Governance challenges and technology innovation for social use*

AUTHOR
Aygen Kurt and Penny Duquenoy

ABSTRACT

This paper takes as its theme the consideration of ethics in technology development and takes as its foundation work undertaken in the European Union?s (EU) Science in Society EGAIS Project (Framework 7) in which the authors are partners. The Ethical Governance of Emerging Technologies (EGAIS) project investigates the ethics governance processes for European co-funded research and development projects. Our position in this paper will be to discuss some of the results from the project and then consider the implications for non-government funded developments, such as innovations that occur independently or within small organisations. We will base our argument on the innovation theory (and discourse at European level) as a means to understand the development picture, and draw out similarities and differences between the more regulated domains of funded-research and the increasingly common innovative developments that occur outside any regulatory framework.

This abstract begins with a short overview of the area, a flavour of some of the results from the EGAIS project, and progresses to examples of contemporary cultures in development. We raise some questions that are pertinent to ethical responsibility and new technologies.

Innovation has been at the heart of European funded research and policy discourse more explicitly since the beginning of Framework Programmes in the 1980s. Today it continues to be vital and more importantly the ethical aspects of technological innovation and “responsible innovation” are becoming essential elements of the funding mechanisms. The European Commission (EC) has recently launched a consultation on the future of research and innovation funding in Europe with a focus on increasing research funding into innovation and spurring its economic impact on society (European Commission, 2011). To pave the way for this approach, late last year the EC published a communication paper about the launch of a European Innovation Union setting the rationale and targets to improve Europe?s ability to drive innovation in products, services and processes to tackle major challenges facing society today (European Commission, 2010).

In this picture, embedding ethical thinking into technology development culture of Europe and raising awareness for ethical implications of new technologies and innovations is a difficult task. On the one side one has the innovation-driven techno-economic paradigm is embedded in the EU?s research policy discourse and on the other hand, integrating ethical thinking into the innovation design processes might hinder the pace of innovation and competition. However, within the boundaries of an emerging European knowledge system (Stein 2004), enhancement of innovation and rise of competitiveness together with social, ethical, legal and cultural implications can go hand in hand as long as they are sourced, produced and consumed within the system.

In the EGAIS project, we have coordinated the analysis of a number of EU-funded technology development projects to understand whether the ethical and social aspects of the technologies being produced were recognised, and if so, how the project partners resolved the issues, and what the governance arrangements were. In this project we were looking for instances of projects taking a perspective broad enough to recognise social and ethical impacts, to move beyond the technological point of view, to give thought to ethical principles (not just law, e.g. in the case of privacy) and the use of processes that allow these considerations to emerge, to be discussed, and resolutions implemented. Few projects demonstrated these characteristics. (The submitted paper will give more detail).

As mentioned earlier, the projects we studied are all examples of funded-research which are in one way or another contributing to and utilizing of the accumulated knowledge of the European Research Area, which is defined by the EU?s own policy discourse. However, if we look at other areas of innovation which are not funded within the EU-sourced mechanisms, but still having an impact on the European societal lives, the key challenge appears to be how ethically embedded technology development culture will inform our practices and how ethical norms in this context would be defined. Social media and open source systems embedded in a social media context are good examples which do not fit in the boundaries of the funded research idea.

Linus Torvalds, founder of Linux, for instance refers to the three key motivations that drive progress (in relation to technology). These are survival, social ties and entertainment (in Himanen 2001). However, when it comes to designing open source software, the programmer?s key and only motivation would be entertainment. Torvald?s notion of entertainment involves the desire to know, curiosity, innovation and enjoyment of the challenge. If this challenge and enjoyment do not exist, and the technology is no longer an entertainment, then something like Linux would not have come about.

In this respect, Himanen (2001) suggests that the open source innovator?s, namely the hacker’s (in his words) work ethic would be guided by various values, that are passion, freedom, social worth, openness, activity and caring, with a focus on „concern for others as an end in itself and a desire to rid the network society of the survival mentality that so easily results from its logic? and creativity.

In such a “beyond the borders of the system” approach, the questions we need to ask would be:

  • Who are we expecting ethical responsibility from in technology development?
  • How can the technologist / innovator/ entrepreneur be capacitated in a competitive and supply-driven knowledge economy?
  • How can technology regimes be created (and what should they be composed of) for ethically responsible technologies to flourish?
  • What could be embedded within the research, innovation and knowledge systems for society to cope with the ethical aspects of technologies produced outside of the system?

*The research leading to these results has received funding from the European Union’s Seventh Framework Programme FP7/2007-2013 under grant agreement n° SIS8-CT-2009-230291

REFERENCES

European Commission, (2010). Communication From the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. Europe 2020 Flagship Initiative: Innovation Union. Brussels, 6.10.2010. COM(2010) 546 final.

__________________, (2011). Green Paper: From challenges to opportunities: towards a common strategic framework for EU research and innovation funding. Brussels, 9.2.2011. COM(2011) 48.

Himanen, P. (2001). The Hacker Ethic. Random House: New York

Stein, J. A. (2001) ,Is there a European Knowledge System?, in S. Borrás (guest ed), special issue of Science and Public Policy on Towards a European System of Innovation? Vol. 31 No. 6, pp 435-447.

Social Engineering: the Psychological Attack on Information Security

AUTHOR
Subrahmaniam Krishnan-Harihara, Vasanthi Nagappan and Prof Andrew Basden

ABSTRACT

It is widely recognized that technical security by itself does not offer sufficient protection against security breaches. Of all the different kinds of security breaches, technical security is perhaps least effective against social engineering because this form of attack depends on the manipulation of people. Social engineering is the human approach to violating security. It involves obtaining sensitive information or access rights to assets through deception or impersonation. It is also probably the most difficult type of breach to deal with. Although social engineering may not be as widely known as other security breaches, it can have very serious consequences for an organization. Social engineering takes advantage of human error or carelessness, and even the genuine human desire to be helpful and trusting. It is a popular form of attack because there are no technical barriers to overcome and also because it may result in the attacker obtaining valuable information which can then be used for other breaches. In many cases, the victim of social engineering doesn’t realize that he/she has been manipulated.

While each social engineering attack is unique, the commonality is the pattern. Most social engineering attacks take the four step process of information gathering, developing a relationship, exploitation and execution (Mitnick & Simon 2002). In the first step, several techniques may be used by the social engineer to gain knowledge about the intended target. This may include information such as phone numbers, birthdates, designation or the company’s organizational chart from public sources such as phone books, web pages etc. This is followed by building a rapport with the victim, which over time could develop into a relationship of mutual trust and friendship. Developing a trust is crucial because it could facilitate the exchange of favours or, the attacker can abuse the trust for the purpose of carrying out a breach. Actually obtaining the sensitive information or access required is the third step in the process and when that has happened, the attacker can carry out the final step of actually perpetrating the attack. In some cases, it might also iterate into further cycles or the actual attack may have several cycles.

The underlying process of social engineering is, therefore, thoroughly psychological because it is mainly about creating illusory pretexts, wherein the victim believes that the context upon which the attacker calls him/her is genuine and that he/she genuinely requires the information that can be furnished only by the victim. The genuineness of the entire situation is established by the attacker through a display of confidence, authority, the right credentials and good communication. By empowering the victim with praise and by presenting oneself as a trustworthy and legitimate person, the attacker can then proceed to gain all the information required in a confident manner.

Social engineering is a psychological process by which an individual can gain information from another (target) individual. In a social attack, the attacker often uses mental imagery and cues over direct, logical arguments to trigger the target into revealing the required information or performing the required activity. Because of the intense mental process through which this is done, the target individual often feels compelled to comply with the attacker. Success for the attacker depends on making this feeling strong enough so that the intended victim is persuaded to forego established procedures. A social engineer preys on certain qualities of human nature, all of which have a psychological basis. These qualities are the desire to be helpful, the tendency to help people, the fear of getting into trouble, the willingness to cut corners, the fear of job loss or personal embarrassment and the desire for prestige, thereby securing information release (Turner 2005, Peltier 2006).

Social engineering, as a security attack, needs to be given adequate attention because of its ability to take advantage of human weakness of trust and helpfulness. A successful social engineering attack can lead to other serious offences such as identity theft and industrial espionage. This is not only at the organizational level, but also at the individual level. This paper will aim to study this human element of security because this is an area most prone to attacks, as opposed to the technical means of providing security. It is evident that to understand social engineering, it is important that the psychological process be studied. This paper will, therefore, attempt to explore the psychological element of social engineering. In doing so, this paper will seek to identify the causes of social engineering and what could be done by organisations to counter it. A qualitative analysis of data collected for the study will be presented to evaluate the level of awareness about social engineering. Finally, recommendations for building awareness about social engineering will be provided based on a review of current psychological research into the subject. The authors expect that this paper will be valuable to information security professionals seeking to build effective security programmes covering both technical and non-technical aspects of information security.

REFERENCES

Mitnick K D and Simon W L (2002) ‘The Art of Deception’ Wiley Publishing, Indianapolis, Indiana, USA

Peltier T R (2006) ‘Social Engineering: Concepts and Solutions’ Information Security and Risk Management. EDPACS 33(8), p 1-13

Turner T (2005) ‘Social Engineering: Can Organizations Win the Battle?’ available online http://www.infosecwriters.com/text_resources/pdf/Social_Engineering_Can_Organizations_Win.pdf [retrieved: 04 February, 2011]

Management of Cybercrime in Electronic Government: E-Awareness Training Model Implemented in India.

AUTHOR
Shalini Kesar, Ph.D.

ABSTRACT

Introduction

The main motivation for this paper comes from previous presentation at ETHCOMP2010 where key challenges in the area of cybercrime and Electronic Government (EGov) in India were highlighted. It was seen that one of the main challenges faced by government officials at local level was their lack of awareness about management of cybercrime in general. It was also found that the general perception of officials was that the implementation of technical controls can minimize the risks associated with cybercrime. On the contrary to this mindset, recent research indicates that technical controls alone will not help in management of cybercrime. In additional to technical controls, equal importance to formal and social issues associated with Information, Communications and Technologies (ICT) have to be taken into account. With this in mind, this paper takes the support of Kritzinger and von Solms (2010) model to develop an E-Awareness Training Model for EGov context in India. It specifically aims to understand how including technical, formal and social issues within this model can help in facilitating changes in the perceptions of government officials about management of cybercrime.

Cybercrime and EGov in India continue to be two important topics. The “push” to use ICT towards high impact EGov projects in India still aims to “transform the corporation’s commitment to be citizen centric, provide cost-effective services and enhance governance through improved access to accurate information and transparent and responsive democratic institutions”. On the other hand, the dependency and use of ICT brings new and dangerous cybercrime related risks. The existing vulnerability when using ICT in context of EGov, if not protected, will indeed continue to be of a significant concern.

Against this backdrop, this paper particularly focuses on one particular EGov project initiated within the Municipal Corporation (MC) in the west part of India . Municipal Corporation is one of the largest and leading Urban Local Governance Body . While safeguarding information, most of the reports on EGov projects within MC discuss key component of technical architecture that mostly centers on technical controls. Hence, it is hoped that initial findings of this paper will not only exemplify the importance technical, formal and social issues of ICT but will also contribute towards Indian EGov agenda to reform the project rationale in context of management of cybercrime.

Current Situation in EGov and Cybercrime in India

Overall the government of India’s vision is to provide an “economically vibrant and sustainable city with diverse opportunities and rich culture; where all citizens enjoy a safe environment with good connectivity”. National eGoveranace Plan in general aims to provide, for example, services to reach the locality and ensure efficiency, transparency & reliability of Services . Some of the MC’s agenda include promoting people centric administration and reducing delays and ensure promptness in delivery of services. Existing EGov MC projects in west part of India have always been on the forefront of ICT enablement of services and departments to render faster and more efficient services to the citizens .

On the other hand, statistics indicate that cybercrime in India in on a continual rise. For example, under the Information Technology Act, a total of 420 cases such as hacking computer systems or forging digital signatures were reported in 2009 (Indian Gazette, 2011 ). This has increased from only 142 reported cases in 2006. Other global reports such Crime Online reflect that growth of cybercrime in countries in India are of particular concern

Method

E-Awareness Model proposed by Kritzinger and von Solms (2010) suggests two key components: E-Awareness Portal and Regulating Services. The main function of the portal is to provide up to date contents regarding cybercrime risks within the EGov local level environment (see table below). This addresses and enhances awareness of government officials who are responsible for implementing EGov services. Recent work of Naavi in India strengthens the argument presented in this paper.
Social_Impact_Social_Comp_fig1

E-Awareness Training Model

Conclusion

Issues such as social, organizational and technological factors and problems pertain to Indian EGov are beginning to be recognized. Yet specific studies on management of cybercrime in this context still remain largely neglected.

REFERENCES

Kesar, S. “Has the Indian Government really thought about management of information systems security?”, ETHICOMP2010, Universitat Rovira i Virgili, Tarragona, Spain (2010).

Kritzinger, E. and von Solms, S. H. “Cyber security for home users: A new way of protection through awareness enforcement”. Computers & Security, 29 (8): 840-847 (2010).

Social Computing and the Fourth Revolution: Inforgs at the Barricades.

AUTHOR
David Sanford Horner

ABSTRACT

In a previous Ethicomp paper I criticised the continual resort to the language of ‘revolution’ to characterise the social and ethical impacts of the latest developments in information and communication technology (Horner, 2010). I argued that it may be worthwhile re-examining the apparently canonical assumption that ethical concerns are necessarily about radical novelty. In this paper I want to extend the discussion by examining the foundations of one specific and ‘revolutionary’ interpretation of the implications of social computing. I refer to the radical and influential account given by Luciano Floridi (Floridi, 2010). He argues that we are currently experiencing a Fourth Scientific and Technological Revolution which is transforming not only our view of the world but also our view of ourselves. Social computing is implicated as one of the symptoms of this transformation. Floridi puts ‘information’ and the concept of the ‘infosphere’ at the core of his analysis. He wants nothing less than for us to accept and conform our morality to the idea that ‘…the infosphere is Being considered informationally’ (Floridi, 2008, p.200). In this paper I want to show how in arriving at his system he makes, what seem to me to be, some fundamental philosophical errors and the consequences of these for his ethical system.

In the first section of the paper I will try and give a coherent picture of Floridi’s argument. This includes an account of what he means by the Fourth Revolution. This is particularly important given that he introduces some significant neologisms such as the terms ‘inforgs’ and ‘the infosphere’. More particularly in the context of thinking about social computing he develops the idea of ‘life in the infosphere’. He writes that: “The increasing informatization of artefacts and of whole (social) environments and life activities suggests that soon it will be difficult to understand what life was like in pre-informational times (to someone who was born in 2000, the world will always have been wireless, for example) and in the near future, the very distinction between online and offline will disappear.” (Floridi, 2010, p.16) So the ‘inforgs’ are at the informational barricades. He is after nothing less than ‘the reconceptualization of our metaphysics in informational terms’. Of course, from this informational base we get to Floridi’s very special interpretation of what we might mean by ‘information ethics’.

Now in the second section of the paper I do want to suggest that there is something very puzzling about all this. For example, the way in which Floridi inflates the meaning of ‘infosphere’ to include just about everything. I want to suggest that the root cause of the puzzlement is to do with how Floridi talks about, and deploys, the word ‘information’; there is something very profoundly wrong with his ‘conceptual plumbing’. A paradox here is that on the one hand Floridi recognises in the introduction to Information: a very short introduction (2010) that work on ‘the concept of information’ is still at a ‘lamentable stage’ but then goes on to map the concept in a highly misleading way. He tends to talk about information as though it was stuff; as though it was the name of something. Firstly, I want to follow Mary Midgley’s clue about this is kind of reductionist talk. It’s not really very helpful if I want to put my cup of tea down on a table if you tell me that tables are just bits of information in the infosphere. Information is just not a third kind of stuff at all. “It is an abstraction from them. Invoking such an extra stuff is as idle as any earlier talk of phlogiston or animal spirits or occult forces.” (Midgley, 2005, pp.66-67) Secondly, and probably even more importantly, there are just some mistakes about how we use language. I develop this point by reference to J.L.Austin’s analysis of ‘the meaning of a word’ (Austin, 1970). In his paper Austin shows how we get into a muddle by asking about ‘the meaning of a word’ particularly when we consider words like ‘real’, ‘good’ and so forth. Information it seems to me falls into this category. As Austin remarks “Even those who see pretty clearly that ‘concepts’, ‘abstract ideas’, and so on are fictitious entities, which we owe in part to asking questions about ‘the meaning of a word’, nevertheless themselves think that there is something which is ‘the meaning of a word’.”(Austin, 1970, p.60)

In the third section of the paper I draw out the implications for ethical analysis and show why all this is significant for ‘an ethics of social computing’. In this section then there will be a reflection on two recent cases where the ethical aspects of social computing were raised in important and acute forms. The point I wish to bring out is that Floridi’s analysis seems beside the point in coming to grips with a moral understanding of these actual cases. Nothing seems to be gained and in fact a lot is lost if we try to translate these cases into Floridi’s special ethical vocabulary. The first case concerns the murderer Raoul Moat. The social media figured in his crimes in that he issued threats on Facebook before committing the crimes and then several Facebook sites appeared in his support following the crimes and during the subsequent manhunt. In the second case, that of the murder of Joanna Yeates, social networking was used by her friends when Joanna first went missing to try and elicit leads on what had happened to her. It seems clear to me that we can perfectly well describe, understand and judge these cases in the moral language with which we are all familiar. I criticise Floridi’s system precisely because of the scope and strength of its claims. I suggest that by looking at where Floridi goes wrong we can get a better sense of what it means to go right in information and computer ethics.

REFERENCES

AUSTIN, J.L., 1970. The meaning of a word. In: J.L. Austin, Philosophical Papers. 2nd ed. Oxford: Oxford University Press.

FLORIDI, L., 2008. Information Ethics: a reappraisal. Ethics and Information Technology. 10, pp.189-204.

FLORIDI, L., 2010. Information: A very short introduction. Oxford: Oxford University Press.

HORNER, D. S., 2010. Metaphors in Orbit: revolution, logical malleability, generativity and the future of the Internet. In; Mario Arias-Oliva, et al., eds. Ethicomp 2010, Proceedings of the Eleventh International Conference, The ‘backwards, forwards and sideways’ changes of ICT. 14 – 16 April 2010. Universitat Rovira i Virgili, Tarragona, pp.301 -308.

MIDGLEY., M., 2005. The Myths We Live By. London: Routledge.

The problems with security and privacy in eGovernment – Case: Biometric Passports in Finland

AUTHOR
Olli I. Heimo , Antti Hakkala and Kai K. Kimppa

ABSTRACT

In this paper we discuss the problems that arise from the widespread adoption of biometric passports as travelling documents all around the world. This development has implications both in international and domestic context. The use of biometrics is not yet internationally standardized, and this can be seen in the ICAO[1] biometric passport standard[2], where inefficient compromises have been made. Side-effects from biometric passport adoption are seen throughout nations in discussion about centralized biometric databases. As biometric passports are only about 10 years old[3] – not mature as far as technologies go – and they have no clear analogy in the real world – the related ethical questions are harder to find, examine and analyze, and the consequences of the transition from regular to biometrically enhanced passports are yet totally unclear.

These consequences can be divided into direct and collateral. Among the direct consequences is lower security at borders due to inefficiency or errors in the system design. This can happen if 1) corners are cut in critical phases of the design process due to tight schedules and/or budget, 2) the security implementation is inadequate, or 3) the work processes in border security are understood incorrectly. Another direct consequence can be the erosion of document security. Although the data contained by the biometric passport chip is protected by several different methods, these security features have their own vulnerabilities[4,5,6]. This threat is visibly realized with automatic passport controls. If the trust is placed solely on the technology we might face a problem similar to the Munich taxi driver case: it was found that ABS brake systems did not reduce accidents, but increased close calls, as the drivers trusted the new brakes to compensate for careless driving[7]. Similar ill-placed trust in technology can be seen, if the professional skills and knowledge of a border official are replaced by automated systems without careful consideration. Collateral consequences can include identity theft[8] and the erosion of privacy of the people[9,10].

In Finland, the introduction of biometric passports took place in the first phase of the passport reform in 2006. At this time it was already planned that the second phase would incorporate fingerprints to the Finnish passport, in accordance to the EC Regulation No. 2252/2004[11]. In 2009, at the second phase of the Finnish passport reform, it was decided by the Parliament that the fingerprints gathered from passport applicants would be stored to a national fingerprint registry – an addition which the EC Regulation does not require[12]. During the legislation process the first step towards opening the registry to the police was the authorization to use it for indentifying the deceased. After this was adopted by the ministry, in the year 2008, the political debate for opening the registry started after police commissioner Markku Salminen and his successor Mikko Paatero both requested full access to the registry for serious and serial crime investigators[13,14]. These controversial demands were dismissed by the Parliament in 2009.

The discussion resurfaced in summer 2010, when Paatero renewed his claim.[15] This time the Minister of Internal Affairs gave a seemingly positive attitude towards police commissioner’s request[16]. After the discussion on opening the registry for forensic use gained a lot of attention in the media, all talks of the use of the national fingerprint registry were suspended, pending the next parliamentary elections in spring 2011[17,18,19]. There is no guarantee that the use of the fingerprint registry would not be extended to other than serious crime investigation as well. This classical “function creep” is a prime example of the erosion of privacy.

The need for security after 9/11 and other terrorist attacks following it, the international consensus of the need to identify the incoming travelers has never been higher, e.g. in Finland the Ministry of Internal Affairs promotes biometric passport to protect its citizens from international terrorism, illegal immigrants and international criminals[20].The recent scientific advancements in information technology and biometrics have created a possibility to fulfill this demand.

It is easy to understand the motivations behind the authorities’ interest in such centralized databases: solving serious crimes would be easier; however, this would cause inequality amongst those who possess a biometric passport and those who do not. If a national – or even international – database of fingerprints or other biometrics is used, it would probably increase biometric spoofing done by criminals; it is somewhat easy to copy and paste fingerprints[21] or leave the crime scene filled with human hair[22], for example. This could cause a serious amount of extra work for the police.

A common argument in the Finnish public discussion – from citizens and politicians alike – is, that no harm comes to law-abiding citizens just because mere fingerprints are found in a crime scene[23,24]. In international context, an example of such a situation can be found from the investigation of the 2004 Madrid bombings, where an innocent American citizen was erroneously identified by the FBI as an accomplice in the attack, based on the fingerprints found in forensic investigations. The Spanish police later connected the fingerprints to an Algerian citizen, and the FBI was forced to admit they had made a mistake[24]. Although an extreme example, this incident shows that, especially in high-profile cases to which serious crimes often belong, the pressure to produce results in the investigation can result in innocents marked as suspects with little to no actual evidence.

Some of the problems underlying the biometric passport control system can be easily found in other critical eGovernment and eHealth systems. These include detection of problems after adaption[26,27,28,29] extra costs[30] and extended delivery time of the whole system[31]. Some, but not all, of these problems can be mitigated or even eliminated outright if the mistakes made in previous large-scale projects of this kind are examined. The worst-case scenario for biometric passport misuse has not yet happened, but any sensible policy on biometric identification prepares for the day when it does; this is the aim of this paper.

REFERENCES

[1] International Civil Aviation Organization – http://www.icao.int

[2] ICAO MRTD documentation, http://www2.icao.int/en/MRTD/Pages/Downloads.aspx

[3] International Civil Aviation Organization (2006), Machine Readable Travel Documents, ICAO/Doc 9303 vol. 1, http://www2.icao.int/en/MRTD/Downloads/Doc%209303/Doc%209303%20English/Doc%209303%20Part%201%20Vol%201.pdf

[4] Serge Vaudenay , “E-Passport Threats,” IEEE Security & Privacy, vol.5, no.6, pp.61-64, Nov.-Dec. 2007

[5] Jaap-Henrik Hoepman, Engelbert Hubbers, Bart Jacobs, Martin Oostdijk, and Ronny Wichers Schreur, “Crossing Borders: Security and Privacy Issues of the European e-Passport”, Advances in Information and Computer Security, Lecture Notes in Computer Science, vol. 4266/2006, pages 152-167, Springer Berlin / Heidelberg, 2006.

[6] Gaurav S. Kc and Paul A. Karger, “Security and Privacy Issues in Machine Readable Travel Documents (MRTDs)”, IBM Technical Report RC 23575, 2005.

[7] Wilde, Gerald J.S. (1994), Target Risk: Dealing with the danger of death, disease and damage in everyday decisions, First edition 1994, http://psyc.queensu.ca/target/

[8] Alan Ramos, Weina Scott, William Scott, Doug Lloyd, Katherine O’Leary, and Jim Waldo. 2009. A threat analysis of RFID passports. Communications of the ACM 52, 12 (December 2009), 38-42.

[9] Ari Juels, David Molnar, and David Wagner, “Security and Privacy Issues in E-passports,” Security and Privacy for Emerging Areas in Communications Networks, International Conference on, pp. 74-88, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM’05), 2005

[10] Ben Schouten and Bart Jacobs, Biometrics and their use in e-passports, Image and Vision Computing, Volume 27, Issue 3, Special Issue on Multimodal Biometrics – Multimodal Biometrics Special Issue, 2 February 2009, Pages 305-312.

[11] The Council of the European Union, Council Regulation (EC) No 2252/2004, 13.12.2004, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2004:385:0001:0006:EN:PDF

[12] Finnish Social Insurance Institution, Law service – Hallituksen esitys laiksi passilain ja eräiden siihen liittyvien lakien muuttamisesta [Government’s proposal for changing passport act and certain other related laws], 9.6.2009, http://www.edilex.fi/kela/fi/mt/havm20090009

[13] Helsingin Sanomat, 22.2.2008, 1st edition, Poliisi haluaa passien sormenjäljet rikostutkijoille [Police request passport fingerprints to criminal investigation]

[14] Helsingin Sanomat, 27.11.2008, 1st edition, Rikostutkijat eivät saa vielä passien sormenjälkiä käyttöönsä [Criminal investigators do not acquire passport fingerprints yet]

[15] Yle [Finnish public service broadcaster] – Kotimaa – Poliisi haluaa suomalaisten sormenjäljet rikostutkintaansa [Police requests Finnish fingerprints to criminal investigation], 02.08.2010 at 06:03, updated 03.08.2010 at 09:06 http://www.yle.fi/uutiset/kotimaa/2010/08/poliisi_haluaa_suomalaisten_sormenjaljet_rikostutkintaansa_1870808.html

[16] Tietokone 16.8.2010, Poliisi saattaa saada passien sormenjäljet [Police may acquire the passport fingerprints], http://www.tietokone.fi/uutiset/poliisi_saattaa_saada_passien_sormenjaljet

[17] C.f. 14

[18] C.f. 15

[19] STT/Helsingin Sanomat, 15.8.2010, Sunnuntaisuomalainen: Passien sormenjälkirekisteri voi avautua poliisille [Fingerprint registry may be opened to the police] http://www.hs.fi/kotimaa/artikkeli/Sunnuntaisuomalainen+Passien+sormenj%C3%A4lkirekisteri+voi+avautua+poliisille/1135259348892

[20] Sisäasiainministeriö [The Ministry of Internal Affairs] – Miksi tarvitaan biometrinen passi? [Why biometric passport is needed?] Sisäasiainministeriö, 2010. http://www.intermin.fi/intermin/hankkeet/biometria/home.nsf/pages/BE9BF3243D995FF5C2256EB7003B014B?opendocument

[21] Tsutomu Matsumoto, Hiroyuki Matsumoto, Koji Yamada, and Satoshi Hoshino. Impact of arti?cial gummy ?ngers on ?ngerprint systems. Proceedings of SPIE Vol.#4677, Optical Security and Counterfeit Deterrence Techniques IV, 2002.

[22] Gillam, Lee and Salmasi Anna Vartapetiance (2008), A Database For Fighting Crimes That Haven’t Been Committed Yet, Ethicomp 2008, Mantua, Italy 24.-26.9.2008.

[23] Sunnuntaisuomalainen 15.08.2010, Passipoliisit, p. 14

[24] Otakantaa.fi, Finnish Ministry of Justice, [An open electronic forum provided by the government for polling citizen opinions about new legislation], http://otakantaa.fi

[25] Michael Cherry ; Edward Imwinkelried (2006) Cautionary Note About Fingerprint Analysis and Reliance on Digital Technology. Judicature, Volume:89 Issue:6 May-June 2006 Pages:334 to 338, http://www.ajs.org/ajs/publications/Judicature_PDFs/896/Cherry_896.pdf

[26] Mercuri, Rebecca (2001), Electronic Vote Tabulation Checks and Balances, Ph.D. Thesis, University of Pennsylvania 2001

[27] William M. Fleischman (2010) Electronic Voting Systems and the Therac-25: What have we learned? Ethicomp 2010, Tarragona, Spain 14.-16.4.2010.

[28] Heimo, Olli I, Fairweather, N. Ben & Kimppa, Kai K. (2010), The Finnish eVoting Experiment: What Went Wrong?, Ethicomp 2010, Tarragona, Spain 14.-16.4.2010.

[29] Larsen E & Elligsen G. 2010. Facing the Lernaean Hydra: The Nature of Large-Scale Integration Projects in Healthcare. Proceedings of the First Scandinavian Conference of Information Systems, edited by Kautz K. & Nielsen P., SCIS 2010. Rebild, Denmark, August 2010.

[30] C.f. 26, 28, 29

[31] C.f. 26, 28, 29

Maintaining an ethical balance in the curriculum design of games-based degrees

AUTHOR
M.P. Jacob Habgood

ABSTRACT

Mainstream gaming studios in the UK generate global sales of around £1.7 billion a year from an industry which employs around 9,000 people in skilled game development roles (Kilpatrick, 2010). It is primarily the financial success and popularity of this industry which has driven the rise of games-based degrees in higher education. Nonetheless, games-based degrees are regularly criticised by members of the games industry as not being fit for purpose (e.g. French, 2008). Most recently they have come under specific scrutiny from an NESTA-backed education review headed up by Ian Livingstone, the President of Eidos (Livingstone and Hope, 2011). This set out to review the ability of the education system to fulfil skills shortages in the UK video games and visual effects industries and delivers a damning appraisal of the status quo. The report goes on to make a range of recommendations for improving the relevance of primary, secondary, further and higher education to the skills required by the video games and visual effects industries.

Sheffield Hallam University runs both undergraduate and postgraduate degree courses in games software development, and is in the enviable position of already meeting many of the report’s recommendations for these courses. They either already have, or are in the process of seeking industry accreditation and enjoy significant industry links¬–including full-time lecturing staff who have come from the games industry itself. Students are taught how to use industry-standard software and get the opportunity to work in inter-disciplinary teams using gaming hardware. The course even has its own student-resourced game studio developing commercial games for the PlayStation minis platform. Nevertheless, this paper will argue that the perspective provided by the Livingstone report fails to acknowledge the complex ethical considerations of designing a curriculum for games-based degrees.

Game-based degrees have an intrinsic appeal which naturally attracts students with a wide range of abilities and motivations for studying the degree. Many students enrolling on SHU’s games courses do so because they aspire to work in the mainstream video games industry and this provides much of the appeal of the course. However, students often arrive with significant misconceptions about the different roles and skillsets required to work in this industry. It is inevitable that not all of them will excel at the wide range of technical abilities demanded of them on the course and only the cream of each cohort will stand a realistic chance of being employed in the mainstream games industry. The remainder will need to apply the skills they have learned on their course to other industries and it would unethical to ignore the career paths of these students as part of the curriculum decisions made for the course.

Based on the Livingstone report, the industry’s solution to this would be to have a very limited number of industry-accredited “centres of excellence”, thus reducing the ‘surplus’ of graduates who are not capable of meeting the technical demands of such courses. However, this perspective seems to ignore the natural process of self-discovery which is a key part of the experience of higher education. Even the most competent students may find their interests evolve or change over the course of their studies. In particular the realisation that working in the games industry requires a higher level of technical competence, demands more unsocial working hours and pays less than other software industries is potentially enough to make even the most talented students reconsider their career aspirations.

This paper will provide a thorough review of the recommendations to higher education provided by the Livingstone report, using the SHU Games Software Development course as a case study. It will describe how we are meeting these recommendations and highlight the fine ethical balance required in making sure that the interests of the whole student body are balanced. It will also examine some of the recommendations to primary and secondary education made by the report. It will consider the ethical implications of a curriculum which puts a greater emphasis on Computer Science education and uses game development as a means of encouraging school students to study STEM subjects. Some practical observations based on previous research experience teaching game development at primary and secondary will be discussed as part of the ethical debate (Habgood et al., 2005).

REFERENCES

FRENCH, M. (2008) Sony’s Macdonald calls for educational Centres of Excellence. Develop Online. Hertford, Intent Media.

HABGOOD, M. P. J., AINSWORTH, S. & BENFORD, S. (2005) The educational content of digital games made by children. 2005 conference on Computer Aided Learning. Bristol, UK.

KILPATRICK, L. (2010) Business Sectors: Video and Computer games. London, Department for Business Innovation and Skills.

LIVINGSTONE, I. & HOPE, A. (2011) Next Gen. Transforming the UK into the world’s leading talent hub for the video games and visual effects industries. Bristol, NESTA.