Module 12Ethics and Security in Computing

• Some social issues in computing

– Division issues, workplace issues, legal issues

– protecting children on the Internet

• Ethics in computing

– Professional ethics

– Intellectual property rights

• Security issues in computing– Security problems

– Protection

– Viruses and worms

2

Division issue: Haves vs. Have-Nots

• Division caused by computing access– Those with access to computers and the Internet take advantage

of personal and economic opportunities– Those without access fall farther behind

• Major divisions within countries– Between urban areas and rural ones– Between rich and poor

• Major divisions among nations– Between industrialized and non-industrialized nations

• Narrowing the Divide

3

Workplace Issues

• Healthy computing– Harmful emissions from monitor, Eyestrain from monitor, Back

pain from position of chair and desk, Repetitive strain injury– Ergonomic equipment, Ergonomic behavior– Ergonomics refers to human factors related to the use of

computers

• Employee monitoring– An employer monitors an employee’s performance– Many companies have policies that notify employees about

monitoring practices

• Environmental concerns– Power consumption. Computer supplies. PC disposal

4

Many other issues

• Jurisdictional issues– International issues

• Applying national laws to a world-wide medium is a difficult process• Issues exist over which country’s court has jurisdiction

– National issues• Issues exist over which locality’s court has jurisdiction• Imposition of sales taxes on Internet transactions

• Protecting Children on the Internet– The Internet offers many opportunities for children– There are also unsavory elements on the Internet– Ways to protect children

• Blocking software. Child monitoring. Laws to protect children

5

Ethics in Computing

• Ethics – standards of moral conduct– Used to help determine the proper course of

action in difficult situations

• Ethics Issues– Computer ethics– Professional ethics– Programmer responsibility– Ethical use of computers

6

Computer EthicsComputer Ethics

Ten Commandments of Ten Commandments of Computer EthicsComputer Ethics

Apply general ethical Apply general ethical principles to principles to computingcomputingDeveloped by the Developed by the Computer Ethics Computer Ethics InstituteInstitute

7

Professional Ethics

• Relates to ethics of those whose work focuses on computer systems

• Code of Ethics and Professional Conduct developed by the Association for Computing Machinery (ACM)

• Divided into sections– General principles– Professional responsibilities– Guidelines for organizational systems

8

Programmer Responsibility

• Bug-free software does not exist– Testing can only show the presence of bugs,

not their absence

• Issues related to software quality– How much testing is enough?– How many minor bugs are acceptable in

software about to be released?

9

Ethical Use of Computers

• Data quality– Users are responsible for the quality of data entered into the

system– Procedures must be in place to detect and correct inaccurate

information• Protecting customers’ personal data

– Particularly relevant to companies doing business over the Internet

– Develop privacy policies stating how data will be used– Two approaches

• Opt-in policy – customers are notified of privacy policy and must agree before their data can be released

• Opt-out policy – customers are assumed to agree to the release of their data unless they specifically request it be kept private

• Digitally altering data

10

Intellectual Property Rights

• Refers to results of intellectual activity in the industrial, scientific, literary, or artistic fields

• U.S. Copyright Act provides protection in three areas– Copyrights– Patents– Trademarks

11

Copyrights

• Provides the creator of a literary or artistic work with control over its use and distribution– Widespread distribution of music and video

over the Internet has created quite a controversy

12

Digital Fair Use Issues

• Copy-protection schemes make it impossible to copy CDs and DVDs– Users claim that violates their fair use rights

• Software– Users may not modify copyrighted software

• Digital images– Images on the Web may be downloaded and used as

screen savers, but they may not be distributed or altered

• Plagiarism– Work taken from the Internet must be cited if it is used

in a paper or other presentation

13

Trademarks

• A word, name, symbol, or device used to distinguish one company and its products from another

• Two issues in the digital arena– Unauthorized use of one company’s

trademarks on another’s Web site– Obtaining a domain name that includes

another company’s trademark, then selling that domain name at a profit

14

Patents

• Designed to protect inventions and encourage inventors– Grant patent holder exclusive rights to the

invention

• Patent Office will grant patent protection to software algorithms and techniques– Will also grant patents for business methods

implemented in software

15

Security and Privacy

• Security – data stored on computer must be kept safe

• Privacy – private data must be kept from prying eyes

16

Computer Crime

• Hacker – someone who attempts to gain access to computer systems illegally

• Cracker – someone who uses the computer to engage in illegal activity

• Most commonly reported categories– Credit card fraud– Data communications fraud– Unauthorized access to computer files– Unlawful copying of copyrighted software

17

Methods Computer Criminals Use

• Bomb• Denial of service• Piggybacking• Trapdoor• Trojan horse

18

Bomb

• Causes a program to trigger damage under certain conditions– Usually set to go off at a later date

• Sometimes planted in commercial software– Shareware is more prone to having a bomb

planted in it

19

Denial of Service Attack

• Hackers bombard a site with more requests than it can possibly handle– Prevents legitimate users from accessing the

site– Hackers can cause attacks to come from

many different sites simultaneously

20

Piggybacking

• An illicit user “rides” into the system on the back of an authorized user– If the user does not exit the system properly,

the intruder can continue where the original user has left off

• Always log out of any system you log into

21

Trapdoor

• An illicit program left within a completed legitimate program– Allows subsequent unauthorized and

unknown entry by the perpetrator to make changes to the program

22

Trojan Horse

• Involves illegal instructions placed in the middle of a legitimate program– Program does something useful, but the

Trojan horse instructions do something destructive in the background

23

White-Hat Hackers

• Hackers that are paid by a company to break into that company’s computer systems– Expose security holes and flaws before

criminals find them– Once exposed, flaws can be fixed

25

Security: Playing It Safe

• Security – a system of safeguards– Protects system and data from deliberate or

accidental damage– Protects system and data from unauthorized

access

26

Controlling Access

• Four means of controlling who has access to the computer– What you have– What you know– What you do– What you are

27

A Disaster Recovery Plan

• A method of restoring computer processing operations and data files in the event of major destruction

• Several approaches– Manual services– Buying time at a service bureau– Consortium

• Plan should include priorities for restoring programs, plans for notifying employees, and procedures for handling data in a different environment

31

Thread from worm and virus

• Worm– A program that transfers itself from computer

to computer• Plants itself as a separate file on the target

computer’s disks

32

Virus

• A set of illicit instructions that passes itself on to other files, which can tremendous damage to computer and data files

• Transmission of virus– Viral instructions inserted into a game or file

• Typically distributed via the Web or e-mail

– Users download the file onto their computers– Every time the user opens that file, virus is loaded into

memory• As other files are loaded into memory, they become infected

33

Virus Prevention

• Antivirus software – Detects virus signature– Scans hard disk every time you boot the computer

• Viruses tend to show up on free software or software downloaded from the Internet– Use antivirus software to scan files before you load

them on your computer • Often distributed as e-mail attachments

– Do not open e-mail attachments without scanning them or if you do not know the person sending the e-mail

34

Security Problems on the Internet

• With so many people on the Internet, how do you keep data secure?

• Several approaches– Using a firewall– Encryption

35

A Firewall

• A combination of hardware and software that sits between an organization’s network and the Internet– All traffic between the two goes

through the firewall– Protects the organization from

unauthorized access– Can prevent internal users from

accessing inappropriate Internet sites

36

Encryption

• Scrambling data so that it can only be read by a computer with the appropriate key– Encryption key converts the message into an

unreadable form– Message can be decrypted only by someone with the

proper key

• Private key encryption – senders and receivers share the same key

• Public key encryption – different keys are used in encryption and decryption