Title: Information
1Chapter 9 Information Systems Ethics
and Computer Crime www.prenhall.com/jessup
2Learning Objectives
- Describe the advent of the information Age and
how computer ethics impact the use of information
systems - Discuss the ethical concerns associated with
information privacy, accuracy, property, and
accessibility - Define computer crime, and list several types of
computer crime
3Learning Objectives
- 4. Contrast what is meant by the term computer
virus, worm, Trojan Horse, and logic or time
bomb - 5. Describe and explain the differences between
cyberwar and cyberterrorism
4Ages of Progress
Informational
Industrial
Agricultural
(1960s to Present)
(1890s to 1960s)
(Prior to 1890s)
5Information Age Terms
Computer Literacy Knowing how to use a computer
to gather, store, organize, and otherwise process
information. These are desirable and even
required for many occupations today
Digital Divide The gap developing in society
between those that are computer literate and have
access to computers and those that dont and how
it will affect them
Computer Ethics The issues and standards of
conduct as they pertain to the use of information
systems including information privacy, accuracy,
property, and accessibility
6Computer Ethics Concerns
7Information Privacy and Issues
Information Privacy What information an
individual must reveal to others in the course of
gaining employment or shopping online
- Identify Theft
- The stealing of another persons private
information (SSN, credit card numbers, etc.) for
the purpose of using it to gain credit, borrow
money, buy merchandise, or otherwise run up debt
that are never paid. This is especially
problematic because it - is invisible to the victim, they dont know it is
happening - is very difficult to correctcredit agencies are
involved - can cause unrecoverable losses and legal costs
8Information Privacy - How to Maintain
Choose Web sites monitored by independent
organizations Use rating sites to identify
merchant sites whose privacy policies conform to
standards and are monitored (e.g epubliceye.com)
Avoid Having Cookies Left on Your Machine Use
settings in your browser to block cookies from
being deposited on you machine by primary and
third parties
Visit Sites Anonymously Use online privacy
services that provide total privacy by blocking
all techniques used to identify you online (e.g.
Anonymizer)
Use Caution when Requesting Confirming Email Use
a separate e-mail account from normal to protect
information from your employer, sellers, and any
one using your computer
9Information Accuracy
Information Accuracy Concerned with assuring the
authenticity and fidelity of information, and
identifying those responsible for informational
errors that harm people
- Sources of Information Errors
- Errors in computer output can come from two
primary sources. These are - Machine Errors errors in the computer program
logic, communication and/or processing that
receives, processes, stores, and presents
information - Human Errors errors by the person(s) entering
data or information into the computer system
10Information Property
Information Property Concerned with who owns
information about individuals and how information
can be sold and exchanged
Information Ownership The organization storing
the information owns it if it is given
willinglyeven if unknowingly by use of their
sites (e.g. online surveys, credit card
transactions, etc.)
- Privacy Statements
- Are stated policies from the organizations
collecting the information and how they intend to
use it. These are legally binding statements - Internal Use used within the organization only
- External Use can be sold to outside parties
11Information Property Example of a Privacy
Statement
12Information Property Gathering and Uses
- Spam (see Chapter 4 for definition)
- This unsolicited e-mail can come from reputable
sites selling your information. Possible
problems from spam include - Viruses in attachments or links
- Added to other spam lists by responding
- Slows systems by taking up resources disk space
- Cookies
- These files stored on a computer do have
legitimate uses but they also can - Store and transmit information about online
habits including, sites visited, purchases made,
etc. - Prevent accessing sites when cookies are refused
- Collect and combine information with other
information to build a personal profile to be sold
13Information Property Gathering and Uses
Spyware These stealth computer applications are
installed and then collect information about
individuals without their knowledge. Currently
this technology is not illegal
- Spyware Issues
- Spyware applications collect and transmit, or
use, this information locally in several ways
including - Sale of information to online marketers
(spammers) - Illegal uses such as identity theft
- Modify user experience to market to the user by
presenting ad banners, pop-ups, etc. (Adware)
14Information Accessibility
Information Accessibility Concerned with defining
what information a person or organization has the
right to obtain about others and how that
information is used
- Who has access?
- Besides personal access, other parties have the
legal right to access and view private
information including - Government using advanced software packages
(e.g Carnivore), e-mail traffic and all online
activity can be monitored in realtime or after
the fact - Employers they can legally limit, monitor or
access activities on company-owned computers or
networks as long as policy has been distributed
to employees
15Information Access Example of Carnivore
16The Need of Ethical Behavior
- Ethical Behavior
- Illegal versus unethical behavior is an
information age concern. Though activities are
not explicitly illegal, questions exist of
whether they are unethical such as - Photograph manipulation/modification in this
circumstance, the photograph not longer reflects
absolute reality - Unauthorized use of computers at work or at
school, stealing time for personal business or
use - Information collection by companies compiling
information to sell for profit
17Responsible Computer Use
Guidelines In area of ethics, we rely on
guidelines to guide behavior. These guidelines
can come from many organizations
- The Computer Ethics Institute developed these
guidelines for ethical computer use that prohibit
the following behaviors - Using a computer to harm others
- Interfering with other peoples computer work
- Snooping in other peoples files
- Using a computer to steal
- Using a computer to bear false witness
- Copying or using proprietary software without
paying for it - Using other peoples computer resources without
authorization or compensation - Appropriating other peoples intellectual output
18Responsible Computer Use
- The guidelines from the Computer Ethics Institute
also recommend the following when creating
programs or using computers - Thinking about the social consequences of
programs you write and systems you design (e.g
Napster, or a piece of Spyware) - Using computers in way that show consideration
and respect for others (e.g. proliferation of
viruses, instant messaging, etc.)
19Computer Crimes
- Computer Crime
- The act of using a computer to commit an illegal
act. The broad definition of computer crime can
include the following - Targeting a computer while committing an offense
(e.g gaining entry to a computer system in order
to cause damage to the computer or the data it
contains) - Using a computer to commit and offense
- (e.g. stealing credit card numbers from a
company database) - Using computers to support criminal activity
- (e.g. drug dealer using computers to store
records of illegal transactions)
20Computer Crimes and the Impact on Organizations
21Computer Crime Unauthorized Access
Unauthorized Access A person gaining entry to a
computer system for which they have no authority
to use such access THIS IS A COMPUTER CRIME!
22Computer Crime Unauthorized Access Trends
23Computer Crimes Who Commits Them?
Unauthorized Access 1998 Survey of 1600
companies by PricewaterhouseCoopers 82 come
from inside the organization (employees)
24Computer Crimes Who Commits Them?
Unauthorized Access 2004 Survey by Computer
Security Institute
25Computer Crime Various Types 1st Half
26Computer Crime Various Types 2nd Half
27Computer Crimes - Hacking and Cracking
Hackers A term to describe unauthorized access to
computers based entirely on a curiosity to learn
as much as possible about computers. It was
originally used to describe MIT students in the
1960s that gained access to mainframes. It was
later used universally used for gaining
unauthorized access for any reason
Crackers A term to describe those who break into
computer systems with the intention of doing
damage or committing crimes. This was created
because of protests by true hackers
28Computer Crimes Cracker (Humorous)
29Computer Crime Software Piracy
Software Piracy This practice of buying one copy
and making multiple copies for personal and
commercial use, or for resale is illegal in most
countries while others offer weak or nonexistent
protections. This has become and international
problem as shown below
30Destructive Code that Replicates
- Viruses
- These programs disrupt the normal function of a
computer system though harmless pranks or by
destroying files on the infected computer. They
come in several types - Boot Sector attaches to the section of a hard
disk or floppy disk that boots a computer. - File Infector attach themselves to certain file
types such as .doc, .exe, etc. - Combination viruses can change types between
boot sector and file infector to fool antivirus
programs - Attachment released from an e-mail when an
attachment is launched. Can also send themselves
address book
Worms This destructive code also replicates and
spreads through networked computers but does
damage by clogging up memory to slow the computer
versus destroying files
31Computer Crimes Destructive Code
32Destructive Code that Doesnt Replicates
Trojan Horses These programs do not replicate but
can do damage as they run hidden programs on the
infected computer that appears to be running
normally (i.e. a game program that creates an
account on the unsuspecting users computer for
unauthorized access)
- Logic or Time Bombs
- A variation of a Trojan Horse that also do not
replicate and are hidden but they are designed to
lie in wait for a triggering operation. (i.e. a
disgruntled employee that sets a program to go
off after they leavethe company) - Time Bombs are set off by dates (e.g. a
birthday) - Logic Bombs are set off by certain operations
(e.g. a certain password)
33Cyberwar and Cyberterrorism
- Cyberwar
- An organized attempt by a countrys military to
disrupt or destroy the information and
communications systems of another country. Common
targets include - Command and control systems
- Intelligence collection and distribution systems
- Information processing and distribution systems
- Tactical communication systems
- Troop and weapon positioning systems
- Friend-or-Foe identification systems
- Smart weapons systems
34Cyberwar and Cyberterrorism
Cyberterrorism The use of computer and networking
technologies against persons or property to
intimidate or coerce governments, civilians, or
any segment of society in order to attain
political, religious, or ideological goals
- Responses to the Threat
- At greatest risk are those that depend highly on
computers and networking infrastructure (i.e.
governments, utilities, transportation providers,
etc.) Responses include - Improved intelligence gathering techniques
- Improved cross-government cooperation
- Providing incentives for industry security
investment