IS3037 Seminar 6

1
IS3037 Seminar 6

• Legal Ethical Aspects of eGovernment

2
Agenda

• Data Privacy (Legal)
• Conflicts of Interest
• .com and .gov
• Accessibility issues
• Fraudulent Transactions
• ICAC and esdlife
• Accountability (including bugs)
• CLK system unavailability system
  incompatibility, e.g. some browsers

3
Data Privacy

• What is personal data? And what is not?
• Organisations have data protection officers, data
  protection/access policies, and have to ensure
  that they act in accordance with the law.
• Why is data accuracy so important?

4
Privacy what is it?

• Can anyone give me a universal definition
  something that everyone will agree about?
• Do you think that privacy may vary according to
• Culture?
• Politics?
• Personal preference?
• Do we have a right to privacy?
• Are there any restrictions to privacy?

5
Privacy

• The right to be left alone Warren and Brandeis
  (1890)
• Privacy is necessary if we are also to have
  freedom of speech, association, movement, etc
• Privacy and respect for people as autonomous,
  free, rational beings

6
Privacy Roger Clarke

• Privacy is the interest that individuals have in
  sustaining a 'personal space', free from
  interference by other people and organisations.
• Privacy of the person against compulsory blood
  testing, immunisation, etc.
• Privacy of personal behaviour inc. sex,
  politics, religion
• Privacy of personal communications i.e. no
  monitoring
• Privacy of personal data control over data use
  (held by you or not)

7
The Personal Data (Privacy) Ordinance (HK)

• Six Data Protection Principles
• Principle 1 - purpose and manner of collection of
  personal data
• Must be lawful and fair information about
  collection
• Principle 2 - accuracy and duration of retention
  of personal data
• Principle 3 - use of personal data
• use only as specified when collected

8
Principles cont'd

• Principle 4 - security of personal data
• Principle 5 - information about data held and
  access policies to be generally available - what
  they have and what they do with it
• Principle 6 - access to personal data
• data subjects have rights of access and
  correction

9
Implications of the PDPO?

• Information about data held has to be registered
  with the PCO - metadata
• People who have access to the data must be
  trained in security measures
• Proper security measures should be implemented -
  to prevent unauthorised access, loss or
  destruction
• Procedures for subject access to data -
  validation, authorisation, issuing, ...

10
Implications for eGov?

• High standards of data privacy / security are
  required
• Information privacy and collection of personal
  data statements are essential
• What about www.esdlife.com.hk (or
  www.esd.gov.hk)?
• Do people trust them?

11
ESD Privacy Statement

• http//www.esd.gov.hk/privacy/eng/default.asp
• Disclosure of Information
• Normally, we may share your Personal Data with,
  or transfer it to, Hutchison Whampoa Limited, its
  subsidiaries and affiliated companies. For
  details, please refer to our Personal Data
  Collection Statement.
• If you do not want to have your information
  disclosed to any third parties, please write to
  our Data Protection Officer.

12
Personal Data Collection Statement

• http//www.esd.gov.hk/privacy/eng/privacy3.asp
• You further agree that we may disclose and
  transfer (whether in Hong Kong or abroad) to our
  agents, contractors, any telecommunications
  operators, any third party service provider, any
  third party collection agencies, any credit
  reference agencies, any security agencies, any
  credit providers, banks, financial institutions,
  our professional advisers and any other persons
  under a duty of confidentiality to us

13
Personal Data Collection Statement

• In addition, we may disclose and transfer your
  Personal Data to any company within, Hutchison
  Whampoa Limited, Cheung Kong (Holdings) Limited,
  any of their subsidiaries and to include that
  Personal Data in one or more databases held by us
  or the Hutchison Group for the carrying out of
  market research, credit assessments, marketing of
  any goods

14
What are these other companies?

• Well, anything in the HWL/CKH group
• ParknShop
• Watsons
• Wilson Parking
• HK Electric
• Fortress
• Hutchison Global Crossing
• PCCW

15
.gov or .com?

• Is it healthy for Hong Kongs .gov to be run by a
  .com?
• Commercial greed before public service?
• Which services does ESDLife offer? Which not?
• Conflicts of interest?
• Impact on usage by citizens?

16
Accessibility to eGov

• Most of us have normal vision, so we can read web
  pages in Ch-T, Ch-S or Eng.
• But what about the blind?
• Can they listen to webpages?
• Or read braille prints?
• And what about the computer illiterate or those
  who prefer not to access services online?

17
Accessibility to eGov

• Driving up the number of users is a govt
  priority.
• Reducing costs by closing physical operations is
  a target
• But does the Govt have an ethical obligation to
  provide all services offline as well as online?
• The balance between availability convenience

18
Fraudulent Transactions

• Can people misuse the technology to defraud
  government or other service suppliers?
• What controls are there?
• Are there independent audits of transaction logs?
• What information can we see online?

19
Fraud

• From ESD a Visa competition
• If fraud information is discovered, participants
  will be disqualified.
• Seems a rather gentle response
• Employees of ESD Services Ltd. are not eligible
  to participate.
• So as to avoid fraud?

20
ICAC investigates ESDLife

• SCMP December 19th, 2003, p.3 Martin Wong
• In the first nine months of this year, 70
  suspected bogus patrons had made more than
  100,000 bookings through the Web site for sports
  facilities, but none of these facilities were
  actually used according to ICAC. These
  transactions involved a total charge of over
  700,000.
• The arrested, including existing and former
  executives of ESDLife, were suspected of boosting
  the number of electronic transactions by
  recruiting a number of persons, who registered as
  users and conducted transactions on the Web site
  to meet contract requirements set by the
  government.
• According to its contract, the website operator
  would receive a monthly subscription fee and a
  fee for every transaction if it could meet a
  certain minimum number of transactions.

21
Professional Accountability

• Professionalism relates to our behaviour in
  working contexts.
• A professional is someone who can be relied upon
  to do a good job.
• Competence, customer care, reliability
• Taking responsibility for ones actions

22
Why is Accountability Important?

• eGovernment relies on computer systems
• We must be certain that those systems are
  reliable
• If something goes wrong, it is important that we
  can trace who should be accountable for possible
  negative consequences.

23
What kind of negative consequences?

• Consider the fiasco at the Chek Lap Kok airport
  when it opened
• Many computer systems failed
• Many passengers were inconvenienced
• Will they come back?
• Much cargo was damaged/destroyed
• This was not strictly an eGovernment system, but
  the government funded much of the development
• Moreover, the govt reaction was to take
  collective responsibility not blame
  individuals.

24
Customer Care

• As an eCitizen in Hong Kong, Id like to access
  all egov services on a platform of my choice
• PC or web
• Netscape or IE
• Win, Mac, Linux,
• Chinese or English.
• Is this a reasonable expectation?

25
In Reality

• Most technologies are supported.
• Some content is either English only or Chinese
  only.
• There is a spending limit of 2,000 on many
  services!
• How can I renew my vehicle licence then?
• So the situation is not ideal, i.e. there is room
  for improvement.

26
If accountability is seen to be important, then...

• We are valuing high-quality work
• We appreciate diligent, responsible practice
• We establish foundations for just punishment and
  compensation (liability)
• We strengthen the idea that those who are
  accountable will do their best to prevent harms
  and minimise risks.

27
Responsibility, Blame and Liability

• Accountability includes three components
• Responsibility
• Direct or indirect
• Blameworthiness
• Liability
• Punishment or compensation owed to a victim

28
Responsibility

• There are two conditions to determine whether
  someone is responsible
• A causal condition - a persons action or
  non-action must have caused the harm
• A mental condition - a person must have intended
  or willed the harm

29
Blame

• The two conditions are extended to find out who
  is blameworthy
• Causal condition
• can be one of the causal factors, rather than the
  only or major cause of the harm
• Mental condition
• negligence - carelessness
• recklessness - ignoring dangers

30
Liability

• Who is required to pay compensation?
• Not necessarily the responsible person.
• If a programmer makes a mistake, often it is the
  employer who is legally liable.
• Similarly, if data is leaked out from a hospital
  database, management may be liable.

31
Three Barriers to Accountability

• We can identify three "barriers" to
  accountability
• The problem of (too) many hands
• "Bugs"
• The computer as scapegoat

32
The Barrier of "Too Many Hands"

• Computer systems are usually developed by many
  people
• Designers, analysts, programmers
• Each person has individual responsibility
• Each person may not (fully) understand what the
  others are doing
• Which one person can be identified to take
  responsibility?

33
Bugs!

• Bugs - all types of software errors, including
  modelling, design and coding errors
• Bugs make software unreliable and can cause
  system failure
• Are bugs inevitable or unavoidable?
• Even with very careful and competent programmers,
  bugs seem to be natural hazards of most
  substantial systems.

34
Are Bugs Inevitable?

• Responsibility means we have to identify the
  person who has intentionally or through
  negligence caused harm
• or
• Bugs are inevitable, so although we regretted
  that harm was caused, there was nothing to be
  done and no one should be held accountable.

35
Bugs!

• Viewing bugs "differently" (i.e. not as
  inevitable) allows us
• to discriminate "natural hazards" from harm
  caused by unprofessional work
• to establish the line of accountability for
  persistent bugs.
• If you view bugs as inevitable, then how can you
  be accountable for your work?

36
The Computer as Scapegoat

• Why do people blame the computer?
• Computer systems mediate communication between
  people and machines or people. Human actions are
  distanced from their impacts.
• Computer systems perform tasks previously
  performed by people in positions of
  responsibility.
• Blaming the computer means people can try to
  escape responsibility for their actions.
• Computers dont go to prison!

37
Summary

• There are many social issues
• Some legal, some ethical, some grey area.
• They all warrant attention
• Independent auditing of egov services is
  essential
• Especially given the curious .gov/.com
  relationship that we have in Hong Kong