Ethics, Legal and Security Issues

?
  • Created by: cs16tts
  • Created on: 10-04-17 17:47

Examples of legal issues

  • Computer Crime
    • Computer Misuse Act (1990)
  • Protection of data
    • Data Protection Act (1998)
  • Intellectual property
    • Copyright
    • Patents
1 of 22

Examples of computer crime and abuse

  • Theft - data and software are particularly vulnerable
  • Hacking - When someone without clearance enters a system and causes harm
  • Spamming - Constant emails, which can affect network operation
  • Denial of service attack - When someone tries to make a computer or resource unusable
  • Sniffing - Electronic intrusion on encryption needed to ensure security
  • Identity theft
    • Phishing - False requests for private data
    • Skimming - When details are taken from the magnetic ***** of a card
    • Shoulder surfing - Physically watching confidential details being entered
2 of 22

Computer Misuse Act (1990)

The Act was made it forbidden to make change to computer material without permission.

Was created in response to the prosecution of two hackers that got access to BT's personal message service, when no legislation was in place.

There are 3 specific offences to this act:

  • Section 1: Unauthorised access to computer material
  • Section 2: Unauthorised access with intent to commit or facilitate commission of further offences
  • Section 3: Unauthorised modifaction to computer material

Section 1 covers the basic offece of hacking

Section 2 is pput in force when it leads to another offence

Section 3 covered the use of viruses, worms and other threats.

3 of 22

The amendments to the Computer Misuse Act

Sections 35 and 38 of the act do have some amendments.

Section 3 is now known as: "Unauthorised acts with intent to impair, or the recklessness as to impairing, operation of computer, etc."

Section 3A states: "It's an offence to supply or offer to supply any article believing that it is likely to be used to commit, or to assist in the comission of, and offence.
This has been critisiced heavily as it may incriminate developers and researchers working in the security sector.

Smartphones are now also defined as computers under the act, following the phone hacking scandal.

4 of 22

Privacy

Privacy is the ability of someone to prevent data from being known to people other than those who are allowed to. 

It is more and more tempting to use other people's data for purposes other than what it was originally used for.

Over time, data may become inaccurate/invalid and this may be copied from one holder to another and combines with other sources, with no recourse for correction.

The Data Protection Act was introduced as a result.

5 of 22

Data Protection Act

  • First introduced in 1994
  • EU approved the Directive on Data Protection
  • Updates on obtaining and disclosing data formed the 1998 act
  • Full act came into effect in 2000

The Data Protection Act (1998) has 8 main principles:

  • Personal data should be processed fairly and lawfully and only if needed.
  • Personal data may be obtaines for one or more specified purposes, and not used for anything else.
  • Personal data should be adequate, relevant and not excessive
  • Personal data should be accurate and kept up to date
  • Personal data should not be kept for longer than necessary
  • Personal data shall be processed in accordance with the rights of data subjects under this Act
  • Appropriate technical and organisational precautions need to be taken against unlawful processing, as well and accidental damage, loss or detruction of personal data
  • Personal data may not be transferred outside of the EU unless it has sufficient protection for the rights and freedoms of data subjects in relation to the processing of personal data
6 of 22

Intellectual property

Intellectual property is intangible property that has been created by an individual or organisation.

Such property includes:

  • Books
  • Music
  • Videos
  • Art
  • Trademarks
  • Inventions

The two main kinds of protection are:

  • Copyright
  • Patent
7 of 22

Copyright

Copyright comes into effect automatically and it will protect the expression or manifestation of an idea. Copyright can cover:

  • Books
  • Music
  • Film/TV
  • Computer software
  • Databases
  • Multimedia

Copyright protection will often extend beyonf the lifetime of the creator. 

Creators can authorise others to produce copies of their works, often in return for royalties.

Software automatically becomes protected, but it will not stop others from reverse engineering (writing their own code to fulfill the same ideas).

8 of 22

Patents

Patents are a more powerful means of protecting intellectual property.

It potects the idea behind an invention, along with the manifestation of it.

The ideas need to be original and not obvious, i.e. a new idea.

Patents are not put in place automatically. They must be applied for. They are also published, which benefits public knowledge

Software is not always eligable for a patent.

Art, plans and other mental processes are also not eligable. 

9 of 22

Intellectual Property Rights issues for software p

Patentability

  • Usually accepted principle that software needs to be protected by copyright
  • Sometimes software can be protected by a patent if it is part of a system/machine

Copyright

  • Applies to all pieces of software, regardless if it's free or not
  • They will have license defining terms of use and distribution
10 of 22

IPR issues for software pt 2

There are 4 main types of license for software:

  • Commercial (perpetual use)
    • One-off fee
    • Only used on one machine but capable of backing up
  • Commercial (annual fee)
    • License key provided annually by a supplier
    • Usually applies to site licenses
  • Shareware
    • Free trial period
    • Requires a purchase afterwards to prevent copyright infringement
  • Freeware
    • Complied vs open-source
    • Open-source permitts anoyone to modify the code, with modifications being identified to the author
    • Terms and conditions apply, meaning copyright is in place
    • May only be free in certain circumstances, such as educational use.
11 of 22

Ethics

Ethics = "A set of prociples of right conduct or a theory or a system of moral values".

In other words, doing the right thing according to standards set by society. 

However:

  • What is considered ok in one culture may be unethical in another
  • Moral codes vary at all levels from social groups through organisations up to national levels

Professional behaviour needs to be guided by a moral code that defines clear boundaries for both individuals and organisations.

12 of 22

Ethical issues in IT

Many companies hold massive amounts of data referring to:

  • Employees
  • Customers/clients

It is very tempting for organisations to mine this data so that a competitive advantage can be gained. 

What's happening to the data?

Back in 2007 (see above) a Tesco spokesman said: “No personal data is ever transferred or sold to any company outside Tesco.“ 

Yet in 2009 a Times article reported that Tesco now “tracks the shopping habits of 16m families across Britain…not only for itself but for companies such as Coca-Cola, Nestlé and Unilever, which buy the rights to the data.”

13 of 22

Ethical issues in IT cont

It's also very tempting to have employees abuse their access privileges for their own personal gain. This can be from being nosy to criminal offences.

Those entrustes with access to personal data need to:

  • Peoples' privacy is maintained as far as possible
  • Data held is necessary, accurate and not held for longer than necessary.
14 of 22

Ethical vs Legal behaviour

Is unethical behaviour against the law?

Society needs to have laws that enforce ethical behaviour.

Legislation against potential forms of unethical acts is near impossible.

It's hard for legislation to be in force with new issues due to the rapid growth of technologial change.

Codes of conduct need to fill the gap otherwise.

Despite all of the ethical problems surrounding IT, the law comes first.

15 of 22

Professional Ethics

British Computer Society (BCS) is the main body for IT professionals in the UK.

A code of conduct is in place that all members need to follow that covers 4 main areas:

  • Public interest - Respect for health, safety and privacy of all people affected by what you do.
  • Duty to relevant authority - Relevant authority is used to identify the person or organisation which has authority over the activity that is being undertaken, along with hfollowing all the relevant requirements whilst making a professional opinion clear, while avoiding conflicts of interests.
  • Duty to the profession - To help keep up professional expectations, as well as try and build up on them.
  • Professional competence and integrity - Continuing professional development, working within your 'competence'.
16 of 22

BCS Code of Conduct

Rule 3 of the code of conduct is especially relevant to the handling of data and information:

You shall ensure that within your professional field/s you have knowledge and understanding of relevant legislation, regulations and standards, and that you comply with such requirements...

Rule 8 of the code of conduct is based on the duty to relevant authorit:

You shall not disclose or authorise to be disclosed, or use for personal gain or to benefit a third party, confidential information except with the permission of your relevant authority, or at the direction of a court of law.

17 of 22

Data Security

The security of data can be breached in a variety of ways:

  • Theft and fraud
  • Loss of data integrity (damage/loss)
  • Loss of confidentiality (rights of organisation to secrecy)
  • Loss of privacy (rights to control over personal data)
  • Loss of availability (system down-time)

Ways that a security breach can affect an organisation include:

  • Lost revenue
  • Unexpected repair costs
  • Damaged reputation
  • Legal liability
  • Loss of IP / competitive advantage
18 of 22

Data Security cont

IT professionals need to have responsibilities that are based on stopping these risks from occuring.

Referring back to the BCS code of conduct:

  • Public interest refers to safety
  • Professional competence and integrity refers to the need to keep up with technological advancements and legislation
  • Duty to relevant authority requires employees to maintain confidentiality
19 of 22

Reducing security risks

Authorisation

  • Access controls govern not only access to data but how it can be used
  • Access determined by authentication process (e.g. user name and password)
  • User access controlled by the system administrator
  • Privileges specify which objects (e.g. folders/files, DB tables) a user needs to read/modify in order to do their job. However, unnecessary privileges should not be granted

Backup and recovery

  • Copying the data and transaction history regularly
  • Have a backup window as volatile data being backed up during busy times can lead to integrity issues
  • Full back-ups  are time/space consuming are often done periodically with incremental or differential back-ups
20 of 22

Reducing security risks cont

Encryption

  • Uses an algorithm to encode data via an encryption key. Data can only be accessed with the decryption key
  • 64-bit encryption keys can be cracked quickly. 128-bit keys or more are usually more reliable

RAID

  • Redundant Array of Inexpensive Disks
  • A set of two or more disks that appear as one
  • Creating redundant copies is known as mirroring (RAID 1)
  • Striping is where data is distributed across multiple disks
    • Improves performance and distributes load across disks
    • Parity or error-correcting data can be saved to enable data to be re-constructed after disk failure
  • Mirroring and striping can be combined to balance security and performance (e.g. RAID 1+0)

Firewalls

  • Server/router based software the controls external access to the local network
21 of 22

Securing your digital world

  • Have a firewall in place
  • Anti-malware software is useful
  • Keep updating software
  • Strong passwords and do not share them
  • Use encryption for sensitive pieces of data
  • Have consistent backups
  • Delete data before disposal
22 of 22

Comments

sadasddd

Report

helpful!

sadasddd

Report

<h1> yes </h1>

Similar Computing resources:

See all Computing resources »See all Data and Information resources »