part of professionalism. Many businesses and
organizations have tight schedules and calendars filled with appointments. Arriving on time or
early can show that you respect others and have a commitment to a project or company.
Ethics VS Morals
Ethics and morals relate to “right” and “wrong” conduct. While they are sometimes used
interchangeably, they are different: ethics refer to rules provided by an external source, e.g.,
codes of conduct in workplaces or principles in religions. Morals refer to an individual’s own
principles regarding right and wrong.

Comparison chart

Ethics versus Morals comparison chart

Ethics Morals

What are The rules of conduct recognized in Principles or habits with respect to right or
they? respect to a particular class of human wrong conduct. While morals also
actions or a particular group or culture. prescribe dos and don'ts, morality is
ultimately a personal compass of right and
wrong.

Where do Social system - External Individual - Internal

they come
from?

Why we do Because society says it is the right Because we believe in something being
it? thing to do. right or wrong.

Flexibility Ethics are dependent on others for Usually consistent, although can change if
definition. They tend to be consistent an individual’s beliefs change.
within a certain context, but can vary
between contexts.

The "Gray" A person strictly following Ethical A Moral Person although perhaps bound
Principles may not have any Morals at by a higher covenant, may choose to
all. Likewise, one could violate Ethical follow a code of ethics as it would apply to
Principles within a given system of a system. "Make it fit"
rules in order to maintain Moral
integrity.
 Ethics versus Morals comparison chart

Ethics Morals

Origin Greek word "ethos" Latin word "mos" meaning "custom"

meaning"character"

Acceptability Ethics are governed by professional Morality transcends cultural norms

and legal guidelines within a particular
time and place
Ethics in IT
Computers and information systems are used everywhere in society. New technologies are
invaluable tools but they may have serious ethical consequences. The way an information
technology tool affects sensitive issues has a direct impact on its effectiveness and usability. It may
be difficult for users and stakeholders to adopt a computer system if they feel that its use violates
important values and interests. To take advantage of a computer tool may not be easy in situations
dominated by ethical conflicts. There is a great risk that expensive but necessary computer
systems are abandoned because of scandals and conflicts. There is also a risk that ethically
controversial systems are used sub optimally, that persons may get hurt, and that organizations
may be damaged if they hesitate to use otherwise important and necessary computer tools.
Ethics in IT aims at the construction of tools that can be applied in systems development and use
for the consideration of significant ethical aspects. The application of suitable ethical tools is a
prerequisite to consider significant aspects in all phases of computer systems development,
implementation and use. Ethical tools are necessary not only to construct a system that avoids
conflicts with significant moral principles but mainly to build a successful system that will play a
significant role in satisfying the most important values of users and stakeholders.

The 30 Corporate Lessons from Holy Quran.*

Professional Ethics for Computer Science

Lecture 2: Ethics for IT Professionals

and IT Users

Klaus Mueller

Computer Science Department

Stony Brook University
 Objectives

What key characteristics distinguish a professional from

other kinds of workers, and what is the role of an IT
professional?

What relationships must an IT professional manage, and

what key ethical issues can arise in each?

How do codes of ethics, professional organizations,

certification, and licensing affect the ethical behavior of
IT professionals?
 Objectives (continued)

What are the key tenets of four different codes of ethics that
provide guidance for IT professionals?

What are the common ethical issues that face IT users?

What approaches can support the ethical practices of IT

users?
 IT Professionals

Profession is a calling that requires

• specialized knowledge
• long and intensive academic preparation
 Are IT Workers Professionals?

Partial list of IT specialists

• programmers
• systems analysts
• software engineers
• database administrators
• local area network (LAN) administrators
• chief information officers (CIOs)
 Are IT Workers Professionals?

Legal perspective
• IT workers are not recognized as professionals
• not licensed
• IT workers are not liable for malpractice
 Professional Codes of Ethics

A professional code of ethics states the principles and core

values that are essential to the work of a particular
occupational group
• a law does not provide complete guide to ethical behavior
Main parts:
• outlines what the professional organization aspires to become
• lists rules and principles by which members of the organization are
expected to abide

Benefits for individual, profession, and society

• improves ethical decision making
• promotes high standards of practice and ethical behavior
• enhances trust and respect from the general public
• provides an evaluation benchmark
 Professional Organizations

No universal code of ethics for IT professionals

No single, formal organization of IT professionals has
emerged as preeminent
Professional organizations enable
• building of professional and working relationships
• sharing of useful information (stay up-to-date)
• provides a stamp of adhering to defined standards
Most prominent organizations include:
• Association for Computing Machinery (ACM)
• Association of Information Technology Professionals (AITP)
• Computer Society of the Institute of Electrical and Electronics
Engineers (IEEE-CS)
• Project Management Institute (PMI)
 Certification

Indicates a professional possesses a particular set of skills,

knowledge, or abilities in the opinion of a certifying
organization
Can also apply to products
Generally voluntary
Carries no requirement to adhere to a code of ethics
Can serve as a benchmarks for mastery of a certain skill set
and knowledge
• good way to document and structure the acquisition of new skills
and knowledge
• get re-certified to stay up-to-date
 Certification: Vendor Certifications

Vendor certifications
• Cisco, IBM, Microsoft, etc.
• some certifications substantially improve IT workers’ salaries and
career prospects
• relevant for narrowly defined roles
- or certain aspects of broader roles
• require passing a written exam
• workers are commonly recertified as newer technologies become
available
 Certification: Industry Association Certifications

Industry association certifications

• require a certain level of experience and a broader perspective than
vendor certifications
• lag in developing tests that cover new technologies
 Government Licensing

Generally administered at the state level in the United States

• examples: CPAs, doctors, lawyers, etc.
• but also engineers that perform engineering services for the public
Case for licensing IT professionals
• encourage IT professionals to follow the highest standards of the
profession
• practice a code of ethics
• violators would be punished by law
• without it there is no incentive for heightened care and no concept of
malpractice
• licensing of IT professionals may improve today’s very complex IT
systems
 Government Licensing

Adverse issues associated with government licensing of IT

professionals
• there are few international or national licensing programs for IT
professionals
• no universally accepted core body of knowledge
• unclear who should manage content and administration of
licensing exams
• no administrative body to accredit professional education
programs
• no administrative body to assess and ensure competence of
individual professionals
 IT Professional Malpractice

Negligence:
• not doing something that a reasonable man would do, or doing
something that a reasonable man would not do

Duty of care:
• the obligation to protect people against any unreasonable harm or
risk

Courts consistently reject attempts to sue individual parties for

computer-related malpractice
 IT Users

Employees’ ethical use of IT is an area of growing concern

 Common Ethical Issues for IT Users

Software piracy
• copying work software for use at home (even when doing some
work at home) is considered piracy

Inappropriate use of computing resources

• surf work-unrelated websites
• send questionable email
• etc
Inappropriate sharing of information
• private data
• confidential information
 Supporting the Ethical Practices of IT Users

Policies that protect against abuses:

• establish boundaries of acceptable and unacceptable behavior
• enable management to punish violators
Policy components include:
• defining and limiting the appropriate use of IT resources
• establishing guidelines for use of company software
• structuring information systems to protect data and information
• installing and maintaining a corporate firewall
ACM (Association for Computing Machinery) Code of Ethics
and Professional Conduct
Computing professionals' actions change the world. To act responsibly, they should
reflect upon the wider impacts of their work, consistently supporting the public good.
The ACM Code of Ethics and Professional Conduct ("the Code") expresses the
conscience of the profession.

The Code is designed to inspire and guide the ethical conduct of all computing
professionals, including current and aspiring practitioners, instructors, students,
influencers, and anyone who uses computing technology in an impactful way.

Section 1 outlines fundamental ethical principles that form the basis for the remainder of
the Code. Section 2 addresses additional, more specific considerations of professional
responsibility. Section 3 guides individuals who have a leadership role, whether in the
workplace or in a volunteer professional capacity. Commitment to ethical conduct is
required of every ACM member, ACM SIG member, ACM award recipient, and ACM
SIG award recipient. Principles involving compliance with the Code are given in Section
4.

1. GENERAL ETHICAL PRINCIPLES.

A computing professional should...

1.1 Contribute to society and to human well-being, acknowledging that all

people are stakeholders in computing.

This principle, which concerns the quality of life of all people, affirms an obligation of
computing professionals, both individually and collectively, to use their skills for the
benefit of society, its members, and the environment surrounding them. This obligation
includes promoting fundamental human rights and protecting each individual's right to
autonomy. An essential aim of computing professionals is to minimize negative
consequences of computing, including threats to health, safety, personal security, and
privacy. When the interests of multiple groups conflict, the needs of those less
advantaged should be given increased attention and priority.

Computing professionals should consider whether the results of their efforts will respect
diversity, will be used in socially responsible ways, will meet social needs, and will be
broadly accessible. They are encouraged to actively contribute to society by engaging in
pro bono or volunteer work that benefits the public good.

1.2 Avoid harm.

In this document, "harm" means negative consequences, especially when those
consequences are significant and unjust. Examples of harm include unjustified physical
or mental injury, unjustified destruction or disclosure of information, and unjustified
damage to property, reputation, and the environment. This list is not exhaustive.

Well-intended actions, including those that accomplish assigned duties, may lead to
harm. When that harm is unintended, those responsible are obliged to undo or mitigate
the harm as much as possible. Avoiding harm begins with careful consideration of
potential impacts on all those affected by decisions. When harm is an intentional part of
the system, those responsible are obligated to ensure that the harm is ethically justified.
In either case, ensure that all harm is minimized.

1.3 Be honest and trustworthy.

Honesty is an essential component of trustworthiness. A computing professional should

be transparent and provide full disclosure of all pertinent system capabilities, limitations,
and potential problems to the appropriate parties. Making deliberately false or
misleading claims, fabricating or falsifying data, offering or accepting bribes, and other
dishonest conduct are violations of the Code.

Computing professionals should be honest about their qualifications, and about any
limitations in their competence to complete a task. Computing professionals should be
forthright about any circumstances that might lead to either real or perceived conflicts of
interest or otherwise tend to undermine the independence of their judgment.
Furthermore, commitments should be honored.

Computing professionals should not misrepresent an organization's policies or

procedures, and should not speak on behalf of an organization unless authorized to do
so.

1.4 Be fair and take action not to discriminate.

The values of equality, tolerance, respect for others, and justice govern this principle.
Fairness requires that even careful decision processes provide some avenue for
redress of grievances.

Computing professionals should foster fair participation of all people, including those of
underrepresented groups. Prejudicial discrimination on the basis of age, color, disability,
ethnicity, family status, gender identity, labor union membership, military status,
nationality, race, religion or belief, sex, sexual orientation, or any other inappropriate
factor is an explicit violation of the Code. Harassment, including sexual harassment,
bullying, and other abuses of power and authority, is a form of discrimination that,
amongst other harms, limits fair access to the virtual and physical spaces where such
harassment takes place.
The use of information and technology may cause new, or enhance existing, inequities.
Technologies and practices should be as inclusive and accessible as possible and
computing professionals should take action to avoid creating systems or technologies
that disenfranchise or oppress people. Failure to design for inclusiveness and
accessibility may constitute unfair discrimination.

1.5 Respect the work required to produce new ideas, inventions, creative
works, and computing artifacts.

Developing new ideas, inventions, creative works, and computing artifacts creates value
for society, and those who expend this effort should expect to gain value from their
work. Computing professionals should therefore credit the creators of ideas, inventions,
work, and artifacts, and respect copyrights, patents, trade secrets, license agreements,
and other methods of protecting authors' works.

1.6 Respect privacy.

The responsibility of respecting privacy applies to computing professionals in a

particularly profound way. Technology enables the collection, monitoring, and exchange
of personal information quickly, inexpensively, and often without the knowledge of the
people affected. Therefore, a computing professional should become conversant in the
various definitions and forms of privacy and should understand the rights and
responsibilities associated with the collection and use of personal information.

Software Engineering Code of Ethics and Professional Practice

The short version of the code summarizes aspirations at a high level of the abstraction;
the clauses that are included in the full version give examples and details of how these
aspirations change the way we act as software engineering professionals. Without the
aspirations, the details can become legalistic and tedious; without the details, the
aspirations can become high sounding but empty; together, the aspirations and the
details form a cohesive code.

Software engineers shall commit themselves to making the analysis, specification,

design, development, testing and maintenance of software a beneficial and respected
profession. In accordance with their commitment to the health, safety and welfare of the
public, software engineers shall adhere to the following Eight Principles:

1. PUBLIC – Software engineers shall act consistently with the public interest.

2. CLIENT AND EMPLOYER – Software engineers shall act in a manner that is in the
best interests of their client and employer consistent with the public interest.
3. PRODUCT – Software engineers shall ensure that their products and related
modifications meet the highest professional standards possible.

4. JUDGMENT – Software engineers shall maintain integrity and independence in their

professional judgment.

5. MANAGEMENT – Software engineering managers and leaders shall subscribe to

and promote an ethical approach to the management of software development and
maintenance.

6. PROFESSION – Software engineers shall advance the integrity and reputation of the
profession consistent with the public interest.

7.COLLEAGUES – Software engineers shall be fair to and supportive of their

colleagues.

8. SELF – Software engineers shall participate in lifelong learning regarding the practice
of their profession and shall promote an ethical approach to the practice of the
profession.
 Professional Ethics and
Responsibilities
CSE 312 – Legal, Social, and Ethical Issues in
Information Systems
Stony Brook University
http://www.cs.stonybrook.edu/~cse312

1
Ch 9: Professional Ethics and Responsibilities
9.1 What Is “Professional Ethics”?
9.2 Ethical Guidelines for Computer Professionals
9.2.1 Special Aspects of Professional Ethics
9.2.2 Professional Codes of Ethics
9.2.3 Guidelines and Professional Responsibilities
9.3 Scenarios
9.3.1 Introduction and Methodology
9.3.2 Protecting Personal Data
9.3.3 Designing an Email System With Targeted Ads
9.3.4 Webcams in School Laptops
9.3.5 Publishing Security Vulnerabilities
9.3.6 Specifications
9.3.7 Schedule Pressures
9.3.8 Software License Violation
9.3.9 Going Public
9.3.10 Release of Personal Information
9.3.11 Conflict of Interest
9.3.12 Kickbacks and Disclosure
9.3.13 A Test Plan
9.3.14 Artificial Intelligence and Sentencing Criminals
2 9.3.15 A Gracious Host (c) Paul Fodor (CS Stony Brook) and Pearson
9.1. What is "Professional Ethics"?
 Professional ethics includes relationships with and responsibilities toward
customers, clients, coworkers, employees, employers, others who use
one’s products and services, and others whom they affect
 A professional has a responsibility to act ethically.
 Lapses in ethics in many professional fields
 A famed and respected researcher published falsified stem cell research
and claimed accomplishments he had not achieved
 A writer invented dramatic events in what he promoted as a factual
memoir of his experiences
 Many professions have a code of ethics that professionals are expected to
abide by
 Medical doctors must decide how to set priorities for organ transplant
recipients.
 Lawyers and judges
3
 Accountants
(c) Paul Fodor (CS Stony Brook) and Pearson
What is "Professional Ethics"?
 Computer professional issues:
 How much risk (to privacy, security, safety) is acceptable in a system?
 What uses of another company’s intellectual property are acceptable?
 Honesty is one of the most fundamental ethical values; however,
many ethical problems are more subtle than the choice of being
honest or dishonest
 Some ethical issues are controversial

4
(c) Paul Fodor (CS Stony Brook) and Pearson
9.2 Ethical Guidelines for Computer
Professionals
Special Aspects of Professional Ethics
 A professional is an expert in a field
 Customers rely on the knowledge, expertise, and honesty of the
professional
 The products of many professionals (e.g., highway bridges,
investment advice, surgery protocols, and computer systems)
profoundly affect large numbers of people
 A computer professional’s work can affect the life, health, finances,
freedom, and future of a client or members of the public
 A professional can cause great harm through dishonesty, carelessness, or
incompetence
 The victims have little ability to protect themselves; they are not the direct
customers of the professional and have no direct control or decision making role in
choosing the product or making decisions about its quality and safety

5
(c) Paul Fodor (CS Stony Brook) and Pearson
Ethical Guidelines for Computer Professionals
 Software Engineering Code of Ethics and
Professional Practice
http://www.acm.org/about/se-code
 ACM Code of Ethics and Professional
Conduct
https://www.acm.org/about-acm/acm-
code-of-ethics-and-professional-conduct

6
(c) Paul Fodor (CS Stony Brook) and Pearson
Ethical Guidelines for Computer Professionals
Special Aspects of Professional Ethics
 Professionals must maintain up to date skills and knowledge
 Because of the complexity, risks, and impact of computer
systems, a professional has an ethical responsibility not simply
to avoid intentional evil, but to exercise a high degree of care
and follow good professional practices to reduce the
likelihood of problems
 A responsibility to maintain an expected level of competence
and be up to date on current knowledge, technology, and
standards of the profession

7
(c) Paul Fodor (CS Stony Brook) and Pearson
Ethical Guidelines for Computer Professionals
Professional Codes of Ethics
 Many professional organizations have codes of professional
conduct
 Provide a general statement of ethical values and remind
people in the profession that ethical behavior is an essential
part of their job
 Provide valuable guidance for new or young members of the
profession who want to behave ethically but do not know
what is expected of them
 Remind people in the profession that ethical behavior is an
essential part of their job

8
(c) Paul Fodor (CS Stony Brook) and Pearson
Ethical Guidelines for Computer Professionals
Guidelines and Professional Responsibilities
 Developers and institutional users of computer systems must
view the system’s role and their responsibility in a wide enough
context
 Include users (such as medical staff, technicians, pilots, office
workers) in the design and testing stages to provide safe and
useful systems
 A system for a newborn nursery at a hospital rounded each
baby’s weight to the nearest pound.
 For premature babies, the difference of a few ounces is crucial
information
 Do a thorough, careful job when planning and scheduling a
project and when writing bids or contracts
 allocate sufficient time and budget for testing
9
(c) Paul Fodor (CS Stony Brook) and Pearson
9.3 Scenarios
Introduction and Methodology
 We look for ways to reduce negative
consequences
 1. Brainstorming phase
 List all the people and organizations affected (the
stakeholders)
 List risks, issues, problems, and consequences
 List benefits. Identify who gets each benefit
 In cases where there is no simple yes or no decision,
but rather one has to choose some action, list possible
actions
40
(c) Paul Fodor (CS Stony Brook) and Pearson
Scenarios
Introduction and Methodology
 2. Analysis phase
 Identify responsibilities of the decision maker
 Identify rights of stakeholders
 Consider the impact of the options on the
stakeholders (consequences, risks, benefits, harms,
costs)
 Categorize each potential action as ethically
obligatory, prohibited, or acceptable
 When there are multiple options, select one,
considering the ethical merits of each, courtesy to
others, practicality, self-interest, personal
41
preferences, etc.
(c) Paul Fodor (CS Stony Brook) and Pearson
Scenarios
Scenario 1: Protecting Personal Data
 Your customer is a community clinic that works with families with
problems of family violence.
 It has three sites in the same city, including a shelter for battered women
and children.
 The director wants a computerized record and appointment system,
networked for the three sites.
 She wants a few laptop computers on which staffers can carry records
when they visit clients at home and stay in touch with clients by email.
 She asked about an app for staffers’ smartphones by which they could
access records at social service agencies.
 At the shelter, staffers use only first names for clients, but the records
contain last names and forwarding addresses of women who have recently
left.
42
 The clinic’s budget is small.
(c) Paul Fodor (CS Stony Brook) and Pearson
Scenarios
Scenario 2: Email System With Targeted Ads
 Your company is developing a free email service
that will include targeted advertising based on
the content of the email messages (similar to
Google’s Gmail).
 You are part of the team designing the system.
 What are your ethical responsibilities?

46
(c) Paul Fodor (CS Stony Brook) and Pearson
Scenarios
Scenario 2: Email System With Targeted Ads
 Protect the email!
 No humans will read the messages
 Informed consent
 Do not target based on sensitive topics, such as
mortgage foreclosures, health, and religion, then the
records the system stores will not have information
about those subjects
 The designers should consider restrictions on the set
of topics the system uses for targeting
47
(c) Paul Fodor (CS Stony Brook) and Pearson
Scenarios
Scenario 3: Webcams in School Laptops
 As part of your responsibilities, you oversee the
installation of software packages for large orders.
 A recent order of laptops for a local school
district requires webcam software to be loaded.
 You know that this software allows for remote
activation of the webcam.

48
(c) Paul Fodor (CS Stony Brook) and Pearson
Scenarios
Scenario 4: Publishing Security Vulnerabilities
 Three MIT students planned to present a paper at a
security conference describing security vulnerabilities
in Boston’s transit fare system.
 At the request of the transit authority, a judge ordered
the students to cancel the presentation and not to
distribute their research.
 The students are debating whether they should
circulate their paper on the Web.
 Imagine that you are one of the students.
51
(c) Paul Fodor (CS Stony Brook) and Pearson
Scenarios
Scenario 6: Schedule Pressures – Safety-critical
 Your team is working on a computer-controlled device for
treating cancerous tumors.
 The computer controls direction, intensity, and timing of a
beam that destroys the tumor.
 Various delays have put the project behind schedule, and the
deadline is approaching.
 There will not be time to complete all the planned testing.
 The system has been functioning properly in the routine
treatment scenarios tested so far.
 You are the project manager, and you are considering whether
to deliver the system on time, while continuing testing and
56 making patches if the team finds bugs.
(c) Paul Fodor (CS Stony Brook) and Pearson
Scenarios
Scenario 8: Software License Violation
 Your company has 25 licenses for a computer program, but you discover
that it has been copied onto 80 computers.
 The first step here is to inform your supervisor that the copies violate the
license agreement
 If you are the person who signed the license agreements, they you are
obligated to honor it.
 The name on the license could expose you to legal risk, or unethical
managers in your company could make you a scapegoat.
 Report the violation or quit your job and have your name removed from
the license to protect yourself.

60
(c) Paul Fodor (CS Stony Brook) and Pearson
Scenarios
Scenario 9: Going Public
 Suppose you are a member of a team working on a computer-controlled
crash avoidance system for automobiles.
 You think the system has a flaw that could endanger people.
 The project manager does not seem concerned and expects to announce
completion of the project soon.
 Do you have an ethical obligation to do something?
 Given the potential consequences, yes
 try talking with higher ups
 If they don't agree, then an option is going outside the company to the customer, to
the news media, or to a government agency
"If there is something that ought to be corrected inside an organization, the most effective way to do
it is to do it within the organization and exhaust all possibilities there . . . you might have to go to
the extreme of publishing these things, but you should never start that way"
61
(c) Paul Fodor (CS Stony Brook) and Pearson
Scenarios
Scenario 10: Release of Personal Information
 You work for the IRS, the Social Security Administration, a movie-rental
company, or an Internet service provider.
 Someone asks you to get a copy of records about a particular person.
 He will pay you $500.

62
(c) Paul Fodor (CS Stony Brook) and Pearson
Scenarios
Scenario 11: Conflict of Interest
 You have a small consulting business.
 The CyberStuff company plans to buy software to run a cloud data-
storage business.
 CyberStuff wants to hire you to evaluate bids from vendors.
 Your spouse works for NetWorkx and did most of the work in writing the
bid that NetWorkx plans to submit.
 You read the bid while your spouse was working on it and you think it is
excellent.
 Do you tell CyberStuff about your spouse’s connection with NetWorkx?

63
(c) Paul Fodor (CS Stony Brook) and Pearson
Scenarios
Scenario 12: Kickbacks and Disclosure
 You are an administrator at a major university.
 Your department selects a few brands of security software to recommend
to students for their desktop computers, laptops, tablets, and other
devices.
 One of the companies whose software you will evaluate takes you out to
dinner, gives you free software (in addition to the security software),
offers to pay your expenses to attend a professional conference on
computer security, and offers to give the university a percentage of the
price for every student who buys its security package.

64
(c) Paul Fodor (CS Stony Brook) and Pearson
Scenarios
Scenario 13: A Test Plan
 A team of programmers is developing a communications system for
firefighters to use when fighting a fire.
 Firefighters will be able to communicate with each other, with supervisors
near the scene, and with other emergency personnel.
 The programmers will test the system in a field near the company office.

65
(c) Paul Fodor (CS Stony Brook) and Pearson
Scenarios
Scenario 14: Artificial Intelligence and Sentencing
 You are part of a team developing a sophisticated program using artificial
intelligence techniques to help judges make sentencing decisions for
convicted criminals.

66
(c) Paul Fodor (CS Stony Brook) and Pearson
Scenarios
Scenario 15: A Gracious Host
 You are the computer system administrator for a mid-sized company.
 You can monitor the company network from home, and you frequently
work from home.
 Your niece, a college student, is visiting for a week.
 She asks to use your computer to check her email.
 Sure, you say.

68
(c) Paul Fodor (CS Stony Brook) and Pearson
privacy principles

The spirit of the GDPR comes to life in the six privacy principles underlying the law.

What are these highly-prized principles and how do they impact your business? Keep
reading to find out.

The GDPR presents six privacy principles that help place the rules and repercussions in
context.

According to GDPR, the principles are:

1. Lawfulness, Fairness, and Transparency

2. Limitations on Purposes of Collection, Processing, and Storage
3. Data Minimization
4. Accuracy of Data
5. Data Storage Limits
6. Integrity and Confidentiality
What is Intellectual Property for Software?
Intellectual property for software is computer code or software protected by law under either
a copyright, trademark, trade secret, or software patent.

Why Intellectual Property for Software Is

Important
Software innovation is valuable to individuals, start-ups, and businesses. The law is the best
way to protect material such as software. To use the law as protection, programmers and
businesses treat software as intellectual property.
When you treat your software as intellectual property, you have more control over who gets
to use it and how it gets to the public. Otherwise, people might use it without permission,
and you'll lose the chance to get paid when people use your software. In extreme cases,
you might lose the right to use the software you created.

What Is Intellectual Property?

Intellectual property (IP) is a piece of work that isn't a tangible object. IP usually comes from
creativity and could be a manuscript, a formula, a song, or software. Under the law,
copyrights, trademarks, trade secrets, and patents protect IP.
IP Theft
Having employees sign Non-disclosure Agreements is one way to protect company IP.
Restricting employee access to IP like the software in development is another way. The
book "IP & Computer Crimes" by Peter Toren includes a lot of information. It covers these
crimes and how to protect against them.
Ways to Protect Software
When you want to protect software IP, both a copyright and a patent offer legal protection.
Each option covers different parts of IP protection. Some people prefer one or the other,
while others go for both. Alternatively, you can choose to treat your software as a trade
secret. Deciding what to do is an important step in protecting your software.
Trademarks are another option, but they don't protect your IP software code. What they
protect is the name of the software or a symbol you use to advertise the software.
Trademarking your software's brand name is a good way to keep others from marketing a
product under a confusingly similar name.

Protecting Software Through Copyrights

Copyright law defines copyright as: "original works of authorship fixed in any tangible
medium of expression." You can find this quotation and a longer definition in section 102 of
U.S. Copyright Law. So the way you express an idea, like a work of fiction or software in
code, falls under Copyright law.
The Copyright Act, 17 U.S.C. § 101 calls computer programs "literary works."
What Copyright Protects

 Against word-for-word copying

 Internationally, as soon as you create it

Registering your copyright with the Copyright Office is a good idea for legal purposes.
Rights Granted by a Copyright
A copyright grants you specific rights in terms of your software. When you hold the
copyright to software code, you can:

 Make copies of your software code

 Sell or give away the code
 Make a "derivative work," which is a second software that uses a lot of the original
code
 Post the code somewhere, or otherwise display it

Protecting Software With a Patent

To protect a process, like the function of software, you need a patent. A patent will protect
things like:

 Systems
 Functions
 Solutions to computer problems

You can use two types of patents to protect software: utility and design. Utility protects
what the software does. Design protects any decorative part of your software.
Unlike copyright law, patent law protects the invention itself. That way, someone can't
create a software program with different code that does the exact same thing your software
does. But the patent doesn't protect your specific lines of code against plagiarism the way
copyright does.
Things to Consider Before Applying for a Patent

 Patents last for 20 years after the day you receive the patent. Then the work goes
into Public Domain.
 If you patent solving a specific problem, you might block other programmers from
solving the problem in a different way.
 Getting a patent can take as long as two years.
 Filing with the U.S. Patent and Trademark Office (USPTO) can cost $1,000 to
$3,000.
Protecting Software as a Trade Secret
A trade secret is information you or your company has that other people don't have. You
use this information in business, and it gives you a leg-up over your competition.
You don't file any documents or apply with an office to get a trade secret. Instead, the way
you treat your software can make it a trade secret. You have to take "reasonable measures"
to keep the software a secret:

 Keep the software away from the public.

 Have employees sign non-disclosure agreements.
 Have employees sign non-compete agreements.
 Do exit interviews with employees who are leaving to make sure they aren't bringing
IP with them.
 As soon as an employee quits or is fired, take away all their file and data access.
 Investigate any suspicious employee activity.
 Keep IP data stored in compartments, and only give access to employees who need
it.

You can maintain a trade secret for as long as you want. Unless someone discovers your
secret by what the law calls "fair means," your trade secret will last forever. If someone else
discovers, on their own, a trade secret similar to yours, you can't take legal action.
Sometimes companies and individuals don't see trade secrets as secure enough protection
for valuable software inventions.
 Intellectual Property issues
Plagiarism

Plagiarism is using the work of others as though it were your own. This seems like an issue related
mainly to school, but the text lists examples from news reporting and movie making that show plagiarism
can occur in the real world as well.

The text points out a common misunderstanding that could explain some instances of plagiarism. Some
people seem to believe that anything posted on the Internet is public domain and subject to free use.
Those beliefs are not correct, but even if they were, that would not excuse pretending that something
made by someone else is your own work. It is unclear to me why the author presents a list of five web
based companies that provide comparison services to teachers concerned about plagiarism. Those
services are certainly geared to one market, and they are unlikely to be of much use to anyone outside a
school system.

Reverse Engineering

The concept here is to examine something that works (like a software program), determine how it works,
and make a copy or improved version of it. This is perfectly legal if you own the original, and
quite illegal if you do not.

For those who have not worked in the software business, the example in the text may not be clear.
Assume, for example, that we have a client database saved in a proprietary format that we purchase
annually from a legitimate source. We use a database program that a contractor wrote for us to
manipulate the data. Assume that the vendor changed data file format this year, and it is only available in
the new format. The original contractor is long gone. We need someone to determine what the original
program did, and find a way to write a program that will do the same or better with the new data source.
The person who does this needs to reverse engineer the original program. Doing so will save a great
deal of time in many cases. This is legal if we paid the original programmer for his work and his product:
we own the right to do so.

An example of an illegal version of this process would be to decompile (translate

from machine language to a programming language) a program that we do not own, such as any
product from Microsoft (assuming we do not work for Microsoft).

To legally compete with the product of another vendor, we must create our product without knowledge of
the code in their product. Think about it this way: if you are a magician, and you see another magician
perform an act that is new and impressive, you can go two ways. The legal, ethical way is to look at the
effect, and to figure out how to do something like it or better with your own skills and knowledge. That is
what a good magician (and a good programmer) would do. The illegal, unethical way would be
to steal the secret of the effect from the performer you saw (or from knowledgeable staff). This is what
a thief would do. A third way would be to copy the code into your program, or copy the whole program
and sell it as your own. This is what a pirate would do. (Although I am not convinced that Morgan and
Bartholomew would approve.)

Open Source Code

Some computer programs are not protected by copyright. They are meant to be shared and adapted by
other programmers who will in turn share their work with anyone willing to comply with the requirement to
continue the open source agreement.
The text offers some examples of open source code products that are available for download on page
257. Remember that open source code products are typically free, but that is not the salient factor. They
are open source code products because any programmer may attempt to improve the product as long as
they comply with the requirement to keep the product open. In most cases, this means that updates are
submitted as proposals, which would then be approved or disapproved, and then made a part of the
ongoing product (or not).

Competitive Intelligence

If you research a competitor through public records, news releases, public relations articles, web
sites, and other readily available sources, you can form opinions about what the competitor is doing and
what you should do to compete more effectively. This is an example of using competitive intelligence.
There is nothing wrong with this practice.

If, on the othe hand, you try to steal trade secrets, you interview their staff under false pretenses (are
there true pretenses?), you hire people to work for the competitor to get information, and otherwise try to
get insider information about the competitor, you are conducting industrial espionage, which is illegal.

The text offers a list of diagnostic questions on page 259 that can help you understand the difference. A
way to summarize the difference in behavior might be to ask whether you would want the police to know
what you are doing. If the issue makes no sense to you because it is only about soap (see the Procter
and Gamble example in the text), remember that it is not about state secrets, it is
about unlawful practices that translate to money in the marketplace.

Cyber squatting

The chapter ends with a discussion about people who register domain names with the hope that they will
be able to sell the rights to the domain to a company that wants the rights enough to pay for them. A
domain name can be considered as an intellectual property in that it is not real property, but it may be
close enough to a trademark, service mark, or company name to serve as an asset to a company. This
technique may backfire on a squatter who wants too much for the domain, or who is trying to get a payoff
from a company who wishes to take the squatter to court to force a
 Crime and Internet

Cybercrimes include the following:

 Hacking is a category of cybercrime that involves gaining unauthorised access to

data stored on a person’s computer.

 Identity theft is the intentional use of another person’s identity.

 Cyberbullying, also referred to as online bullying, is a type of harassment and

bullying that takes place via the internet.

 The use of the internet to monitor or harass someone is known as cyberstalking.

False charges, slander, and defamation are all involved.

 Spoofing is a hacking technique in which hackers fool computer systems in order

to gain an unfair advantage and steal information from online communities or
websites.

 Financial fraud occurs when someone uses the internet to steal money or
deprive others of their assets.

 Digital piracy, often known as online piracy, is the act of downloading and sharing
digital copyrighted content without permission.

 Computer malware is malware programmes that duplicate themselves in order to

spread across computers.

 Malware is malicious software created by cybercriminals with the goal of causing

harm to a server, client, or network.

 Theft of copyrighted content or material through the internet is known as

intellectual property theft.

 Money laundering is the practice of using the internet to transfer funds through
various online payment methods.

 A denial of service (DOS) assault is a cyberattack that aims to impede the

targeted server’s traffic. It prevents the intended users from accessing a system’s
resources.

 Electronic terrorism, often known as cyberterrorism, is the use of the internet to

carry out violent crimes. It entails posing a danger to someone or gaining
ideological or political advantage.

 Vandalism refers to the intentional destruction and damage of an individual’s

online content. It could also mean that your website’s online content gets
changed without your authorisation.
Cybercrime Laws in Pakistan
Following cybercrime laws in Pakistan have been passed by the Parliament.

Electronic Transactions Ordinance (ETO) 2002

The Electronic Transactions Ordinance (ETO), which was enacted in 2002, was the first
IT-related legislation. It was an important first step in ensuring the legal sanctity and
security of the local e-commerce sector.

A major portion of Pakistan’s cybercrime legislation was influenced by foreign

cybercrime legislation. It is divided into 43 categories that deal with various forms of
cyber offences in Pakistan.

Pakistan’s cybercrime law covers the following eight major aspects of the e-commerce
industry:

 Recognition of electronic documents

 Electronic communications
 The digital signature regime and its evidential consequences
 Website and digital signatures certification providers
 Stamp duty
 Attestation and notarization of certified copies
 Jurisdiction
 Offences

Prevention of Electronic Crimes or Cybercrimes Ordinance 2007

In 2007, the PECO (Prevention of Electronic Crimes or Cybercrimes Ordinance) was

passed. The following electronic offences are covered by Pakistan’s cybercrime law:

 Terrorism on the internet

 Damage to data
 Electronic thievery
 Forgery of electronic documents
 Unauthorised entry
 Cyberstalking
 Cyber-spamming/spoofing
Cybercriminals in Pakistan may face a variety of sanctions under PECO. Depending on
the crime, they can range from six months in prison to even the death penalty.
The regulations apply to everyone in Pakistan who commits cybercrime, regardless of
country of citizenship.
Prevention of Electronic Crimes Act 2016

In 2016, the Prevention of Electronic Crimes Act (PECA) was passed. It provides a
comprehensive framework for all forms of cybercrime and is based on the Cyber Crime
Bill of 2007.

It deals with the following internet crimes:

 Unauthorised data access (hacking)

 Denial of Service (DoS) assault (DOS Attack)
 Electronic forgery and electronic fraud
 Cyberterrorism