Towards the social design approach to information security

AUTHOR

Akira UENO
Researcher
The Institute for Future Society / Doctoral Course,
RCAST
Tokyo University
TOKYO

Syun TUTIYA
Professor
Faculty of Letters
Chiba University

ABSTRACT

1. Introduction
The 21st century is destined to see one global information society, where the social infrastructure heavily depends worldwide on intelligent communication network systems hooked to and being hooked by millions of host and client computers, visible or virtually invisible. But it is obvious that we are threatened as well as served by information technology in terms of the security of future society.

Social impacts, good or bad, of technologies in the past were dealt with by way of social institutions, legal measures etc only after those impacts turned clearly visible. The new way of thinking in relation to the social impacts of information technology is, therefore, start from the designing of the social environment in which to apply the achievements of information technology. We call this new way of thinking “social design approach.” It will be stressed that the research strategy that systematically combines the humanities and social science with the development of technology will be in order.

2. Information security from a “pragmatic” point of view
The social environments in which the system is used can be analyzed in 4 different levels: individuals, corporations, society and international society.

At the level of individuals, security means safe living with all reasonable rights respected. It has been already realized that the humanly reasonable rights have to be protected, and there have been so many proposed “technological” solutions. But it is to be noted that even encryption technology is to be used by humans in society. Here comes in the “pragmatic” point of view, which would show that paying attention to humans, namely human ethics, psychology and sociology, makes sense.

At the level of corporations, security means the stability of companies, schools and such organizations. They have different principles according to which to incorporate and administer them. Paying to human side of the use of information technology is important, because it provides the principles which would help install appropriate guidelines and policies the members of corporation will voluntarily follow. At the level of society, it is important to realize that the infrastructure of nations and countries is already being made heavily dependent on information technology. It is the social system at large, not the technology with which to run the society that has to be designed when it comes to the security of society. Needless to say, that requires huge efforts from social sciences including politics, sociology and economics.

At the level of international society, the importance of the Internet is the focus. The technical nature of the Internet in which bilaterally connects the networks across the borders of conventional nations makes it difficult to think consistently of the changes taking place in electronic commerce, on the one hand, and cyberterrorism, on the other.

3. Research targets
With the above four levels of information security in mind, we propose 5 broad areas of research and development. All the areas have different balances of stress between research and development.

The first area focuses on ethics and norms, and people’s consciousness thereof. For one thing, the nature of human rights and their meanings must be reconsidered. For another, there are questions about the theoretical and practical validity of conventional concepts. Education obviously plays an important role, so the contents and methods of educating young people about information security are surely important.

The second area focuses on the principles that support the corporations and societies to install policies on the use of information technology with special attention to the security aspects of the system. Laws and formal, legal measures are, in a sense, too slow keeping up with the advance of technology, so corporations have to set up their own codes and policies in order to be socially accountable and guarantee information security. As a research target, this area is a junction between information technology and social sciences, so the collaboration of the two fields is expected to result in practical advices, guidelines and instructional methods in a variety of corporations.

The third focuses the analysis and control of the psychological and sociological aspects of humans in information society. The dramatic change in the scenes of communication characterized by the Internet and WAP terminals allegedly affect the way humans interact and communicate with each other and the way humans think of other people and machines.

The fourth tries to explore the economic and political aspects of information society by simulation and conceptual analysis. The society must be defended from various kinds of catastrophes expected to take place from malfunctioning the information infrastructure. We need to find out the possible patterns of catastrophe in information society and design a society in which relevant parameters are agreed to controlled by the members of societies.

The fifth, and the most difficult area, of the study concerns the international and global aspect of information society. The borderless nature of the Internet has already revealed the difficulty of handling the conventional conceptual division between nation and international society. E-commerce surely needs international collaboration. Policy makers and diplomats may negotiate and agree on certain things, but scientific and academic underpinnings have been supplied.

4. Methodologies
The division of research areas proposed above come from the keen realization that, in designing an information society with reliable and realistic information security, the scientifically justifiable research program has to take an “bird’s eye view” for the future of the society. It has to take society and technology in view and design both of them simultaneously and conjointly.

All this lead to a methodological principle to the effect that the social design approach to information security requires the integration of engineering and arts, that is the humanities and social sciences. The merge of the totally different methodologies from different backgrounds is no doubt hard, but the efforts will surely result in concrete proposals to the future society that enhance the security of society.

It has been generally agreed that the social design approach can be a unique contribution from Japan to the whole area of information security research.

Teaching Computer Ethics to IT Students in Higher Education

AUTHOR

Eva Turner,
Principal Lecturer,
University of East London,

Paula Roberts,
Lecturer,
University of South Australia,

ABSTRACT

The teaching of computer ethics in the preparation of computer professionals, (and the education of the general computer user), is an area of increasing importance and interest, as well as an increasing scope of topics in the evolving discipline of social informatics (such as computers in work, health, education and safety-critical systems, professional ethics codes, information security and privacy, and Internet discourse and research).

This paper examines data gained from a survey of computer ethics programs in a sample of British and Australian universities with respect to provision, perspective and practice, and from an analysis of these diverse approaches (both integrated and specialized programs, some compulsory, some voluntary), the authors weigh the advantages and disadvantages of these approaches and suggest what the ideal content and scenario for teaching computer ethics might be.

The study
The research was conducted in two parts, firstly an email questionnaire was sent to computing lecturers through academic mailing lists which sought information regarding the provision and motivation for teaching computer ethics in their university and the program’s perspective and practice. The sample was taken from those universities in the UK and Australia which have Computing Science and Information Systems Departments.

Secondly, a case study in an Australian university explored the philosophical and psychological base for an integrated, skills/ethics approach to the teaching of a computer ethics program which involved a sequence of subjects in a Multimedia program. The research findings, likewise, are summarised under the headings of the program’s provision, practice and perspective.

Survey
The findings from the first stage of the research project (that is, the survey of university computer ethics programs) may be summarised briefly as follows:

Provision
There was little commonality in organizational policy for the provision of computer ethics programs, with few respondents indicating a departmental or university policy, and most reporting that computer ethics programs depended on initiatives by individual lecturers.

Many UK departments indicated compulsory provision for Computing / Computer Science/ IS / IT single honours degrees and one department stipulated that the program is only compulsory for those students who want to achieve the British Computer Society accreditation. Six departments indicated that the main reason for providing any teaching on professional and ethical issues are the requirements of British Computer Society. It appears likely that, in the universities of the other respondents, computer ethics teaching has been provided because of the personal beliefs of the staff involved.

Practice
There was a wide range in the approach to the teaching of computer ethics from specialised subjects to a part of a computing subject, or merely the discussion of professional issues in other than specialized subjects, while some departments offered only one or more sessions on what was termed the ‘Professional Development of Computer/IT/IS professionals’.

Perspective
Several of the respondents provided a detailed syllabus of their courses, and the topics covered in the syllabi can be grouped into three distinctive groups, that is, Ethical and Social Issues of the Cyberspace, Professional / Legal Issues, and Mutual Influences of Society and Technology. None of these syllabi included the ethical issues of gender and race (except in questions of pornography and freedom of expression) nor disability, nor took account of cultural differences in computing skill acquisition and use (the ‘digital divide’). Most programs concentrated on the requirements of the BCS course accreditation, which currently requires only a little more than an awareness of legal issues.

Case Study
The second stage of the research involves a case study of the provision of an integrated, sequential program in computer ethics in a Multimedia award in an Australian university, in accord with the university’s anticipated student outcomes, termed ‘Graduate Qualities’. Of prime importance for the teaching of computer ethics is the university’s mandate to educate students as ‘ethical citizens and ethical professionals’.

The ethical perspective of the program is wide in its compulsory, introductory computing subject which teaches in twin strands both basic computing skills and social informatics. This subject is a pre-requisite for both computer science and arts students who progress to the Multimedia major. The skills/ethics approach continues in sequential subjects in the major, for example in image ethics (see Roberts & Webber 1999).

The ethics program has as its philosophical base the concept of computing as a valued human practice and, in particular, the treatise of MacIntyre (1984) on the inculcation of the virtues in a community of practice. The community of practice in this case study mirrors the artisan training in guilds in pre-industrial times where the master/apprentice relationship developed not only the skills of a craft but also the ethos of that craft for transmission to future generations of workers. Thus, in this computer ethics program, the students’ development of computing skills is matched by their development of an understanding of ethical responsibility in the practice of that skill.

The psychological base relates to the place and pedagogy of the teaching of computer ethics, both as part of the general moral development of the student (Kohlberg 1974; Blum 1994) and as part of the professional moral development of the student (Roberts 1994).

Student outcomes from this integrated program in computer ethics also are discussed.

Conclusion
The paper concludes with a discussion of the efficacy and appropriateness of both integrated and specialized programs in computer ethics (compulsory and voluntary) which are outlined in this research study, and, as part of this debate, refers to the perspectives advanced by experts in the computer ethics field, such as Gotterbarn & Rogerson (2000).

There appears to be a good case for having departmental policies and initiatives to support specialist lecturers in their inclusion of ethical issues in their computing subjects. There is also a growing awareness in computing departments of the importance of their courses being accredited by a professional organization such as the British Computer Society.

This accreditation process will present the opportunity for professional bodies such as the BCS and the Australian Computer Society to broaden and specify their requirements for computer ethics syllabi to include such important issues as gender, race, disability and culture.

REFERENCES

Blum, L.A. (1994) Moral Perception and Particularity. Cambridge: Cambridge University Press.

D. Gotterbarn & S. Rogerson (1999) Computer Ethics: The Evolution of the Uniqueness Revolution, http://www.ccsr.cse.dmu.ac.uk/staff/Srog/teaching/cepe.htm and http://www.ccsr.cse.dmu.ac.uk/staff/Srog/teaching/cepe.htm, accessed 5/12/2000

Kohlberg, L. (1971) Stages of moral development as a basis for moral education, B. Beck, S, Crittenden & E.S. Sullivan (eds.) pp.30-41, Moral Education – Interdisciplinary Approaches. Toronto: University of Toronto Press.

MacIntyre, A.C. (1984) After Virtue: A Study in Moral Theory, 2nd Edn. Notre Dame: Notre Dame University Press.

Roberts, P.M. (1994). The place and pedagogy of teaching ethics in the computing curriculum, Australian Educational Computing, April.

Roberts, P.M. & Webber, J. (1999) Visual truth in the digital age: Towards a protocol for image ethics, Australian Computer Journal, 3, 3: 78-82

BCS current and future accreditation requirements, obtained from http://www.bcs.org.uk/educat/accinf.htm and from the BCS, October 2000

Slowly Reaching towards Software Engineering Professionalism

AUTHOR

J. Barrie Thompson
School of Computing Engineering and Technology
University of Sunderland,
St Peter’s Way,
Sunderland, United Kingdom.

ABSTRACT

The call for papers highlights that the convergence of computing, media and technologies means that people have become more and more dependant on technology at work, at home, in travel, in learning and in communicating and that systems based on computing are powerful agents for change. Yet the production of such systems by the computing sector too frequently appears to be carried out in an immature and undisciplined way. It is also apparent that the world of Computing/Information Technology/Informatics has not even reached a level of maturity where there is an agreed terminology and understanding between one geographical/special interest group and another. For example, attendance at a major Information Systems conference will give a very different view of “Computing” (my preferred term) than would be obtained from attendance at a major Software Engineering conference. However, whatever terminology and paradigms are used there is a clear need for those who specify, design, implement, test, and maintain software systems to approach their work in a systematic and professional manner. These people are the Software Engineers that the sector will need to rely on more and more. Just as Mechanical Engineering shaped the 19th century and Electrical Engineering shaped the 20th century it will be Software Engineering (SE) that will shape the 21st century. However, SE is different to these older disciplines in that it must be viewed in a wider context. Already we have situations where, for example, software can be specified in the USA, developed in India, and then used globally on the Internet. It is thus of paramount importance that the SE discipline is viewed at a global level rather than at just at the continental or national level.

To support the SE discipline there needs to be both educational and professional infrastructures reflect a true “engineering ethos”. Also, as has been discussed by Ford and Gibbs (1996) SE education and training must be linked to:

  • Professional practice and professional development
  • Skills development
  • Certification and licensing
  • Codes of Ethics
  • Professional societies and accreditation

In addition, there also needs to be defined at least a base line body of knowledge, that has been internationally agreed, so that disparate flavours of SE are avoided. SE is a discipline that must operate within a global dimension and not be too constrained by national, continental or other similar boundaries.

Until recently it appeared that substantial progress was being made towards establishing SE as a profession. In particular:

  • The IEEE Computer Society and the Association for Computer Machinery had in 1993 created a Joint IEEE-CS and ACM Steering Committee for the Establishment of Software Engineering as a Profession. The committee’s task was primarily to “establish the appropriate set(s) of criteria and norms for professional practice of software engineering upon which industrial decisions, professional certification and education curricula can be based.” In 1998 a successor to the Joint Steering Committee was created. This IEEE-CS/ACM Software Engineering Coordinating Committee (SWECC) was then made responsible for coordinating, sponsoring and fostering all the various activities regarding SE within the IEEE-CS and ACM’s sphere of operation. These included areas such as: standards of practice and ethics, a body of knowledge, curriculum guidelines, and exam guidelines.
  • The Texas Board of Professional Engineers had in June 1998 enacted rules that recognised Software Engineering as a distinct engineering discipline (Speed, 1998). These rules went into effect on July 18th 1998 and applications for licenses were accepted from August 1st 1998. This legislation enables engineering licenses to be issued to Software Engineers so that they could, within the State of Texas, legally represent themselves to the general public as an engineer, offer consulting engineering services to private and public entities, and perform engineering design or construction on public works.
  • In 1999 and early 2000 a significant number of academic papers promoting areas related to SE professionalism started to appear in major computing journals [e.g. (Bourque et al, 1999), (Gotterbarn, 1999), (Lethbridge, 2000), and (Pour et al, 2000) indicating that there was indeed a groundswell of positive opinion in this area.

Then, in the summer of 2000 ACM decided to withdraw from the IEEE-CS/ACM Software Engineering Coordinating Committee (SWECC) (Bagert, 2000) and, with this, much of the progress that had been made was thrown into question.

ACM’s withdrawal, although regrettable, does perhaps indicate that there may have been some fundamental flaws in some of the projects that SWEEC had been supporting and the perceived relationship between them and the Texas licensing model. What is necessary now is to:

  1. Undertake a critical review of all the activities that have been undertaken under the auspices of SWECC in order to identify a common core that is applicable not only to situations within the North American continent but which is also acceptable to a world-wide community.
  2. Consider other current initiatives that are relevant to establishing a SE profession.
  3. Select what is appropriate and start to move on.

The final paper for ETHICOMP will attempt to commence this process by evaluating two of SWEEC’s projects which have made significant progress and are very relevant to a world-wide audience. The projects are:

  1. The SWEBOK project which is concerned with defining a Software Engineering Body of Knowledge
  2. The project on defining a Software Engineering Code of Ethics and Professional Practice.

The paper will then address work that has been carried out under the auspices of the International Federation of Information Processing (IFIP) related to the Harmonisation of Professional Standards in Information Technology, which appears very relevant to the SE discipline. The match between the proposals relating to the IFIP harmonisation project and the work already carried out by IEEE-CS and ACM will be highlighted and it will be shown that the IFIP proposals can be used as a framework for SE professionalism across the world.

REFERENCES

Bagert D.J., (2000), ACM Withdraws from SWEcc, in Forum for Advancing Software engineering Education (FASE), Volume 10, Number 07, July, available online at http://www.cs.ttu.edu/fase

Bourque, P. et al, (1999) The Guide to the Software Engineering Body of Knowledge, IEEE Software, Vol. 16, No. 6, pp35-44, November/December.

Ford, G. and Gibbs, N.E., (1996), A Mature Profession of Software Engineering, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-96-TR-004.

Gotterbarn, D, (1999), How the New Software Engineering Code of Ethics Affects You, IEEE Software, Vol. 16, No. 6, pp58-64, November/December.

Lethbridge, T. C. (2000), What Knowledge Is Important to a Software Professional? IEEE Computer, Vol. 33, No. 5, pp 44-50, May.

Pour, G., Griss M. L. and Lunz, M. (2000), The Push to Make Software Engineering Respectable, IEEE Computer, Vol. 33, No. 5, pp 35-43. May.

Speed J.R. (1998), Software Engineering: An Examination of the Actions Taken by the Texas Board of Professional Engineers, October 12th , Available from Texas Board of Professional Engineers Web site at http://www.main.org/pebody/soft.htm

Meeting Ethical Demands in a Multi-Agency Project

AUTHOR

Joe Thomas and Andy Bissett,
School of Computing & Management Sciences,
Sheffield Hallam University,
England

ABSTRACT

This paper describes a piece of action research concerning the provision of an IT solution for services supporting drug misusers in a large city in England..

The researcher was tasked with advising a coordinating team whose members were representatives from many different agencies. Some of the agencies were voluntary, some were direct providers of health care, and some were from local government and community groups. The researcher essentially fulfilled the role of IT consultant for this ad hoc multi-agency team.

The putative need foreseen by this coordinating team was for an information system that would streamline the referral, service provision and planning for drug misuse needs across many agencies, for a drug misuser population of around 5000 individuals in the city. In particular, there was a common desire for all parties to avoid repeated filling-in of referral forms for the same clients, many of whom were engaged simultaneously with more than one agency. An equal goal was to be able to extract information from a common database. This information could be forwarded to regional and eventually national health and social service providers in order to assist with planning and resourcing of services for drug misusers.

The complexities of this context were very high, both in terms of sensitively balancing the needs of the multifarious stakeholders, who mostly had different agendas, and in terms of due ethical stance towards all of these stakeholders (including the dug misusers). The ethical issues revolved primarily around the confidentiality dimension. Aside from obvious requirements such as compliance with the UK Data Protection Act, there were complicated issues concerning what data it was appropriate for different agencies to see for a given client. The clients’ permissions (and agendas) varied from agency to agency. Coupled with this was the often rapidly changing nature of the data, given the typically chaotic and usually shifting nature of the serious drug misusers’ lifestyle. Most difficult, too, was the need for data to be accurate, as welfare and even medical outcomes would be affected by it.

The approach taken by the researcher was informed by the field of Social Informatics (Kling, 1996; 1998). From the outset it was understood that the coordinating committee’s work had a huge social dimension, and that any possible information system devised by the researcher may not necessarily involve information technology.

The paper describes how the project was progressed from problem analysis to possible solution using as a strategy Checkland’s (1981) Soft Systems Methodology. Tactically, a possible solution was focussed by using the Joint Application Development technique (Wood & Silver, 1995). Now the researcher acted as the JAD session ‘facilitator’, having loosely followed all the phases of JAD. Finally, an IT solution was prototyped using Visual Basic and demonstrated to everybody’s satisfaction.

To fulfil the ethical needs of all stakeholders, the solution found was a relatively ‘low-tech’ but acceptable and effective IT solution. The paper concludes with a discussion on how ethical needs may sometimes conflict with and curb the possibilities of the technically optimal ‘high-tech’ solutions inherent in, and so beloved of, the ethos of so much of IT theory and practice.

REFERENCES

Checkland, P. (1981). Systems thinking, systems practice, Chichester: Wiley.

Kling, R (1996). Computerization and controversy : value conflicts and social choices, 2nd ed. London: Academic Press.

Kling, R. (1998) What is Social Informatics and why does it matter ? (Professor Kling’s Web site).

Wood, J. & Silver, D. (1995) Joint application development, 2nd ed. Chichester: Wiley.

Just programming

AUTHOR

Harold Thimbleby and Penny Duquenoy
Middlesex University
Bounds Green Road,
London,

ABSTRACT

Justice is about doing good for other people. It is clear that computers could be better – this paper therefore makes a start by looking at the questions of what “just programming” means, and how aiming for justice might impact how we program.

Computers have transformed society, are still transforming society, and will continue to do so for the foreseeable future. The vast quantities of information easily accessible to all of us, the easy ways of creating and disseminating new information – such as using email, word processors, spreadsheets and the mobile web – are all transforming work practices and life generally. Computer games to international financial systems increasingly define our culture.

Yet everywhere we turn we find malfunctioning computer programs. PC applications programs are notorious for crashing. Frequently, the human-computer system as a pair crashes, with the users left at a loss of what to do next. Industry wastes millions of pounds in time lost when people need to get advice and help on how to continue working with their unreliable and incomprehensible computers. The Year 2000 Bug, as it happened, turned out not to be the wholesale catastrophe iconoclasts predicted, but the hype played on the well-founded fears of society’s dependence on such a fragile technology. More money was spent fixing the bug that on any other single problem ever to face humanity.

Why does society put up with the unreliability of computers, especially when they are presented as essential solutions for almost every problem? Why do we discount the cost of Y2k fixes? Why are books called “Computers for Dummies” and “Idiot’s guides” so popular? Why do we buy software that has no warranties?

Programming is an activity whose purpose is to affect other people, which it does through programmed devices. This paper brings together a range of issues around programming and argues that it is both a political and an ethical activity, and has been studied as such (though under the banner of human computer interaction, etc). We know from the regular failures of computers, whether in the besetting, daily problems with desktop systems, or from the embarrassing failures of megaprojects, that computers are not automatically beneficial in every way. Achieving worthwhile ends has to be achieved despite the risks of woe and catastrophe; understanding how to build better computers is an ethical obligation. Programming computers so that they more often have a beneficial impact is not easy, and anyway not always a conscious goal of development. Programming will not get better automatically. Changing the organisations and processes wherein programming takes place must also be encouraged.

Focussing on identified areas of HCI (Human Computer Interaction) such as usability in terms of applied ethics can provide helpful insights. Usability is a useful way of being precise about what key problems are. There are ISO standards. It is clear with this more precise focus, for instance, that users buying idiot’s books is a symptom, not a part of the problems. It is clear, for instance, that measuring user performance contributes to making improvements. The fields of usability divide fairly cleanly corresponding to their ethical signatures: this is not surprising, since usability is about making computers better, and ethics is about what better itself means.

There is an even stronger connection between programming and ethics. We write a program and other people use it. What they can or cannot do is determined by our programs; what their clients can and cannot do is determined by our program’s functions and features. In short, there is a direct step from program code to social codes. Sometimes the connection is very straight forward: a database for airline tickets “knows” all the costs, but is programmed so that web customers cannot find cheapest flights. Sometimes the connection is more apparent in criminal activity: when hackers insert code to benefit themselves or get their own back on organisations.

Programming a system to be usable is about making the system good for the people who use it. Aristotle (1990) defined justice as doing good for other people, so promoting usability is promoting justice.

There are numerous big issues – from pornography, privacy, to nuclear power station safety – which clearly raise ethical issues, of world wide (web) scale, and, furthermore, created by computers, and hence by our programming decisions. These issues must be welcomed as ethical consciousness-raising, and moreover as ones in which computer programmers have a direct and central influence. It is, of course, possible to program ignoring ethics, but this does not make the issues go away: it means, rather, that poor decisions will be “hard coded” regardless of their impact. This in turn will encourage bad social practices and then bad laws (consider the government influence over e- and m-commerce).

The idea that there is a right or wrong way of programming is unsophisticated. Programmers must appreciate the importance of the issues, and the ways in which justice can be woven into everyday practice, even down to coding styles. It is motivating (if not scary) that the leverage programming gives our efforts is enormous: even applets can be used by thousands daily. This should be enough to motivate us to seek that better world, where as-yet unknown users are empowered, which is the point of programming.

Who can own and use his/her history of WBT?

AUTHOR

TATSUMI, Takeo (Kobe University)
MAENO, Joji (Waseda University)
KUSUMOTO, Noriaki (Waseda University)
HARADA, Yasunari (Waseda University)

ABSTRACT

Recently, highly developed information technologies have been introduced to the methodology of managing classes. Especially, Web Based Traning(WBT), the idea of Computer Assisted Instruction(CAI) using web browser as an interface, will be actively researched as a learning environment. We think many products based on WBT are likely to be shipped to the market soon.

Moreover, with the improvements of prosessing performance of personal computer, WBT coursewares are being able to be customized personally, automatically and dynamically to fit historical data of learning.

However, historical data of learning is privacy data, and it’s fair use has to be discussed. Also, we have to discuss on a problem that whether the learning histories are legitimately copyrighted material or not, and whose properties are they.

In this paper, our proposal centers that the learners’ copyright and privacy must be divided into “Moral right” and “Use right.” First, we point out three topics, then we conclude with our proposals.

First, the copyrights made in learning is against Japanese copyright law, and two big problems exist here.

In Japanese, the term of “learn” is said as “manabu” which has the origin of the meaning of “imitate” that is said as “maneru.” Actually, when a learner acquire knowledge, only small part of knowledge are acquired, finding the comparison with knowledge which has been acquired already. Most part of learners’ knowledge are imported from others. It is hard to admit the right of the property on knowledges. The imitation is not avoidable in learning so that we cannot refute the opinion that learning is violating the copyright law.

In addition, there is a problem that the violation of the moral right cannot be avoidable even if the treatment of the copyright of the imitation in this case is interpreted as “Private use”. In Article 20 of the Japanese copyright law, a violation of copyright is admitted by 33:1 or 34:1. However, 33:1 is supposing reprints in educational books for subjects and 34:1 is supposing the broadcasting TV/radio program for school education. Moreover, it is described clearly that the limitation of the copyright does not apply to moral right in Article 50.

To customize courses efficiently, and personally for each learner, it is necessary that the mechanism that the results made in the learning process are transformed, translated or automatically forwarded to the courseware development company and the system management company. For instance, in the exercises of English composition of the filling words type, although the original sentences is protected by copyright law and moral rights, a WBT modifies the original sentences and transforms the sentences through the Internet. The answers of learners’ are also protected by copyright law and moral right, but these are also transformed through the Internet.

Therefore, it is necessary to change the concept of the copyright and a moral right to adjust a new learning environment. For example, in the use of the copies with a learning equipment, it is necessary to limit the copyright and the moral right. Also, the re-distribution of derivatively produced material made by the learning process should not be admitted. Although the arguments are arising in Japan to catch such concept, the separation of “Moral right” and “Right of use” is not well discussed enough. Moreover, there are against groups that wants to defend past rights and interests related to the copyright.

Secondly, there is a problem of the handling of personal information which affects the learning. WBT development companies and organizations using those WBTs should never leak personal informations, and a system that gurantees this security is needed. In this paper, we propose to set up “Third party organization which handles the proof experiment” to confirm the effectiveness of the teaching material and the protection of learners’ privacy. In the United States, there are third party organizations between pharmaceutical companies and hospitals. Those organizations prevent companies from intentional modifying of results in new drug experiments. Just like this, an organization which mediates between the WBT development companies and the schools is necessary to stop the needless circulation of individual information.

Thirdly, when a course is designed based on the behavior of a specific learner, the published courseware afterwards may inevitably include the personal informations collected in the experiment or development work of the courseware.

For instance, information such as “this tester’s score for some kind of questions is higher than others'” may sometimes relates to tester’s personal information. In Japan and China, every students becomes to be able to write the their name with Kanji characters even if those characters are difficult for other students. Kanji vocabulary of a child is region dependent to a certain extent. Moreover, family structure of a tester and his/her parent’s jobs also influence the tester’s learning history. If the parents manage a grocery store, it is possible that the calculation ability of the child in money is high. There are many kinds of such factors. This type of leaking personal information cannot be prevented even if there is a system that keeps tester’s name and address from being leaked to the public.

If use of such personal information is prohibited, the WBT development becomes impossible. However, if such individual information can be freely used, the privacy protection becomes practically invalid. In this paper, we propose to define “the customization for a personal use” that includes use of personal informations mentioned above. We also propose the new rule : “Do not use the learners’ history other than softwares with the learning function used to customize couseware automatically and personally.” With this rule, it becomes impossible for one’s course material to depend on other’s, while it’s still possible to customize courseware personally.