ChapterEthics and Privacy3[ LEARNING OBJECTIVES ] [ CHAPTER OUTLINE ] [ WEB RESOURCES ]1. Defne ethics, list anddescribe the three fundamentaltenets of ethics, and describethe four categories of ethicalissues related to informationtechnology.2. Identify three places that storepersonal data, and for each one,discuss at least one potentialthreat to the privacy of the datastored there.Student Companion Sitewiley.com/college/rainer• Student PowerPoints for note taking• Interactive Case: Ruby’s ClubAssignments• Complete glossaryWileyPlusAll of the above and• E-book• Mini-lecture by author for eachchapter section• Practice quizzes• Flash Cards for vocabulary review• Additional “What’s in IT for Me?”cases• Video interviews with managers• Lab Manual for Microsoft Offce2010• How-to Animations for MicrosoftOffce 20103.1 Ethical Issues3.2 PrivacyACCT FIN MKT POM HR MISEnsure correctness ofannual reportsAdhere to regulatoryenvironmentMonitor labor lawsoverseasMonitor appropriateuse of IT in workplaceMonitor correct useof sensitive companydataEnsure privacy ofcustomersWhat’s InITForMe?T H I S C H A P T E R W I L L H E L P P R E P A R E Y O U T O . . .6162 CHAPTER 3 Ethics and Privacy[What toDo AboutWikiLeaks?]The Problem (?)One of the major controversies generated by the Vietnam War occurred in 1971, when The New York Times Department study—quickly labeled Papers—that detailed the history of U.S. involvement and other sources publicized excerpts from a secret Defense The Pentagonin Southeast Asia. These documents had been copied by defenseanalyst Daniel Ellsberg, one of the contributors to the study. Giventhe existing technologies, Ellsberg had to photocopy thousandsof documents by hand. Today, whistleblowers—employees withinsider knowledge of an organization—can capture huge amountsof incriminating documents on a laptop, memory stick, or portable hard drive. They can send the information through personal e-mail accounts or online dropsites, or they can simply submit it directly to WikiLeaks (www.wikileaks.org).WikiLeaks was offcially unveiled in December 2006. Julian Assange, one of the founders,was reportedly inspired by the leak of the Pentagon Papers. Assange intended WikiLeaks toserve as a dropbox for anyone, anywhere, who disagreed with any organization’s activities orsecrets. According to its Web site, WikiLeaks focuses on material of ethical, political, and historical signifcance. In its frst year, the organization’s database expanded to 1.2 million documents. In addition, WikiLeaks receives approximately 10,000 new documents every day. Sinceits inception, WikiLeaks has had signifcant impacts on both businesses and governments. Wediscuss several examples below.In January 2008, WikiLeaks posted documents alleging that the Swiss bank Julius Baer(www.juliusbaer.com) hid its clients’ profts from even the Swiss government by concealingthem in what seemed to be shell companies in the Cayman Islands. The bank fled a lawsuitagainst WikiLeaks for publishing data that it claimed had been stolen from its clients. Baerlater dropped the lawsuit—but only after generating embarrassing publicity for itself.In October 2008, Iceland’s Kaupthing Bank collapsed, saddling the country with $128 billionin debts. Ten months later, Bogi Agustsson, the anchor for Icelandic national broadcaster RUV,appeared on the evening news and explained that a legal injunction had prevented the stationfrom airing an exposé on the bank. Viewers who wanted to see the material, he suggested,should visit WikiLeaks. People who took Agustsson’s advice found a summary of Kaupthing’sloans posted on the Web site, detailing more than $6 billion funneled from the bank to its ownersand companies they owned, often with little or no collateral. WikiLeaks promptly became ahousehold name in Iceland.The following year, WikiLeaks published documents from a pharmaceutical trade groupimplying that its lobbyists were receiving confdential documents from, and exerting influenceover, a World Health Organization (WHO) project to fund drug research in the developingworld. The resulting attention helped to terminate the project.In September 2009, commodities company Trafgura (www.trafgura.com) requested aninjunction from the courts preventing the British media from mentioning a damaging internalreport. The report indicated that the company had dumped tons of toxic waste in the IvoryCoast that sickened 100,000 local inhabitants. Although Trafgura could prevent the offcialmedia from reporting this story, it could not stop WikiLeaks from publishing the information.The public became aware of the transgression, and Trafgura eventually had to pay out morethan $200 million in settlements.As consequential as these business leaks were, probably the most controversial WikiLeaksexposé involved the U.S. government. From November 2009 to April 2010, U.S. Army PrivateFirst Class Bradley Manning downloaded hundreds of thousands of diplomatic cables to a CD atan outpost in Iraq. He then passed the information to WikiLeaks. In doing so, Manning violated18 U.S. Code Section 1030(a)(1), which criminalizes unauthorized computer downloads. Beginning on November 28, 2010, WikiLeaks published the contents of more than 250,000 diplomaticcables, the largest unauthorized release of contemporary classifed information in history. Amongthese cables were 11,000 documents marked “secret.” The U.S. government’s defnition of asecret document is one that, if released, would cause “serious damage to national security.”FSTOP/Image SourceCASE 63Diplomatic flaps quickly ensued. For example, North Korean leader Kim Jong Il learnedthat China would consider supporting the unifcation of the peninsula under the leadership ofthe South Korean government. Similarly, Iranian President Mahmoud Ahmadinejad discovered that his Arab neighbors were pleading with the United States to launch an attack againstTehran’s nuclear program.Not surprisingly, the release of the cables also had wide-ranging repercussions within theUnited States. The government ordered a clampdown on intelligence sharing between agencies, and it established new measures to control electronically stored documents. U.S. Secretary of State Hilary Clinton charged that the massive cable leak “puts people’s lives in danger,threatens national security, and undermines our efforts to work with other countries to solveshared problems.” From the opposite perspective, many individuals and groups, includingDaniel Ellsberg, supported WikiLeaks’ actions.The problem, then, boils down to this: How can governments, organizations, and even individuals prevent future disclosures? Is it possible to accomplish this task, given that the sourcesof WikiLeaks’ information appear to be internal?The Solution (?)In the initial moments after the State Department cables were released, unknown hackerstried to shut down WikiLeaks by exposing its Web site to denial-of-service attacks (discussed inChapter 4). It is unclear whether the hackers were working on behalf of the U.S. government,but they seemed to endorse the government’s claims that the disclosures threatened nationalsecurity.WikiLeaks’ supporters retaliated with anonymous hacktivism, attacking the Web sites ofcompanies such as Amazon, which had thrown WikiLeaks off its servers, and MasterCard andPayPal, which had frozen the organization’s accounts and prevented its supporters from donating to the cause.Ultimately, all attempts to stifle WikiLeaks have proved futile. When the organization isblocked from one host server, it simply jumps to another. Further, the number of mirror Websites—essentially clones of WikiLeaks’ main content pages—had mushroomed to 1,300 by theend of 2010.Prior to 9/11, the U.S. State Department had operated its own internal cable system andencrypted documents to ensure security. After the attacks, the State Department system wasmerged into a new digital records system controlled by the Department of Defense. Since theWikiLeaks disclosures, the State Department has temporarily severed its connection to the newsystem while it takes steps to prevent future unauthorized downloads.In other attempts at thwarting WikiLeaks, governments and companies have turned to cybersecurity. Since 2007, every major security software vendor (for example, McAfee, www.mcafee.com, Symantec, www.symantec.com, and Trend Micro, www.trendmicro.com) has spent hundreds of millions of dollars to acquire companies in the data leak prevention (DLP) industry.These companies produce software that locates and tags sensitive information and then guardsagainst its being stolen or illegally duplicated. Unfortunately, to date, DLP software has not beeneffective.The failure of DLP software has prompted organizations to turn to network forensics, whichis the process of constantly collecting every digital “fngerprint” on an organization’s servers totrace and identify an intruder who has broken into the system. Although this software gathersdata and makes them easily available, it does not identify the culprit.The ResultsHow can organizations and governments respond to WikiLeaks? Lawsuits will not work,because WikiLeaks, as a mere conduit for documents, is legally protected in the United States.Moreover, even if a company or a government somehow won a judgment against WikiLeaks,that would not shut down the company, because its assets are spread all over the world.64 CHAPTER 3 Ethics and PrivacyIn fact, WikiLeaks has a nation-size ally—Iceland. Since WikiLeaks discovered the corruptloans that helped destroy Iceland’s biggest bank, the country has set out to become the conduitfor a global flood of leaks. Birgitta Jonsdottir, a member of Iceland’s parliament, created theIcelandic Modern Media Initiative (IMMI). This initiative seeks to bring to Iceland all the lawsthat support protecting anonymous sources, freedom of information, and transparency fromaround the world. It would then set up a Nobel-style international award for activities supporting free expression. IMMI also would make Iceland the world’s most friendly legal base forwhistleblowers. As of May 2011, IMMI had yet to become law.Should WikiLeaks falter, other Web sites around the world are ready to take its place. Forexample, Greenleaks (www.greenleaks.org) is a Web site for whistleblowers on environmentalissues. OpenLeaks (www.openleaks.org) is a Web site that will not openly publish informationsent to it, but will give it to reporters and human rights organizations to disseminate. Perhapsthe most controversial site is Anonymous, the hacker collective.What is the best protection against unauthorized leaks? Icelandic WikiLeaks staffer KristinnHrafnsson suggested, rather drily, that companies—and perhaps governments to some extent—reform their practices to avoid being targeted.What We Learned from This CaseThe WikiLeaks case addresses the two major issues you will study in this chapter: ethics andprivacy. Both issues are closely related to IT and raise signifcant questions. For example, areWikiLeaks’ actions ethical? Does WikiLeaks violate the privacy of governments, organizations,and individuals? The answers to these questions are not straightforward. In fact, IT has madefnding answers to these questions even more diffcult.You will encounter numerous ethical and privacy issues in your career, many of which willinvolve IT in some manner. This chapter will give you insights into how to respond to theseissues. Further, it will help you to make immediate contributions to your company’s code ofethics and its privacy policies. You will also be able to provide meaningful input concerningthe potential ethical and privacy impacts of your organization’s information systems on peoplewithin and outside the organization.For example, suppose your organization decides to adopt Web 2.0 technologies (which youwill see in Chapter 9) to include business partners and customers in new product development. You will be able to analyze the potential privacy and ethical implications of implementing these technologies.All organizations, large and small, must be concerned with ethics. IT’s About [Small] Business 3.1illustrates an ethical problem in a small bank.Small business owners face a very diffcult situation when their employees have access tosensitive customer information. There is a delicate balance between access to information andits appropriate use and the temptation for workers to be nosey and curious about what they canfnd. This balance is best maintained by hiring honest and trustworthy employees who abideby the organization’s code of ethics. Ultimately this leads to another question: Does the smallbusiness even have a code of ethics to fall back on in this type of situation?Sources: Compiled from R. Somaiya, “Former WikiLeaks Colleagues Forming New Web Site, OpenLeaks,” The New YorkTimes, February 6, 2011; A. Greenberg, “WikiLeaks’ StepChildren,” Forbes, January 17, 2011; M. Calabresi, “Winning theInfo War,” Time, December 20, 2010; A. Greenberg, “WikiLeaks’ Julian Assange,” Forbes, December 20, 2010; J. Doughertyand E. Labott, “The Sweep: WikiLeaks Stirs Anarchy Online,” CNN.com, December 15, 2010; E. Robinson, “In WikiLeaksAftermath, An Assault on Free Speech,” The Washington Post, December 14, 2010; M. Calabresi, “The War on Secrecy,”Time, December 13, 2010; I. Shapira and J. Warrick, “WikiLeaks’ Advocates Are Wreaking ‘Hacktivism’,” The WashingtonPost, December 12, 2010; F. Rashid, “WikiLeaks, Anonymous Force Change to Federal Government’s Security Approach,”eWeek, December 12, 2010; E. Mills, “Report: Ex-WikiLeakers to Launch New OpenLeaks Site,” CNET.com, December 10, 2010;G. Keizer, “Pro-WikiLeaks Cyber Army Gains Strength; Thousands Join DDos Attacks,” Computerworld, December 9, 2010;J. Warrick and R. Pegoraro, “WikiLeaks Avoids Shutdown as Supporters Worldwide Go on the Offensive,” The Washington Post,December 8, 2010; F. Rashid, “PayPal, PostFinance Hit by DoS Attacks, Counter-Attack in Progress,” eWeek, December 6,2010; “Holder: ‘Signifcant’ Actions Taken in WikiLeaks Investigation,” CNN.com, December 6, 2010; “WikiLeaks Back OnlineAfter Being Dropped by U.S. Domain Name Provider,” CNN.com, December 3, 2010; “WikiLeaks Reports Another ElectronicDisruption,” CNN.com, November 30, 2010; “Feds Open Criminal Investigation into WikiLeaks Disclosures,” CNN.com,November 29, 2010; L. Fadel, “Army Intelligence Analyst Charged in WikiLeaks Case,” The Washington Post, July 7, 2010;www.wikileaks.org, accessed February 11, 2011; G. Goodale, “WikiLeaks Q&A with Daniel Ellsberg, the Man Behind the PentagonPapers,” The Christian Science Monitor, July 29, 2010, accessed May 12, 2011.SECTION 3.1 Ethical Issues 653.1 Ethical IssuesEthics refers to the principles of right and wrong that individuals use to make choices thatguide their behavior. Deciding what is right or wrong is not always easy or clear cut. Fortunately, there are many frameworks that can help us make ethical decisions.Ethical FrameworksThere are many sources for ethical standards. Here we consider four widely used standards:the utilitarian approach, the rights approach, the fairness approach, and the common goodapproach. There are many other sources, but these four are representative.The utilitarian approach states that an ethical action is the one that provides the most goodor does the least harm. The ethical corporate action would be the one that produces the greatest good and does the least harm for all affected parties—customers, employees, shareholders,the community, and the environment.The rights approach maintains that an ethical action is the one that best protects andrespects the moral rights of the affected parties. Moral rights can include the rights to makeone’s own choices about what kind of life to lead, to be told the truth, not to be injured, andto a degree of privacy. Which of these rights people are actually entitled to—and under whatcircumstances—is widely debated. Nevertheless, most people acknowledge that individuals areentitled to some moral rights. An ethical organizational action would be one that protects andrespects the moral rights of customers, employees, shareholders, business partners, and evencompetitors.The fairness approach posits that ethical actions treat all human beings equally, or, if unequally, then fairly, based on some defensible standard. For example, most people mightShaNiqua had worked at MidTown bank for 10 years.She recently overheard a conversation between twoemployees regarding a customer’s account. Sheasked a co-worker what she should do about itbecause she felt this conversation was not appropriate.The advice she received? Leave it alone because bank managers are trying to deal with the situation. ShaNiqua is afraid that ifshe tells what she knows she could get in trouble. On the otherhand, she is afraid that if she does not tell, those employees couldbe talking about her account next!In ShaNiqua’s small town, everyone knows everyone else. Thissituation becomes a problem when curious bank tellers begin“snooping” into personal bank accounts. While there has neverbeen any report of theft by employees or complaints fled by customers, there have been numerous rumors of employees talkingto their friends and family about various bank accounts, spendinghabits, and recent purchases. Adding to this problem, the numberof new accounts the bank has opened in the past fve years hassteadily declined, while their competition has grown.Possible solutions to the problem include restricting accessto bank accounts, or hiring auditors to reconcile any unnecessaryaccount access and monitor all employee activity. Any decisionis likely to have unanticipated results due to the delicate balance of providing access to information to enable employees toperform their jobs and restricting access for security purposes.Ultimately, the best solutions may simply be (1) to educate employees of the legal implications of misusing customer information and (2) to create very strong policies to guard against thistype of activity.At the time of this writing, the bank has yet to determine thedirection it will take. This is a totally new situation for them, andthey are having diffculty determining how to handle it. However,the nature of their predicament provides much that we can learn.Questions1. Was the advice that ShaNiqua initially received good or bad?Support your answer.2. You are the manager of the bank. What would you do in thiscase? Be specifc.Source: Compiled from personal interviews with the author. Names havebeen changed at the request of the interviewees.3.1 MidTown BankIT’s about [small] business66 CHAPTER 3 Ethics and Privacybelieve it is fair to pay people higher salaries if they work harder or if they contribute a greateramount to the frm. However, there is less certainty regarding CEO salaries that are hundredsor thousands of times larger than those of other employees. Many people question whether thishuge disparity is based on a defensible standard or is the result of an imbalance of power andhence is unfair.Finally, the common good approach highlights the interlocking relationships that underlieall societies. This approach argues that respect and compassion for all others is the basis forethical actions. It emphasizes the common conditions that are important to the welfare ofeveryone. These conditions can include a system of laws, effective police and fre departments,health care, a public educational system, and even public recreation areas.If we combine these four standards, we can develop a general framework for ethics (or ethicaldecision making). This framework consists of fve steps.• Recognize an ethical issue° Could this decision or situation damage someone or some group?° Does this decision involve a choice between a good and a bad alternative?° Is this issue about more than what is legal? If so, how?• Get the facts° What are the relevant facts of the situation?° Do I know enough to make a decision?° Which individuals and/or groups have an important stake in the outcome?° Have I consulted all relevant persons and groups?• Evaluate alternative actions° Which option will produce the most good and do the least harm? (the utilitarianapproach)° Which option best respects the rights of all stakeholders? (the rights approach)° Which option treats people equally or proportionately? (the fairness approach)° Which option best serves the community as a whole, and not just some members? (thecommon good approach)• Make a decision and test it° Considering all the approaches, which option best addresses the situation?• Act and reflect on the outcome of your decision° How can I implement my decision with the greatest care and attention to the concernsof all stakeholders?° How did my decision turn out, and what did I learn from this specifc situation?Now that we have created a general ethical framework, we will focus specifcally on ethics ina corporate environment.Ethics in the Corporate EnvironmentMany companies and professional organizations develop their own codes of ethics. A codeof ethics is a collection of principles intended to guide decision making by members of theorganization. For example, the Association for Computing Machinery (www.acm.org), an organization of computing professionals, has a thoughtful code of ethics for its members (see www.acm.org/constitution/code.html).Keep in mind that different codes of ethics are not always consistent with one another.Therefore, an individual might be expected to conform to multiple codes. For example, aperson who is a member of two large professional computing-related organizations may besimultaneously required by one organization to comply with all applicable laws and by theother organization to refuse to obey unjust laws.Fundamental tenets of ethics include responsibility, accountability, and liability. Responsibility means that you accept the consequences of your decisions and actions. Accountabilityrefers to determining who is responsible for actions that were taken. Liability is a legal conceptSECTION 3.1 Ethical Issues 67that gives individuals the right to recover the damages done to them by other individuals, organizations, or systems.Before you go any further, it is very important that you realize that what is unethical isnot necessarily illegal. For example, a bank’s decision to foreclose on a home can be technically legal, but it can raise many ethical questions. In many instances, then, an individual ororganization faced with an ethical decision is not considering whether to break the law. As theforeclosure example illustrates, however, ethical decisions can have serious consequences forindividuals, organizations, and society at large.In recent years we have witnessed a large number of extremely poor ethical decisions, notto mention outright criminal behavior. During 2001 and 2002, three highly publicized fascosoccurred at Enron, WorldCom, and Tyco. At each company, executives were convicted of various types of fraud for using illegal accounting practices. These actions led to the passage of theSarbanes-Oxley Act in 2002. Sarbanes-Oxley requires publicly held companies to implementfnancial controls and company executives to personally certify fnancial reports.More recently, the subprime mortgage crisis exposed unethical lending practices throughout the mortgage industry. The crisis also highlighted pervasive weaknesses in the regulation ofthe U.S. fnancial industry as well as the global fnancial system. It ultimately contributed to adeep recession in the global economy.Improvements in information technologies have generated a new set of ethical problems.Computing processing power doubles about every two years, meaning that organizations aremore dependent than ever on their information systems. Organizations can store increasingamounts of data at decreasing cost, enabling them to store more data on individuals for longerperiods of time. Computer networks, particularly the Internet, enable organizations to collect,integrate, and distribute enormous amounts of information on individuals, groups, and institutions. As a result, ethical problems are arising concerning the appropriate collection and useof customer information, personal privacy, and the protection of intellectual property, as IT’sAbout Business 3.2 illustrates.Ethics and Information TechnologyAll employees have a responsibility to encourage ethical uses of information and informationtechnology. Many of the business decisions you will face at work will have an ethical dimension. Consider the following decisions that you might have to make:• Should organizations monitor employees’ Web surfng and e-mail?• Should organizations sell customer information to other companies?• Should organizations audit employees’ computers for unauthorized software or illegallydownloaded music or video fles?The diversity and ever-expanding use of IT applications have created a variety of ethical issues. These issues fall into four general categories: privacy, accuracy, property, andaccessibility.1. Privacy issues involve collecting, storing, and disseminating information about individuals.2. Accuracy issues involve the authenticity, fdelity, and accuracy of information that is collected and processed.3. Property issues involve the ownership and value of information.4. Accessibility issues revolve around who should have access to information and whether a feeshould be paid for this access.Table 3.1 lists representative questions and issues for each of these categories. In addition,Online Ethics Cases presents 14 ethics scenarios for you to consider. These scenarios will provide a context for you to consider situations that involve ethical or unethical behavior.Many of the issues and scenarios discussed in this chapter, such as photo tagging and geotagging, involve privacy as well as ethics. In the next section, you will learn about privacy issuesin more detail.68 CHAPTER 3 Ethics and PrivacyPeople today live with a degree of surveillance that would havebeen unimaginable just a few generations ago. For example, surveillance cameras track you at airports, subways, banks, and otherpublic venues. In addition, inexpensive digital sensors are noweverywhere. They are incorporated into laptop webcams, videogame motion sensors, smartphone cameras, utility meters, passports, and employee ID cards. Step out your front door and youcould be captured in a high-resolution photograph taken from theair or from the street by Google or Microsoft, as they update theirmapping services. Drive down a city street, cross a toll bridge, orpark at a shopping mall, and your license plate will be recordedand time-stamped.Several developments are helping to increase the monitoringof human activity, including low-cost digital cameras, motion sensors, and biometric readers. In addition, the cost of storing digitaldata is decreasing. The result is an explosion of sensor data collection and storage.In addition, technology to analyze the increasing amountsof digital sensor data is becoming more effcient as well as lessexpensive. For instance, Affectiva (www.affectiva.com) recentlyintroduced biometric wristbands that monitor tiny changes insweat-gland activity to gauge emotional reactions. Marketing consultants are using the bands to discover what pleases or frustratesshoppers.At a recent International Consumer Electronics Show, Intel andMicrosoft introduced an in-store digital billboard that can memorize your face. These billboards can keep track of the products youare interested in based on purchases or your browsing behavior.One marketing analyst has predicted that your experience in everystore will soon be customized.Clearly, privacy concerns must be addressed, particularly withthe capacity of databases to share data and therefore to put together the pieces of a puzzle that can identify us in surprising ways.For example, attorneys have begun to use bridge toll records toestablish travel patterns of spouses in divorce proceedings. Policelooking to issue traffc citations now correlate photos, taken bycameras located at intersections, with vehicle ownership records.One of the most troubling privacy problems involves a practiceadvocated by Google and Facebook. These companies are usingfacial-recognition software—Google Picasa and Facebook PhotoAlbums—in their popular online photo-editing and sharing services.Both companies encourage users to assign names to people inphotos, a practice referred to as photo tagging. Facial-recognitionsoftware then indexes facial features. Once an individual in a photois tagged, the software looks for similar facial features in untaggedphotos. This process allows the user to quickly group photos inwhich the tagged person appears. Signifcantly, the individual isnot aware of this process.Once you are tagged in a photo, that photo could be used tosearch for matches across the entire Internet or in private databases,including databases fed by surveillance cameras. The technologycould be used by a car dealer who takes a picture of you when youstep on the car lot. The dealer could then quickly profle you on theWeb to gain an edge in making a sale. Even worse, a stranger in arestaurant could photograph you with a smartphone, and then goonline to profle you. One privacy attorney says that losing the rightto anonymity would have a chilling effect on where you go, whomyou meet, and how you live your life.Another problem arises with smartphones equipped withglobal positioning system (GPS) sensors. These sensors routinelygeotag photos and videos, embedding images with the longitudeand latitude of the location shown in the image. You could be inadvertently supplying criminals with useful intelligence by postingpersonal images on social networks or photo-sharing Web sites.These actions would show the criminals exactly where you live.Questions1. Apply the general framework for ethical decision making to thepractices of photo tagging and geotagging.2. Discuss and provide examples of the benefts and the drawbacks of photo tagging and geotagging.3. Are users responsible for their loss of privacy if they do notknow that their photos can be tagged and that they can belocated with GPS sensors?Sources: Compiled from Autopia Blog, “Cellphone Networks and the Futureof Traffc,” Wired, March 2, 2011; “Hello, Big Brother: Digital Sensors AreWatching Us,” USA Today, January 26, 2011; B. Acohido, “Helpful DigitalSensors,” USA Today, January 25, 2011; D. Priest and W. Arkin, “Top SecretAmerica,” The Washington Post, December 20, 2010; P. Elmer-DeWitt, “Howthe iPhone Spills Your Secrets,” Fortune, December 18, 2010; T. Carmody,“The Internet of Cars: New R&D For Mobile Traffc Sensors,” Wired, September 29, 2010; T. Harbert, “Beeps, Blips, and IT: Making Sense of SensorData,” Computerworld, June 24, 2008; www.eff.org, accessed March 17,2011.3.2 Big Brother Is Watching YouIT’s [about business]SECTION 3.2 Privacy 69A Framework for Ethical IssuesPrivacy IssuesWhat information about oneself should an individual be required to reveal to others?What kind of surveillance can an employer use on its employees?What types of personal information can people keep to themselves and not be forced toreveal to others?What information about individuals should be kept in databases, and how secure is theinformation there?Accuracy IssuesWho is responsible for the authenticity, fdelity, and accuracy of the information collected?How can we ensure that the information will be processed properly and presentedaccurately to users?How can we ensure that errors in databases, data transmissions, and data processing areaccidental and not intentional?Who is to be held accountable for errors in information, and how should the injuredparties be compensated?Property IssuesWho owns the information?What are the just and fair prices for its exchange?How should we handle software piracy (copying copyrighted software)?Under what circumstances can one use proprietary databases?Can corporate computers be used for private purposes?How should experts who contribute their knowledge to create expert systems becompensated?How should access to information channels be allocated?Accessibility IssuesWho is allowed to access information?How much should companies charge for permitting access to information?How can access to computers be provided for employees with disabilities?Who will be provided with equipment needed for accessing information?What information does a person or an organization have a right to obtain, under whatconditions, and with what safeguards?Table3.13.2 PrivacyIn general, privacy is the right to be left alone and to be free of unreasonable personal intrusions. Information privacy is the right to determine when, and to what extent, informationabout you can be gathered and/or communicated to others. Privacy rights apply to individuals,groups, and institutions.The defnition of privacy can be interpreted quite broadly. However, court decisions inmany countries have followed two rules fairly closely:1. The right of privacy is not absolute. Privacy must be balanced against the needs of society.2. The public’s right to know supersedes the individual’s right of privacy.These two rules illustrate why determining and enforcing privacy regulations can be diffcult.The right to privacy is recognized today in all U.S. states and by the federal government, eitherby statute or in common law.70 CHAPTER 3 Ethics and PrivacyRapid advances in information technologies have made it much easier to collect, store, andintegrate data on individuals in large databases. On an average day, data about you are generated in many ways: surveillance cameras on toll roads, in public places, and at work; credit cardtransactions; telephone calls (landline and cellular); banking transactions; queries to searchengines; and government records (including police records). These data can be integrated toproduce a digital dossier, which is an electronic profle of you and your habits. The process offorming a digital dossier is called profling.Data aggregators, such as LexisNexis (www.lexisnexis.com), ChoicePoint (www.choicepoint.com), and Acxiom (www.acxiom.com), are good examples of profling. These companies collect public data such as real estate records and published telephone numbers, in addition tononpublic information such as Social Security numbers; fnancial data; and police, criminal,and motor vehicle records. They then integrate these data to form digital dossiers on mostadults in the United States. They ultimately sell these dossiers to law enforcement agenciesand companies that conduct background checks on potential employees. They also sell themto companies that want to know their customers better, a process called customer intimacy.However, data on individuals can be used in more controversial manners. For example, acontroversial new map in California identifes the addresses of donors who supported Proposition 8, the referendum that outlawed same-sex marriage in California (see www.eightmaps.com). Gay activists created the map by combining Google’s satellite mapping technology withpublicly available campaign records that listed Proposition 8 donors who contributed $100or more. These donors are outraged, claiming that the map invades their privacy and couldexpose them to retribution.Electronic SurveillanceAccording to the American Civil Liberties Union (ACLU), tracking people’s activities withthe aid of computers has become a major privacy-related problem. The ACLU notes that thismonitoring, or electronic surveillance, is rapidly increasing, particularly with the emergenceof new technologies. Electronic surveillance is conducted by employers, the government, andother institutions.In general, employees have very limited legal protection against surveillance by employers.The law supports the right of employers to read their employees’ e-mail and other electronicdocuments and to monitor their employees’ Internet use. Today, more than three-fourths oforganizations are monitoring employees’ Internet usage. In addition, two-thirds use software toblock connections to inappropriate Web sites, a practice called URL fltering. Further, organizations are installing monitoring and fltering software to enhance security by stopping malicioussoftware and to increase productivity by discouraging employees from wasting time.In one organization, the chief information offcer (CIO) monitored about 13,000 employees for three months to determine the type of traffc they engaged in on the network. He thenforwarded the data to the chief executive offcer (CEO) and the heads of the human resourcesand legal departments. These executives were shocked at the questionable Web sites the employees were visiting, as well as the amount of time they were spending on those sites. Theexecutives quickly made the decision to implement a URL fltering product.Surveillance is also a concern for private individuals regardless of whether it is conductedby corporations, government bodies, or criminals. As a nation the United States is still struggling to defne the appropriate balance between personal privacy and electronic surveillance,especially when threats to national security are involved.Personal Information in DatabasesModern institutions store information about individuals in many databases. Perhaps the most visible locations of such records are credit-reporting agencies. Other institutions that store personalinformation include banks and fnancial institutions; cable TV, telephone, and utilities companies; employers; mortgage companies; hospitals; schools and universities; retail establishments;government agencies (Internal Revenue Service, your state, your municipality); and many others.SECTION 3.2 Privacy 71There are several concerns about the information you provide to these record keepers.Some of the major concerns are:• Do you know where the records are?• Are the records accurate?• Can you change inaccurate data?• How long will it take to make a change?• Under what circumstances will personal data be released?• How are the data used?• To whom are the data given or sold?• How secure are the data against access by unauthorized people?Information on Internet Bulletin Boards, Newsgroups,and Social Networking SitesEvery day you see more and more electronic bulletin boards, newsgroups, electronic discussionssuch as chat rooms, and social networking sites (discussed in Chapter 9). These sites appearon the Internet, within corporate intranets, and on blogs. A blog, short for “Weblog,” is aninformal, personal journal that is frequently updated and intended for general public reading.How does society keep owners of bulletin boards from disseminating information that may beoffensive to readers or simply untrue? This is a diffcult problem because it involves the conflict between freedom of speech on the one hand and privacy on the other. This conflict is afundamental and continuing ethical issue in U.S. society.There is no better illustration of the conflict between free speech and privacy than theInternet. Many Web sites contain anonymous, derogatory information on individuals, who typically have little recourse in the matter. Approximately one-half of U.S. frms use the Internetin examining job applications, including searching on Google and on social networking sites.Consequently, derogatory information that can be found on the Internet can harm a person’schances of being hired. This problem has become so serious that a company called ReputationDefender (www.reputationdefender.com) will search for damaging content online and destroy iton behalf of clients.Social networking sites also can present serious privacy concerns. IT’s About Business 3.3takes a look at Facebook’s problems with its privacy policies.Privacy Codes and PoliciesPrivacy policies or privacy codes are an organization’s guidelines for protecting the privacy ofits customers, clients, and employees. In many corporations, senior management has begun tounderstand that when they collect vast amounts of personal information, they must protect it.In addition, many organizations give their customers some voice in how their information isused by providing them with opt-out choices. The opt-out model of informed consent permitsthe company to collect personal information until the customer specifcally requests that thedata not be collected. Privacy advocates prefer the opt-in model of informed consent, whichprohibits an organization from collecting any personal information unless the customer specifcally authorizes it.One privacy tool currently available to consumers is the Platform for Privacy Preferences (P3P),a protocol that automatically communicates privacy policies between an electronic commerceWeb site and visitors to that site. P3P enables visitors to determine the types of personal data thatcan be extracted by the Web sites they visit. It also allows visitors to compare a Web site’s privacypolicy to the visitors’ preferences or to other standards, such as the Federal Trade Commission’s(FTC) Fair Information Practices Standard or the European Directive on Data Protection.Table 3.2 provides a sampling of privacy policy guidelines. In Table 3.2 the last section, “DataConfdentiality,” refers to security, as you will see in Chapter 4. All the good privacy intentions inthe world are useless unless they are supported and enforced by effective security measures.72 CHAPTER 3 Ethics and PrivacyInternational Aspects of PrivacyAs the number of online users has increased globally, governments throughout the world haveenacted a large number of inconsistent privacy and security laws. This highly complex globallegal framework is creating regulatory problems for companies. Approximately 50 countrieshave some form of data-protection laws. Many of these laws conflict with those of other countries, or they require specifc security measures. Other countries have no privacy laws at all.The absence of consistent or uniform standards for privacy and security obstructs theflow of information among countries, which is called transborder data flows. The EuropeanUnion (EU), for one, has taken steps to overcome this problem. In 1998 the EuropeanCommunity Commission (ECC) issued guidelines to all its member countries regarding theIn December 2009, Facebook adopted a new privacy policy thatdeclared certain information, including lists of friends, to be publicly available, with no privacy settings. Previously, Facebookusers could restrict access to this information. As a result of thischange, users who had set their list of friends as private wereforced to make the list public without even being informed. Further, the option to make the list private again was removed. Forexample, a user whose Family and Relationships information wasset to be viewable by Friends Only would default to being viewableby Everyone (publicly viewable). Therefore, information such asthe gender of your partner, relationship status, and family relationsbecame viewable even to people who did not have a Facebookaccount. Facebook CEO Mark Zuckerberg justifed this policy byasserting that privacy is no longer a social norm.To compound this issue, the new Facebook policy can also expose endorsements of various organizations and groups that youmake when you click the “Like” button. In addition, Facebook’s“Instant Personalization” shares some of your data, without youradvance permission, with other Web sites.The results of the privacy fasco? The Facebook privacy policywas protested by many people as well as privacy organizationssuch as the Electronic Frontier Foundation (www.eff.org). In fact,Iranian dissidents began deleting their Facebook accounts so thatthe government could not track their contacts.In another instance, four college students decided to builda social network that would not force people to surrender theirprivacy. They used an online Web site called Kickstarter (www.kickstarter.com), which helps creative people fnd support,to raise $10,000. When they introduced their software, calledDiaspora (www.diaspora.com), in May 2010, they made thesource code openly available. Users can employ this softwareto set up personal servers, create their own information hubs,and control the information they share. The Diaspora “crew” attracted more than 2,000 followers of “joindiaspora” on Twitter injust a few weeks.Facebook responded by rolling back requirements that somecontent be public, such as promotional pages that users respondto, or “Like,” in Facebook “language.” Facebook is also providinga virtual one-click “off switch” that lets users block all access totheir information from third-party applications and Web sites. Further, instead of being forced to make public every status updateand photo for “friends” or other individuals, users can put information such as employment history and vacation videos into bucketsdesignated either for friends, friends of friends, or everyone on theInternet.In February 2011, Facebook revealed a new draft of its privacypolicy. The revised policy does not modify the social network’sdata-handling practices; rather, it organizes its content around morepractical headings such as “your information and how it is used”and “how advertising works.” Facebook maintains that the newpolicy is much more of a user guide to managing personal data.Questions1. Why did Facebook change its privacy policies in December2009?2. Make the argument in support of the privacy policy changesthat Facebook instituted in December 2009.3. Make the argument against the privacy policy changes thatFacebook instituted in December 2009.4. Discuss the trade-offs between conveniently sharing information and protecting privacy.Sources: Compiled from J. Angwin and G. Fowler, “Microsoft, FacebookOffer New Approaches to Boost Web Privacy,” The Wall Street Journal,February 26–27, 2011; C. Kang, “Facebook CEO Announces RevampedPrivacy Settings,” The Washington Post, May 27, 2010; M. Wagner, “WhoTrusts Facebook Now?” Computerworld Blogs, May 27, 2010; J. Perez,“Facebook Earns Praise for Privacy Changes,” Computerworld, May 26,2010; S. Gaudin, “Amid Backlash, Facebook Unveils Simpler Privacy Controls,” Computerworld, May 26, 2010; S. Gaudin, “Facebook CEO SaysMistakes Made, Privacy Changes Coming,” Computerworld, May 24,2010; R. Pegoraro, “Facebook Meets the ‘Unlike’ Button,” WashingtonPost, May 17, 2010; J. Sutter, “Some Quitting Facebook As Privacy Concerns Escalate,” CNN.com, May 13, 2010; J. Dwyer, “Four Nerds and aCry to Arms Against Facebook,” The New York Times, May 11, 2010;B. Johnson, “Privacy No Longer a Social Norm, Says Facebook Founder,”The Guardian, January 11, 2010.3.3 Your Privacy on FacebookIT’s [about business]SECTION 3.2 Privacy 73rights of individuals to access information about themselves. The EU data-protection lawsare stricter than U.S. laws and therefore could create problems for multinational corporations, which could face lawsuits for privacy violation.The transfer of data into and out of a nation without the knowledge of either the authorities or the individuals involved raises a number of privacy issues. Whose laws have jurisdictionwhen records are stored in a different country for reprocessing or retransmission purposes?For example, if data are transmitted by a Polish company through a U.S. satellite to a Britishcorporation, which country’s privacy laws control the data, and when? Questions like these willbecome more complicated and frequent as time goes on. Governments must make an effort todevelop laws and standards to cope with rapidly changing information technologies in order tosolve some of these privacy issues.The United States and the EU share the goal of privacy protection for their citizens, butthe United States takes a different approach. To bridge the different privacy approaches, theUnited States Department of Commerce, in consultation with the EU, developed a “safe harbor” framework to regulate the way that U.S. companies export and handle the personal data(such as names and addresses) of European citizens. See www.export.gov/safeharbor and http://ec.europa.eu/justice_home/fsj/privacy/index_en.htm.Privacy Policy Guidelines: A SamplerData CollectionData should be collected on individuals only for the purpose of accomplishing alegitimate business objective.Data should be adequate, relevant, and not excessive in relation to the business objective.Individuals must give their consent before data pertaining to them can be gathered.Such consent may be implied from the individual’s actions (e.g., applications for credit,insurance, or employment).Data AccuracySensitive data gathered on individuals should be verifed before they are entered into thedatabase.Data should be kept current, where and when necessary.The fle should be made available so that the individual can ensure that the data are correct.In any disagreement about the accuracy of the data, the individual’s version should be notedand included with any disclosure of the fle.Data ConfidentialityComputer security procedures should be implemented to ensure against unauthorizeddisclosure of data. These procedures should include physical, technical, andadministrative security measures.Third parties should not be given access to data without the individual’s knowledge orpermission, except as required by law.Disclosures of data, other than the most routine, should be noted and maintained for aslong as the data are maintained.Data should not be disclosed for reasons incompatible with the business objective forwhich they are collected.Table3.274 CHAPTER 3 Ethics and PrivacyFor the Accounting MajorPublic companies, their accountants, and their auditors have signifcant ethicalresponsibilities. Accountants now are being held professionally and personallyresponsible for increasing the transparency of transactions and assuring compliancewith Generally Accepted Accounting Principles (GAAP). In fact, regulatory agenciessuch as the SEC and the Public Company Accounting Oversight Board (PCAOB)require accounting departments to adhere to strict ethical principles.For the Finance MajorAs a result of global regulatory requirements and the passage of Sarbanes-Oxley,fnancial managers must follow strict ethical guidelines. They are responsible forfull, fair, accurate, timely, and understandable disclosure in all fnancial reports anddocuments that their companies submit to the Securities and Exchange Commissionand in all other public fnancial reports. Further, fnancial managers are responsiblefor compliance with all applicable governmental laws, rules, and regulations.For the Marketing MajorMarketing professionals have new opportunities to collect data on their customers,for example, through business-to-consumer electronic commerce (discussed inChapter 7). Business ethics clearly mandate that these data should be used onlywithin the company and should not be sold to anyone else. Marketers do not want tobe sued for invasion of privacy over data collected for the marketing database.Customers expect their data to be properly secured. However, proft-motivatedcriminals want that data. Therefore, marketing managers must analyze the risksof their operations. Failure to protect corporate and customer data will causesignifcant public relations problems and outrage customers. Customer relationshipmanagement (discussed in Chapter 11) operations and tracking customers’ onlinebuying habits can expose unencrypted data to misuse or result in privacy violations.For the Production/Operations Management MajorPOM professionals decide whether to outsource (or offshore) manufacturingoperations. In some cases, these operations are sent overseas to countries that do nothave strict labor laws. This situation raises serious ethical questions. For example, isit ethical to hire employees in countries with poor working conditions in order toreduce labor costs?For the Human Resources Management MajorEthics is critically important to HR managers. HR policies explain the appropriateuse of information technologies in the workplace. Questions such as the followingcan arise: Can employees use the Internet, e-mail, or chat systems for personalpurposes while at work? Is it ethical to monitor employees? If so, how? How much?How often? HR managers must formulate and enforce such policies while at thesame time maintaining trusting relationships between employees and management.For the MIS MajorEthics might be more important for MIS personnel than for anyone else in theorganization, because these individuals have control of the information assets. Theyalso have control over a huge amount of the employees’ personal information. Asa result, the MIS function must be held to the highest ethical standards. In fact,as you will see in the chapter-closing case about Terry Childs, regardless of whathe actually did, what one thinks of what he did, and whether his conviction wasjustifed, a person in his situation has the opportunity to behave improperly, andshouldn’t.What’s InITForMe?Discussion Questions 75[ Summary ]1. Define ethics, list and describe the three fundamental tenets of ethics,and describe the four categories of ethical issues related to informationtechnology.Ethics refers to the principles of right and wrong that individuals use to make choices thatguide their behavior.Fundamental tenets of ethics include responsibility, accountability, and liability.Responsibility means that you accept the consequences of your decisions and actions.Accountability refers to determining who is responsible for actions that were taken. Liabilityis a legal concept that gives individuals the right to recover the damages done to them byother individuals, organizations, or systems.The major ethical issues related to IT are privacy, accuracy, property (including intellectual property), and access to information. Privacy may be violated when data are held indatabases or transmitted over networks. Privacy policies that address issues of data collection, data accuracy, and data confdentiality can help organizations avoid legal problems2. Identify three places that store personal data, and for each one, discussat least one personal threat to the privacy of the data stored there.Privacy is the right to be left alone and to be free of unreasonable personal intrusions. Threatsto privacy include advances in information technologies, electronic surveillance, personalinformation in databases, Internet bulletin boards, newsgroups, and social networking sites.The privacy threat in Internet bulletin boards, newsgroups, and social networking sites isthat you might post too much personal information that many unknown people can see.[ Chapter Glossary ]accountability A tenet of ethics that refers to determiningwho is responsible for actions that were taken.code of ethics A collection of principles intended to guidedecision making by members of an organization.digital dossier An electronic description of an individual andhis or her habits.electronic surveillance Tracking people’s activities with theaid of computers.ethics The principles of right and wrong that individuals useto make choices to guide their behaviors.information privacy The right to determine when, and towhat extent, personal information can be gathered by and/orcommunicated to others.liability A legal concept that gives individuals the right to recover the damages done to them by other individuals, organizations, or systems.opt-in model A model of informed consent in which a business is prohibited from collecting any personal informationunless the customer specifcally authorizes it.opt-out model A model of informed consent that permits acompany to collect personal information until the customerspecifcally requests that the data not be collected.privacy The right to be left alone and to be free of unreasonable personal intrusions.privacy codes (see privacy policies)privacy policies (also known as privacy codes) An organization’s guidelines for protecting the privacy of customers,clients, and employees.profling The process of forming a digital dossier.responsibility A tenet of ethics in which you accept the consequences of your decisions and actions.[ Discussion Questions ]1. In 2008, the Massachusetts Bay Transportation Authority (MBTA) obtained a temporary restraining order barring three Massachusetts Institute of Technology (MIT)students from publicly displaying what they claimedto be a way to get “free subway rides for life.” Specifcally, the 10-day injunction prohibited the students fromrevealing vulnerabilities of the MBTA’s fare card. Thestudents were scheduled to present their fndings in LasVegas at the DEFCON computer hacking conference.Are the students’ actions legal? Are their actions ethical?Discuss your answer from the students’ perspective thenfrom the perspective of the MBTA.76 CHAPTER 3 Ethics and Privacy2. Frank Abagnale, the criminal played by Leonardo DiCaprio in the motion picture Catch Me If You Can, endedup in prison. After he left prison, however, he worked as aconsultant to many companies on matters of fraud.a. Why do these companies hire the perpetrators (ifcaught) as consultants? Is this a good idea?b. You are the CEO of a company. Discuss the ethicalimplications of hiring Frank Abagnale as a consultant.[ Problem-Solving Activities ]1. An information security manager routinely monitored theWeb surfng among her company’s employees. She discovered that many employees were visiting the “sinful six”Web sites. (Note: The “sinful six” are Web sites with material related to pornography, gambling, hate, illegal activities, tastelessness, and violence.) She then prepared a list ofthe employees and their surfng histories and gave the listto management. Some managers punished their employees. Some employees, in turn, objected to the monitoring,claiming that they should have a right to privacy.a. Is monitoring of Web surfng by managers ethical? (It islegal.) Support your answer.b. Is employee Web surfng on the “sinful six” ethical?Support your answer.c. Is the security manager’s submission of the list of abusers to management ethical? Why or why not?d. Is punishing the abusers ethical? Why or why not? Ifyes, then what types of punishment are acceptable?e. What should the company do in this situation? (Note:There are a variety of possibilities here.)2. Access the Computer Ethics Institute’s Web site at www.cpsr.org/issues/ethics/cei.The site offers the “Ten Commandments of ComputerEthics.” Study these rules and decide whether any othersshould be added.3. Access the Association for Computing Machinery’s code ofethics for its members (see www.acm.org/constitution/code.html). Discuss the major points of this code. Is this codecomplete? Why or why not? Support your answer.4. Access www.eightmaps.com. Is the use of data on this Website illegal? Unethical? Support your answer.5. The Electronic Frontier Foundation (www.eff.org) has amission of protecting rights and promoting freedom in the“electronic frontier.” Review the organization’s suggestionsabout how to protect your online privacy, and summarizewhat you can do to protect yourself.6. Access your university’s guidelines for ethical computerand Internet use. Are there limitations as to the types ofWeb sites that you can visit and the types of material youcan view? Are you allowed to change the programs onthe lab computers? Are you allowed to download software from the lab computers for your personal use? Arethere rules governing the personal use of computers ande-mail?7. Access http://www.albion.com/netiquette/corerules.html. Whatdo you think of this code of ethics? Should it be expanded?Is it too general?8. Access www.cookiecentral.com and www.epubliceye.com.Do these sites provide information that helps you protectyour privacy? If so, then explain how.9. Do you believe that a university should be allowed tomonitor e-mail sent and received on university computers?Why or why not? Support your answer.[ Team Assignments ]1. Access www.ftc.gov/sentinel to learn how law enforcementagencies around the world work together to fght consumerfraud. Each team should obtain current statistics on one ofthe top fve consumer complaint categories and prepare areport. Are any categories growing faster than others? Areany categories more prevalent in certain parts of the world?[ Closing Case You Be the Judge ]Terry Childs worked in San Francisco’s information technology department for fve years as a highly valued networkadministrator. Childs, who holds a Cisco Certifed Internetwork Expert certifcation, the highest level of certifcationoffered by Cisco, built San Francisco’s new multimilliondollar computer network, the FiberWAN. He handled mostof the implementation, including the acquisition, confguration, and installation of all the routers and switches thatcompose the network. The FiberWAN contains essentialcity information such as offcials’ e-mails, city payroll fles,confdential law enforcement documents, and jail inmates’booking information.On July 13, 2008, Childs was arrested and charged withfour felony counts of computer tampering. Authorities accusedhim of commandeering the FiberWAN by creating passwordsthat granted him exclusive access to the system. In addition torefusing to give city offcials the passwords necessary to accessthe FiberWAN, Childs has been accused of other actions.Authorities allege that he implemented a tracing system to monitor what administrators were saying and doing. Authorities alsoClosing Case: You Be the Judge 77discovered dial-up and digital subscriber line (DSL) modems(discussed in Chapter 6) that would enable an unauthorizeduser to connect to the FiberWAN. They also found that hehad placed a command on several network devices to erasecritical confguration data in the event that anyone tried torestore administrative access to the devices. Further, he allegedly collected pages of user names and passwords, includinghis supervisor’s, to use their network login information. He wasalso charged with downloading terabytes of city data to a personal encrypted storage device. The extent of Child’s activitieswas not known until a June 2008 computer audit.Childs had been disciplined on the job in the monthsleading up to his arrest, and his supervisors had tried to frehim. Those attempts were unsuccessful, in part because of hisexclusive knowledge of the city’s FiberWAN.After his arrest, Childs kept the necessary passwords tohimself for ten days, and then gave them to the mayor ofSan Francisco in a secret meeting in the city jail. What washe thinking? Had he become a rogue employee? His lawyerpaints a different picture of the man and his situation.Childs seems to have taken his job very seriously, to thepoint of arrogance. He worked very hard, including eveningsand weekends, and rarely took vacations. Because the FiberWAN was so complex and Childs did not involve any of theother network engineers in his unit, he was the only personwho fully understood the network’s confguration. He apparently trusted no one but himself with the details of the network, including its confguration and login information.Childs had a poor relationship with his superiors, who wereall managerially oriented rather than technically oriented. Heconsidered his direct supervisor to be intrusive, incompetent,and obstructive, and he believed the managers above himhad no real concept of the FiberWAN. In fact, he felt that hissuperiors were more interested in offce politics than in gettinganything done. He also complained that he was overworkedand that many of his colleagues were incompetent freeloaders.Childs’s lawyer maintained that his client had been the victimof a “bad faith” effort to force him out of his post by incompetentcity offcials whose meddling was jeopardizing the network thatChilds had built. He further charged that in the past, Childs’ssupervisors and co-workers had damaged the FiberWAN themselves, hindered Childs’s ability to maintain the system, andshown complete indifference to maintaining it themselves.Childs was the only person in the department capable ofoperating the FiberWAN. Despite this fact, the departmenthad established no policies as to the appropriate person towhom Childs could give the passwords. Childs maintainsthat none of the persons who requested the passwords fromhim was qualifed to have them.Childs’ lawyer raised the question: “How could the department say his performance was poor when he had been doingwhat no one else was able or willing to do?” Interestingly, theFiberWAN continued to run smoothly while Childs was holding the passwords.As of May 2011, San Francisco offcials maintained that theyhad paid Cisco contractors almost $200,000 to fx the problemswith the FiberWAN. The city has retained a security consultingfrm, Secure DNA (www.secure-dna.com), to conduct a vulnerability assessment of its network. It also has set aside a further$800,000 to address potential ongoing problems.On April 27, 2010, after nearly three days of deliberation,a jury convicted Childs of one count of felony computer tampering for withholding passwords to the city’s FiberWAN network. On August 9, 2010, the judge sentenced Childs to fouryears in prison.Questions1. Do you agree with the jury that Childs is guilty of computer tampering?(a) Discuss the case from the perspective of the prosecutor of the Cityof San Francisco.(b) Discuss the case from the perspective of Childs’s defense lawyer.2. A single point of failure is a component of a system that, if it fails, willprevent the entire system from functioning. For this reason, a singlepoint of failure is clearly undesirable, whether it is a person, a network,or an application. Is Childs an example of a single point of failure? Whyor why not? If he is guilty, then how should the City of San Francisco(or any organization) protect itself from such a person?Sources: Compiled from R. McMillan, “Network Admin Terry Childs Gets 4-YearSentence,” Bloomberg BusinessWeek, August 7, 2010; J. Niccolai, “Terry Childs IsDenied Motion for Retrial,” PC World, July 30, 2010; J. Vijayan, “After Verdict,Debate Rages in Terry Childs’ Case,” Computerworld, April 28, 2010; P. Venezia,“Slouching toward Justice for Terry Childs,” InfoWorld, March 1, 2010; J. VanDerbeken, “S.F. Offcials Locked Out of Computer Network,” SFGate.com, July 15,2008; Z. Church, “San Francisco IT Hack Story Looks a Bit Too Much LikeChinatown,” SearchCIO-Midmarket.com, July 16, 2008; P. Venezia, “Why SanFrancisco’s Network Admin Went Rogue,” InfoWorld, July 18, 2008; J. Van Derbeken,“Lawyer Says Client Was Protecting City’s Code,” SFGate.com, July 23, 2008;R. McMillan and P. Venezia, “San Francisco’s Mayor Gets Back Keys to the Network,”Network World, July 23, 2008; R. McMillan, “Parts of San Francisco Network StillLocked Out,” Network World, July 23, 2008; J. Vijayan, “City Missed Steps to AvoidNetwork Lockout,” Computerworld, July 28, 2008; A. Surdin, “San Francisco CaseShows Vulnerability of Data Networks,” Washington Post, August 11, 2008; R.McMillan, “San Francisco Hunts for Mystery Device on City Network,” Computerworld, September 11, 2008; B. Egelko, “S.F. Computer Engineer to Stand Trial,”SFGate.com, December 27, 2008.
[Button id=”1″]
Quality and affordable writing services. Our papers are written to meet your needs, in a personalized manner. You can order essays, annotated bibliography, discussion, research papers, reaction paper, article critique, coursework, projects, case study, term papers, movie review, research proposal, capstone project, speech/presentation, book report/review, and more.
Need Help? Click On The Order Now Button For Help
What Students Are Saying About Us
.......... Customer ID: 12*** | Rating: ⭐⭐⭐⭐⭐"Honestly, I was afraid to send my paper to you, but splendidwritings.com proved they are a trustworthy service. My essay was done in less than a day, and I received a brilliant piece. I didn’t even believe it was my essay at first 🙂 Great job, thank you!"
.......... Customer ID: 14***| Rating: ⭐⭐⭐⭐⭐
"The company has some nice prices and good content. I ordered a term paper here and got a very good one. I'll keep ordering from this website."
