cse1720 semester 1 2005 week12 / 1 week 12 ethics, privacy, security social implications coles

CSE1720 Semester 1 2005

week12 / 1

Week 12Week 12

Ethics, Privacy, Security Social Implications Coles


week12 / 2

Ethics, Privacy and SecurityEthics, Privacy and Security

Some common uses of data about people:


week12 / 3


People

Public Information Business Transactions

Birth Certificates Mail OrdersDriver Licenses Telephone OrdersCar Registrations SubscriptionsProperty Records DonationsMarriage Licence Credit CardsCensus Records Warranty CardsTelephone Directories Tattslotto, ...Consumer Surveys Accounts Payments PassportsVisas


week12 / 4


which can lead to :Multiple Mailing Lists :

SubscriptionsEntertainment SpecialsDonationsMembershipsCataloguesSocial ClubsProfessional Development


week12 / 5


• Computers and privacy

• Intellectual Property rights

• Truth in Art and Journalism

• Threats to Computers and Communications systems

• Security issues relating to Computers and Communications Systems


week12 / 6


• Ethics: A set of principles which govern the conduct of an individual or group

• Privacy: The right of people not to reveal information about themselves, the right to keep personal information from being misused

• Electronic invasion of personal data has become a serious ethical issue


week12 / 7


• Invasion of Privacy :

Would you agree to :

Your shopping habits, your income, to be available to any number of businesses ?

Your medical records being used by your employer as one of the means of making decision regarding promotions, hiring, redundancy ?


week12 / 8


The rapid expansion of use of the Internet and E-Commerce has raised many problems with ‘privacy’ aspects.

In America there exists the ‘Association of Corporate Privacy Officers’ which would indicate that there is much interest and concern regarding privacy of data.

Privacy Officers :

train employees about privacy

examine a company’s policies for potential risks

manage customer-privacy disputes

inform senior executives on how the company deals with privacy issues


week12 / 9


Rules and Laws on Privacy and other social aspects:

Privacy Act 1974, amended 2001

Freedom of Information Act

Fair Credit Reporting Act

Right to Financial Privacy Act

Computer Fraud and Abuse Act

Federal Data-Matching Program (Assistance and Tax Act)

Australian Consumer and Competition Commission

Office of Fair Trading


week12 / 10

EthicsEthics

Some application definitions of ethics• a member must

– be honest, forthright and impartial– serve the community– strive to increase the competency and prestige of the

profession– use special knowledge and skill for the advancement of

human welfare


week12 / 11

Ethics - Australian Computer SocietyEthics - Australian Computer Society

• Competence (part only of the Standards of Conduct)– A member must endeavour to provide products and

services which match the operational and financial needs of my clients and employers

– A member must give value for money in the services and products supplied by the member

– A member must respect and protect the clients’ and employers’ proprietary interests


week12 / 12

Ethics - Australian Computer SocietyEthics - Australian Computer Society

• Social Implications– A member must protect and promote the health and safety

of those affected by her/his work– A member must consider and respect people’s privacy

which might be affected by a member’s work– A member must respect employees and refrain from

treating them unfairly

The full statement of the code of ethics is available at

www.acs.org.au/national/pospaper/acs131.htm


week12 / 13


Intellectual Property Rights: Products of the human mind and includes tangible (i.e. ‘real products’) and intangible property (i.e. ‘ideas’)

3 common methods of ‘protection’ :-

Patents (inventions)

Trade Secrets (formal or method of conducting business)

Copyright ( Laws which prohibit copying of intellectual property without the permission of the copyright

holder)


week12 / 14


Piracy: Theft or unauthorised distribution or use

Software Piracy: Unauthorised copying of copyright software

Network Piracy: The use of electronic networks to distribute unauthorised copyright materials in digitised form

Plagiarism: Is the use of another’s text, findings, interpretations and presenting it as one’s own original work

Also involved here is the ownership of images and sounds :

for example Walt Disney animations and ‘speech/sound’


week12 / 15

Ethics, Privacy and SecurityEthics, Privacy and Security How do you feel about this ? How do you feel about this ?

• Draw 98 is a Microsoft product

• It is available from the Microsoft Web site (so is other software)

• It is part of the progression to server based software

• Downloading Draw98 initiates a scan of the user’s hard disk for components of the Office suite so that ‘the installer (software) knows what you need to make Draw 98 run correctly’

• Full marks to Microsoft for innovation ??


week12 / 16


Art and Journalism:

Manipulation of Sound - mixing, overlays, reductions, deletions, substitution

Manipulation of photographs and video recordings - ‘touch ups’, overlays, repositioning, insertions, deletions, enhancing, minimising

Morphing - construction of an image (at pixel level) to superimpose, enhance, overlay, redirect, recolour, animate, animation with voice commentary, disjoint morphing ( a person’s head which is rotated - change of facial attitude)


week12 / 17


Questions : What is ‘REAL’ data

Which data is ‘ACCURATE’

Which data can be used to MANIPULATE people


week12 / 18

Some Threats to Computers and Communications Systems


• Errors and Accidents

People errors

Procedural errors (Ariadne rocket)

Software errors

Electromechanical failures

Bad, incorrect or missing data


week12 / 19



Natural and Other Hazards:

Fires, floods, earthquakes

Civil unrest, terrorism, war


week12 / 20



Crimes against Computers and Communications:

(illegal act against computers and/or telecommunications)

Theft of hardware

Theft of software

Theft of time and services

Theft of Information

Crimes of malice and destruction


week12 / 21



Viruses:

Boot sector virus

File virus

Worm

Logic Bomb

Trojan Horse

Polymorphic

Virus mutation engines

ANTI VIRUS SOFTWARE


week12 / 22



Crimes against Computers and Communications:

(The use of computers to effect an illegal act)

Computer Criminals:

Employees

Outside users

Hackers and Crackers

Professional criminals


week12 / 23

Some Interesting ExtensionsSome Interesting Extensions

• Data Matching• Profiling• Transaction Monitoring• Performance Analyses - Human and Other• Long Distance Surveillance and recording

Electronic Identification of

Products Vehicles

Animals People


week12 / 24

Public Safety AspectsPublic Safety Aspects

– Factory / Production Processes and Controls

– Dangerous Materials

– Power Generation and Distribution - Power Surges

– Weaponry

– Transport - Road, Rail, Sea, Air

– Computer Controlled Communications


week12 / 25

SECURITYSECURITY


week12 / 26

Some Aims of SecuritySome Aims of Security

• To guard against

– Physical loss of equipment– Physical loss of data– Logical loss of equipment– Logical loss of data

• Some other Aspects– Physical Security– Data security– Software Copying– Viruses


week12 / 27

Some Security ThreatsSome Security Threats

• Unauthorised usage, copying, changing, corrupting, or browsing

• Electronic bugging of communication lines, terminal buffers, storage media

• Sabotage - includes erasing and altering data, substituting erroneous data, destruction of the media device

• Position misuse, false identification, bribery, transferred authorisations

• Suppression of security measures by staff• Masquerading - a program which poses as an operating

system and has access to user password files


week12 / 28

Database Security and IntegrityDatabase Security and Integrity

Database Security: is the protection of a database from– unauthorised access– unauthorised modification– destruction

PRIVACY is the right of individuals to have some control over information about themselves

INTEGRITY refers to the correctness, completeness and consistency of data


week12 / 29

SecuritySecurity

Some Random Ideas:

Physical Access Controls : badges, closed circuit TV,

guards

Terminal Authentication, User I/D’s, Passwords,

(at System and Database levels)

Authorisation - Authorisation Rules

- Which users can access which Information

- What operation can users invoke

read only, read/write, update, delete

User Views - Non updatable access, but access to latest

level of Information


week12 / 30

SecuritySecurity

Other Tools :

Security Logs

Audit trails

Encryption

* Data Encryption Standards

* Public Key Encryption


week12 / 31

Information SecurityInformation Security

AIM PREVENTS

* Confidentiality Unauthorised disclosure

* Integrity Unauthorised Amendment

* Availability Unauthorised Withholding

Security Systems:

1. Computer Security

2. Communications Security

- transmission

- encryption

3. Procedural security

4. Physical security


week12 / 32

Banking FraudsBanking Frauds

Melbourne July 2003.

Westpac and ANZ customers were (? are) under attack

Customers were advised by emails to ‘reactivae’ their accounts at a new internet address

The ‘new’ website was almost identical to the genuine online banking site

BUT - account numbers and passwords directed to the ‘new site’ were transmitted to criminal operators. The spam didn’t carry a virus, and there is nothing in the message to alert a firewall


week12 / 33

Banking FraudsBanking Frauds

The effect was undetected identity theft of banking details and financial fraud

Both Banks have databases of known hoaxes - and the number is growing

The Banks have notified customers that the Banks would carry any customer losses

The Banks are also altering their customers not to respond to email messages of this nature - it is NOT the method that the Banks approach their customers


week12 / 34

Some Thoughts on the Social Implications of Technology

Some Thoughts on the Social Implications of Technology


week12 / 35

Some Social Implications of TechnologySome Social Implications of Technology

Background of ‘Computing’

Automation of ‘manual’ tasks of existing procedures and systems (Accounting, Payroll, Inventory etc....)

Benefits were faster, more accurate processing

Earlier posting of results

Some improvement in locating sensitive or cost areas of organisations (especially high cost, low productive)

Some necessity to enhance people skills

Some opportunity to use people more effectively

Some opportunity to reduce number of people


week12 / 36


The next stage was the development and introduction of

Information Systems which has the effect of Management being able to begin to monitor performance on a corporate basis.

People skills definitely upgraded - more research, analysis, simulations, planning, reviews, policy changes, work practices, ‘better’ based Information both Internally and Externally

Use of Information in an increasingly COMPETITIVE

environment


week12 / 37


New Developments / Applications

Funds transfers

Electronic Libraries

Electronic Surveillance

Electronic Document Interchange

Database

Communications

Networking

World Wide Web

Electronic Applications Integration (EAI)


week12 / 38


Emergence of Social Engineering and associated disciplines

Some Major Concerns:

• Ability of people to

* Accept

* Accommodate

* Change

at a HIGH RATE OF CHANGE

• The Total Cost of Technology (Modelling ?)


week12 / 39


Retraining : Capacity / Ability

Redeployment / Relocation

Social Costs : Redundancy

– PERSONAL ASPECTS:• Contribution• Self Esteem / Worth• Dehumanising Aspects• ‘Spare’ Time - Occupation / Alternative Outlets

(Unpaid, Part time, Volunteer

Races, Casino, Tabaret, TV, Community Groups ..)


week12 / 40


BEHAVIOURAL ASPECTS

Human Resources Balance between PEOPLE Management and Automation Management based on Organisational Needs

Personnel Management People • Motivation• Training• Retention


week12 / 41


Organisational Changes

Altered Skills Requirements (Assignment 1 ?) Spreadsheets, Databases, Word processing, Simulations, Internet, Projections, Forecasting, Modelling, Communications, Resource Management

Alteration to Number of People in the Workforce

Culture Changes - Shared Work, Sessional, Casual, ‘On Demand’

Changes in communication methods and content


week12 / 42

Responsibilities of ManagersResponsibilities of Managers

TO MANAGE CHANGE• Analyse Situations• Develop Alternatives• Evaluate Alternatives• Make Decisions / Policies• Implement• Communicate• Minimise disruption / Maximise Returns• Review• Revise where NECESSARY

APPROPRIATE

PLAN, rather than REACT


week12 / 43

Other Implications of TechnologyOther Implications of Technology

Safety Critical Systems

Jan 13, 1992: Boeing 747-000 Washington to Heathrow

Computer generated reduction of 50 knots

Jan 26, 1992: Boeing 747-2-- Barbados to Gatwick

Computer generated sudden increase in thrust

Jan 27, 1992: Boeing 747-200 Manchester to Islamabad

Computer generated rapid upwards movement

Investigations revealed that these incidents were due to

‘ Software Error ’

Highlights the need for development methods for testing complex software ( ? your spreadsheet, database ?)


week12 / 44

A Commercial System A Commercial System

CustomerOrder Control Warehouse

and StockControl

PurchaseOrder Control

Catalogue

AccountsPayable Standard

Costing

Forecastingand Ordering

AccountsReceivable

Fixed AssetsGeneral Ledger

Payroll

Manufacturingand FactoryControl


week12 / 45

A Business DisasterA Business Disaster

Company X produces high quality products and part of the ‘final production assembly’ is to emboss their International logo onto the custom made items.

This involves ‘knowledge’ of the number of items required for embossing

A new computer system was introduced in February, 1999, which malfunctioned and did not provide details of the number of custom-made products required.


week12 / 46

A Case StudyA Case Study

The production Manager could not tell the production workers how many sets to assemble

Shipping had no details of the number of products leaving the factory - consequently there were no deliveries planned or made as there was no documentation

The transport trucks were idle as no invoices (delivery instructions) were produced

The sales outlets could not access the system to get details of equipment in stock


week12 / 47

A Case StudyA Case Study

And the outcome ?

Loss of sales

Loss of productive salaries

Loss of customer loyalty

Loss of image

Probably not a good example of ‘Customer Loyalty’ ?

Question : Could this have been avoided ?

How ?


week12 / 48

A Mind Bender A Mind Bender

The following exercise is based on advanced mathematics and mental gymnastics

1. Write down the number of times per week night that you eat out (if you don’t, write down 0)

2. Multiply this value by 2

3. Add 5

4. Multiply the result of (3) by 50

5. If you have already had your birthday this year add 1750

If not, add 1749

6. Subtract your year of birth

7. You should have a 3 digit number. The first digit should be the same as in (1) above, and the other 2 are your age.


week12 / 49

Final ThoughtsFinal Thoughts

Industrial Age Advantage

Mass Production

Mass Marketing

Customer Research

Optimisation of Physical Value Chains

Physical Collaboration with Suppliers

Excellent Customer Service

Physical Location

Prompt Delivery of Physical Products to Door

Knowledgeable sales Help

IT Age Advantage

Mass Customisation

One-to-One Marketing

Customer Participation

Optimisation of Information Chain

Information Collaboration with Suppliers

Customer Self_service

Virtual Globisation

OnLine Delivery of Virtual Products

Software Agentswith acknowledgement to Bernard Boar, RCG

Information Technology, who provided some of the basis for the materials


week12 / 50


week12 / 51

A Shopping TripA Shopping Trip

We are now going to ‘visit Coles’ to look at some of the Technology, and Management Information which is generated

You have probably visited Coles and bought a wide a variety of goods.

The Company (Coles Myer Ltd) operates about 80 stores in the Melbourne area and there are other stores in the Regional areas (Geelong, Ballarat, Bendigo) and large Country cities such as Warragul, Colac, Traralgon, Benalla, Shepparton, Ararat ……..

They also operate Interstate


week12 / 52

Coles Myer LtdColes Myer Ltd

The Company is updating its Customer outlet scanning equipment, but like most Companies cannot do this ‘all at once’ or ‘all at the same time’ - any suggestions why this is so ?

The Glen Waverley, East Burwood and Caulfield East stores, which have recently been refurbished, are equipped with ‘state of the art’ equipment


week12 / 53


The equipment consists of– multi dimensional laser scanners, which have built in scale

(weighing) facilities

– 2 LCD screens per lane. Full colour and high resolution

– The Operator’s screen is a touch screen (also colour)

– The printer - high speed thermal printer


week12 / 54


If you watch carefully you will notice that printing does not occur until the items have been paid for (any reason for this ?)

Payments may be made by– credit / debit card– cash– shareholder discount cards– vouchers– cheque– CML gift vouchers

Fly Buy credits are also active.


week12 / 55


Each check out consists of the devices mentions plus a PC

There is a LAN in each store (for what purpose ?)

The checkouts will operate in a standalone mode if a network failure occurs (what about the credit cards … ?)

Fail safe : Each store has a standby generator, UPS and battery backup emergency lighting


week12 / 56


Prices are maintained in 2 databases

Each store has a price look up local database

Each Point of Sale unit has a copy of the database prices in case the unit has to operate on a stand-alone basis


week12 / 57


Price changes are maintained in a central database (Coles System Reference), and this is sent to all stores once a week via communications.

Individual stores use this new data to update item shelf prices (and of course for customer purchases)


week12 / 58


Store devices – Point of Sale– Client– Point of Sale Server– Back Office Servers

are Pentium PC’s running on Windows NT

Central Processing is on Alpha Mainframes (as is Oracle here at Monash)


week12 / 59


The retail stores are divided

– into State operations

– then 2 geographic regions within each State except South Australia and Tasmania

– then into areas of 6 to 10 stores


week12 / 60


State Operations

Victoria New South Wales West Australia ……

Region 1 Region 2

S1 S2 S3 S4 S5 ……. S10


week12 / 61


Information ?

Hourly sales

Customer counts are available in all stores

Customer Resource Management ?

Yes. Captured at Point of Sale

Numerically via transactions

Quantitatively via the Fly Buys program (Coles + NAB Shell + Qantas/Ansett)


week12 / 62


Seasonal variations in Items

Soups and chocolate biscuits are in demand during the cooler months

Fruit juices, frozen drink demand drops off in the same period

Item popularity

Management of ‘popular’ items - these are determined by the customers - and reported to the store manager.

Success items stay ‘on show’ - less successful or non successful items are withdrawn - replaced by new lines


week12 / 63


There are also ‘promotions’ and special analyses are made of the item performance during the promotion and for some time after the promotion.

Item Procurement:

Item suppliers are generally locally based, but may also be part of an International Business (can you think of one ?)

Suppliers are required to respond to tenders. A supplier might provide many items (fruit juices, butter, meat, vegetables) and there can be ‘specialist’ suppliers - for instance organic products, health products.


week12 / 64


Operator Training

There are State Training Centres (off site from the stores)

Casual or part time staff are given on-site training, and are supervised during and for a short period after training.

Each operator has a set range of functions which they can use. Special or privileged function (reversals, error correction are handled by more senior staff who have higher level privileges).

Coles Myer also have a Management Recruitment and Staff Progression Plan

cse1720 semester 1 2005 week12 / 1 week 12 ethics, privacy, security social implications coles

Documents

privacy of data

privacy issues

privacy aspects

security ethics

group privacy

security invasion of

cse1720 semester

customerprivacy disputes