Home | | Cryptography and Network Security | Ethical Issues - Network or Computer

Chapter: Cryptography and Network Security Principles and Practice : Legal And Ethical Aspects

Ethical Issues - Network or Computer

· Ethics and the IS Professions · Ethical Issues Related to Computers and Information Systems · Codes of Conduct


Because of the ubiquity and importance of information systems in organizations of all types, there are many potential misuses and abuses of information and electronic communication that create privacy and security problems. In addition to questions of legality, misuse and abuse raise concerns of ethics. Ethics refers to a system of moral principles that relates to the benefits and harms of particular actions, and to the rightness and wrongness of motives and ends of those actions. In this section, we look at ethical issues as they relate to computer and information system security.


Ethics and the IS  Professions

To a certain extent, a characterization of what constitutes ethical behavior for those who work with or have access to information systems is not unique to this context. The basic ethical principles developed by civilizations apply. However, there are some unique considerations surrounding computers and information systems. First, computer technology makes possible a scale of activities not possible before. This includes a larger scale of recordkeeping, particularly on individuals, with the ability to develop finer-grained personal information collection and more precise data mining and data matching. The expanded scale of communications and the expanded scale of interconnection brought about by the Internet magnify the power of an individual to do harm. Second, computer technology has involved the creation of new types of entities for which no agreed ethical rules have previously been formed, such as databases, Web browsers, chat rooms, cookies, and so on.

Further, it has always been the case that those with special knowledge or spe- cial skills have additional ethical obligations beyond those common to all humanity. We can illustrate this in terms of an ethical hierarchy (Figure 23.6), based on one discussed in [GOTT99]. At the top of the hierarchy are the ethical values profes- sionals share with all human beings, such as integrity, fairness, and justice. Being a professional with special training imposes additional ethical obligations with respect to those affected by his or her work. General principles applicable to all profession- als arise at this level. Finally, each profession has associated with it specific ethical values and obligations related to the specific knowledge of those in the profession and the powers that they have to affect others. Most professions embody all of these levels in a professional code of conduct, a subject discussed subsequently.


Ethical Issues Related to Computers and Information Systems

Let us turn now more specifically to the ethical issues that arise from computer technology. Computers have become the primary repository of both personal

information and negotiable assets, such as bank records, securities records, and other financial information. Other types of databases, both statistical and otherwise, are assets with considerable value. These assets can only be viewed, created, and altered by technical and automated means. Those who can understand and exploit the technology, plus those who have obtained access permission, have power related to those assets.

A classic paper on computers and ethics [PARK88b] points out that ethical issues arise as the result of the roles of computers, such as the following:

                                                Repositories and processors of information: Unauthorized use of otherwise unused computer services or of information stored in computers raises ques- tions of appropriateness or fairness.

                                                Producers of new forms and types of assets: For example, computer programs are entirely new types of assets, possibly not subject to the same concepts of ownership as other assets.

                                                Instruments of acts: To what degree must computer services and users of computers, data, and programs be responsible for the integrity and appropri- ateness of computer output?

                                                Symbols of intimidation and deception: The images of computers as thinking machines, absolute truth producers, infallible, subject to blame, and as anthro- pomorphic replacements of humans who err should be carefully considered.


Another listing of ethical issues, from [HARR90], is shown in Table 23.3. Both of these lists are concerned with balancing professional responsibilities with ethical or moral responsibilities. We cite two areas here of the types of ethical questions that face a computing or IS professional. The first is that IS professionals may find themselves in situations where their ethical duty as professionals comes into conflict with loyalty to their employer. Such a conflict may give rise for an employee to con- sider “blowing the whistle,” or exposing a situation that can harm the public or a company’s customers. For example, a software developer may know that a product is scheduled to ship with inadequate testing to meet the employer’s deadlines. The decision of whether to blow the whistle is one of the most difficult that an IS profes- sional can face. Organizations have a duty to provide alternative, less extreme opportunities for the employee, such as an in-house ombudsperson coupled with a commitment not to penalize employees for exposing problems in-house. Additionally, professional societies should provide a mechanism whereby society members can get advice on how to proceed.

Another example of an ethical question concerns a potential conflict of inter- est. For example, if a consultant has a financial interest in a  certain vendor,  this should be revealed to any client if that vendor’s products or services might be recommended by the consultant.


Codes of Conduct

Unlike scientific and engineering fields, ethics cannot be reduced to precise laws or sets of facts. Although an employer or a client of a professional can expect that the professional has an internal moral compass, many areas of conduct may present eth- ical ambiguities. To provide guidance to professionals and to articulate what employers and customers have a right to expect, a number of professional societies have adopted ethical codes of conduct.

A professional code of conduct can serve the following functions [GOTT99]:

1.                        A code can serve two inspirational functions: as a positive stimulus for ethical conduct on the part of the professional, and to instill confidence in the cus- tomer or user of an IS product or service. However, a code that stops at just providing inspirational language is likely to be vague and open to an abun- dance of interpretations.

2.                        A code can be educational. It informs professionals about what should be their commitment to undertake a certain level of quality of work and their responsibil- ity for the well being of users of their product and the public, to the extent the product may affect nonusers. The code also serves to educate managers on their responsibility to encourage and support employee ethical behavior and on their own ethical responsibilities.

3.                        A code provides a measure of support for a professional whose decision to act ethically in a situation may create conflict with an employer or customer.

4.                        A code can be a means of deterrence and discipline. A professional society can use a code as a justification for revoking membership or even a professional license. An employee can use a code as a basis for a disciplinary action.

5.                        A code can enhance the profession’s public image, if it is seen to be widely honored.

We illustrate the concept of a professional code of ethics for computer profes- sionals with three specific examples. The ACM (Association for Computing Machinery) Code of Ethics and Professional Conduct (Figure 23.7) applies to com- puter scientists.5 The IEEE (Institute of Electrical and Electronics Engineers) Code of Ethics (Figure 23.8) applies to computer engineers as well as other types of elec- trical and electronic engineers. The AITP (Association of Information Technology Professionals, formerly the Data Processing Management Association) Standard of Conduct (Figure 23.9) applies to managers of computer systems and projects.

A number of common themes emerge from these codes, including (1) dignity and worth of other people; (2) personal integrity and honesty; (3) responsibility for work; (4) confidentiality of information; (5) public safety, health, and welfare; (6) participation in professional societies to improve standards of the profession; and

(7)                the notion that public knowledge and access to technology is equivalent to social power.

All three codes place their emphasis on the responsibility of professionals to other people, which, after all, is the central meaning of ethics. This emphasis on peo- ple rather than machines or software is to the good. However, the codes make little specific mention of the subject technology, namely computers and  information systems. That is, the approach is quite generic and could apply to most professions and does not fully reflect the unique ethical problems related to the development and use of computer and IS technology. For example, these codes do not specifically deal with the issues raised in Table 23.3 or by [PARK88b] listed in the preceding subsection.







1.                                                                                              GENERAL MORAL IMPERATIVES.

            Contribute to society and human well-being.

            Avoid harm to others.

            Be honest and trustworthy.

            Be fair and take action not to discriminate.

            Honor property rights including copyrights and patent.

            Give proper credit for intellectual property.

            Respect the privacy of others.

            Honor confidentiality.


2.                                                                 MORE SPECIFIC PROFESSIONAL RESPONSIBILITIES.

            Strive to achieve the highest quality, effectiveness and dignity in both the process and products of professional work.

            Acquire and maintain professional competence.

            Know and respect existing laws pertaining to professional work.

            Accept and provide appropriate professional review.

            Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis of possible risks.

            Honor contracts, agreements, and assigned responsibilities.

            Improve public understanding of computing and its consequences.

            Access computing and communication resources only when authorized to do so.


3.                                                                       ORGANIZATIONAL LEADERSHIP IMPERATIVES.

            Articulate social responsibilities of members of an organizational unit and encourage full acceptance of those responsibilities.

            Manage personnel and resources to design and build information systems that enhance the quality of working life.

            Acknowledge and support proper and authorized uses of an organization’s comput- ing and communication resources.

            Ensure that users and those who will be affected by a system have their needs clearly articulated during the assessment and design of requirements; later the system must be validated to meet requirements.

            Articulate and support policies that protect the dignity of users and others affected by a computing system.

            Create opportunities for members of the organization to learn the principles and limitations of computer systems.


4.                                                                                                 COMPLIANCE WITH THE CODE.

            Uphold and promote the principles of this Code.

            Treat violations of this code as inconsistent with membership in the ACM.


Figure 23.7 ACM Code of Ethics and Professional Conduct (Copyright ©1997, Association for Computing Machinery, Inc.)



We, the members of the IEEE, in recognition of the importance of our technologies in affecting the quality of life throughout the world, and in accepting a personal obligation to our profession, its members and the communities we serve, do hereby commit our- selves to the highest ethical and professional conduct and agree:

1.           to accept responsibility in making decisions consistent with the safety, health and welfare of the public, and to disclose promptly factors that might endanger the public or the environment;

2.           to avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected parties when they do exist;

3.           to be honest and realistic in stating claims or estimates based on available data;

4.           to reject bribery in all its forms;

5.           to improve the understanding of technology, its appropriate application, and potential consequences;

6.           to maintain and improve our technical competence and to undertake technological tasks for others only if qualified by training or experience, or after full disclosure of pertinent limitations;

7.           to seek, accept, and offer honest criticism of technical work, to acknowledge and correct errors, and to credit properly the contributions of others;

8.           to treat fairly all persons regardless of such factors as race, religion, gender, disability, age, or national origin;

9.           to avoid injuring others, their property, reputation, or employment by false or malicious action;

10.        to assist colleagues and co-workers in their professional development and to support them in following this code of ethics


Figure 23.IEEE Code of Ethics



In recognition of my obligation to management I shall:

         Keep my personal knowledge up-to-date and insure that proper expertise is available when needed.

         Share my knowledge with others and present factual and objective information to management to the best of my ability.

         Accept full responsibility for work that I perform.

         Not misuse the authority entrusted to me.

         Not misrepresent or withhold information concerning the capabilities of equipment, software or systems.

         Not take advantage of the lack of knowledge or inexperience on the part of others.

In recognition of my obligation to my fellow members and the profession I  shall:

         Be honest in all my professional relationships.

         Take appropriate action in regard to any illegal or unethical practices that come to my atten- tion. However, I will bring charges against any person only when I have reasonable basis for believing in the truth of the allegations and without any regard to personal interest.

         Endeavor to share my special knowledge.

         Cooperate with others in achieving understanding and in identifying problems.

            Not use or take credit for the work of others without specific acknowledgement and authorization.

            Not take advantage of the lack of knowledge or inexperience on the part of others for personal gain.

In recognition of my obligation to society I shall:

            Protect the privacy and confidentiality of all information entrusted to me.

            Use my skill and knowledge to inform the public in all areas of my expertise.

            To the best of my ability, insure that the products of my work are used in a socially responsible way.

            Support, respect, and abide by the appropriate local, state, provincial, and federal laws.

            Never misrepresent or withhold information that is germane to a problem or situation of public concern nor will I allow any such known information to remain unchallenged.

            Not use knowledge of a confidential or personal nature in any unauthorized manner or to achieve personal gain.

In recognition of my obligation to my employer I shall:

            Make every effort to ensure that I have the most current knowledge and that the proper expertise is available when needed.

            Avoid conflict of interest and insure that my employer is aware of any potential conflicts.

            Present a fair, honest, and objective viewpoint.

            Protect the proper interests of my employer at all times.

            Protect the privacy and confidentiality of all information entrusted to me.

            Not misrepresent or withhold information that is germane to the situation.

            Not attempt to use the resources of my employer for personal gain or for any purpose without proper approval.

         Not exploit the weakness of a computer system for personal gain or personal satisfaction.

Study Material, Lecturing Notes, Assignment, Reference, Wiki description explanation, brief detail
Cryptography and Network Security Principles and Practice : Legal And Ethical Aspects : Ethical Issues - Network or Computer |

Privacy Policy, Terms and Conditions, DMCA Policy and Compliant

Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.