Professional Documents
Culture Documents
1.7 Ethics and Ownership
1.7 Ethics and Ownership
1.7 Ethics and Ownership
Ethics or moral philosophy is the branch of philosophy that involves systematizing, defending, and
recommending concepts of right and wrong conduct.
R
Computer Ethics is a part of practical philosophy which concern with how computing professionals
should make decisions regarding professional and social conduct.
KU
explain how ethics may impact on the job role of the computing professional
A
So it is in the interests of both the institute itself and its members to have a code of conduct in order
to support their reputation.
show understanding of the eight principles listed in the ACM/IEEE Software Engineering Code of
Ethics
demonstrate the relevance of these principles to some typical software developer workplace
HM
scenarios
government and military installations and educational professions. An informative article of about
the development of the code, which includes a full copy of the code itself was published in the
October 1999 issue of ACM Computer.
2. Client and Employer: Software engineers shall act in a manner that is in the best interests of their
client and employer, consistent with the public interest.
3. Product: Software engineers shall ensure that their products and related modifications meet the
highest professional standards possible.
4. Judgement: Software engineers shall maintain integrity and independence in their professional
judgment.
5. Management: Software engineering managers and leaders shall subscribe to and promote an
ethical approach to the management of software development and maintenance.
R
6. Profession: Software engineers shall advance the integrity and reputation of the profession
consistent with the public interest.
7. Colleagues: Software engineers shall be fair to and supportive of their colleagues.
KU
8. Self: Software engineers shall participate in lifelong learning regarding the practice of their
profession and shall promote an ethical approach to the practice of the profession.
A Code of Conduct is not law, but it is a set of rules that apply when you are in an organisation such
as your college. Examples might include "Don't look at pornography at work". This would be legal at
home, but if you did it at work you could be sacked. In addition, a code of conduct may contain
A
laws such as "Don't install pirated software".
relevant to your field. Behave in an ethical manner and reject any offers of bribery or other
unethical practices.
keep information confidential. Accept responsibility for your own work and the quality of work
produced by the people working for you.
show understanding of the need for a professional code of conduct for a computer system
A
developer
Code of conduct
The British Computer Society has produced a list of standards for the training and development of
Information Technology workers.
Duty to employers and clients - carrying out work according to the requirements, and not
abusing employers' or clients' trust in any way.
Professional duty - uphold the reputation of the profession through good practice, support fellow
members in professional development
Professional Integrity and Competence - maintain standards of professional skill and practice,
accepting responsibility for work done, avoiding conflicts of interest with clients.
R
Don't play games
Don't look at pornography
Don't gamble
KU
Don't plug your own peripherals into your computer
Don't install software on work machines without permission
Each of these might be perfectly legal at home, but they might get you sacked at work
The main purpose for ICT systems within a company is to support their business. However, these
A
systems are also very useful for personal use and so rules are put in place to make it clear what the
boundaries are.
Web browsing - staff should not spend undue time during working hours browsing the web for
their own entertainment. Quite often the rules will be not be specific, so it is down to the
TH
employee and their manager to deem what is reasonable. But it does make them think before
wasting hours on the Web.
Emails - Reasonable limits on how many non-work emails are sent each day.
Instant messaging - this may be blocked altogether or rules put in place about how it is used.
Downloading files - downloading huge files consume company bandwidth so they must be
essential for work. Downloading executable files is often banned.
Telephone - there may be rules about using telephone for personal calls. Especially when making
international calls or using premium rate numbers.
ED
Browser habits - rules to define what type of sites should not be visited for example many
companies ban social networking sites, gambling sites, sport sites, shopping sites, auction sites.
These rules are usually there to discourage people from wasting company time.
Inappropriate sites - these are morally dubious sites such as pornographic, racist or ones that
promote violence.
HM
Rules that help define the border between the person as a private individual and the person as an
employee.
For example:
Installing personal software - Some company computers are not completely locked down. But it
is usually expected that the person does not install any software without specific permission.
Personal gain - Using company equipment for running your own small business 'on the side' is
usually banned. This includes things such as a using a company laptop that you have access to
at home for your own outside interests. Or to use the business mobile phone for non-company
purposes.
A
Personal use - making use of IT applications within the company for your own interest, such as
making birthday cards using the company graphics applications and then printing them on the
company colour laser printer or running off a 100 copies of a party invitation on the photocopier.
People do these things of course, but the code of conduct is there to stop abuse of the facilities and
they know if it goes too far, then disciplinary action will follow.
Rules of behaviour that the company needs you to abide by to make the company as efficient as
possible and to secure any confidential information.
For example:
Email content - Jokes and inappropriate content should not be sent over the company network.
Jokes waste staff time, they take up network bandwidth and often contain material that may
offend some staff.
Email broadcast - Do not broadcast (cc copy) an email to everyone in the area or even the
entire company unless it is authorised by your line manager. This rule is to reduce the problem of
over-full inboxes containing internal emails that are irrelevant and just waste time.
Confidential emails - anything over unclassified emails should be encrypted. Many companies
R
have a means of classifying their emails into different levels of confidentiality and encryption
facilities are usually available so staff need to make use of this.
Printing confidential material - all confidential material should be printed using a private PIN
KU
number. This rule is often in place to reduce the chances of confidential material being seen by
unauthorised staff before the person picks it up. The person has to be present by the printer or
photocopier to enter the PIN before the machine will output it.
Answering external questions - do not provide company related information to external people,
refer any enquiries to the public relations office. For example a journalist might be looking for
sales figures, or a quote from the company. It is usually the job of the PR department to manage
A
the flow of public-facing information. Also do not talk in the pub or to family about confidential
information.
For example:
TH
Passwords - Keep passwords confidential. Do not leave where other staff can easily find it (e.g.
post-it note or simple text file on the shared drive) or to tell other staff what it is.
File management - Delete old or irrelevant files from your storage area on a regular basis. Many
companies give fixed quotas to staff to encourage this behaviour.
Tidy desk policy - Keep desk clear. Do not leave any documents lying around. This type of rule
has many purposes - it encourages staff to file their documents properly, it reduces fire risk with
no loose paper, it gives customers and suppliers a good impression when they come to the office.
ED
plan as part of the staff appraisal. Also some professional institution need evidence of on going
training to remain competent.
A
R
KU
A
TH
ED
HM
A
R
KU
A
TH
ED
HM
A
R
KU
A
TH
ED
HM
A
Intellectual Property
Often goes by the shorthand "IP". Intellectual Property means a company or person owns the rights
to some kind of technology. For example, a new method of making silicon chips.
IP is protected by having a 'patent' which is a legal instrument declaring they have ownership over
R
the idea / technology. Owning the patent to a technology means that no one can copy the idea
unless the owner gives their permission. Patents are country specific, for example someone could
apply for an 'UK' patent that protects their rights in the UK but would not protect them in the USA -
KU
unless they apply for a patent in that country as well. Getting a patent can be very expensive (lots
of legal fees) and so the idea has to be worthwhile in the first place.
The owner usually gives permission once a financial deal is agreed. For example the 'licence holder'
of the patent will pay 'Royalties' to the owner for every item sold.
Many companies make all their money by granting licences rather than making product themselves.
A
Ownership
describe the need for legislation to protect ownership, usage and copyright
TH
Consequences of Uses of Computing: Legislation
The way you use data and computers is subject to the law of the country you are living in. Across the
world different countries have different laws, for the exam you only need to learn about the laws
that affect the United Kingdom.
mouse is not a natural act for a human being and may result in health problems such as Repetitive
Strain Injury (RSI), back and eye issues.
A
R
KU
A
TH
ED
The Health and Safety (Display Screen Equipment) Regulations 1992 state that an employer must:
make sure screens are adjustable and have anti glare filters
provide supportive chairs that are adjustable
provide foot supports
provide breaks in computer work routine
HM
Patent
A patent is a form of intellectual property which an individual or organisation owns the right to for a
A
fixed period of time, allowing them to charge people for the use of it. After that time has expired the
idea is in the public domain. Patents include the design of the lightbulb (1841) and the ejector seat
(1916).
R
KU
Computing has seen patents in hardware and more recently in software. There are many people
who believe that software patents are damaging to Computer Science, as they stop innovation and
A
stifle creativity. A famous case was BT trying to patent the hyperlink. If this had been successful, then
every time a hyperlink was used (every page on the World Wide Web), someone might have had to
pay money to BT for the privilege. Other people see software patents as important in defending the
intellectual property of inventors, if someone creates something new they should be rewarded for it.
Other software patents include: the MP3 and GIF. Countries such as India do not have software
patents.
TH
Copyright
Software copyright refers to the law regarding the copying of computer software. Many companies
and individuals write software and sell it for money, these products are copyrighted and you cannot
copy the code or the program without the permission of the maker. This, they believe protects the
work of the programmers, rewarding them for their efforts
ED
HM
Other companies and individuals release software under Free and Open Source software (FOSS)
licenses. These licenses allow users the right to use, study, change, and improve a program's design
through the availability of its source code. Some adherents of FOSS believe it creates better software
in the long term, and others believe that no software should be copyrighted. FOSS licensed products
A
are heavily used in running the World Wide Web and in the creation of popular websites such as
Facebook. Open Source licenses generally mean that if you create software that makes changes
to open source code, and choose to release it, you must release your new code under the same
Open Source license, this is called Copy-Left. Some free software is in the public domain, meaning
that you can use it for whatever purpose you wish, if you make a software product involving changes
to public domain sources code, you don't have to release your code into the public domain.
Copyright in most works lasts until 70 years after the death of the creator if known, otherwise 70 years
after the work was created or published (fifty years for computer-generated works).
In summary the act specifies that users are not allowed to:
use copyright material without permission
use patented design without permission
edit programs without permission
copy or distribute software when you don't have permission
R
Personal Data - data that can be used to identify a living individual
KU
The Computer Misuse Act 1990 deals with people who crack computer programs or systems. Crimes
might include removing the Copyright protective measures from a commercial software product,
breaking into a school database to change grades, hacking into a companies' website and stealing
customer credit card details, creating viruses and trojans, and so on. It was recognised in the late
1980s that the increase in business and home use of computers required legislation in order to protect
against their exploitation. To this end, in 1990 the Computer Misuse Act was established.
A
Under the act, three new offences were created:
It prohibits:
unauthorised access to computer material
It must be shown that the perpetrator accessed the data, and that he was unauthorised, they
knew they were unauthorised.
TH
unauthorised access with intent to commit or facilitate commission of further offences
To prove ulterior intent, it must be shown that they wished to use the information in order to
commit a further offence.
"Obtaining access" means; "Causing the computer to perform any action the results in it":
Copying/moving data, Erasing/altering data, Using a program; or Causing the computer to output
programs or data.
A difficulty with computer crime is that it can cross physical and national borders, the Computer
HM
Misuse Act recognises this fact and gives British Courts the jurisdiction where a "significant link" with
Britain can be demonstrated in instances of computer-related crime. America has its own Computer
Fraud and Abuse Act.
example, the prevention or detection of crime). It is an offence for Other Parties to obtain this
personal data without authorisation.
3. Individuals have a right of access to the information held about them, subject to certain
exceptions (for example, information held for the prevention or detection of crime).
4. Personal information may be kept for no longer than is necessary and must be kept up to date.
5. Personal information may not be sent outside the European Economic Area unless the individual
whom it is about has consented or adequate protection is in place, for example by the use of a
prescribed form of contract to govern the transmission of the data.
6. Subject to some exceptions for organisations that only do very simple processing, and for
domestic use, all entities that process personal information must register with the Information
Commissioner's Office.
7. The departments of a company that are holding personal information are required to have
adequate security measures in place. Those include technical measures (such as firewalls) and
organisational measures (such as staff training).
8. Subjects have the right to have factually incorrect information corrected (note: this does not
extend to matters of opinion)
R
Regulation of Investigatory Powers Act 2000
KU
The Regulation of Investigatory Powers Act was passed in 2000, and introduces the power to
intercept communications with the aim of taking into account the growth of the Internet. It regulates
the manner in which certain public bodies may conduct surveillance and access a person's
electronic communications. Supporters of the act claimed this was an excuse to introduce new
measures, some of these included being able to force someone to reveal a cryptographic key for
their data, with failure to do so resulting in up to 2 years imprisonment. As we have seen in packet
switching, data can be read in transit between hosts. However, the act goes further than allowing
A
this:
1. enables certain public bodies to demand that an ISP provide access to a customer's
communications in secret;
2. enables mass surveillance of communications in transit;
3. enables certain public bodies to demand ISPs fit equipment to facilitate surveillance;
TH
4. enables certain public bodies to demand that someone hand over keys to protected
information;
5. allows certain public bodies to monitor people's internet activities;
6. prevents the existence of interception warrants and any data collected with them from being
revealed in court.
discuss measures to restrict access to data made available through the Internet and World Wide
Web
ED
Many websites, especially online shopping or online banking sites, require you to enter personal
information, such as credit card numbers, social security IDs, etc. To make sure your data is safe,
these websites use encryption - they are called secure websites.
You should always make sure that a website is secure before giving personal information...
The website URL (address) should begin with https://... (normal, unsecure sites have addresses
that start with http://...)
Your web browser should show a closed padlock icon
Below are screenshots of two different web browsers, both showing a secure site. You can see the
A
R
KU
A
How Does HTTPS Work?
TH
HTTPS pages typically use one of two secure protocols to encrypt communications - SSL (Secure
Sockets Layer) or TLS (Transport Layer Security). Both the TLS and SSL protocols use what is known as
an 'asymmetric' Public Key Infrastructure (PKI) system. An asymmetric system uses two 'keys' to
encrypt communications, a 'public' key and a 'private' key. Anything encrypted with the public key
can only be decrypted by the private key and vice-versa.
Protocol
Protocol is an agreed-upon format for transmitting data between two devices. It determines type of
error checking and data compression used.
ED
Internet Protocol (IP), which uses a set of rules to send and receive messages at the Internet
address level
Additional protocols that include the Hypertext Transfer Protocol (HTTP) and File Transfer
Protocol (FTP), each with defined sets of rules to use with corresponding programs elsewhere on
the Internet
There are many other Internet protocols, such as the Border Gateway Protocol (BGP) and the
Dynamic Host Configuration Protocol (DHCP).
A
The word protocol comes from the Greek protocollon, meaning a leaf of paper glued to a
manuscript volume that describes the contents.
HTTP
The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative,
hypermedia information systems. HTTP is the foundation of data communication for the World
Wide Web. Hypertext is structured text that uses logical links (hyperlinks) between nodes
containing text.
HTTPS
Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol
with the SSL/TLS protocol to provide encrypted communication and secure identification with a
network web server.
R
Features of SSL
secure your data transport - – secure tunnel for applications
KU
provide secured access to protected content (intranet usage) – better authentication
mechanisms
protect from some types of spoofing attacks – handshake needs interaction
the key itself is encrypted using strong encryption
A
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating
applications and their users on the Internet. When a server and client communicate, TLS ensures
that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure
Sockets Layer (SSL).
Features of TLS
TH
Message encryption - TLS uses Public Key Infrastructure (PKI) to encrypt messages from mail
server to mail server. This encryption makes it more difficult for hackers to intercept and read
messages.
Authentication - TLS supports the use of digital certificates to authenticate the receiving
servers. Any certificate is supported, included self-signed certificates. Authentication of
sending servers is not always necessary in TLS. This process verifies that the receivers (or
ED
senders) are who they say they are, which helps to prevent spoofing. Advanced options
include the ability to verify proper certificate form, domain names, and certificate authority.
Encryption
Encryption is the most effective way to achieve data security. To read an encrypted file, you must
have access to a secret key or password that enables you to decrypt it.
HM
This is what an encrypted code for the text would look like:
A
lj86ik,£lj)ay%9w2+m?lsild171724
jkd2f*hkdfh7$171kjfh7d1h4d
You obviously have to keep the "secret keys" safe from prying eyes.
Plain Text - Refers to textual data in ASCII format. Plain text is the most portable format because it is
supported by nearly every application on every machine. It is quite limited, however, because it
cannot contain any formatting commands. In cryptography, plain text refers to any message that is
not encrypted.
Cypher Text - Data that has been encrypted. Cipher text is unreadable until it has been converted
into plain text (decrypted) with a key.
R
show understanding of the implications of different types of software licensing: Free Software
Foundation, the Open Source Initiative, shareware and commercial software
KU
Software License
A software license is a legally binding agreement that specifies the terms of use for an application
and defines the rights of the software producer and of the end-user. All software must be legally
licensed before it may be installed.
A software license is a legal instrument (usually by way of contract law, with or without printed
A
material) governing the use or redistribution of software. Under United States copyright law all
software is copyright protected, except material in the public domain. A typical software license
grants the licensee, typically an end-user, permission to use one or more copies of software in ways
where such a use would otherwise potentially constitute copyright infringement of the software
owner's exclusive rights under copyright law.
TH
Software licenses and copyright law
Most distributed software can be categorized according their license types (see table).
Two common categories for software under copyright law, and therefore with licenses which grant
the licensee specific rights, are
proprietary software and
free and open source software (FOSS).
ED
The distinct conceptual difference between both is the granting of rights to modify and re-use a
software product obtained by a customer: FOSS software licenses the customer both rights and
bundle therefore the modifiable source code with the software ("open-source"), proprietary software
doesn't licenses typically these rights and keep the source code therefore hidden ("closed source").
HM
Freeware
Freeware is copyrighted computer software which is made available for use free of charge, for an
unlimited time. Authors of freeware often want to "give something to the community", but also want
to retain control of any future development of the software.
Shareware
The term shareware refers to commercial software that is copyrighted, but which may be copied for
others for the purpose of their trying it out with the understanding that they will pay for it if they
continue to use it.
A
COMPARISION CHART
FREE SOFTWARE FREEWARE SHAREWARE
R
an important part of
License or sometime Shareware but the copyright
License and freeware. Each license is
similar. A copyright is holder or author holds all the
Copyright specific to the
usually put just on the rights, with a few specific
freeware.Copyright laws
KU
name of the software. exceptions.
are also applicable to
Freeware.
Most of the times, all features
are not available, or have
Features All the features are free. All the features are free. limited use. To use all the
features of the software, user
has to purchase the software.
A
Shareware may or may not be
distributed freely. In many
Programs can be Freeware programs can be
Distribution cases, author’s permission is
distributed free of cost. distributed free of cost.
needed, to distribute the
shareware.
Mozilla Firefox, gedit, vim,
TH
Adobe PDF, Google Talk,
Example pidgin, GNU Coreutils, yahoo messenger, MSN Winzip, Cuteftp, Getright
Linux kernel messenger
Shareware is free, can be
Freeware is free, and is
Advantage copied and is covered by
covered by copyright
copyright.
Shareware cannot be
You can’t sell freeware
modified, and it may be either
Disadvantage software and modified
a cut down or temporary
software must be freeware.
ED
version.
software as software that gives its users the her software available for download and use on
freedom to share, study and modify it. It has no her website. This software may be freeware if
copyright or other restrictions for distributing, downloaded for personal use but commercial
modifying and using the software in any way. use may require a fee. In either case, if it is
prohibited to freely distribute (for any purpose)
or modify the software, then this freeware is not
free software.
Open Source
A
Open source means that the source code is available to all potential users, and they are free to use,
modify, and re-distribute the source code. (For more details, see the Open Source Definition.) Legally,
the "free" of open source refers exclusively to the source code, and it is possible to have support,
services, documentation, and even binary versions which are not monetarily free. (Although some
licenses, notably the GPL, requires that the source code always be freely available in such cases.)
Example: Linux
In practice, open source usually means that the application is free to users as well as developers.
Furthermore, most open source software have communities that support each other and
collaborate on development. Therefore, unlike freeware, there are future enhancements, and,
unlike shareware, users are not dependent on a single organization.
The differences between the three models can be clearly seen in the kind of software that is
available as freeware, shareware, or open source:
Freeware is usually a very small program, released by a student or enthusiast.
Shareware is usually a mid-sized utility or application, written by a professional developer or small
software company. The developer or publisher does not have the resources to market it, so they
R
release it as shareware with a "try-before-you-buy" business model.
Open source spans the gamut, but the largest "free" software out there are all open source--
Linux, FreeBSD, PostgreSQL, Apache. Before the advent of VCs in the "free software industry,"
KU
collaborative development around a shared code base was the only way a large free
application could be built.
A
As our society grows more dependent on computers, the software we run is of critical importance
to securing the future of a free society. Free software is about having control over the technology
we use in our homes, schools and businesses, where computers work for our individual and
communal benefit, not for proprietary software companies or governments who might seek to
TH
restrict and monitor us. The Free Software Foundation exclusively uses free software to perform its
work.
The Free Software Foundation is working to secure freedom for computer users by promoting the
development and use of free (as in freedom) software and documentation—particularly the GNU
operating system—and by campaigning against threats to computer user freedom like Digital
Restrictions Management (DRM) and software patents.
ED
1. Free Redistribution
HM
The license shall not restrict any party from selling or giving away the software as a component of an
aggregate software distribution containing programs from several different sources. The license shall
not require a royalty or other fee for such sale.
2. Source Code
The program must include source code, and must allow distribution in source code as well as
compiled form. Where some form of a product is not distributed with source code, there must be a
well-publicized means of obtaining the source code for no more than a reasonable reproduction
cost preferably, downloading via the Internet without charge. The source code must be the
preferred form in which a programmer would modify the program. Deliberately obfuscated source
A
code is not allowed. Intermediate forms such as the output of a preprocessor or translator are not
allowed.
3. Derived Works
The license must allow modifications and derived works, and must allow them to be distributed under
the same terms as the license of the original software.
build time. The license must explicitly permit distribution of software built from modified source code.
The license may require derived works to carry a different name or version number from the original
software.
R
The license must not restrict anyone from making use of the program in a specific field of endeavor.
For example, it may not restrict the program from being used in a business, or from being used for
genetic research.
KU
7. Distribution of License
The rights attached to the program must apply to all to whom the program is redistributed without
the need for execution of an additional license by those parties.
A
The rights attached to the program must not depend on the program's being part of a particular
software distribution. If the program is extracted from that distribution and used or distributed within
the terms of the program's license, all parties to whom the program is redistributed should have the
same rights as those that are granted in conjunction with the original software distribution.