Chapter 4 Ethics and Privacy in Information Technology

Questions and Answers

Which principle suggests choosing the action that results in the least harm or potential cost?

Ethical “No Free Lunch” Rule

Risk Aversion Principle (correct)

Professional Codes of Conduct

Utilitarian Principle

What does the Ethical "No Free Lunch" Rule assume?

All online content is freely available for use.

Organizations have a moral obligation to protect their employees' privacy.

All tangible and intangible objects are owned by someone unless stated otherwise. (correct)

Privacy is a fundamental right that should never be infringed upon.

Which of the following is NOT an example of a professional code of conduct?

American Medical Association (AMA)

Association for Computing Machinery (ACM)

American Bar Association (ABA)

United States Congress (correct)

What is the primary purpose of professional codes of conduct?

To promote ethical behavior among professionals. (C)

Which of the following is NOT an issue when considering real-world ethical dilemmas?

The role of government in regulating technology. (D)

In the context of information rights, what does privacy encompass?

The right to control information about oneself. (D)

How does Facebook potentially compromise user privacy?

By selling user information to advertisers and app developers. (C)

Which of the following is an example of an ethical dilemma related to monitoring employees?

Using company resources for personal tasks. (A)

Which amendment to the US Constitution protects privacy by safeguarding against unreasonable searches and seizures?

Fourth Amendment (B)

What is the primary purpose of fair information practices?

To govern the collection and use of personal information. (C)

Which of the following is NOT a core principle of the FTC's Fair Information Practice guidelines?

Data Minimization (A)

The 'right to be forgotten' is a provision designed to allow individuals to:

Request the removal of inaccurate or outdated information about them. (C)

Which of the following is a key feature of the EU's General Data Protection Regulation (GDPR)?

It requires companies to obtain explicit consent from individuals before collecting their personal data. (B)

The GDPR applies to companies operating within the EU, regardless of their origin, if they:

Process data of EU citizens or residents. (D)

What is the maximum fine a company can face for violating GDPR regulations?

4% of global annual revenue. (B)

Which of the following is NOT mentioned as an example of a privacy law driven by fair information practice principles?

FERPA (A)

What is a "super cookie"?

A cookie that is difficult for a user to delete. (D)

How do web beacons monitor user activity?

By embedding tiny graphics in emails and web pages that send information to a server. (A)

What is the main purpose of a cookie?

To identify user preferences and personalize website content. (B)

How does a cookie identify a web visitor when they return to a website?

The website stores a unique ID number on the user's computer. (C)

What is spyware?

Software that is designed to collect personal information without the user's consent. (D)

What is the difference between "opt-in" and "opt-out" regarding data collection?

Opt-in requires users to explicitly consent to data collection, while opt-out allows data collection unless users explicitly opt out. (D)

What kind of information can a web server learn about a user based on their browser?

User's operating system, browser name, and version. (D)

Which of the following is NOT a challenge to privacy on the internet?

Spam emails. (B)

What is the term used to describe the gap in access to technology and its resources between different groups, particularly based on ethnicity and income?

Digital Divide (D)

What is NOT a health risk associated with excessive computer use, as mentioned in the content?

Digital Addiction (D)

Which of these is an example of 'trickle-down' technology, as described within the context?

A large corporation adopting a new technology that eventually spreads to smaller businesses. (C)

What is the main point discussed in the provided content regarding employment and information systems?

The potential for information systems to reduce employment opportunities due to automation. (B)

What is the primary objective of the 'Data Ethics Commission' mentioned in the content?

To promote the ethical use of data and artificial intelligence. (C)

What is the main purpose of task 'T4-3' as described in the content?

To provide students with additional information on data ethics. (C)

What is the primary source of information for the health risk of 'carpal tunnel syndrome' as mentioned in the content?

Prolonged use of computer keyboards. (A)

Which of the following best illustrates the concept of 'repetitive stress injury' (RSI) as mentioned in the content?

Pain in the wrist or hand from repetitive computer use. (C)

What is a primary reason why online industries favor self-regulation over legislation regarding privacy?

Self-regulation allows for more flexibility in adapting to evolving technologies. (C)

Which of the following challenges to privacy is NOT directly addressed by technical solutions discussed in the content?

Sharing personal information unknowingly through social media platforms. (B)

Which of the following is NOT a primary way intellectual property is legally protected?

Proprietary Information (D)

What is a major challenge associated with protecting intellectual property rights in the digital environment?

The ease with which digital content can be copied, shared, and altered. (C)

The Digital Millennium Copyright Act (DMCA) primarily addresses which challenge related to intellectual property in the digital age?

The increasing prevalence of copyright infringement through online file-sharing. (C)

Which of the following BEST exemplifies the challenge of establishing liability for software failures?

A flaw in a medical software program leading to a misdiagnosis and patient harm. (D)

Which of the following is NOT a characteristic that distinguishes digital media from physical media in the context of intellectual property concerns?

Limited storage capacity (C)

Identify a key difference between opt-in and opt-out models as related to online privacy.

Opt-in requires explicit permission, while opt-out allows for automatic data collection unless explicitly denied. (D)

Which of the following organizations were mentioned as examples of failed ethical judgment in business, where information systems were allegedly used to bury decisions from public scrutiny?

Volkswagen AG, Wells Fargo, General Motors, Takata Corporation (A)

What is the primary definition of ethics, as presented in the provided text?

Principles of right and wrong that individuals, acting as free moral agents, use to make choices to guide their behaviors. (D)

What was the primary goal of the cross-selling program implemented by Wells Fargo?

To create incentives for employees to recommend add-on services to existing customers. (A)

What was the primary consequence of Wells Fargo employees failing to meet their cross-selling performance targets?

Disciplinary action, including termination of employment. (C)

Which of the following is NOT a potential ethical concern raised by the Wells Fargo case?

The role of artificial intelligence in automating customer interactions. (C)

What is the primary implication of the Wells Fargo case regarding information systems?

Information systems can facilitate both ethical and unethical actions. (C)

How did the information systems used by Wells Fargo contribute to the ethical issues that arose in the case?

All of the above (D)

Which of the following statements best captures the main takeaway from the Wells Fargo case in relation to information systems and ethics?

It is essential to have clear ethical guidelines and oversight mechanisms in place to prevent the misuse of information systems. (B)

Flashcards

Ethics

Principles of right and wrong guiding individual behavior.

Wells Fargo Fraud Case

2016 scandal involving unauthorized accounts created by employees.

Information Systems Issues

Concerns raised by information systems regarding ethics, privacy, and liability.

Privacy Challenges

Issues regarding the protection of personal information in modern tech.

Accountability in Information Systems

Laws and standards for responsibility in digital practices.

Intellectual Property Protection

Legal rights concerning the use of creations of the mind.

Ethical Decision Principles

Guidelines to help individuals make ethically sound choices.

Corporate Misconduct

Unethical actions by corporations leading to scandals.

First Amendment

Protects freedom of speech and association in the U.S.

Fourth Amendment

Protects against unreasonable search and seizure.

Fair Information Practices

Set of principles on information collection and use.

FTC

Federal Trade Commission; enforces privacy laws in the U.S.

Notice/Awareness Principle

Websites must disclose data collection practices prior to collection.

Access/Participation Principle

Consumers must review and contest their personal data accuracy.

GDPR

Regulates data protection and privacy in the EU.

Right to be Forgotten

Individual's right to request deletion of personal information.

Utilitarian Principle

Choose the action that produces the greatest value.

Risk Aversion Principle

Select the action that results in the least harm.

No Free Lunch Rule

Assume all objects are owned unless declared otherwise.

Professional Codes of Conduct

Guidelines created by professional organizations for ethical behavior.

Real-world Ethical Dilemmas

Situations where conflicting interests create ethical challenges.

Employee Monitoring

Balancing company's need for productivity with employee privacy.

Information Rights

Individuals’ claims to privacy and control over personal data.

Privacy

The right to be left alone without surveillance by others.

Cookies

Small text files stored on user's computer to track visits and preferences.

Super Cookies

Also known as Flash cookies, these can track user activity even when regular cookies are cleared.

Web Beacons

Tiny graphics used to monitor user activity on emails and web pages.

Spyware

Malware that secretly gathers user data and may display unwanted ads.

Behavioral Targeting

Using data about user behavior to tailor marketing efforts directly to them.

Opt-out

A choice allowing users to stop data collection or marketing communications from businesses.

Transaction Information Collection

Businesses gather consumer data from transactions for marketing uses in the U.S.

Tracking User's Keystrokes

A method used by some spyware to record what a user types on their keyboard.

Opt-in Model

A privacy approach requiring user consent before data collection.

Intellectual Property

Protects creations of the mind; includes inventions and artistic works.

Trade Secret

A company's confidential business information not publically known.

Copyright

Legal protection preventing copying of creative works for author's life + 70 years.

Patent

Exclusive rights granted for an invention, lasting 20 years.

Digital Millennium Copyright Act

A law making it illegal to bypass copyright protections in digital media.

E-mail Encryption

A method for securing emails to protect the contents from unauthorized access.

Anonymity Tools

Software used to hide a user's identity online, enhancing privacy.

Digital Divide

The gap between those with and without access to digital technology.

Reengineering Work

The process of redesigning jobs and workflows to improve efficiency, often leading to job losses.

Repetitive Stress Injury (RSI)

Injury caused by repetitive motions, often from computer use.

Carpal Tunnel Syndrome (CTS)

A condition caused by pressure on the median nerve in the wrist, often due to typing.

Computer Vision Syndrome (CVS)

Eye strain and discomfort from prolonged screen time.

Technostress

Stress or mental strain caused by the use of technology.

Ethical Issues in Data Use

Concerns about the morality of using personal data and AI technologies.

Equity and Access

The principle ensuring all individuals have fair access to technology and the internet.

Study Notes

Ethical and Social Issues in Information Systems

• The course covers ethical, social, and political issues raised by information systems.
• Recent business cases of failed ethical judgment are discussed (e.g., Volkswagen AG, Wells Fargo, General Motors, Takata Corporation). In many of these cases, information systems were used to hide decisions from public scrutiny.
• Ethical principles of right and wrong, which individuals use to guide their behavior, are considered.
• Contemporary information systems technology and the internet pose challenges to the protection of individual privacy and intellectual property.
•  Information systems have affected laws for establishing accountability, liability, and quality of everyday life.
• Information systems create the potential for intense social change, threatening existing distributions of power, money, rights, and obligations.
• There are new opportunities for crime and new kinds of crime.

The Wells Fargo Fraud Case

• In 2016, Wells Fargo was fined $185 million.
• Approximately 5,300 employees were fired.
• Employees created millions of unauthorized bank and credit card accounts without customer knowledge or consent. 
• The scandal originated from a cross-selling program.
• Aggressive sales goals were set by management for cross-selling services to existing customers, with penalties for employees who failed to meet these goals.

What Ethical, Social and Political Issues are Raised by Information Systems?

• Information systems create opportunities for intense social change, threatening existing distributions of power, money, rights, and obligations.
• They also present opportunities for new crimes
• New kinds of crimes are made possible by the new technologies of information systems.

Cybercrime / Recent Security Threat: Emotet

• Emotet is a recent security threat.
• It uses malspam and documents with malicious macros.
• It downloads and installs malicious software.
• It deletes Zone.Identifer ADS and creates Services.
• Sends information to Command and Control (C&C) servers.
• It creates an Auto-start registry.
• Executes modules received from the C&C server (e.g., Spammer module, Credential Stealer module, Network propagation module) .

A Model for Thinking About Ethical, Social and Political Issues

• Society is like a calm pond.
• Information technology (IT) is like a rock dropped into the pond.
• It creates ripples (new situations), which old rules don't cover.
• Social and political institutions (laws, etiquette) may take years to adjust to these new situations.
• Understanding ethics is necessary to make choices in legally gray areas caused by new technologies.

Ethical, Social, and Political Issues - Five Moral Dimensions

• Information rights and obligations
• Property rights and obligations
• Accountability and control
• System quality
• Quality of life

Key Technology Trends Raising Ethical Issues

• Doubling of computing power every 18 months
• More organizations depend on computer systems for critical operations.
• Rapidly declining data storage costs.
• Organizations can easily maintain detailed databases on individuals.
• Networking advances, and the Internet; copying data from one location to another is easier.

Nonobvious Relationship Awareness (NORA)

• Technology that finds obscure relationships in disparate sources of information.
• It can, for example, find connections between a job applicant and a known criminal based on their shared phone number.

Basic Concepts for Ethical Analysis

• Responsibility: involves accepting potential costs, duties, and obligations for decisions.
• Accountability: Mechanisms for identifying responsible parties
• Liability: Allows individuals and firms to recover damages.
• Due process: Implies that laws are well known, understood, and allow for appeals.

Principles to Guide Ethical Decisions

• Five-step ethical analysis: identifying facts, defining the conflict, identifying stakeholders, listing possible options, and determining potential consequences.
• Candidate ethical principles: Golden Rule, Immanuel Kant's Categorical Imperative, Slippery Slope Rule, and Utilitarian Principle.
• Risk Aversion Principle and "No Free Lunch" Rule.

Professional Codes of Conduct, Real-world Ethical Dilemmas

• Professional codes of conduct (e.g., American Medical Association, American Bar Association, Association for Computing Machinery) to regulate professionals.
• Real-world ethical issues include competing interests like monitoring employees versus workers' personal time/internet use, and how Facebook use balances user benefits, user privacy, and commercial interests.

Challenges to Privacy and Intellectual Property

• Information rights: claim of individuals to be left alone and control their information.
• Fair information practices: principled guidelines on collecting and using information (core principles: notice/awareness, choice/consent, access/participation, and security)
• EU General Data Protection Regulation (GDPR); requires explicit informed consent of the customer, strengthens the right to be forgotten.
• Internet challenges to privacy: cookies, super cookies, web beacons, spyware, google services and behavioral targeting.
• Property rights and intellectual property; trade secrets, copyright, patents, trademarks.
• Challenges to intellectual property rights in digital media: ease of replication, transmission, and alteration.
• Digital Millennium Copyright Act (DMCA).

Information Systems, Laws, and Quality of Life

• Accountability, liability, and control: challenges in determining responsibility for software failures.
• System quality: level of acceptable system quality, sources of poor system performance (software bugs, errors, poor input data quality, hardware/facility failures).
• Quality of life: negative social consequences of systems, issues of balancing power, rapidity of change, maintaining boundaries, and dependence/vulnerability relating to computer systems. 
• Computer crime and abuse; types of computer crime and issues like spam.
• Employment: reengineering work, loss of jobs, trickle-down technology.
• Equity and access: the digital divide, and certain ethnic or income groups less likely to have computers/internet access.
• Health risks: repetitive stress injuries, carpal tunnel syndrome, computer vision syndrome, eyestrain, headaches, and technostress.

Tasks for this week

• Read chapter 4 and case studies.
• Answer case study questions.
• Optionally, read the Data Ethics Commission opinion paper.

Description

This quiz covers essential principles of ethics related to information technology, including the 'No Free Lunch' rule, professional codes of conduct, and fair information practices. Additionally, it addresses privacy concerns and ethical dilemmas that arise in the digital age, particularly in relation to user data and monitoring. Test your knowledge on these critical topics in today's technology-driven world.