cse1720 semester 1 2005 week12 / 1 week 12 ethics, privacy, security social implications coles
TRANSCRIPT
CSE1720 Semester 1 2005
week12 / 1
Week 12Week 12
Ethics, Privacy, Security Social Implications Coles
CSE1720 Semester 1 2005
week12 / 2
Ethics, Privacy and SecurityEthics, Privacy and Security
Some common uses of data about people:
CSE1720 Semester 1 2005
week12 / 3
Ethics, Privacy and SecurityEthics, Privacy and Security
People
Public Information Business Transactions
Birth Certificates Mail OrdersDriver Licenses Telephone OrdersCar Registrations SubscriptionsProperty Records DonationsMarriage Licence Credit CardsCensus Records Warranty CardsTelephone Directories Tattslotto, ...Consumer Surveys Accounts Payments PassportsVisas
CSE1720 Semester 1 2005
week12 / 4
Ethics, Privacy and SecurityEthics, Privacy and Security
which can lead to :Multiple Mailing Lists :
SubscriptionsEntertainment SpecialsDonationsMembershipsCataloguesSocial ClubsProfessional Development
CSE1720 Semester 1 2005
week12 / 5
Ethics, Privacy and SecurityEthics, Privacy and Security
• Computers and privacy
• Intellectual Property rights
• Truth in Art and Journalism
• Threats to Computers and Communications systems
• Security issues relating to Computers and Communications Systems
CSE1720 Semester 1 2005
week12 / 6
Ethics, Privacy and SecurityEthics, Privacy and Security
• Ethics: A set of principles which govern the conduct of an individual or group
• Privacy: The right of people not to reveal information about themselves, the right to keep personal information from being misused
• Electronic invasion of personal data has become a serious ethical issue
CSE1720 Semester 1 2005
week12 / 7
Ethics, Privacy and SecurityEthics, Privacy and Security
• Invasion of Privacy :
Would you agree to :
Your shopping habits, your income, to be available to any number of businesses ?
Your medical records being used by your employer as one of the means of making decision regarding promotions, hiring, redundancy ?
CSE1720 Semester 1 2005
week12 / 8
Ethics, Privacy and SecurityEthics, Privacy and Security
The rapid expansion of use of the Internet and E-Commerce has raised many problems with ‘privacy’ aspects.
In America there exists the ‘Association of Corporate Privacy Officers’ which would indicate that there is much interest and concern regarding privacy of data.
Privacy Officers :
train employees about privacy
examine a company’s policies for potential risks
manage customer-privacy disputes
inform senior executives on how the company deals with privacy issues
CSE1720 Semester 1 2005
week12 / 9
Ethics, Privacy and SecurityEthics, Privacy and Security
Rules and Laws on Privacy and other social aspects:
Privacy Act 1974, amended 2001
Freedom of Information Act
Fair Credit Reporting Act
Right to Financial Privacy Act
Computer Fraud and Abuse Act
Federal Data-Matching Program (Assistance and Tax Act)
Australian Consumer and Competition Commission
Office of Fair Trading
CSE1720 Semester 1 2005
week12 / 10
EthicsEthics
Some application definitions of ethics• a member must
– be honest, forthright and impartial– serve the community– strive to increase the competency and prestige of the
profession– use special knowledge and skill for the advancement of
human welfare
CSE1720 Semester 1 2005
week12 / 11
Ethics - Australian Computer SocietyEthics - Australian Computer Society
• Competence (part only of the Standards of Conduct)– A member must endeavour to provide products and
services which match the operational and financial needs of my clients and employers
– A member must give value for money in the services and products supplied by the member
– A member must respect and protect the clients’ and employers’ proprietary interests
CSE1720 Semester 1 2005
week12 / 12
Ethics - Australian Computer SocietyEthics - Australian Computer Society
• Social Implications– A member must protect and promote the health and safety
of those affected by her/his work– A member must consider and respect people’s privacy
which might be affected by a member’s work– A member must respect employees and refrain from
treating them unfairly
The full statement of the code of ethics is available at
www.acs.org.au/national/pospaper/acs131.htm
CSE1720 Semester 1 2005
week12 / 13
Ethics, Privacy and SecurityEthics, Privacy and Security
Intellectual Property Rights: Products of the human mind and includes tangible (i.e. ‘real products’) and intangible property (i.e. ‘ideas’)
3 common methods of ‘protection’ :-
Patents (inventions)
Trade Secrets (formal or method of conducting business)
Copyright ( Laws which prohibit copying of intellectual property without the permission of the copyright
holder)
CSE1720 Semester 1 2005
week12 / 14
Ethics, Privacy and SecurityEthics, Privacy and Security
Piracy: Theft or unauthorised distribution or use
Software Piracy: Unauthorised copying of copyright software
Network Piracy: The use of electronic networks to distribute unauthorised copyright materials in digitised form
Plagiarism: Is the use of another’s text, findings, interpretations and presenting it as one’s own original work
Also involved here is the ownership of images and sounds :
for example Walt Disney animations and ‘speech/sound’
CSE1720 Semester 1 2005
week12 / 15
Ethics, Privacy and SecurityEthics, Privacy and Security How do you feel about this ? How do you feel about this ?
• Draw 98 is a Microsoft product
• It is available from the Microsoft Web site (so is other software)
• It is part of the progression to server based software
• Downloading Draw98 initiates a scan of the user’s hard disk for components of the Office suite so that ‘the installer (software) knows what you need to make Draw 98 run correctly’
• Full marks to Microsoft for innovation ??
CSE1720 Semester 1 2005
week12 / 16
Ethics, Privacy and SecurityEthics, Privacy and Security
Art and Journalism:
Manipulation of Sound - mixing, overlays, reductions, deletions, substitution
Manipulation of photographs and video recordings - ‘touch ups’, overlays, repositioning, insertions, deletions, enhancing, minimising
Morphing - construction of an image (at pixel level) to superimpose, enhance, overlay, redirect, recolour, animate, animation with voice commentary, disjoint morphing ( a person’s head which is rotated - change of facial attitude)
CSE1720 Semester 1 2005
week12 / 17
Ethics, Privacy and SecurityEthics, Privacy and Security
Questions : What is ‘REAL’ data
Which data is ‘ACCURATE’
Which data can be used to MANIPULATE people
CSE1720 Semester 1 2005
week12 / 18
Some Threats to Computers and Communications Systems
Some Threats to Computers and Communications Systems
• Errors and Accidents
People errors
Procedural errors (Ariadne rocket)
Software errors
Electromechanical failures
Bad, incorrect or missing data
CSE1720 Semester 1 2005
week12 / 19
Some Threats to Computers and Communications Systems
Some Threats to Computers and Communications Systems
Natural and Other Hazards:
Fires, floods, earthquakes
Civil unrest, terrorism, war
CSE1720 Semester 1 2005
week12 / 20
Some Threats to Computers and Communications Systems
Some Threats to Computers and Communications Systems
Crimes against Computers and Communications:
(illegal act against computers and/or telecommunications)
Theft of hardware
Theft of software
Theft of time and services
Theft of Information
Crimes of malice and destruction
CSE1720 Semester 1 2005
week12 / 21
Some Threats to Computers and Communications Systems
Some Threats to Computers and Communications Systems
Viruses:
Boot sector virus
File virus
Worm
Logic Bomb
Trojan Horse
Polymorphic
Virus mutation engines
ANTI VIRUS SOFTWARE
CSE1720 Semester 1 2005
week12 / 22
Some Threats to Computers and Communications Systems
Some Threats to Computers and Communications Systems
Crimes against Computers and Communications:
(The use of computers to effect an illegal act)
Computer Criminals:
Employees
Outside users
Hackers and Crackers
Professional criminals
CSE1720 Semester 1 2005
week12 / 23
Some Interesting ExtensionsSome Interesting Extensions
• Data Matching• Profiling• Transaction Monitoring• Performance Analyses - Human and Other• Long Distance Surveillance and recording
Electronic Identification of
Products Vehicles
Animals People
CSE1720 Semester 1 2005
week12 / 24
Public Safety AspectsPublic Safety Aspects
– Factory / Production Processes and Controls
– Dangerous Materials
– Power Generation and Distribution - Power Surges
– Weaponry
– Transport - Road, Rail, Sea, Air
– Computer Controlled Communications
CSE1720 Semester 1 2005
week12 / 26
Some Aims of SecuritySome Aims of Security
• To guard against
– Physical loss of equipment– Physical loss of data– Logical loss of equipment– Logical loss of data
• Some other Aspects– Physical Security– Data security– Software Copying– Viruses
CSE1720 Semester 1 2005
week12 / 27
Some Security ThreatsSome Security Threats
• Unauthorised usage, copying, changing, corrupting, or browsing
• Electronic bugging of communication lines, terminal buffers, storage media
• Sabotage - includes erasing and altering data, substituting erroneous data, destruction of the media device
• Position misuse, false identification, bribery, transferred authorisations
• Suppression of security measures by staff• Masquerading - a program which poses as an operating
system and has access to user password files
CSE1720 Semester 1 2005
week12 / 28
Database Security and IntegrityDatabase Security and Integrity
Database Security: is the protection of a database from– unauthorised access– unauthorised modification– destruction
PRIVACY is the right of individuals to have some control over information about themselves
INTEGRITY refers to the correctness, completeness and consistency of data
CSE1720 Semester 1 2005
week12 / 29
SecuritySecurity
Some Random Ideas:
Physical Access Controls : badges, closed circuit TV,
guards
Terminal Authentication, User I/D’s, Passwords,
(at System and Database levels)
Authorisation - Authorisation Rules
- Which users can access which Information
- What operation can users invoke
read only, read/write, update, delete
User Views - Non updatable access, but access to latest
level of Information
CSE1720 Semester 1 2005
week12 / 30
SecuritySecurity
Other Tools :
Security Logs
Audit trails
Encryption
* Data Encryption Standards
* Public Key Encryption
CSE1720 Semester 1 2005
week12 / 31
Information SecurityInformation Security
AIM PREVENTS
* Confidentiality Unauthorised disclosure
* Integrity Unauthorised Amendment
* Availability Unauthorised Withholding
Security Systems:
1. Computer Security
2. Communications Security
- transmission
- encryption
3. Procedural security
4. Physical security
CSE1720 Semester 1 2005
week12 / 32
Banking FraudsBanking Frauds
Melbourne July 2003.
Westpac and ANZ customers were (? are) under attack
Customers were advised by emails to ‘reactivae’ their accounts at a new internet address
The ‘new’ website was almost identical to the genuine online banking site
BUT - account numbers and passwords directed to the ‘new site’ were transmitted to criminal operators. The spam didn’t carry a virus, and there is nothing in the message to alert a firewall
CSE1720 Semester 1 2005
week12 / 33
Banking FraudsBanking Frauds
The effect was undetected identity theft of banking details and financial fraud
Both Banks have databases of known hoaxes - and the number is growing
The Banks have notified customers that the Banks would carry any customer losses
The Banks are also altering their customers not to respond to email messages of this nature - it is NOT the method that the Banks approach their customers
CSE1720 Semester 1 2005
week12 / 34
Some Thoughts on the Social Implications of Technology
Some Thoughts on the Social Implications of Technology
CSE1720 Semester 1 2005
week12 / 35
Some Social Implications of TechnologySome Social Implications of Technology
Background of ‘Computing’
Automation of ‘manual’ tasks of existing procedures and systems (Accounting, Payroll, Inventory etc....)
Benefits were faster, more accurate processing
Earlier posting of results
Some improvement in locating sensitive or cost areas of organisations (especially high cost, low productive)
Some necessity to enhance people skills
Some opportunity to use people more effectively
Some opportunity to reduce number of people
CSE1720 Semester 1 2005
week12 / 36
Some Social Implications of TechnologySome Social Implications of Technology
The next stage was the development and introduction of
Information Systems which has the effect of Management being able to begin to monitor performance on a corporate basis.
People skills definitely upgraded - more research, analysis, simulations, planning, reviews, policy changes, work practices, ‘better’ based Information both Internally and Externally
Use of Information in an increasingly COMPETITIVE
environment
CSE1720 Semester 1 2005
week12 / 37
Some Social Implications of TechnologySome Social Implications of Technology
New Developments / Applications
Funds transfers
Electronic Libraries
Electronic Surveillance
Electronic Document Interchange
Database
Communications
Networking
World Wide Web
Electronic Applications Integration (EAI)
CSE1720 Semester 1 2005
week12 / 38
Some Social Implications of TechnologySome Social Implications of Technology
Emergence of Social Engineering and associated disciplines
Some Major Concerns:
• Ability of people to
* Accept
* Accommodate
* Change
at a HIGH RATE OF CHANGE
• The Total Cost of Technology (Modelling ?)
CSE1720 Semester 1 2005
week12 / 39
Some Social Implications of TechnologySome Social Implications of Technology
Retraining : Capacity / Ability
Redeployment / Relocation
Social Costs : Redundancy
– PERSONAL ASPECTS:• Contribution• Self Esteem / Worth• Dehumanising Aspects• ‘Spare’ Time - Occupation / Alternative Outlets
(Unpaid, Part time, Volunteer
Races, Casino, Tabaret, TV, Community Groups ..)
CSE1720 Semester 1 2005
week12 / 40
Some Social Implications of TechnologySome Social Implications of Technology
BEHAVIOURAL ASPECTS
Human Resources Balance between PEOPLE Management and Automation Management based on Organisational Needs
Personnel Management People • Motivation• Training• Retention
CSE1720 Semester 1 2005
week12 / 41
Some Social Implications of TechnologySome Social Implications of Technology
Organisational Changes
Altered Skills Requirements (Assignment 1 ?) Spreadsheets, Databases, Word processing, Simulations, Internet, Projections, Forecasting, Modelling, Communications, Resource Management
Alteration to Number of People in the Workforce
Culture Changes - Shared Work, Sessional, Casual, ‘On Demand’
Changes in communication methods and content
CSE1720 Semester 1 2005
week12 / 42
Responsibilities of ManagersResponsibilities of Managers
TO MANAGE CHANGE• Analyse Situations• Develop Alternatives• Evaluate Alternatives• Make Decisions / Policies• Implement• Communicate• Minimise disruption / Maximise Returns• Review• Revise where NECESSARY
APPROPRIATE
PLAN, rather than REACT
CSE1720 Semester 1 2005
week12 / 43
Other Implications of TechnologyOther Implications of Technology
Safety Critical Systems
Jan 13, 1992: Boeing 747-000 Washington to Heathrow
Computer generated reduction of 50 knots
Jan 26, 1992: Boeing 747-2-- Barbados to Gatwick
Computer generated sudden increase in thrust
Jan 27, 1992: Boeing 747-200 Manchester to Islamabad
Computer generated rapid upwards movement
Investigations revealed that these incidents were due to
‘ Software Error ’
Highlights the need for development methods for testing complex software ( ? your spreadsheet, database ?)
CSE1720 Semester 1 2005
week12 / 44
A Commercial System A Commercial System
CustomerOrder Control Warehouse
and StockControl
PurchaseOrder Control
Catalogue
AccountsPayable Standard
Costing
Forecastingand Ordering
AccountsReceivable
Fixed AssetsGeneral Ledger
Payroll
Manufacturingand FactoryControl
CSE1720 Semester 1 2005
week12 / 45
A Business DisasterA Business Disaster
Company X produces high quality products and part of the ‘final production assembly’ is to emboss their International logo onto the custom made items.
This involves ‘knowledge’ of the number of items required for embossing
A new computer system was introduced in February, 1999, which malfunctioned and did not provide details of the number of custom-made products required.
CSE1720 Semester 1 2005
week12 / 46
A Case StudyA Case Study
The production Manager could not tell the production workers how many sets to assemble
Shipping had no details of the number of products leaving the factory - consequently there were no deliveries planned or made as there was no documentation
The transport trucks were idle as no invoices (delivery instructions) were produced
The sales outlets could not access the system to get details of equipment in stock
CSE1720 Semester 1 2005
week12 / 47
A Case StudyA Case Study
And the outcome ?
Loss of sales
Loss of productive salaries
Loss of customer loyalty
Loss of image
Probably not a good example of ‘Customer Loyalty’ ?
Question : Could this have been avoided ?
How ?
CSE1720 Semester 1 2005
week12 / 48
A Mind Bender A Mind Bender
The following exercise is based on advanced mathematics and mental gymnastics
1. Write down the number of times per week night that you eat out (if you don’t, write down 0)
2. Multiply this value by 2
3. Add 5
4. Multiply the result of (3) by 50
5. If you have already had your birthday this year add 1750
If not, add 1749
6. Subtract your year of birth
7. You should have a 3 digit number. The first digit should be the same as in (1) above, and the other 2 are your age.
CSE1720 Semester 1 2005
week12 / 49
Final ThoughtsFinal Thoughts
Industrial Age Advantage
Mass Production
Mass Marketing
Customer Research
Optimisation of Physical Value Chains
Physical Collaboration with Suppliers
Excellent Customer Service
Physical Location
Prompt Delivery of Physical Products to Door
Knowledgeable sales Help
IT Age Advantage
Mass Customisation
One-to-One Marketing
Customer Participation
Optimisation of Information Chain
Information Collaboration with Suppliers
Customer Self_service
Virtual Globisation
OnLine Delivery of Virtual Products
Software Agentswith acknowledgement to Bernard Boar, RCG
Information Technology, who provided some of the basis for the materials
CSE1720 Semester 1 2005
week12 / 51
A Shopping TripA Shopping Trip
We are now going to ‘visit Coles’ to look at some of the Technology, and Management Information which is generated
You have probably visited Coles and bought a wide a variety of goods.
The Company (Coles Myer Ltd) operates about 80 stores in the Melbourne area and there are other stores in the Regional areas (Geelong, Ballarat, Bendigo) and large Country cities such as Warragul, Colac, Traralgon, Benalla, Shepparton, Ararat ……..
They also operate Interstate
CSE1720 Semester 1 2005
week12 / 52
Coles Myer LtdColes Myer Ltd
The Company is updating its Customer outlet scanning equipment, but like most Companies cannot do this ‘all at once’ or ‘all at the same time’ - any suggestions why this is so ?
The Glen Waverley, East Burwood and Caulfield East stores, which have recently been refurbished, are equipped with ‘state of the art’ equipment
CSE1720 Semester 1 2005
week12 / 53
Coles Myer LtdColes Myer Ltd
The equipment consists of– multi dimensional laser scanners, which have built in scale
(weighing) facilities
– 2 LCD screens per lane. Full colour and high resolution
– The Operator’s screen is a touch screen (also colour)
– The printer - high speed thermal printer
CSE1720 Semester 1 2005
week12 / 54
Coles Myer LtdColes Myer Ltd
If you watch carefully you will notice that printing does not occur until the items have been paid for (any reason for this ?)
Payments may be made by– credit / debit card– cash– shareholder discount cards– vouchers– cheque– CML gift vouchers
Fly Buy credits are also active.
CSE1720 Semester 1 2005
week12 / 55
Coles Myer LtdColes Myer Ltd
Each check out consists of the devices mentions plus a PC
There is a LAN in each store (for what purpose ?)
The checkouts will operate in a standalone mode if a network failure occurs (what about the credit cards … ?)
Fail safe : Each store has a standby generator, UPS and battery backup emergency lighting
CSE1720 Semester 1 2005
week12 / 56
Coles Myer LtdColes Myer Ltd
Prices are maintained in 2 databases
Each store has a price look up local database
Each Point of Sale unit has a copy of the database prices in case the unit has to operate on a stand-alone basis
CSE1720 Semester 1 2005
week12 / 57
Coles Myer LtdColes Myer Ltd
Price changes are maintained in a central database (Coles System Reference), and this is sent to all stores once a week via communications.
Individual stores use this new data to update item shelf prices (and of course for customer purchases)
CSE1720 Semester 1 2005
week12 / 58
Coles Myer LtdColes Myer Ltd
Store devices – Point of Sale– Client– Point of Sale Server– Back Office Servers
are Pentium PC’s running on Windows NT
Central Processing is on Alpha Mainframes (as is Oracle here at Monash)
CSE1720 Semester 1 2005
week12 / 59
Coles Myer LtdColes Myer Ltd
The retail stores are divided
– into State operations
– then 2 geographic regions within each State except South Australia and Tasmania
– then into areas of 6 to 10 stores
CSE1720 Semester 1 2005
week12 / 60
Coles Myer LtdColes Myer Ltd
State Operations
Victoria New South Wales West Australia ……
Region 1 Region 2
S1 S2 S3 S4 S5 ……. S10
CSE1720 Semester 1 2005
week12 / 61
Coles Myer LtdColes Myer Ltd
Information ?
Hourly sales
Customer counts are available in all stores
Customer Resource Management ?
Yes. Captured at Point of Sale
Numerically via transactions
Quantitatively via the Fly Buys program (Coles + NAB Shell + Qantas/Ansett)
CSE1720 Semester 1 2005
week12 / 62
Coles Myer LtdColes Myer Ltd
Seasonal variations in Items
Soups and chocolate biscuits are in demand during the cooler months
Fruit juices, frozen drink demand drops off in the same period
Item popularity
Management of ‘popular’ items - these are determined by the customers - and reported to the store manager.
Success items stay ‘on show’ - less successful or non successful items are withdrawn - replaced by new lines
CSE1720 Semester 1 2005
week12 / 63
Coles Myer LtdColes Myer Ltd
There are also ‘promotions’ and special analyses are made of the item performance during the promotion and for some time after the promotion.
Item Procurement:
Item suppliers are generally locally based, but may also be part of an International Business (can you think of one ?)
Suppliers are required to respond to tenders. A supplier might provide many items (fruit juices, butter, meat, vegetables) and there can be ‘specialist’ suppliers - for instance organic products, health products.
CSE1720 Semester 1 2005
week12 / 64
Coles Myer LtdColes Myer Ltd
Operator Training
There are State Training Centres (off site from the stores)
Casual or part time staff are given on-site training, and are supervised during and for a short period after training.
Each operator has a set range of functions which they can use. Special or privileged function (reversals, error correction are handled by more senior staff who have higher level privileges).
Coles Myer also have a Management Recruitment and Staff Progression Plan