Ethics – Set 2
1
Steps in ◦ Free try on inettest Algorithms test◦ Study CSILM’s on csilm.usu.edu => CS3◦ Fill out CSILM survey on survey monkey◦ Attend Algorithms review◦ Take Algorithms test◦ Fill out CSILM survey on survey monkey◦ 5 points added to score on Ethics test
2
CSILM
We, as computer scientists, have the following basic areas of concern◦ Obligation for safe, functional products◦ Management & control of information Acquisition – how do I get it? Access – who can use it? Stewardship – how should I protect it
and keep it accurate?
3
Ethical Concerns
What type of information will be gathered and stored, and how will it be collected◦ Should the student database include your
SS#?◦ Why not just get the student’s name and then
go to another database, e.g. government, and look up their social security number?
◦ Why do we collect your age?◦ For Aggie card users, should we collect
purchase information? How would we use it?
4
Ethical Concerns - Examples
Who will have access Should we sell information we collect? Do we own it, or do you own it? How will information be protected from
unauthorized access◦ Am I responsible if someone illegally accesses
it, or changes it How will accuracy be maintained
◦ Do I have to verify its accuracy when collected? Who is responsible?
5
Ethical Concerns - Information
How do companies protect their software?◦Nondisclosure agreements Prevents employees from leaving and using what they know
◦Copyrights◦Patents
6
Software Ownership
Copyrights and patents can inhibit standards◦Visicalc was not copyrighted or patented
Taiwan is not a signatore of the Berne Convention
7
Software Ownership
◦Copyright Raises question of “look & feel” Reverse Engineering Apple once tried to sue Microsoft for “copying” windows Apple had copied from Xerox
8
Software Ownership
International◦Different countries have different philosophies on patents and copyrightse.g. Japan encourages diffusion of knowledge for greater good
9
Software Ownership
Worker loss (hiring away) Ignorance
◦“mailing” of NetTestCase History – IBM Fujitsu
◦“IBM isn’t the opposition, it’s the environment”
Mid 1990’s, software piracy = ~$7B
10
Software Ownership - Problems
Question – As a company, what is the best way to protect your software?◦NEVER give access to source (Microsoft)
What does this do to the competition?◦WP & DLL naming conventions (load it first or load it second)
11
Software Ownership
Is it really free? Is it ethical to make something free today
with the intention of charging for it in the future?
12
Free Software
Piracy Break-ins
◦Includes Spam Sabotage Different states have different laws
◦In Virginia, it’s a crime to alter the return address of an unsolicited e-mail How do you enforce this law?
13
Computer Crime
Viruses, worms, etc.◦First Internet worm created by a Cornell graduate student – shut down several company networks
Hackers, intruders◦Sabotage◦Challenge
Use of system for illegal benefit Denial of service
14
Computer Crime
~10 port scans of USU/day◦That’s a scan of all “boxes” at USU (there are hundreds)
◦Most common approach is to do a TCIP connection to port 21 and look at the ftp server information (is it up to date, etc.)
What is the life span of an “unprotected” box at USU is ????
15
USU Security
One Hour
16
USU Security
Tent.usu.edu monitors outgoing attacks Dumpster.usu.edu monitors incoming
attacks Real question is what defines an attack
◦Network managers must “tune” these systems to define an attack.
◦If hackers get this information, can tune their attack to go undetected
17
USU Security
You’re building a database system which will have information about individuals. To meet your ethical responsibilities, what security measures should you implement? ◦Access control◦Preservation of system and data integrity
◦Provide for recovery and backup ability
18
Ethics - Security
Companies have a moral and legal obligation to maintain security◦DNA information◦Health records
Question◦When you get a ticket, your insurance company is notified (or finds out) and raises your rate. Is this ok?
19
Ethics - Security
Should I put a GPS device in every new car sold?
20
Moral Issue
Technology is now in use in mission critical systems◦Hospital◦Airplane/airport
Hardware reliability◦Redundancy◦Intel & the Pentium bug
21
Ethics –Reliability/Liability
Who is liable?◦Company that wrote software◦Computer scientist◦User beware?◦In networked environments, is CompuServe liable for libelous material posted on a bulletin board?
22
Ethics –Reliability/Liability
According to Aristotle◦We are responsible for voluntary actions but not involuntary ones
◦Involuntary actions Performed under compulsion The result of ignorance
23
Ethics – Responsibility
Ignorance is excusable when through no fault of the person’s, one is ignorant of the circumstances or consequences of an action
Ignorance is not excusable if that ignorance is the result of carelessness or neglect or it is deliberately willed
Ignorance in the eyes of the law is no excuse
24
Ethics – Ignorance
PM software marketed a product for project management
Market growth and share had been declining
Competitor was rumored to be coming out with a new product
Needed/wanted to know about new product
25
Acquisition of Information Competitive Analysis at PM Software
If you were with this company and your boss told you to find out about the product, how would you do it?
26
Acquisition of Information Competitive Analysis at PM Software
Develop a database of repair information for all of the trucks in the fleet
What are the ramifications of this action?◦Good◦bad
27
Acquisition of InformationFranklin Trucking
Once type & scope of information to be collected is determined, must decide on who has access.
What is an individual’s right to privacy? – to be left alone (Supreme court rule)
Does information gathered from a purchase belong to the company? – It has value so why isn’t the consumer compensated?
28
Information Access
More and more, companies are using micromarketing – targeting their advertising to specific groups.
Example◦A company wants to offer special prices on meals at a restaurant Is there some place or way to target my advertising? Name some
29
Information Access
Public sources◦Computerized real estate record◦DMV records (some states sell these)
Generated by commercial transactions◦Telephone, mail order, rebate coupons, …
30
Information Sources
Johnson & Johnson ran a promotion giving away a female product. All people had to do was call or write. What J&J did not tell was that they were compiling a database of these people, and were marketing this database to other health product companies
OK?
31
Information Sources
Stewardship involves◦Protecting information from unauthorized access
◦Keeping information as up to date as possible
◦Keeping information accurate If a company sells data, do they have a responsibility as to whom they sell it?
32
Information Stewardship
Wasn’t until after WWII that credit rating companies came into existence
There are now only 3◦ TRW(Experian), Equifax, Trans Union
In addition to credit information, they are becoming more value added, e.g. software has been developed to give a recommendation of whether or not to grant a loan
33
Information Stewardship
A 1998 study by the Public Interest Research Group found that 29% of credit reports contained errors that could result in the denial of credit (defined as false delinquencies, or reports listing accounts or public records that did not belong to the consumer).
34
Credit Reports
The study also found that 41% of reports had incorrect demographic identifying information, and 20% were missing major credit cards, loans, or mortgages.
In total, 70% of reports contained an error of some kind.
35
Credit Reports
In 1999 Consumer reports analyzed 1500 randomly selected credit reports
What do you think was the error rate?
43% had errors
36
Credit Reports
What is the most “sensitive” information maintained on you?
Physicians’ Computer Network weekly interrogates patient files of several thousand doctors for medication information. It sells this data to pharmaceutical companies
37
Information Accuracy
Disgruntled consultant◦Called in at 11:00 and told to leave by noon
◦Had just completed a major software project and the software was on his system waiting to be uploaded
◦To work longer hours, company allowed him access to system from home
38
Computer Security & Crimes
Bank to receive software had been told that it was complete
Consultant took home only backup copy of software
When consultant got home, he logged into system and added “bugs” to software, then erased any log files for this work
39
Computer Security & Crimes
When company ran final test on software, it did not work
What went wrong at this company?
Who was liable?
40
Computer Security & Crimes
Student is told by a professor that the University’s payroll system cannot be accessed without authorization
Student takes 4 hours one evening and accesses the payroll file, but then is so tired he simply logs off and goes to bed
41
Computer Security & Crimes
University arrests studentStudent confesses and even tells how to fix security hole
What should be done to the student?
42
Computer Security & Crimes
Therac-25 radiation therapy machine
Developed by a Canadian Government corporation – Atomic Energy of Canada
Therac – 25 was an extension of the Therac-20, with computer control added
43
Liability, Safety, and Reliability
Operated in two modes◦X-ray for internal or deep cancers High intensity electron beam is
deflected by a special tungsten target to give proper level of radiation
◦Electron Tungsten element removed and
intensity reduced for skin lesions
44
Therac-25
The Therac-20 had mechanical interlocks for safety
All safety for the Therac-25 was included in the assembly language software
Error messages were cryptic and usually meant nothing – just being cautious
45
Therac-25
The basic problem with the therac was that the two modes could get mixed and thus give a high dose without the shield – initially could not be detected
1985 – ◦woman receives overdose◦Company informed but no steps taken
◦Woman sues, but settled out of court
◦Sound familiar? 46
Therac-25
Next month, man receives overdose, and dies, but cause of death was cancer
AECL determines that problem is in the turntable switch and “fixes” it – announces◦New solution indicates an improvement over the old system by at least “5 orders of magnitude”
◦In truth they did not know the problem cause 47
Therac-25
AECL told other users that they should not use their machines until new software was delivered◦Did not tell any users of deaths or accidents
Responsibilities?
48
Therac-25
Intel is known as a company with a bunker like mentality
Pentium introduced in 1983October 1994 error shown4159835-
((4195835/3145727)*3145727 = 256
Intel knew about flaw in summer
49
Pentium
Intel refused to replace chips except for those customers that “passed” a questionnaire
Claimed for “average” user error would occur every 27,000 years
IBM claimed error would occur every 24 days
December 12– IBM announces will stop shipping faulty chips (Power PC)
December 20 Intel says will replace all
50
Pentium
Microsoft announced Chicago (Windows 95) long before it was ready◦ IBM’s PS/2 was a major competitor
To “lock” market share, IBM announced System/360, even though several models in the line were not available until 2 years later◦ At the time, Honeywell, among others, had
faster systems for less money
51
Vaporware
AutomationProductivityNew industriesComputerization of the workplace◦Networking◦Travel◦The new “workplace” – safety, etc.
52
Social Issues
Free speech in Cyberspace◦Surveillance
Who owns your e-mail?When can your computer’s files be accessed?
Universal access vs limited access
53
Social Issues
Quality of lifeUse of powerRisks and reliabilityProperty rightsPrivacyEquity & accessHonesty and deception
54
Ethical Issues
Open Source
55
The pricing of software bears no relationship to the cost of its development. The two factors that do matter are:◦ market size (which is limited by price and utility)◦ competition.
Given a market for a software product, the maximum margin can be obtained by precluding or eliminating competition.
56
Software Pricing
Software companies that are able to thwart competition attain pinnacles of power which are inconceivable in other industries.
Example?
57
Software Pricing
Partly this is due to the enormous cash flows that are possible in the absence of competition from products with nil reproduction costs
Largely it is due to the complexity of software itself, which allows dominant companies to design “standards” which exclude future competition.
58
Software Pricing
Stands for GNU’s not Unix Started in 1983 by Richard Stallman at MIT
AI Laboratory It’s really GNU/Linux – started to again
make software free Mostly maintained through donations of
time and material
59
GNU
A Unix-like operating system is much more than a kernel; ◦ Includes compilers, editors, text formatters,
mail software, and many other things. ◦ Thus, writing a whole operating system is a
very large job. We started in January 1984. It took many years. The Free Software Foundation was founded in October 1985, initially to raise funds to help develop GNU.
60
GNU
Restricting copying is not the only basis for business in software.
It is the most common basis because it brings in the most money. If it were prohibited, or rejected by the customer, software business would move to other bases of organization which are now used less often. There are always numerous ways to organize any kind of business.
61
Part of GNU Manifesto
Probably programming will not be as lucrative on the new basis as it is now. But that is not an argument against the change. It is not considered an injustice that sales clerks make the salaries that they now do. If programmers made the same, that would not be an injustice either. (In practice they would still make considerably more than that.)
62
Part of GNU Manifesto
“We maintain this free software definition to show clearly what must be true about a particular software program for it to be considered free software.”
``Free software'' is a matter of liberty, not price. To understand the concept, you should think of ``free'' as in ``free speech,'' not as in ``free beer.''
63
Free Software Foundation
Free software is a matter of the users' freedom to run, copy, distribute, study, change and improve the software.
In this definition, non-free software is software that you can’t change, extend, etc.
More precisely, it refers to four kinds of freedom, for the users of the software:
64
Free Software
The freedom to run the program, for any purpose (freedom 0).
The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this.
The freedom to redistribute copies so you can help your neighbor (freedom 2).
65
Free Software
The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this.
66
Free Software
A program is free software if users have all of these freedoms.
Thus, you should be free to redistribute copies, either with or without modifications, either gratis or charging a fee for distribution, to anyone anywhere.
Being free to do these things means (among other things) that you do not have to ask or pay for permission.
67
Free Software
Copylefted software is free software whose distribution terms ensure that all copies of all versions are free software.
Copyleft says that anyone who redistributes the software, with or without changes, must pass along the freedom to further copy and change it. Copyleft guarantees that every user has freedom.
68
Copylefted Software
Open Source is a definition of how software is to be distributed (sold) – Technically there can be differences between open source and free software
In some cases, people call open source software that has some licensing restrictions that don’t fit the “free” model
69
Open Source Software
Is free software free?◦ Can I sell you a piece of “free” software?◦ What happens if you “own” a piece of free
software that you need to change? You can do whatever you want to it Who do you get to make those
changes?
Cost of Ownership