Teaching Ethics in Computer Science – How it is approached in Spanish Universities

AUTHOR
Rosalia Peña and Javier Extremera

ABSTRACT

The growing use of computers in every aspect of work has produced many social impacts. As a result, it is imperative that today’s Computer Science students realize the special responsibility they will face in their future profession.

More and more, the curricular recommendations for undergraduate Computer Studiesstress the necessity to include, in the set of themes, specific topics such as ethical reflections on the responsible performance of one’s professional duties. The influence the use of computers exerts both on society and on the philosophy of any given company must also be studied, as well as the way in which everyday personal relations are affected.

ACM/IEE-CS-91[1]. brought into the curriculum a new area:” Social, Ethical and Professional Guidelines” which was added to the existing nine basic areas that, until then, had been considered essential. In this way, the importance of this area has been raised to the same level as that of such subjects as Operating Systems, Computer Architecture or Databases.

This tenth area of study aims to train the students to identify some of the social problems and consequences of computing. The student is prompted into a personal reflection whose final result must be a change of attitude and behaviour in the way practical situations are solved when interacting with computers both at work and in every day life.

Much work has been carried out [2,3]. in order to contribute to build a framework which helps to teach and develop ways to implement the guidelines and aims of this tenth subject area. The revised model curriculum for a Liberal Arts Degree in Computer Science[4]. stresses the necessity of the introduction of this new Ethical Issues subject area in the introductory and intermediate level courses, i.e. in the first two years of study.

This new subject area is being widely accepted by both teachers and universities around the world. More than 170 references collected by Vance[5]. are a good proof of this fact.

The technology of Computer Science changes from day to day, and the Computer Science curriculum must keep pace with those changes. Changing the Spanish University curriculum is a complex task which may take a long time to implement. This may perhaps help to explain the great disparity of approaches observed within the various Spanish universities when they include this subject area in their Computer Studies.

For example, there are some private universities, such as the “Centro de Estudios Europeos CEES” in Madrid, which specifically include this subject area, (entitled “Deontology”) in the second year with a high number of lecture hours. A similar case is that of the “Deusto University” where this subject is taught as a sixty lecture-hour course entitled “Social Impact and Professional Ethics for Computer Science” . On the other hand, there are other universities that do not even mention the subject in their curricula or which teach it under some broader generic subjects as is the case of the Castilla de la Mancha University with its 90 lecture hour course on “Computing Legislation”

The Spanish legislation establishes a maximum number of total lecture hours per career. Many curricula are currently near this upper limit. On top of this, the “Real Decreto 614/1997[6] imposes additional criteria which aims to decrease the number of subject matters. This can be achieved by integrating different related topics into the same course. Under this new law, a subject matter cannot be shorter than 45 lecture hours. This also has a secondary effect. This law has made it more difficult to create new courses that cover Computer Ethics to its full extent.

This paper shows the situation of today’s programs at Spanish Universities and our experience with students.

At the University of Alcala we have developed one subject entitled Data Protection where we have integrated the following areas of interest:

  1. Social, Cultural and Ethical issues inherent in data management.
  2. Spanish legislation on Privacy and Confidentiality.
  3. Technical tools that provide security for data stored or managed on computers.

These three aspects dealing with data security require different approaches and class methodologies, which contribute to a more dynamic development of classes. The integration of these topics has given the students a more global perspective on the subject, and it has been noticed that their interest has increased. There is no doubt about the student’s appreciation of the moral issues and technical problems involved in data management. Practical everyday problems were regularly proposed in the class by the students themselves.

Other areas such as professional responsibilities, intellectual property and client-employee-company relationships, must be integrated into other courses. In this regard, the “Projects” and “Company Management” subject matters are being considered.

Women and Computing: The Ethical Responsibility of the IT Industry

AUTHOR
Niki Panteli, Janet Stack, Malcolm Atkinson and Harvie Ramsey

ABSTRACT

Given the explosive growth of the IT market over the last decades and the industry’s skills shortage, IT employees constitute an increasingly vital component of the labour force. It is therefore of significant importance for organisations in this industry to use all potential resources in the best possible way. In this paper we will report on and analyse the state of women in IT occupations in the UK.The issue of gender imbalance in the IT workforce provides a focus for this research, at a time when there is a declining representation of women in the IT industry.

Although there has been an increase in the number of women entering IT occupations since the seventies, women are under-represented in all member states of the European Union. This is an industry that has been predominantly white, middle-class and male-dominated. Men in general are more likely to be seen as the designers, developers and managers of systems whereas women are seen as the users of these systems (Grundy, 1996). In no member state of the European Union is the proportion of women in the IT workforce estimated to be above 30 per cent and in most cases the share is closer to 20 per cent.

The UK in particular has been experiencing the worst decline in the proportion of women in the IT sector (Social Europe, S3/93). In the 1980s, women accounted for a quarter of the workforce in the IT industry in the UK (Orldroyd, 1996). Since the early 1990s the average proportion of females in IT has ranged between 20% to 22%, falling to 19% in 1993, and this is during a period when women account for about 45% of the UK labour force (UK Labour Force Statistics, 1991).

During this same period, the IT industry is growing faster in the UK than in Europe. In 1995, the UK market for software and computing services increased by 18% experiencing its fastest growth in real terms for a decade. The overall turnover of the companies in this sector has grown by 22 % and further growth is expected. This growth has resulted in an increasing demand for IT skills. According to a recent survey by the Higher Education Careers Services Unit, which contains an analysis of about 8000 graduate vacancies over a two year period, more than a fifth of all advertised posts were for work in IT and management information(The Scotsman, Recruitment, June 13, 1997, p.45). Also, according to a recent report commissioned jointly by the Scottish Software Federation and the government, there are 33,000 unfilled IT jobs in the UK, with around 10 % of these in Scotland (The Herald, July 16, 1997, p.24). Many of these are for people with previous relevant experience.

Our study identifies that even though the IT industry does not exclude women it does little to promote them or even retain them in the field. In this paper we will discuss the ethical responsibility of the IT industry with regard to gender issues in this sector, so that women are not only users of systems but can influence the development of systems as well. IT organisations have a responsibility to discover and utilise innovative and effective ways to retain and develop experienced IT staff. Furthermore, we suggest the introduction of a Professional Code of Ethics to be followed in the training and development of IT staff which would include gender specific issues.

Although there are several professional standards of this sort (e.g. the Professional Development Scheme (PDS) introduced in 1989 by the British Computer Society and the Continuous Professional Development (CPD) initiative by IDPM), these remain gender-neutral. As a result, PDS and CPD provide a code of practice treating IT employees and their needs as homogeneous. Our UK-based study however has shown marked gender differences in career progression and development. Nation-wide statistical analysis highlights areas of difference which our case study based research investigates further, revealing possible causes. Similar findings were identified in the US-based study (Wright, 1997). In the light of these findings we are in a position to make recommendations for a gender inclusive code of practice.

The paper argues that professional training and development schemes should be comprehensive enough to incorporate the needs of IT female staff with family responsibilities. They should therefore include a training programme for women returning from maternity leave, as well as a career development programme for staff, mainly again women, who work on a part-time or flexi-time scheme. Innovative uses of technology to assist flexible work patterns need to be explored and encouraged.

The value of a more diverse work-force needs to be realised: “… the fact that many of those organizations which are most imaginative in their use of IT to meet commercial objectives and/or consumer needs have a higher than average proportion of women in post suggest that the others are seriously losing out” (IDPM 1996, p.50). Our research points the way for this to be enabled, to maximise use of human potential.

Technology, blessing or curse for employment and labour? – a technophilosophical approach

AUTHOR
Hendrik Opdebeeck

ABSTRACT

It is striking how technology can be regarded both as a blessing and a curse for employment and labour. In this contribution we shall consider some of the ethical backgrounds and implications of technical development.

We intend to do so in three steps:

  1. Technology, not entirely a blessing;
  2. Technology, not entirely a curse;
  3. Technology, neither an entirely a blessing or a curse for employment and labour.

Authorities: A New Non Authoritarian Approach

AUTHOR
Ugo G. Pacifici Noja

ABSTRACT

The first thing to be understood, when we speak about the italian Public Administration, is that the wideness of that Administration has forced the State to find out for new models of organization different from the classic ones. The dominant position is, normally, occupied by Ministries or, as somebody would say, Departments. But, just aside from those models, there is the model of the indipendent administrations. They, basicly, are what in the french law is pointed as the autorit’s administratives ind-pendentes.

They were originated in the victorian England, but they specially found their biggest diffusion in the USA.

The ratio of their creation is to be found in making a non partizan institution, composed for the greatest part of technicians that, just quite for their intellectual characters, are to be said super partes.

Now, we could say that when we speak of the indipendent authorities, we mean authorities far from political influence. And this can explain why the escape from administration is still continuing, creating a phenomenon that someone has said of agencification. And always it has been said that only making bigger and bigger the distance between the government and the authorities, it will assured the freedom of movement necessary “to move”.

What is important to work well, is to have very thin structures, in which the degree of real indipendence from the central power is basic to decide the real capability of making a real policy. In this sense is very important to find solutions about the creation of the top managers of the State. Top managers who should be put under the control of an authority that would give at the same time a warranty of indipendence from the central power and warranty of continuous check of their institutional musts.

The term of five years normally given to the members of the indipendent authorities, has to be thought as the minimum time to establish a relation with the Government. At the same time, the creation of “private” budgets for the authorities has to be explained with the necessity of making real indipendence especially on the economical side.

But the authority is to be thought even as a tank of culture. And the reason is that for the most part of its activity, an authority is more proposing than “making”.

The characters of the indipendence are particular procedures for nominating, functioning and financing. We always can observe the authorities posed in a general attention but in a particular concentration. That is to say each of them has its particular field of action, but none of them ever declares its disinterest about the general situation outside its hortus conclusus.

It is as important as necessary to individuate (or, better, to try to individuate) the different kinds of authorities. But before making this list, it is very necessary to warn that we have to focus two different periods. The first one is the one in which models, different from the traditional model of public administration (as the public administration was meant in Italy till to that time) just represent an answer. The answer of the State to particular sectorial exigencies. And in this sense it is not wrong to put this period more in the public law of economy than in the public law in general.

The second period, instead, is represented by the creation of new organization models. Particularly this period can be distinguished because of the era of the privatizations. Moreover when we speak about authorities we have to learn that, for the biggest part, they can be said regulation authorities. That means that they are constituted as to regulate activities. What sort of activities they are, we better will see in the sequel. Now we just want to limit ourselves to say that are activities (public, but they also can be private) that in any case go to impact with the public interest.

Now, the prevailing doctrine makes a tripartition of the authorities by reason of the different kinds of interests protected.

1) Authorities in which the function of warranty of the community concern the system in its entirety; 2) authorities of prevailing interest in the economical sectors; 3) authorities with prevailing functions of trend, watch, co-ordination. We can not abstain from observing that a considerable part of authorities created (or going to be created) in the last ten/fifteen years in the majority of the countries of Western Europe have been established in the field of Technology, or better, Information and Communication technology. In the very last years we can add to this list data protection, and rights in general connected to technology.

When we speak of the indipendent administrative authorities we have to very understand that “their” law is not the normative result of political groups, but the very result of the theorical research of the jurists and of the experts. This law, so, will not be able to be named of the lawgivers, but will have, anyway, the right to be named law. Another question is the relation existing between the authorities and the judges. Particularly it is natural for everyone, interested in the problem, to ask himself why authorities receive the power to decide questions of public interest. But this question can be answered just if we accustom ourselves to consider the indipendent authorities as the holder of a peculiar position: the fourth power.

It must be considered that the force of indipendent authorities (and agencies) finds at its roots the compulsive power of the moral and intellectual authority of its members. (We are sorry for the double use of the same word, that could generate confusion).

At the same time we can observe that “ordinary” public administration makes its power based on an authoritarian power. So that the today public opinion less and less is going to accept this kind of relation.

Conflict and the computer: Information Warfare and Related Ethical Issues

AUTHOR
Sam Nitzberg

ABSTRACT

At its origins, the modern computer was a tool used to advance the state of warfare. As the scope and role of the computer has widened, so have societies’ reliance upon the computer. This dependence has rendered nations increasingly vulnerable to attacks upon their computing infrastructures. For the aggressor, this provokes some interesting ethical quandaries regarding target selection and the resulting conflicts of any information-warfare or computer-initiated attack.

While this subject might seem remote or fanciful to some, these issues are already upon us. The usefulness of the role of the computer in conflict is just beginning to become apparent, with computers being used between nations, small groups, hackers, and corporations. One major irony is that as computers are brought to bear in more conflicts in the new information age, corporations, and not just governments, are destined to become increasingly common targets. If the relevant issues are not properly addressed and understood in the corporate world, the resulting quagmire will be far more costly than if these issues are properly studied and prepared for.

The rapidly growing spread of technology and information into all sectors of the public and private sectors, coupled with the very fast spread of computer security information as well as analysis tools renders virtually any computing platform subject to attack. Computer security and attack tools are freely available from the internet; these tools may be used to perform a host of functions including: analyzing either local or remote computer networks or systems for exploitable vulnerabilities, tools to crack and defeat passwords or password systems, with which access to systems to which the hostile party is interested may be achieved, and denial of service tools, with which corporations or other organizations may be targeted in an attempt to cripple their computers’ connectivity and halt their operations. Fortunately, a wealth of information and tools are also available with which organizations may defend themselves – often by using technologies which are similar to the aggressors’.

Engaging in conflict through the web holds great promise for both the “Underdog,” – those of limited means and resources, who wish to accomplish an objective through unorthodox means, and for the “Fat Cat,” those with resources and power who wish to maintain their position. Methods of interest to the underdog include whispering-smear campaigns, propaganda web pages, electronic communication making use of strong cryptography (itself controlled as a munition under the laws of numerous governments), and non-lethal means of harassment. Methods of interest to the Fat Cat include electronic surveillance, waging of information warfare (both commercial and military) against other states by the use of methods including the targeting and interrupting of banking, phone, traffic, or other systems, as well as attacks upon military systems and organizations relying upon computers.

Inroads are being made toward addressing issues of computers, crime, and conflict at various stages of development for computer-users. Computer and ethics courses are starting to address these issues at the undergraduate level, and professional organizations, such as the ACM (Association for Computing Machinery), are adopting codes of ethics for their members. Many corporations are defining what constitutes legitimate use of their computing resources and formally proclaiming their positions in corporate computing security and use policy documents, which are enforced as corporate edicts. The added exposure and debate of these issues will help establish norms for behavior, and assist in identifying misdeeds.

Some problems remain, however. Several pieces of national legislation (American) are technically flawed to the point of being either arbitrarily enforced, or enforced at will. Legal precedents determined in courtrooms often do not have analogous precedents, and, therefore, are likely to have unpredictable results. A number of protests which have taken place through methods of computer conflict have violated various laws – but were performed for a “greater good.” Additionally, while the codes of ethics or conducts being adopted by professional organizations seek to ensure proper and professional behavior on the part of their members, these codes of conduct sometimes include very general terms, such as those restricting their associations’ members from performing harm. Such clauses would seem to violate the very functions of a great many members professional activities which involve the use of computers – especially those activities related to assist in the waging of war (more popularly referred to as defense), or for the engaging of computer-based warfare. At the other end of the spectrum, it would be very hard to identify any job which produces absolutely no harm. All of these aforementioned policies and mechanisms will contribute to the growing awareness of computer security and related ethical issues.

Although there are a great number of players engaging in information warfare and computer conflict, methods by which computers may be effectively secured are known. Due to the growing intrusion of the computer into all realms of everyday personal and professional life, the ubiquity of computers, and the quickly shared knowledge of their vulnerabilities, companies and organizations can and must assure their own protection. This is not merely of pragmatic concern, but a moral and ethical mandate due to the severe consequences to stockholders and customers, and to populaces as a whole, given the growing importance and reliance by society upon computing systems.

Inspection Mechanism for Server-and-Client Protocols with Private-Key Cipher

AUTHOR
Kanta Matsuura and Hideki Imai

ABSTRACT

In an open network, how to provide deterrents to malicious behaviors is an important issue. A common technical solution is the use of cryptographic primitives such as encryption/decryption, digital signature, and digital signcryption. In this solution, execution logs are stored by each entity and used when needs arise for trouble settlement or judgement; authorities are involved mainly in the settlement phase. Depending on system-design and security policies, however, more active authorized procedures would be of great help. In preparation for such a situation, this abstract introduces an inspection mechanism for server-and-client protocols which are based on a private-key cipher.

In our society, authorized activities by police or similar organizations prevent or discourage people from committing a crime; potential criminals fear the consequences of their crimes which might be detected by the police. Inspection without notice, for instance, contributes to these activities. The mechanism described below is based on an idea similar to this inspection effect in the off-line world.

Let us consider a security protocol which uses a private-key cipher in important message delivery between a server (say, Alice) and a client (say, Bob). In order to use our inspection mechanism, the protocol must

  1. be designed in a way that the delivery request is always generated by Bob,
  2. provide two private keys per server-and-client pair, and
  3. have a secure channel (most probably established by very costly but highly secure protocols) between an authorized entity (say, Pole) and Bob.

In addition to normal procedures of the original protocol, we introduce inspection procedures in which Pole performs a behavior check on Alice.

In normal communication, Bob initiates the session by using one of the shared keys. Let us represent the chosen key by k1 and the other key by k2. Main process of the session, then, uses k1 for authentication, message delivery, and acknowledgement. Finally, Alice generates a new key k3, encrypts it with the non-session key k2, and sends the result to Bob. Bob decrypts the new key, and the shared keys are updated from (k1, k2) to (k2, k3); the next session will be initiated by using k2 or k3. k1 will never be used afterwards.

The inspection procedures start with a request message from Pole to Bob through a secure channel. If Bob accepts the request, he securely transfers one of the shared keys to Pole. Let us represent the chosen key by k1 and the other key by k2. Pole then masquerades as Bob; Pole initiates a session by using k1. Main process of the session delivers messages which are carefully designed for inspection activities by Pole. At the end of the session, Alice generates a new key k3, encrypts it with k2, and sends the result to Pole in disguise. Finally, Pole forwards the encrypted new key to Bob, and Bob decrypts it. Thus the shared keys are updated from (k1, k2) to (k2, k3), which are not disclosed to Pole. The next session will be initiated by using k2 or k3.

One of the possible applications of the proposed inspection mechanism is a storage support of digital valuables; not only cryptographic parameters but also digital personal materials such as artistic contents, family treasures, memorials, and digital certificates may require long-term secure storage in an electronic form in a future network life. Some of these storage requirements can be supported by Key-Recovery Systems (KRSs) [1], [2]. KRSs are now actively discussed by the research community and a lot of different systems are being developed. Some of them and more general valuable-storage support systems — either for backup or for deposit — might use a client-server system equipped with a private-key cipher. How significantly our inspection mechanism works would depend on decision-making models and probably be a good subject for discussion at ETHICOMP98 Conference. More specific examples or implementations will appear in the final version of the paper.