Chapter 4: Ethical and Social Issues in Information Systems

Ethics
Refers to the principles of right and wrong that individuals, acting as free moral agents, use to make choices to guide their behaviors.
Five Moral Dimensions of the Information Age
1. Information rights and obligations
2. Property rights and obligations
3. Accountability and control
4. System quality
5. Quality of life
Key Technology Trends that Raise Ethical Issues
1. Computing power doubles every 18 months
2. Data storage costs rapidly decline
3. Data analysis advances
4. Networking advances
5. Mobile device growth impact
Computing power doubles every 18 months
More organizations depend on computer systems for critical operations and become more vulnerable to system failures.
Data storage costs rapidly decline
Organizations can easily maintain detailed databases on individuals. There are no limits on the data collected about you.
Data analysis advances
Companies can analyze vast quantities of data gathered on individuals to develop detailed profiles of individual behavior. Large-scale population surveillance in enabled.
Networking advances
The cost of moving data and making it accessible from anywhere falls exponentially. Access to data becomes more difficult to control.
Mobile device growth impact
Individual cell phones may be tracked without user consent or knowledge. The always-on device becomes a tether.
Profiling
The use of computers to combine data from multiple sources and create digital dossiers of detailed information on individuals.
NORA (Non obvious relationship awareness)
Combining data from multiple sources to find obscure hidden connections that might help identify criminals or terrorists.
Responsibility
Key element of ethical action. Accept the potential costs, duties, and obligations for the decisions you make.
Accountability
Feature of systems and social institutions; it means that mechanisms are in place to determine who took action, and who is responsible. Systems and institutions in which it is impossible to find out who took what action are inherently incapable of ethical analyses or ethical action.
Liability
Extends the concept of responsibility further to the area of laws. A feature of political systems in which a body of laws is in place that permits individuals to recover the damages done to them by other actors, systems, or organizations.
Due process
Related feature of law-governed societies and is a process in which laws are known and understood, and ability exists to appeal to higher authorities to ensure that the laws are applied correctly.
Ethical Analysis (Five)
1. Identify and describe the facts clearly
2. Define the conflict or dilemma and identify the higher-order values involved
3. Identify the stakeholders
4. Identify the options that you can reasonably take
5. Identify the potential consequences of your options
Golden Rule
Do not do to others what you do not want done to yourself.
Kant’s Categorical Imperative
If an action is not right for everyone to take, it is not right for anyone.
Slippery Slope Rule
If an action cannot be taken repeatedly, it is not right to take at all. An action may bring about a small change now that is acceptable, but if it is repeated, it would bring unacceptable changes in the long run.
Utilitarian Principle
Action that achieves the higher or greater value. Assumes you can prioritize values in a rank order and understand the consequences of various courses of action.
Risk Aversion Principle
Action that produces the least harm or the least potential cost. Avoid taking actions when the consequences of failure are catastrophic or even just severe.
Ethical “No Free Lunch” Rule
Assume that virtually all tangible and intangible objects are owned by someone else unless there is a specific declaration otherwise. If something someone else has created is useful to you, it has value, and you should assume the creator wants compensation for this work.
Privacy
The claim of individuals to be left alone, free from surveillance or interference from other individuals or organizations, including the state.
Most American and European privacy law is based on a regime called:
Fair Information Practices (FIP)
Fair Information Practices (FIP)
Set of principles governing the collection and use of information about individuals. FIP principles are based on the notion of a mutuality of interest between the record holder and the individual.
Professional Code of Conduct
1. American Medical Association (AMA)
2. American Bar Association (ABA)
3. Association of Information Technology Professionals (AITP)
4. Association for Computing Machinery (ACM)

These professional groups take responsibility for the partial regulation of their professions by determining entrance qualifications and competence.

Children’s Online Privacy Protection Act (COPPA)
Required websites to obtain parental permission before collecting information on children under the age of 13.
Federal Trade Commission (FTC)
Restated and extended the original FIP to provide guidelines for protecting online privacy.
FTC FIP Principles
1. Notice/Awareness (core principle): Websites must disclose their information practices before collecting data
2. Choice/Consent (core principle): Consumers must be able to choose how information is used for secondary purposes
3. Access/Participation: Consumers should be able to review and contest the accuracy and completeness of data collected about them in a timely, inexpensive process.
4. Security: Data collectors must take steps to ensure consumer information is accurate and secure.
5. Enforcement: Mechanism to enforce FIP principles
Gramm-Leach-Bliley Act
Repeals earlier restrictions on affiliations among banks, securities firms, and insurance companies, includes some privacy protection for consumers of financial services.
Health Insurance Portability and Accountability Act (HIPAA)
Includes privacy protection for medical records. The law gives patients access to their personal medical records that health care providers, hospitals, and health insurers maintain and the right to authorize how protected information about themselves can be used or disclosed.
Informed Consent
Consent given with knowledge of all the facts needed to make a rational decision.
Safe Harbor
A private, self-regulating policy and enforcement mechanism that meets the objectives of government regulators and legislation but does not involve government regulation or enforcement.
Cookies
Small text files deposited on a computer hard drive when a user visits websites. Identify the visitor’s web browser software and track visits to the website.
Web beacons
Also known as web bugs (tracking files), are tiny software programs that keep a record of users’ online clickstreams.
Spyware
Can secretly install itself on an Internet user’s computer by piggybacking on larger applications. Once installed, it calls out to websites to send banner ads and other unsolicited material to the user, and it can report the user’s movements on the Internet to other computers.
Opt-out model of informed consent
Permits the collection of personal information until the consumer specifically requests the data not to be collected.
Opt-in model of informed consent
A business is prohibited from collecting any personal information unless the consumer specifically takes action to approve information collection and use.
Nearly ? percent of global Internet users use Google Search and other Google services, making Google the world’s largest collector of online user data.
80%
Intellectual Property
Considered to be tangible and intangible products of the mind created by individuals or corporations.
Intellectual Property is subject to a variety of protections under three legal traditions:
1. Trade secrets
2. Copyright
3. Patent law
Trade secret
Any intellectual work product – a formula, device, pattern, or compilation of data – used for a business purpose, provided it is not based on information in the public domain.
Copyright
A statutory grant that protects creators of intellectual property from having their work copied by others for any purpose during the life of the author plus an additional 70 years after the author’s death.

(For corporate-owned works, copyright protection lasts for 95 years after their initial creation)

Patent
Grants the owner an exclusive monopoly on the ideas behind an invention for 20 years.
The Digital Millennium Copyright Act (DMCA)
Implemented a World Intellectual Property Organization Treaty that makes it illegal to circumvent technology-based protections of copyrighted materials.
Three principal sources of poor system performance are:
1. Software bugs and errors
2. Hardware or facility failures caused by natural or other causes
3. Poor input quality data