Will the Regulation of Software Engineering and the Texas Licensing Model Act as Catalysts for the Integration of Computer Ethics into Mainstream Computer Education?

AUTHOR
Andrew Storey and J Barrie Thompson

ABSTRACT

At the end of the Millennium we are seeing moves to license Software Engineers within some parts of the United States (US). Most advanced in these moves is the State of Texas, where licensing has been in operation since mid 1998. This licensing and associated regulation of the Software Engineering profession is likely to lead to changes in the education of computer personnel. Within the paper we intend to consider the following areas:

  • Regulation and Certification Developments and the Facts covering Software Engineering Licensing in Texas, US.
  • Ethics as a Formal Requirement of Professionalism
  • Examples of Ethical Behaviour or Otherwise
  • Methods of Teaching Computer Ethics

In particular with regard to the above areas we will consider;

Rules of the Texas initiative to give Software Engineers a license to practice as engineers in the field of software engineering. The precepts for the potential production of a USA national Licensing exam for Software Engineers and the terms covering exam waiver requirements. Standards of many computer people may not live up to the high expectation of licensing rules.

Computer professionalism is still difficult to clearly define. However a high degree of ethical awareness and practice is required in other professional fields. Therefore it is sensible to assume that ethics education is a formal requirement of professionalism. The challenge is to promote ethical development in such a way that it becomes natural practice. This means, classroom and training techniques that promote higher levels of thinking should be the aim. Development would be expected to continue in the business world.

The use of computer ethics “codes of conduct” as core concepts for computer education will also be investigated. Students of computer science should know that there is an important distinction between being aware of ethical and social impact issues and becoming ethically and socially accountable. The correct combination of these should make them responsible ethical professionals.

Proposals are discussed concentrating on Ethics concepts in education curriculum’s for computer professionals. The debate on where computer ethics education should begin is considered. Ethics concepts if introduced the correct way into Computer Educational Curriculum’s may have a major impact on the amount of future growth of licensing and certification. There is a distinct possibility that future training may have to be geared to licensing requirements. All of which would have a major impact on Standards Development in the computer field and be a major influence in the future structure of Professional Credentials. Techniques of teaching computer ethics and influences from environments and culture will be examined. We will show how the effects of learning in the classroom and in real life situations have different influences. The effectiveness of case study learning scenarios involving ethical decisions will be considered. Improved methods are being sought that do not deliver the ethics message in the form of preaching or attempt to force indoctrination. Information on positive research dealing with this issue is taken from the ImpactCS project. In this a staged progression of educational experiences based upon knowledge units which are placed throughout entire Computer Science curriculum is recommended. Analysis of integrated progression of material and experiences through awareness of computer related ethical issues form an integral part of this investigation.

Finally we will present our conclusions with regard to the essential components and requirements that will aid those, attempting to teach principles of value and ethics to computer users. This should help to move ethical training forward with the aim of producing professional software engineers and computer scientists in the future. Who will be ethically aware and astute at using ethical concepts to make professional socially responsible decisions.

References

Bickel, R, W. Maria, Larrondo-Petrie, M, M. Bush, D, F. (1998) Ethics, Law, and Information Technology. The Transformat Social Science Computer Review. 16. (3). Pp. 283.

Bickel, R, W. Maria, Larrondo-Petrie, M, M. Bush, D, F. (1992) Edict for Computer Ethics Education. The Journal of Systems and Software. 17. (1). Pp. 81.

Bellinger, B (1998) Debate Weighs Licenses for Software Engineers. Electronic Engineering. Times. 09/21/98, Issue 1026, (152), CMP Media Inc. pp.1-3.

Braxton, S. Stone, D, B. (1998) Social and Ethical Impact of Computing. ImpactCS, [Online]. The George Washington University. Available from: http://www.seas.gwu.edu/seas/impactcs/index.html [Friday, March 12, 1999].

Educom Review. (1995) Computer Ethics. Educom Review. 30. (4). Pp5.

Hrisak, D, M. (1997) Controllers Viewpoint: Ethics Training in Cyberspace?. Corporate Controller. 10. (2) pp. 42-44.

IEEE (1998) Software Engineering Standards Committee – Computer Society Standards Impact 1999!. IEEE, US. On-line. Available from: http://computer.org/standard/impact/Program.html [January 15. 1999].

Johnson, D. (1998) Teaching Ethical Technology Behaviours. Book Report. 17. (2). pp. 96.

Lu, His-Peng, Lin, Jien-Liang. (1998) Effects of Learning and Living on IS Ethics Education. The Journal of Computer Information Systems. 39. (2). pp. 96.

Martin, D, C. Martin, D, H. (1990) Professional Codes of Conduct and Computer Ethics Education. Social Science Computer Review. 8. (1) pp. 96.

Mead, N, R. (1997) Issues in Licensing and Certification. 10th Conference on Software Engineering Education and Training. IEEE. USA. pp. 150-160.

Speed, J, R. (1998a) Software Engineering An Examination of the Actions Taken by the Texas Board of Professional Engineers. Online. US. Texas Board of Professional Engineers. Available from: http://www.main.org/peboard/softw.htm. [December 21, 1998].

Speed, J. R. (1998b) Ethics and the professional engineer. Online. US, Texas Professional Engineer, February 1998 Volume 2, Issue 1, Sections I-VIII, October 12, 1998. NCEES, Available from: http://www.ncees.org/licensure_ exchange/feb/engineerethics.htm. [December 1, 1998]

Thong, J, Y, L. Yap, Chee-sing. (1998) Testing an Ethical Decision Making Theory: The case of Softlifting. Journal of Management Information Systems. 15. (1). pp. 213.

Texas Board of Professional Engineers. (1998) Board Establishes Software Engineering Discipline – The Texas Board’s Software Engineering Statement dated 10/12/98i. Online. US. Texas Board of Professional Engineers. Available from: http://www.main.org/peboard/sofupdt.htm [December 16, 1998].

Wong, E, Y, W. (1995) How Should We Teach Computer Ethics? A Short Study Done. Computers & Education. 25. (4). Pp. 179.

Issues of Ethics and Responsibility with Internet Information Quality

AUTHOR
Laurie A. Smith King

ABSTRACT

Initially, the Internet connected but did not inform; the interface was insufficient to fully keep the promise of information sharing. Today, the world wide web and attendant search engine technologies offer an unprecedented ability to distribute information effectively. Increasingly people rely on the Internet as a primary source of information, and even traditional sources of information such as newspapers, journals, magazines, radio, books, and television are adding an Internet component to their distribution. But to use this information, people need to make judgements about the veracity and quality of the information they receive. How do we make these judgements about Internet information?

At present, there are very few real controls, little accountability, and the quantity of on-line information that is false or misleading is disturbing. The Internet makes it possible to broadly disseminate huge amounts of false information relatively anonymously. There are fewer ‘brand-name’ identifiers that aid the consumer of on-line information, and when traditional media go on-line, the rules are often different for their on-line counterparts. For example, the printed bestseller list of the New York Times comprises 34 books in 3 categories, whereas the on-line version consists of 370 books in 12 categories.

Email has also evolved into an information conduit in unexpected ways. Scores of ‘information viruses’ proliferate in which misinformation and hoaxes are passed on via email, often with the best of intentions. Although most would not Xerox an article and send it to dozens of their closest friends and relatives, people forward email broadly without a second thought. It is simpler than ever to reach a wide audience with information which lacks proper attribution of sources, or contains only sloppy attribution. We need to understand the level of responsibility one should take when quoting a web-source or forwarding unverified anecdotes in a piece of email. In some sense, forwarding is the same as publishing. At what point do we cross the line from free Internet speech to yelling fire on a crowded network?

Yet another issue is plagiarism based on Internet sources. For example, there is increased plagiarism among high school students downloading papers whose spelling mistakes, grammatical errors and vapid content make them virtually indistinguishable from actual papers by students likely to cheat in this way! Some teachers have reacted by modifying writing assignments to require students to submit handwritten notecards, outlines, and research notes.

Part of the attraction of the Internet is the potential for alternative cyberspace communities where prejudices based on physical appearances cannot operate because one’s identity is defined differently. Yet we are less experienced with how to safeguard digital identities. For example, identity theft consists of ‘stealing’ facts about another person, using the facts to get credit cards and run up a debt, and then shed the identity. How can we trust that people are who they claim to be on-line while at the same time respect and protect one’s identity?

Another phenomenon is that of “evaporating information” such as a reference to a web site which no longer exists. The use of URLs as references and sources for additional information in journals is becoming more common-place. How reliable and long-lived are such references compared to “hardcopy” references? In cyberspace, where is the library and who is the librarian? What responsibility does an author incur when using a URL as a reference?

This author believes that the same technology that spawned these problems, can play a part in their solution. Like a vaccine, the disease can be part of the cure. The same power harnessed to spread misinformation quickly can be used to ferret out the truth. This paper will discuss these and related issues, and the role technologists can play.

Regulating Digital Identity

AUTHOR
Richard A. Spinello

ABSTRACT

As we approach the new millenium there will be many contentious debates on the need for new Internet regulations. Proposed content controls and encryption policies have already sparked major controversies in the United States. The Internet empowers its users and provides for an immense expressive capability, but there is a tendency on the part of the state to reimpose central controls and curtail that power.

One issue that continues to come under intense scrutiny is digital identity. At present, there is no uniform system or mechanism for identifying users in cyberspace. The Internet does support architectures that make identification possible including passwords, e-mail addresses, and Internet Protocol addresses. But it is still quite possible for users to interact in cyberspace anonymously, and it can be difficult to trace the real identity of users who are deliberately trying to conceal their identity. While anonymity supports privacy rights, it also interferes with security. Hence the lack of an identifying infrastructure has been detrimental for electronic commerce and for law enforcement.

The interconnected issues of digital identity and anonymity are highly charged ones which stir deep emotions. This was evidenced by the heated response to Intel Corporation’s announcement in February, 1999 about its plan to put identification numbers in its next generation of computer chips, the Pentium III’s. The primary purpose of the embedded serial numbers is to authenticate a user’s identity in business transactions and to allow organizations to better track their equipment. While Intel capitulated to pressure and agreed to ship its products with the serial number turned off, the incident has heightened awareness about the tenuous future of electronic anonymity.

In this paper we intend to examine the various options for a digital identity system. Any system will be located on a continuum from accountability to anonymity. At one end of the spectrum (anonymity) there is no link between the data in cyberspace and its originator, and at the other end there is an indissoluble link between one’s cyberspace identity and one’s real identity, which is accomplished by mandating traceability. Mandatory traceability might be achieved by making identification a prerequisite for Internet access. In this discussion we will also review various technical architectures such as digital certificates which can be implemented to achieve the correct level of identity on this spectrum.

The state obviously has a keen interest in regulating identity to provide greater security for the Internet economy and to deter criminal acts such as fraud that are facilitated by the cloak of anonymity. These regulations could take many forms and also fall on a spectrum. They can range from a regime of laws that stiffen the penalities for fraud and identity theft to the establishment of an identity infrastructure managed by a government agency.

But should the state regulate digital identity, and, if so, how should this be done? As we grapple with this critical question we will consider the costs and benefits of various regulatory schemes. We also consider the ramifications of non-intervention by the state — the possibility that private corporations like Intel will fill the vacuum with their own identifying mechanisms for tracing the identity of end users.

In the context of this discussion on the feasibility of state regulation we must come to terms with the following questions. In what contexts in cyberspace does the state have the right to require one’s identity? Can the right to anonymous free speech be balanced with the need for identification? Can traceability be mandated in a way that preserves some degree of Internet anonymity?

An important part of this discussion will be a brief reflection on anonymity as a key element of privacy. There is pressure to differentiate privacy from anonymity, to claim that the “right to be left alone” is not the same as the right to surf the Internet in secrecy. In our estimation, those pressures should be resisted. We will make the case that real privacy requires anonymity in some circumstances and that any efforts to control digital identity must respect a user’s preference for anonymous communication.

We will also take the position that there is a modest role for the state to play in regulating digital identity, but that its involvement should take the form of creative legislation. We support a digital identity system that facilitates a user’s options: there will be times when an authenticated identity should be required in cyberspace, but there are other times when users should be allowed to communicate anonymously. We reject any solution which establishes a perfect link to one’s real identity by mandating the traceablity of all communications.

On the Moral Scrutiny of Two Kinds of Information Security Activities

AUTHOR
Mikko T. Siponen

ABSTRACT

Information security solutions have an increasing role in the information age given that security solutions technically ensure or deny access to information. Literature analysis from security research and practice suggests that certain information security activities, even when done within basic research, are morally debatable. This is true even though security personnel are often interpreted as being ‘the good guys’. The morally questionable activities that seem to occur rather widely mostly encompass the concept of lying. Database security is the first area where an important requirement, in the level of basic research, comes from a need for lying. The analysis of the aforementioned is close related to the ethics of the philosophy of technology. Are such security solutions or basic research (e.g. to maintain cover stories) wrong per se, or are they value-neutral (as scientific basic research is often interpreted to be), but used in a way which is moral, amoral or immoral?

The other issue under consideration concerns the general public in the information society. This is not a matter of basic research, but rather a problem that appears at the very end of applicatio. It concerns ‘lying’ with respect to the security of technical solutions, such as different transaction protocols. For example, that our SSL solution is 100% secure, that GSM encryption cannot be broken, and so on, are very general, albeit fallacious claims (as these techniques, for instance, can be broken in algorithm or software implementation level) presented in this respect.

The research question of this paper is to analyse the possible reasons and moral statuses of such claims and activities. In addition to the philosophy of technology generally, these issues are analysed through Kantian ethics including the impartial universality thesis advocated by Hare and Rawls and through the theory of information ethics by Floridi. Conceptual analysis is used as the primary research method to yield the results.

Could Computer Ethics Spark a New Moral Generation? – An Australian Perspective

AUTHOR
Chris R. Simpson

ABSTRACT

This paper asserts that current Higher Education students in Australia, reaching the third year of their course, have generally thought little about ethical issues, especially ethics relating to the Computing and Communications discipline. It presents initial responses made by a group of students entering a Computer Ethics subject in the third and final year of their Computer Science course. It explores why their initial outlook may be so. It goes on to compare and contrast various individual, initial views with those declared at the end of the one semester subject.

Student responses indicate frequent significant, personal changes in:

  • ethical awareness, depth of perception and ability to argue,
  • perceived relevance of the subject to one’s prospective career,
  • enthusiasm and willingness to question community values.

An appreciation is developed that eagerness, sensitivity, vision and courage are all needed to face opposition and to propose changes to entrenched outlooks in industry.

Although it has been convincingly argued [Gotterbarn, 1995; Martin, 1997; and Grodzinsky, 1998] that practical ethics can be successfully integrated into ordinary subjects of a degree course, this study suggests that there is still value in a sole, capstone subject. The value goes beyond that reported earlier [Simpson, 1996] and stems largely from the concentration of effort and depth of involvement required of students by the strategies used in this subject. Admittedly, it depends heavily upon teaching staff attitude. The nuances are developing with every semester.

Pursuing the indicated value to students of an in depth, concentrated experience obtained in this single non-technical subject in an otherwise purely technical degree course, the paper proposes that the symptoms of students entering computer technology courses are shared by those entering any other purely technological courses such as applied science and engineering, as well as those not usually thought of in this light, for example accounting, economics, business and management. All of these appear to have developed the same dearth of non-technical subjects, leaving social and ethical skills to be obtained in the workplace. Yet such skills are needed as frequently as technical skills in one’s career, from the outset [Simpson & Burmeister,1998].

Computer Ethics appears to be a pilot arena for many disciplines, by virtue of computer technology and communications applications that touch and therefore become relevant to each of these disciplines, their practice and their educational curricula. This subject could be adapted quite easily to suit almost every course in the university.

This one-subject, last ditch approach to humanising courses is only relevant whilst the current global morality persists. In this climate, economic tyranny dominates, human and environmental values count for little and a “moral cringe” has developed that dissuades moral training in schools, such that a useful and continuing ethics component in secondary and tertiary training is not forthcoming. That is the situation in Australia at present. On the other hand, there are symptoms of an awakening occurring. Perhaps we are part of that.

There has been a succession of three generations in Australia described as the Lucky Generation, the Baby Boomers and currently, the Options Generation (sometimes called the Baby Busters) [Hugh Mackay, 1997]. The last of these have been set adrift in an ever-changing world, a culture centred about the individual and limited values. These are today’s students. Yet, with a little prompting, they are quite ready to question the validity of a system that pays little heed to human and environmental sustainability and seems to be on a collision course with crisis. It is my fond hope that these are the future stimulators of a new generation, that will achieve a broadened value system, demerit greed, reintroduce human dignity and might be called the Renaissance Generation.

References

Gotterbarn D. [1995] A Tool Kit of Computer Ethics Activities for computer science classes, Proceedings of National Educational Computing Conference, Baltimore, MD.

Grodzinsky F. and Grodzinsky S [1998] Integrating Ethics into the Computer Science and Engineering Curriculum. AICE October Seminars, Swinburne University of Technology, Australia, October.

Martin C.D. [1997] The case for integrating ethical and social impact into the computer science curriculum, ITiCSE ’97 Working Group Reports and Supplemental Proceedings, ACM, Jun.

Mackay, Hugh [1997] Generations: Baby Boomers, their Parents and their Children. Pan Macmillan, Sydney.

Simpson C.R. [1996] University Courses and Ethics – Using Collaborative On-the-job Education, Proceedings, ETHICOMP96, Madrid, Nov, 427-442.

Simpson C. and Burmeister O. [1998] New Professionals, New Measures of Worth, New Ethic of Collaboration. Proceedings of ETHICOMP98, Erasmus University, The Netherlands, March, 650-661.

A common sense approach to the Corporate Contradiction (How a Local Authority manages the New Data Protection Act)

AUTHOR
Paul Simpkins

PUBLISHED IN
ETHICOMP Journal Vol 1 Issue 2

ABSTRACT

I was appointed to the post of Data Protection Compliance Officer in the summer of 1998 following a report to Council Management Board stating that there was no co-ordinated approach to Data Protection in Bradford Council and in anticipation of tougher regime with the new act. Data Protection had been under local control for ten years and there were pockets of good practice but entire wardrobes full of bad practice.

My brief was wide. Carry out a data audit, raise awareness via training, manage external liaison, work in a co-ordinating role to pull the various strands together and to be involved with policy-making especially in the area of IT legislation which for some reason seems to be the filing cabinet into which Data Protection had automatically been placed.

Data Protection is a difficult subject on which to deliver training. It’s rather dry and much of the time involves balancing the rights of individuals on the scales of competing legislation. If you hear a speaker from the Information Commissioner’s office they clearly know their onions but jump from Schedule 3 to Principle 7 without shedding a single tear. (That’s from conditions for processing sensitive vegetables to security of kitchen knives if you weren’t sure…)

I opted for a more practical approach which would involve relating the law to incidents which happen within the experience of the staff at Bradford Council. I was keen to involve both Legal and Audit as allies in this operation and I was fortunate in meeting two people who thought the same way. Between us we evolved the Bradford Way… In this paper I hope to outline the aims and objectives of a Data Protection Compliance Officer working in the public sector. I will offer an insight into the life of a Data Protection Compliance Officer. Wherever possible I will bring in examples from real life to illustrate the points and I hope to give you some indications of how this important piece of legislation will be managed in the future.

The new Act is a small step for man but is part of a whole flight of stairs for personkind in Bradford. We have to consider the Crime & Disorder Act, the Public Interest Disclosure Act and soon the Freedom of Information Act. Central Government is promoting the delivery of services by electronic means and Local Government is being encouraged into more and more partnerships with external agencies where sharing of data becomes the norm. These have to be properly managed and the rights of individuals need protecting.