Information

1
Chapter 9 Information Systems Ethics
and Computer Crime www.prenhall.com/jessup
2
Learning Objectives

• Describe the advent of the information Age and
  how computer ethics impact the use of information
  systems
• Discuss the ethical concerns associated with
  information privacy, accuracy, property, and
  accessibility
• Define computer crime, and list several types of
  computer crime

3
Learning Objectives

• 4. Contrast what is meant by the term computer
  virus, worm, Trojan Horse, and logic or time
  bomb
• 5. Describe and explain the differences between
  cyberwar and cyberterrorism

4
Ages of Progress
Informational
Industrial
Agricultural
(1960s to Present)
(1890s to 1960s)
(Prior to 1890s)
5
Information Age Terms
Computer Literacy Knowing how to use a computer
to gather, store, organize, and otherwise process
information. These are desirable and even
required for many occupations today
Digital Divide The gap developing in society
between those that are computer literate and have
access to computers and those that dont and how
it will affect them
Computer Ethics The issues and standards of
conduct as they pertain to the use of information
systems including information privacy, accuracy,
property, and accessibility
6
Computer Ethics Concerns
7
Information Privacy and Issues
Information Privacy What information an
individual must reveal to others in the course of
gaining employment or shopping online

• Identify Theft
• The stealing of another persons private
  information (SSN, credit card numbers, etc.) for
  the purpose of using it to gain credit, borrow
  money, buy merchandise, or otherwise run up debt
  that are never paid. This is especially
  problematic because it
• is invisible to the victim, they dont know it is
  happening
• is very difficult to correctcredit agencies are
  involved
• can cause unrecoverable losses and legal costs

8
Information Privacy - How to Maintain
Choose Web sites monitored by independent
organizations Use rating sites to identify
merchant sites whose privacy policies conform to
standards and are monitored (e.g epubliceye.com)
Avoid Having Cookies Left on Your Machine Use
settings in your browser to block cookies from
being deposited on you machine by primary and
third parties
Visit Sites Anonymously Use online privacy
services that provide total privacy by blocking
all techniques used to identify you online (e.g.
Anonymizer)
Use Caution when Requesting Confirming Email Use
a separate e-mail account from normal to protect
information from your employer, sellers, and any
one using your computer
9
Information Accuracy
Information Accuracy Concerned with assuring the
authenticity and fidelity of information, and
identifying those responsible for informational
errors that harm people

• Sources of Information Errors
• Errors in computer output can come from two
  primary sources. These are
• Machine Errors errors in the computer program
  logic, communication and/or processing that
  receives, processes, stores, and presents
  information
• Human Errors errors by the person(s) entering
  data or information into the computer system

10
Information Property
Information Property Concerned with who owns
information about individuals and how information
can be sold and exchanged
Information Ownership The organization storing
the information owns it if it is given
willinglyeven if unknowingly by use of their
sites (e.g. online surveys, credit card
transactions, etc.)

• Privacy Statements
• Are stated policies from the organizations
  collecting the information and how they intend to
  use it. These are legally binding statements
• Internal Use used within the organization only
• External Use can be sold to outside parties

11
Information Property Example of a Privacy
Statement
12
Information Property Gathering and Uses

• Spam (see Chapter 4 for definition)
• This unsolicited e-mail can come from reputable
  sites selling your information. Possible
  problems from spam include
• Viruses in attachments or links
• Added to other spam lists by responding
• Slows systems by taking up resources disk space

• Cookies
• These files stored on a computer do have
  legitimate uses but they also can
• Store and transmit information about online
  habits including, sites visited, purchases made,
  etc.
• Prevent accessing sites when cookies are refused
• Collect and combine information with other
  information to build a personal profile to be sold

13
Information Property Gathering and Uses
Spyware These stealth computer applications are
installed and then collect information about
individuals without their knowledge. Currently
this technology is not illegal

• Spyware Issues
• Spyware applications collect and transmit, or
  use, this information locally in several ways
  including
• Sale of information to online marketers
  (spammers)
• Illegal uses such as identity theft
• Modify user experience to market to the user by
  presenting ad banners, pop-ups, etc. (Adware)

14
Information Accessibility
Information Accessibility Concerned with defining
what information a person or organization has the
right to obtain about others and how that
information is used

• Who has access?
• Besides personal access, other parties have the
  legal right to access and view private
  information including
• Government using advanced software packages
  (e.g Carnivore), e-mail traffic and all online
  activity can be monitored in realtime or after
  the fact
• Employers they can legally limit, monitor or
  access activities on company-owned computers or
  networks as long as policy has been distributed
  to employees

15
Information Access Example of Carnivore
16
The Need of Ethical Behavior

• Ethical Behavior
• Illegal versus unethical behavior is an
  information age concern. Though activities are
  not explicitly illegal, questions exist of
  whether they are unethical such as
• Photograph manipulation/modification in this
  circumstance, the photograph not longer reflects
  absolute reality
• Unauthorized use of computers at work or at
  school, stealing time for personal business or
  use
• Information collection by companies compiling
  information to sell for profit

17
Responsible Computer Use
Guidelines In area of ethics, we rely on
guidelines to guide behavior. These guidelines
can come from many organizations

• The Computer Ethics Institute developed these
  guidelines for ethical computer use that prohibit
  the following behaviors
• Using a computer to harm others
• Interfering with other peoples computer work
• Snooping in other peoples files
• Using a computer to steal
• Using a computer to bear false witness
• Copying or using proprietary software without
  paying for it
• Using other peoples computer resources without
  authorization or compensation
• Appropriating other peoples intellectual output

18
Responsible Computer Use

• The guidelines from the Computer Ethics Institute
  also recommend the following when creating
  programs or using computers
• Thinking about the social consequences of
  programs you write and systems you design (e.g
  Napster, or a piece of Spyware)
• Using computers in way that show consideration
  and respect for others (e.g. proliferation of
  viruses, instant messaging, etc.)

19
Computer Crimes

• Computer Crime
• The act of using a computer to commit an illegal
  act. The broad definition of computer crime can
  include the following
• Targeting a computer while committing an offense
  (e.g gaining entry to a computer system in order
  to cause damage to the computer or the data it
  contains)
• Using a computer to commit and offense
• (e.g. stealing credit card numbers from a
  company database)
• Using computers to support criminal activity
• (e.g. drug dealer using computers to store
  records of illegal transactions)

20
Computer Crimes and the Impact on Organizations
21
Computer Crime Unauthorized Access
Unauthorized Access A person gaining entry to a
computer system for which they have no authority
to use such access THIS IS A COMPUTER CRIME!
22
Computer Crime Unauthorized Access Trends
23
Computer Crimes Who Commits Them?
Unauthorized Access 1998 Survey of 1600
companies by PricewaterhouseCoopers 82 come
from inside the organization (employees)
24
Computer Crimes Who Commits Them?
Unauthorized Access 2004 Survey by Computer
Security Institute
25
Computer Crime Various Types 1st Half
26
Computer Crime Various Types 2nd Half
27
Computer Crimes - Hacking and Cracking
Hackers A term to describe unauthorized access to
computers based entirely on a curiosity to learn
as much as possible about computers. It was
originally used to describe MIT students in the
1960s that gained access to mainframes. It was
later used universally used for gaining
unauthorized access for any reason
Crackers A term to describe those who break into
computer systems with the intention of doing
damage or committing crimes. This was created
because of protests by true hackers
28
Computer Crimes Cracker (Humorous)
29
Computer Crime Software Piracy
Software Piracy This practice of buying one copy
and making multiple copies for personal and
commercial use, or for resale is illegal in most
countries while others offer weak or nonexistent
protections. This has become and international
problem as shown below
30
Destructive Code that Replicates

• Viruses
• These programs disrupt the normal function of a
  computer system though harmless pranks or by
  destroying files on the infected computer. They
  come in several types
• Boot Sector attaches to the section of a hard
  disk or floppy disk that boots a computer.
• File Infector attach themselves to certain file
  types such as .doc, .exe, etc.
• Combination viruses can change types between
  boot sector and file infector to fool antivirus
  programs
• Attachment released from an e-mail when an
  attachment is launched. Can also send themselves
  address book

Worms This destructive code also replicates and
spreads through networked computers but does
damage by clogging up memory to slow the computer
versus destroying files
31
Computer Crimes Destructive Code
32
Destructive Code that Doesnt Replicates
Trojan Horses These programs do not replicate but
can do damage as they run hidden programs on the
infected computer that appears to be running
normally (i.e. a game program that creates an
account on the unsuspecting users computer for
unauthorized access)

• Logic or Time Bombs
• A variation of a Trojan Horse that also do not
  replicate and are hidden but they are designed to
  lie in wait for a triggering operation. (i.e. a
  disgruntled employee that sets a program to go
  off after they leavethe company)
• Time Bombs are set off by dates (e.g. a
  birthday)
• Logic Bombs are set off by certain operations
  (e.g. a certain password)

33
Cyberwar and Cyberterrorism

• Cyberwar
• An organized attempt by a countrys military to
  disrupt or destroy the information and
  communications systems of another country. Common
  targets include
• Command and control systems
• Intelligence collection and distribution systems
• Information processing and distribution systems
• Tactical communication systems
• Troop and weapon positioning systems
• Friend-or-Foe identification systems
• Smart weapons systems

34
Cyberwar and Cyberterrorism
Cyberterrorism The use of computer and networking
technologies against persons or property to
intimidate or coerce governments, civilians, or
any segment of society in order to attain
political, religious, or ideological goals

• Responses to the Threat
• At greatest risk are those that depend highly on
  computers and networking infrastructure (i.e.
  governments, utilities, transportation providers,
  etc.) Responses include
• Improved intelligence gathering techniques
• Improved cross-government cooperation
• Providing incentives for industry security
  investment