A framework for performing security and ethical analyses in agent computing

AUTHOR

A Barnard, E Cloete and L Pretorius

ABSTRACT

The domain of information security research is not exclusively of a technological nature as it is permeated with aspects of human behaviour. Similarly the broad field of ethics is no longer only a human issue, as is reflected by the establishment of computing ethics as a separate research area. Advances in the past decade have led to the emergence of among others, new technologies, frameworks and methodologies in the field of computing. Examples include the Internet, global connectivity and agent technology – in particular intelligent agents. The attribute intelligent brings with it a concomitant human characteristic that is assigned to an inanimate technological object. It is even plausible to think of communities of intelligent agents, inhabiting cyberspace, interacting with other entities (agents, human users and hosts) and in this way developing a social life. This raises issues concerning information security as well as the ethical and social behaviour of intelligent agents.

Agent behaviour can be analysed from a multitude of perspectives, including the security and ethical concerns. Security analyses typically focus on evaluating the application of external measures to an entity to ensure the safety of the entire community. Alternatively an ethical analysis addresses the internal behaviour of an entity in order to highlight its possible performance of actions harmful to the community. These different perspectives complement one another and may lead to a simplification of the security system.

Computer users may in general be classified as either aware or unaware of security aspects. The former group mistrusts unfamiliar agents while the latter group is not at all aware of potential security risks associated with agent computing. A framework to analyse the security risks of agent computing will create and raise awareness of how secure agents are. Similarly, it can be argued that a framework for ethical analysis will provide a more reliable basis for systematic assessment since intuitive assessment of agent behaviour may be misleading.

An a posteriori systematic analysis of the behaviour of an agent can assist developers of said agent to improve the modelling of the secure and ethical behaviour of future versions of the agent. Once the behaviour of a number of agents have been analysed in this systematic fashion, norms and criteria for the design of new agents that will exhibit acceptable secure and ethical behaviour can be formulated and continually refined. This may lead to a simplification of the security measures imposed on the agent.

In this paper we thus briefly discuss agent computing and its impact on the environment in which it is applied. In particular, we focus on security and ethical issues associated with software agent computing. For this purpose we start off by explicating what we understand under the notion of an agent and we describe the typical environments in which these agents can operate, the so-called agent community. For illustrative purposes we consider the Aglet Software Development Kit (ASDK) for development and management of network-efficient mobile agent applications. This example is used throughout the paper to illustrate both the security and ethical analyses.

We furthermore discuss a number of relevant security issues and ethical theories pertinent to agent computing and we present a framework within which the security and ethical behaviour of agents can be evaluated and analysed. As part of the evaluation phase of the security risks posed by agent computing, we consider the five security requirements, namely identification and authentication, authorisation, confidentiality, integrity, and non-repudiation as defined according to the ISO 7498-2 standard, produced by the International Standards Organisation (ISO, 1999).

Following on the security considerations we discuss some of the better-known ethics theories that may be applied in the analysis of the ethical behaviour of agents. In this respect we review the basic principles of two deontological theories, viz. duty-based and rights-based ethics, the teleological theory of utilitarianism (Spinello, 1997), and the theory of just consequentialism (Moor, 2001). Note that these theories will be discussed in the context of agent computing.

Regarding an ethical analysis of an agent’s behaviour we use the Five-step Process of Ethical Analysis of Rananu, Davies and Rogerson (Maner, 2002) as basis. Other similar procedures for ethical analysis may be found in Maner (2002). The analysis procedure of Rananu, Davies and Rogerson, originally designed primarily for the analysis of human behaviour and ethical decision-making, was chosen because it can be readily applied to the ethical analysis of agent behaviour. For the purposes of this paper we modify this process to be applicable to agent computing.

We conclude by observing that agent computing presents certain ethical and security challenges that are worthwhile investigating and require further research.

REFERENCES

ISO 7498-2. (1999). Available online at http://www.iso.ch/cate/d14256.html, accessed on 22/05/2003.

Maner, W. (2002). Rananu, Davies and Rogerson, ‘The Five-step Process of Ethical Analysis’, in Procedural Ethics, http://csweb.cs.bgsu.edu/maner/heuristics/1996Rananu.htm, accessed on 26/11/2002.

Moor, J.H. (2001). Just consequentialism and computing, in Readings in cyberethics, (eds. R.A. Spinello and H.T. Tavani), Jones and Bartlett Publishers, Sudbury, Massachusetts.

Spinello, R. A. (1997). Case studies in information and computer ethics, Prentice Hall, Upper Saddle River, New Jersey.

Local Culture and the E-Business: The Freedom and Threat of Communication

AUTHOR

Constantinos Athanasopoulos

ABSTRACT

Not only our contemporary economy but our societies and local cultures as well are permeated and transformed by the increasing and widespread use of the modern technologies and in particular the Internet. Many see this as a beneficial factor for our societies: they believe that local cultures can be freed by the menace of nationalism and fanaticism that 19th and 20th centuries have brought upon them. Others however, see such a widespread and with no similar precedence infiltration of foreign customs and ways of life into local culture as a highly corrosive and deleterious effect of the advance of modern technology. This dilemma between absolute freedom in the flow of information via the Internet into the local societies and cultures and a regulated use of the Internet so that local societies are protected and local cultures preserved and keep flourishing well into the next century is the main topic of this paper. Since the paper uses theories from both cultural theory and philosophy (mainly philosophy of culture, philosophy of civilisation, ethics -and mainly business ethics- and political philosophy) it follows an inter-disciplinary attitude and perspective. After an investigation into the nature and the main characteristics of local cultures and civilisation in today’s globalised economy and world of internet based information (based both on cultural theory -esp. the theories of Breslow and Jones 1977- and on the philosophy of civilisation -esp. the theories of McKeon 1981, Canfield 1996, Jacobson 1954), the paper shall analyse the main ethical arguments in favour of the widespread freedom of enterprise in the Internet, and in particular in the form of the recent development of Electronic and Internet based Businesses (based mainly on welfare based criteria and arguments -such as those offered by Kaplow and Shavell 2002). This new form of business is criticised by many as a threat to local cultures and traditions. The paper shall analyse this criticism and shall relate it to the traditional ethical arguments connected to the deontological vs. the consequentialist basis for the freedom of communication. Using a critique on the welfare basis for the freedom of communication (found in an early form in John Stuart Mill’s On Liberty), as well as a critique on the ethical subjectivism and relativism that the believers in the absolute freedom of expression presuppose, the paper shall attempt to divest the main arguments for an absolute freedom of communication via the internet and the internet based business from logical fallacies and shall propose a new principle in regulating internet based communication, which can also apply in the case of e-business and the related e-business’ activities. This principle encapsulates intuitions from the communication and language theory of L. Wittgenstein (esp. his later philosophy of language and communication views). Language and communication in the later Wittgenstein are so immersed in the community based and social life that Wittgenstein sees them as forms of life. I shall enlarge on what exactly we can understand from Wittgenstein’s intuitions about language and communication and how they are related to both cultural and civilisation theory and my proposed here regulatory principle. Since one of the main purposes of e-business is to relay information via the internet, the regulatory principle which shall be proposed here can form as a platform and a control mechanism for filtering commercial information via the internet, protecting crucial areas and characteristics of local culture and community life. In this way the proposed here principle shall escape the welfare-based pitfalls of the “absolute freedom of expression” adherents through the philosophical analysis of the use of the concepts of “culture”, “civilisation” and “communication”. At the end of my paper, I shall embark into a comparison (by way of an example) between the application of such a principle in the Internet and the current state of e-business and Internet based flow of information and e-communication. The purpose of such an endeavour shall be to find how the proposed guiding principle can be a beneficial factor in the radical transformation in society and local culture that the widespread use of the Internet by business and other private commercial or non-commercial agencies and groups of people forces upon it.

Unpredictable risks and the autonomy of the Internet user

AUTHOR

Lotte Asveld

ABSTRACT

The bankruptcy of the Dutch glass fibre network company KPNQwest in the spring of 2002 raised questions about the acceptability of risks related to digital infrastructures. KPNQwest appeared to be of vital importance to the European Internet traffic since 40 % of the traffic went via the networks of KPNQwest. The consequences of the bankruptcy of KPNQwest were unpredictable, either because of a lack of technical knowledge or because of the sheer incomprehensibleness of the entangled interactions of very diverse actors. According to some, the fall-out of KPNQwest-network would cause a total blackout of the European Internet traffic, according to others no effect would occur at all. Medium estimates amounted to congestions of Internet traffic in different orders of severity.

Since Internet is becoming of increasing importance to our society and more and more people are depending on digital networks, the badly understood risks accompanying the organisation of digital infrastructures are of growing moral concern. The main moral concerns here are related to the notions of autonomy and justice. Autonomy with regard to risk requires that the subject is able to make well-informed choices about the acceptability of a risk. Justice requires that people are treated fairly as equals and no unjustifiable risks are imposed on them. To justify a risk, it is necessary someone take responsibility for the imposition of a risk, preferably the initiator of the action at stake. It is unjust to let innocent subjects bear the consequences of risks they themselves were never able to influence. Moreover, the imposition of the risks can be deemed acceptable trough (hypothetical) consent of the persons affected by it.

Clear possible chains of events or clear risks come with clear responsibilities. Unclear possible chains of event make it easier for responsibilities to be shoved around by divergent parties. Internet Service Providers (ISP’s) rely on the services of KPNQwest and end-users rely on the services of the ISP’s but just how much each relies on the other for the continuation of Internet traffic is unclear. The flow of Internet traffic is hard to register and so are the dependencies between divergent parties. Now whom -if anyone- should make sure there are enough alternatives available in case of a bankruptcy so the flow of data through Internet is ensured?

In the case of KPNQwest eventually other network providers stepped in quickly to fill the hole. Information flows were quickly diverted to other glass fibre-routes. In the end, the bankruptcy of KPNQwest sorted very little effect on the digital infrastructure. The question remains however: was this just a lucky occurrence of events or is the risk of Internet failure through bankruptcy of a provider not so big after all? The fact that nothing serious occurred does not prove nothing could have occurred. In fact, it seems quite probable that any definite answer to the previous questions will never be found until something goes terribly wrong.

The insecurities related to both risks and responsibilities make it hard to guarantee autonomy and justice for the average Internet user. To what extent can Internet users manage the risks they face if they have no insight into what these risks constitute and who is responsible for what?

However, the insecurity about the effects of a bankruptcy of one of the largest infrastructure providers in Europe can also be valued in a positive way. Firstly, because of the insecurities, the trustees in the bankruptcy employed a very cautious strategy. Normally they would have ‘pulled the plug’ as soon as possible because it is a costly business to keep the network running. Now instead, out of fear for claims, the trustees decided to keep the network running, thus allowing more time for customers of KPNQwest to find alternatives. Secondly, many actors within the Internet economical arena: ISP’s, network providers as well as end-users, rather rely on trust than to be forced to put a lot of time and effort into transparency and well-informed choices. Intransparency is time-saving and it does also hide one’s own weaknesses from the competitors.

The main questions in this paper therefor are: should the insecurities related to the reliability of Internet traffic be reduced considering values of autonomy and justice and if so, in what way? Possibly, the clash between autonomy, justice and insecurity is not so hard to reconcile.

One option to deal with these matters is to increase the control governments have on digital infrastructures. Governments could perhaps guarantee the availability of digital infrastructures. Top-down control may however impair the value of autonomy even more than the anarchy that seems to rule Internet traffic nowadays.

To rely on economic incentives is another option. But can the maintenance as well as the development of digital infrastructures be left to the forces of the market? Is it just to trust on the workings of the ‘invisible hand’ as proposed by Adam Smith if many divergent interests depend on the specific facilities?

The notion of Informed Consent may provide a valuable asset here. This instrument can provide a worthwhile interaction between providers and costumers in dealing with unclear risks and expectations. Through this process responsibilities may be openly negotiated and agreed upon. This option is justified by both the principle of justice as that of autonomy.

To ensure a realistic solution to the above-mentioned problem several viewpoints from stakeholders in the process surrounding the collapse of KPNQwest will be taken into account. Stakeholders include clients, but also facility providers (electricity) for KPNQwest and representatives for end-users. Their insights into responsibilities, the reliability of Internet and the need for transparency will provide arguments for determining the ethically most desirable approach to the problems mentioned above, aside from ethical considerations.

Extending Artificial Agency to Incorporate Ethics-oriented Social Interaction

AUTHOR

Argyris Arnellos, Thomas Spyrou and John Darzentas

ABSTRACT

This paper suggests how information systems may make use of Systems Thinking to incorporate ethics. In Systems Thinking, it is expected that a first action towards which a group of parts is directed is to attempt to distinguish between themselves and their environments. This is a prerequisite for these parts to be called a ‘system’. Although the degree of consciousness in such primitive steps cannot be measured or evaluated, one cannot assert the same thing in cases concerning further states of a system’s evolution.

Contemporary information systems have evolved a long way from such primitives. They are developed systems, mostly technologically implemented, for purposeful communication and most often with a complex structure involving different ‘parts’, including people, data and technology. These parts, in their turn, can be seen as subsystems, which, in a continuously evolving information system, produce numerous interactions each with differing types and characteristics.

One of the most interesting subsystems is the one responsible for the application of knowledge-based decisions in an information system. Such subsystems are usually called ‘intelligent’ and the support that they provide has its sources in the domain of artificial intelligence, knowledge-based systems, fuzzy systems, neural nets and other theories and techniques, which are applied to the problem domain.

These subsystems have their own sets of observations and distinctions which are carried within the information system, in order to play a leading role in almost all of the operations of the information system. Since a primary condition for the preservation of an information system is its interaction with other systems, it is essential that the observations and distinctions underlying the system serve the ethics of the system itself as well as the ones of the systems with which it interacts.

This paper proposes that, in the realm of information systems, such ethical aspects are closely connected to the preservation of diversity, intersubjectivity and evolutionary complexity of all participating agents, either natural or artificial. In regard to the latter, so far, all ethical aspects of the artificial are indirectly fulfilled by the externally and a-priori given observation and categorization of the intelligent subsystem’s designers. However, considering an information system as a socio-technical system acting in a society consisting of webs of meaning, its artificial part ideally should have the complexity and the ability to decide and act in terms of its own ethical considerations. With this perspective, and making use at the same time of a systemic context for the analysis of the interactions of an information system, ethics can be framed in terms of the meanings and intentions which play a major role in the purposeful interaction of a system.

In this paper an analysis of the influence of systems theory in the design of artificial information systems is given, concentrating on the terms of the concept of information, as this was adopted in each stage of the theory. It is argued that in the context of an autopoietic socio-communicative framework, where information is not taken in the ordinary sense, ethics are reflected in the quality of information processing by the system. This processing is made through the creation of new meaning structures, based on the intentions and goals of the system. As complexity increases, in order for the artificial agencies in the Information System to be able to perceive the ethics-oriented characteristics of their interaction, a parallel increase in the system’s autonomy and adaptivity is expected. Given the system’s evolutionary adaptation process, this means that it should have the potential to produce and categorize new meanings, thus increasing its range and achieving the ability to incorporate ethics-oriented constraints in its decisions.

This paper presents the argument that for artificial agencies in information systems to be able to confront the ethical aspects of their interaction, they should be designed within a systemic and continuously evolving interactive framework, such as that encountered in information driven socio-communicative systems. The main purpose is the creation and communication of new meanings where ethics are related to the intentions of certain agents in such systems, as well as to the goals, scopes and constraints of the interacting environment. The role of information in such systems is examined and its ethical implications are analysed in terms of their influence on Information Systems as a whole. The shift of meaning inside the artificial system in relation to the sense of information is presented. It is shown that this is a highly likely move towards the designof systems capable of ethics-oriented social interaction.

Citizens Expectations and Disappointments in Information Society

AUTHOR

Doinita Ariton, Florina Paun, Viorca Ioan, Mihaela Nicolau, Nicoleta Barbuta, Liliana Moga, Florin Buhociu, Carmen Tofan

ABSTRACT

This paper is based on our research work as members of Romanian team of SIBIS project (Statistical Indicators Benchmarking the Information Society) funded by the European Commission under the “Information Society Technology” Programme. SIBIS project offers us actual data (2002), covering EU15 countries, NAS10 countries, Switzerland and USA. SIBIS developed a methodology and indicator/index development project for the definition and piloting of statistical indicators that will be used for measuring and benchmarking a full range of aspects of the development of the Information Society. The objective of this project is to offer a support of development of policy in ICT area based on a good understanding of the different aspects of existing situation.

First of all we shell introduce Romania using the indicators which are quantifying the factors with influence in Information Society stadium. There are economic indicators (GDP per capita, unemployment), indicators related ITC domain (basic access and usage, digital divide index) and social indicators (population and composition, education level, income, corruption) etc.

Than, we shell present the stadium of Information Society in Romania in comparison with other European countries and EU average. This analysis, based on SIBIS topics, permit us to include five relevant fields in the paper structure:

  • eCommerce;
  • eHealth;
  • eGovernment;
  • eWork;
  • development of Romanian Infrastructure for Information Society.

We are looking for the reasons of the differences between the real situation and the citizens’ expectations for each domain. The SIBIS questionnaire allow us to identify, case to case, the citizens’ expectation regarding Information society and the influence factors for their participation to Information Society progress.

eCommerce

The electronic revolution in commerce is affecting the performance of the economies as whole and, in the same time is having effects on the comportment of individuals as customers.

Regarding this topic we shell present the attitude, the factor with influence in the behavior and the tendencies of the Romanian consumer of eCommerce services, which is a nowadays reality in Romania. This analysis is based on indicators like eCommerce across age groups, usage and experience, Structure of online interactive user or online security concerns.

eHealth

Nowadays the information society has a big implication into the health field and is quite hard to prove that this is not a reality.

In our study we shell try to present the citizens’ motivations in searching for health-related information on-line and their expectations and disappointments in finding suitable health-related information on the Internet, sufficiency of mother tongues web sites for finding health-related information suitable for needs etc.

eGovernment

Citizens make use of government services through their lives. It is the right moment for major changes in Romanian Governmental Systems in to improve the relationships between Administration and public services users. The Romanian citizens expect this, as the research concludes. Romanians’ preferred way of interacting with Government services is Internet.

In Romania usage of eGovernment services is low. Therefore, we shell analyze the appointment of citizen’s expectations with the reality of eGovernment and we shell try to found the motivation for the situation in fact and the possible solutions.

eWork

For the eWork part, we shell analyze the access to different information, services and vacancy jobs using information communication and technology in comparison with other European country data.

Also, we shell present the citizens’ interest in eWork and the effective utilization, using indicators like Discretion and over starting and finishing times at work, Interest in telework comparing with Total teleworkers and Unployment.

Development of Romanian Infrastructure for Information Society

The possibility to adopt Informational Society specific facilities may depend on numerous factors. Implementation of widely – available broadband infrastructure is seen as vital. The faster broadband becomes widespread, the sooner we’ll enjoy its benefits, as it enables the realization of a new generation of applications and services.

For the Romanian citizens, accessibility and costs of the technology (PCs and Internet costs) are very important issues.

We shell present the correlation between population expectation regarding the implementation of a widely – available broadband infrastructure with a price according the Romanian citizens’ purchase power and the real possibilities in this domain.

The paper concludes with a discussion on each topic about the success or failure Romanian specific factors, including the social ones and their role in Information Society issues.

University Challenges in Information Society

AUTHOR

Mario Arias-Oliva, Leonor González and Raúl Santiago

ABSTRACT

Both information technologies and communication itself are changing wideworld the ways of working, communicating and spending the leisure time in nowadays society. The number of people using multimedia systems and internet both at work and at home has increased a lot in the last years. The education and training environment themselves can not be kept away when dealing with new technologies and both their managing structures and the academic field must get adapted to already referred usage of new technologies. many academic institutions have started to use new technologies programs in their managing structure : academic and learning methods. This kind of attitude towards information technology are becoming more and more specialized and numerous. In this sense, we think that a new and coherent use of new technologies is needed not only in the educative and training field but also in methodology plans. This change can only be successful if the “old attitudes” are left behind. A new attitude related towards new technologies must be taken into account to cope with new university challenges.

The new targets of the teacher will only be useful when the teacher has a good command of the new technologies, when he /she takes into account the added value that the academic contents will have, and making the product be attractive in its design. The product must also be versatile and rigorous when developing contents. The university environment must be able to give a general and efficient answer to these principles since it is supposed to guaranty a high quality education. Research, methodology and management must be readapted in order to improve the quality of the education and must solve all the problems that the society requires.

This work will analyse the procedures in the University of La Rioja, Spain. In Spain ,the ministry of education thinks that in the next fifteen years, people attending the university in Spain will decrease in a 33%, this fact will make the university readapt its resources. The decline in birth rates registered in the 80s is now causing problems in the university. This report also shows some of the possible solutions: one of them is the settlement of the L.O.U ( Law of universities) where the ministry states ” The university is getting ready for a great change . This law will be the basis for the University of the Future, a modern university that will take into account the new circumstances”. But in the opposite way, we will find a greater demand in knowledge services. It will be imperative to balance this situation. The strategy must let an approach in the university towards an offer thought according to the knowledge society in which we are involved. Related to this, the permanent training of professionals must be taken into account ,it is say “we have to go forward and in this new contest the university of the future must play and important role in lifelong training”. The need of a change in teaching and managing methods coming from the usage of ICT. If we want this change to have an important effect, old attitudes must be left behind when dealing with new technologies, we have to go on and help the change to be successful. As it was stated the teacher has to get a new role and his / her new objectives must undergo a major change. The lecturer must know well the new technologies and the result of this process must be attractive , versatile and well designed. In this scenary it is compulsory to insist on the needs of developing new models in which the whole community can take part. The university of La Rioja is the first Spanish public university that organised and developed two degrees through the internet (degree in History, music science and work science). The experience of offering these degrees through the internet, has been a success, and has overpasses the most optimistic thoughts. We will analyze the successful strategy of this university to COPE with new information society challenges.

REFERENCES

BEVERLY, Abbey (2000), Instructional and Cognitive Impacts of Web-Based Education, Idea Group Publishing, Hershey, USA

Bischoff, A. (2000) “The elements of effective online teaching” en The online teaching guide, Allyn and Bacon, Needham Heights, Massachusstes.

Bostock, S. (1997): “Designing Web-Based Instruction for Active Learning.” En Web Based Instruction. Englewood Cliffts, New Jersey: Educational Technology Publications, (225-230)

“Guía de Autores y Consultores de programas y contenidos de formación virtual”. (Ediciones 2000, 2001 y 2002). Santiago Campión, R. (coord.). Fundación General de la Universidad de la Rioja & Universidad de La Rioja

Malhotra, Y. (1997) “Knowledge Management in Inquiring Organizations”, Proceedings of the Association for Information Systems Third Americas Conference on Information Systems (Philosophy of Information Systems track), Indianapolis, Indiana, August 15-17.

McCORMACK, Colin & JONES, David (1997). Building a Web-Based Education System. Wiley Computer Publishing. USA.

Mattthews, R (1997) “Guidelines for Good Practice: Technology Mediated Instruction” California Community Colleges, Sacramento, California.