The ethical problems of teaching information systems security at undergraduate level

AUTHOR
Dave Chadwick, Phil Clipsham, G. Windall and A. Stanley

ABSTRACT

With the growing usage of the internet for commerce and the expanding use of computers of all kinds in organisations in all countries, I.T professionals globally are becoming aware that maintaining the security of data and information systems is of paramount importance. The teaching of security issues at an early stage in the careers of I.T professionals is, therefore, presumably to be desired. However, much research on ethics amongst computing professionals has concluded that younger people are more inclined to have a differing set of ethical principles to those who are older. The young are more inclined to take risks, more inclined to occasionally ignore the law and to sometimes act for the benefit of their own careers rather than for the benefit of their client or employer. This becomes an issue at undergraduate level where studies particularly concern computer and information security. The research described in this paper concentrates on the particular ethical problems which have arisen during the four years of teaching Information Systems Security as a specific unit in undergraduate computing studies at the University of Greenwich.

The research looks into the central questions of how ethical behaviour and awareness develop amongst students and to what extent such behaviour is influenced by a student: forming his/her own code of ethical conduct in isolation, being given knowledge of how unethical acts could be perpetrated without detection, being told how unethical acts could be punished by society, being taught a code of conduct derived from professional bodies in the I.T industry.

The first question was approached by researching how students would react when personally confronted with a number of situations where ethical decisions were required. This further investigated how, if at all, students formed their own ethical standards based upon their own principles and possibly derived from their unique student viewpoint.

The second question involved the problem of the choice of topics that should be included as content of a taught unit on Information Systems Security. For instance : if students are taught how hacking and fraud incidents are perpetrated then is there not a possibility that they may do likewise? However, if they are not taught these things at all then is there not a danger that their usefulness as security professionals may be compromised? How much of what should be taught before behaviour is influenced?

To answer the third question, research was undertaken to determine whether , in order to promote behaviour that was ethically acceptable to society, it was sufficient to teach students solely about the legal penalties for acting unethically. This approach also begged the question of whether changing outward behaviour also changed thoughts and attitudes.

In answer to the last question, research was undertaken to determine whether the teaching of a set of ethics drawn from accepted codes of professional conduct had any effect on a students ethical stance.

This research at the University of Greenwich has attempted to answer these four very pertinent questions regarding the education of future I.T professionals. In may ways, the findings of this research are pertinent to how the teaching of computer security issues to young people is to be conducted.

Genetics and the Fair use of Electronic Information

AUTHOR
Thomas Cavanaugh

ABSTRACT

Useful norms concerning the fair use of electronic information have been established and serve as models by which professionals can structure their activities ethically. So, for example, in the United States, the Privacy Act of 1974 stipulates six standards that federal agencies meet with respect to the maintenance of information on individuals. Amongst these norms, it is stipulated that:

  1. an individual is to determine what records pertaining to him are collected;
  2. these records are to be used solely for the purpose for which the information was originally gathered, unless his consent is secured;
  3. and that an individual is to have access to records pertaining to him. These principles and others like them helpfully structure the fair use of electronic information.

Such norms are adequate when applied to cases in which information bears specifically upon one individual. Thus, for example, my credit report will be relevant to potential creditors only in establishing how likely it is that I will repay my debts. Not, for example, how likely it will be that my son or father will repay their debts. For normal electronic information, such norms function well since most such information is individualized and bears solely upon one person.There is, however, a growing body of electronic information gathered from individuals that has great significance for others. Indeed, in some cases, the information gathered has greater significance for others than it has for the one from whom it was gathered. I refer, of course, to genetic information the relevance of which is not limited to the individual from whom it is gathered. For example, while my credit rating does not bear upon my son’s or my father’s credit rating, the results from a genetic test for cystic fibrosis do have relevance for both my father and my son. Indeed, in the case of my son, the results from my test, when coupled with those from my wife may be determinative concerning whether or not he has cystic fibrosis. This information concerning my son, in turn, will be of great interest to insurance companies and employers. Thus, cases of genetic information do not fit in as well with the currently accepted norms concerning the fair use of electronic information. For example, it is thought to be fair that an individual be able to determine what records are gathered concerning him. How does one comply with this principle in the case of genetic information? Must all those upon whom the information bears be given some voice in determining whether the information is to be gathered and recorded? Again, it is proposed that an individual is to be permitted to gain access to information pertaining to him. Does this mean that I automatically have access to the genetic information that has been gathered concerning my father, siblings, even my first cousins whose information has relevance for me? Clearly, when it comes to the fair use of genetic information, we must go beyond the perspective of the individual, for the information is no longer of an individual nature. Rather, it bears upon whole groups of people genetically related.

In this paper, I refine the currently accepted norms to make them sensitive to the unique problems posed by genetic information for the fair use of electronic information. I do so by relying upon the norms themselves. Thus, my refinement is evolutionary, developing what is implicit in the accepted norms.

The currently accepted principle that information gathered for one purpose is not to be used for another purpose without the consent of the original individual serves as a guide for the refinement of the principles. For since one can only consent to the gathering of information bearing upon oneself, all information gathered about oneself, even if it does bear upon another, cannot be used insofar as it does bear upon another without that other’s consent. That is, consent is essentially individualized. Moreover, I do not have access to information gathered from another that bears upon me as long as that information is not used with respect to me. That is, information, like consent, is essentially individualized. These refinements suggest one practical implication for the recordation of genetic information: such information should be recorded in as individualized a manner as possible. This is to be done so that the structure of electronically recorded genetic information mirrors the fair use of such information.

Why Computers Will (Necessarily) Deceive Us and Each Other

AUTHOR
Cristiano Castelfranchi

ABSTRACT

The main claim of this paper is that in H-C interaction, computer supported cooperation and organisation, computer mediated commerce, intelligent data bases, teams of robots. etc. there will be purposively deceiving computers. In particular, within the Agent-based paradigm -currently dominating computer science, and specially AI – we will have “intelligent deceiving agents”.

Not only we will have malicious agents with malicious motives or working for malicious owners, but agents deceiving us or others for good reasons or in our interest. For example:

  • Information systems will have to misinform an unauthorized user (be it a human or a software agent) in order to protect confidential information. This is a well-known problem in the field of databases where the concept of “multi-level security”, requiring deliberately wrong answers and cover stories, is well established (Wagner, 1997)
  • In electronic commerce we will have agents that do our bidding for us in a in a self-interested perspective (Ephrati and Rosenschein, 1991). When our agent goes to buy something in some online auction, we don’t want it to honestly bid the expected value of the good if it could potentially get that good for less money. This is necessary in any usual bargaining, that must be deceptive (Vulkan, 1998).

(Of course, there will be also fraudulent and malicious agents for damaging the competitors or for stealing information or money.)

Moreover, Electronic Commerce is being developed mainly in the sellers’ perspective and in their advantage. The consumers’ interests are less considered, while – on the contrary – the Agents could be of help for empowering consumers and reduce the handicap due to asymmetric information in market.

  • Also our personal assistant should probably deceive us trying to influence us to do the right thing, to protect our interest against our short term preferences or rational biases. In the same vein, a medical doctor is reticent on drug side-effects to avoid the patient’s discouragement (De Rosis et al. ), or a message for risk prevention doesn’t stress the fallibility of the remedy (for ex. of a contraceptive method). In the near future, a lot of these reccomendations will be given by software agents. Will they have the same paternalistic (and deceiving) attitude?

I will deal with the following issues: How and why will artificial agents try to deceive? I will provide some ontology about deception, lie, and secret; I will discuss some reasons and strategies for directly or indirectly deceiving and lying. Is there any safeguard for us and our agents? Which are the strategies for suspect, discover and defence from cheaters? How to design appropriate social mechanisms and/or protocols to eliminate or reduce the incentive to lie, cheat, and steal in artificial societies? Very crucial in all this is the importance of trust (in computers, in our agent, in other agents, in the infrastructure, in possible third parties and authorities) and of reputation. Should/will we have real social trust relations with these machines? Is this psychologically real and morally acceptable?

Could Agents be designed to empower consumers? Not only we are in a new AI paradigm (Agents) but there is a strong trend towards modelling emotions and personalities in them (“believable agents”), and in implementing a lot of “sociality”, affects, adaptivity and reactivity in HCI (Affective computing; Japanese approach: “kansei”). On the other side there are attempts to make those agent sensible to and reasoning about norms, commitments, permissions, etc. Will this lead us to “responsible” artificial agents? Able to feel guilty and to have moral feelings? Or at least to agent responsible because they are aware of norms and obligations and able to deal with them?

References

Castelfranchi, C. (1998) Modelling Social Action for AI Agents. Artificial Intelligence, 1998, 6.

Castelfranchi, C. and Conte R. (1998) Limits of Economic Rationality for Agents and MAS. Robotics and Autonomous Systems, Special issue on Multi-Agent Rationality, Elsevier. 1998, 3.

Castelfranchi C., de Rosis F., Falcone R., Social Attitudes and Personalities in Agents, Socially Intelligent Agents, AAAI Fall Symposium Series 1997, MIT in Cambridge, Massachusetts, November 8-10, 1997.

Castelfranchi C and Falcone.R. Princnples of Trust for Multi-Agent Systems: Cognitive Anatomy, Social Importance, and Quantification. International Conferences on MAS – ICMAS’98, Paris, 2-8 July 98, AAAI-MIT Press.

Castelfranchi, C. and Tan Y.H. (eds.) “Trust, Deception and Fraud in Artificial Societies” Kluwer, in press

Conte, R. e Castelfranchi, C. (1995) Cognitive and Social Action. London, UCL Press.

Conte, R. e Castelfranchi, C. (1998) From conventions to prescriptions. Towards a unified theory of norms. AI&Law, 1998.3.

de Rosis, F. , Grasso F. and Berry, D. Refining medical explanation generation after evaluation. Artificial Intelligence in Medicine, in press.

Ephrati E. and Rosenschein J., “The Clarke Tax as a Consensus Mechanism Among Automated Agents”, in Proc. of AAAI-91 ,pages 173-178.

Wagner, G. “Multi-Level Security in Multiagent Systems”, in P. Kandzia and M. Klusch (Eds), Cooperative Information Agents, Springer LNAI 1202, 1997, pp. 272-285)

Towards an Effective and Ethical Virtual Learning Environment

AUTHOR
John T Burns

ABSTRACT

Videoconferencing is not a new technology, but due to the cost of the technology, it has until fairly recently been used mainly by large organisations who could afford it. In recent years however falling costs have created an opportunity for many more oganisations to consider how they might be able to benefit from the purchase and use of videoconference systems. One area where videoconferencing is promoted as offering significant potential and benefits is in the education and training sectors. Within the field of Higher Education in the UK, institutions are being charged with the responsibility to widen access to further and higher education. This presents institutions with a number of important challenges. One particular challenge is that of meeting the educational and training needs of an increasing and much more diverse student population, whilst ensuring that the provision, integrity and quality of the educational experience is not diminished. They are having to do this against a background of fewer resources, scarce expertise and severe budgetary constraints. Videoconferencing would appear to be one way of providing the opportunity to meet many of these challenges as it offers the potential, for example, to reach a wider audience, make use of scarce expertise, reduce time spent on travel and accommodation and enhance communication channels between remote groups of learners and their tutors.

It was against this background that senior management at De Montfort University decided to invest in videoconferencing systems at several of the University sites.

As a large distributed University videoconferencing has been used since 1994 to support the management and delivery of a number of undergraduate and postgraduate courses to students in the UK and oversees.

The Learning in Virtual Environment (LIVE) research group which is established at the University has undertaken a number of research projects, including surveys of staff and student attitudes regarding the use of videoconferencing. These projects have attempted to identify and establish the key factors and issues, which are fundamental to the successful and effective integration of videoconferencing in teaching and learning.

The results of our studies have identified a number of important issues, including ethical issues which need to be considered if this technology is to become widely used for educational purposes.

This paper will provide an overview of our research to date and provide details of our research findings. It will state some of the more important critical success factors, which have been identified. The results of our work has also led us to the view that there are a number of ethical issues and questions regarding the adoption of this technology for use in virtual learning environments which need to be addressed. It is the groups contention that these issues are not generally recognised and that the questions are not being asked. The paper will identify these issues and raise a number of pertinent questions regarding how a virtual learning environment can be implemented both effectively and ethically. The group considers that there is a need for a framework to be created which will enable these issues to be addressed and for further work to be undertaken to enable an appropriate framework to be established.

The Computer-Mediated Public Sphere and the Cosmopolitan Ideal

AUTHOR

Robyn Brothers

ABSTRACT

Globalization as a process has intensified to the point where a new social, political, and economic condition has taken hold in the global arena. Recently this condition has been termed “globality” — a term denoting a networked world characterized by speed, mobility, risk, insecurity, and flexibility. Mandeville’s famous fable of the bees and Adam Smith’s response hold renewed interest for anyone questioning the morals of globality. As advances in ICT inaugurate an era in which economics might take precedence over politics, can we be sure that self-interest promotes the greater good by way of providing opportunity? There has been a rapid rise of enormous multinational corporations seeking investment opportunities countered by increasingly ineffective NGOs aiming to temper the breakneck speed of capital and the inequities left behind in its wake. Those countries eager to be included in the network society welcome these large, corporate transnational actors, but remain vulnerable both politically and culturally. Even the G8 countries are at risk as the meaning of the words democracy, sovereignty, nation, and agency devolve. The world citizen, as an actor in this new sphere where nothing is certain, is set loose from national moorings and is left wondering whom to trust, and in whose name to act. It is occasionally remarked in these times that no one ever died with the words “free market” on their lips. Actors in this new era of globality may not always act according to economic models of rational self-interest. Franics Fukuyama has shown that trust and ethical habits vary according to cultural and societal narratives, and as Jean-Pierre Dupuy puts it: in leaving behind the political, economics signs its own death warrant.

In this paper, I am concerned then with this increasingly jeopardized sphere of the political as a sphere where the social and ethical values of accountability, trust, and solidarity occasion its existence. With the decline of the absolute sovereignty of the nation-state, this sphere of ethical and political agency must expand globally and that is indeed the challenge ). The engine driving the process and sustaining this condition is the rapid and constant innovation in communications technologies. It is becoming increasingly apparent, however, that increased connectivity does not necessarily translate into global solidarity. In fact, the two forces of connectivity and solidarity seem to be growing in inverse proportion to one another. Habermas has noted this recently by saying: “Whereas the growth of systems and networks multiplies possible contacts and exchanges of information, it does not lead per se to the expansion of an intersubjectively shared world and to the discursive interweaving of conceptions of relevance, themes, and contributions from which political public spheres arise.” He joins many philosophers who are looking away from Hobbes and again to Kant for some brand of cosmopolitanism suitable for today’s networked society. In response to the attractive moral and political model of cosmopolitanism, this paper offers an overview of some of the conceptual limitations to that model arising from computer-mediated, interest-based social interaction. In particular, I discuss James Bohman’s definition of the global and cosmopolitan spheres and how computer-mediated communication might impact the development of those spheres. Additionally, I question the commitment to purely rational models of social cooperation when theorizing a computer-mediated global public sphere, exploring recent alternatives. And finally, I discuss a few of the political and epistemic constraints on participation in the computer-mediated public sphere that threaten the cosmopolitan ideal.

An ethical perspective on information poverty and proposed solutions

AUTHOR

Johannes J. Britz and J.N. Blignaut

ABSTRACT

There is general agreement that there is a widening gap between the information rich and information poor countries in today’s world. It can also be argued that the largest portion of the world’s population is information poor. This may predict a bleak feature for the information society – a concept, which has become synonymous with the first world – unless this problem of information poverty is solved.

The aim of this paper is therefore to investigate what is meant by the concepts information wealth – information poverty identify the main reasons for information poverty discuss an ethical perspective on possible solutions to information poverty propose a possible solution, based on an economic model within the framework of social justice, to the problem of information poverty.

Definitions and interpretations of the concepts information poverty and wealth. The first aim of this paper is to find a proper definition of the concepts information rich and information poor. This is due to the fact that there is little agreement on what exactly the terms refer to. A short overview of existing definitions of information poverty and information wealth are provided followed by an interpretation of these concepts. A working definition is formulated which are based on four common features namely: information, the human being, technology and economics.

The main reasons for information poverty The second part of the paper concentrates on the main causes for information poverty. The identification of these causes are important for the proper understanding and formulation of possible solutions to the problem of information poverty. These causes areas follows: advanced capitalism; the specific information environment; the lack of an effective information infostructure; and the exploitation of indigenous knowledge.

In the next part of the paper an ethical perspective is given on the problem of information poverty which can act as a framework for the formulation of possible solutions. The ethical framework is based on social justice.

The paper concludes with possible solutions to the problem of information poverty. It is indicated that the solution to information poverty lies on different levels and that the approach to finding solutions must be multi-disciplinary and based on the norm of justice. The proposed solutions are based on John Rawls’ model of social justice and an economic model which are known as the Economic Systems Approach (ESA). The ESA is aimed at capacity building and therefore facilitates the integration of a multitude of processes and the diversity of human behaviour and also recognises the complexity of the structure of society. It is argued and demonstrated that the application of this economic model will contribute, in a fair and just manner, to the reduction of information poverty and the possible creation of information wealth.