Ethics, Accountability & Regulation UOW IACT418/918 Spring 2001 Bob Brown
Overview <ul><li>As economics continue to move towards the  Information Age , issues such as the  privacy  and  security  ...
Ethics <ul><li>Definitions of  Ethics </li></ul><ul><ul><li>The science of morals (1602) </li></ul></ul><ul><ul><li>Scienc...
Ethics in Telecommunications <ul><li>Codes of Conduct eg: from the West Australian Internet Association: </li></ul><ul><ul...
Problems with ethical codes knowingly permit a user to engage in criminal activity using access to my system … attempt to ...
Problems with ethical codes <ul><li>All rules, such as ethical codes, are  systems </li></ul><ul><li>ALL structured system...
Issues <ul><li>Privacy </li></ul><ul><li>Security </li></ul><ul><li>Responsibility - Accountability </li></ul><ul><li>Thes...
Privacy I <ul><li>Personal Privacy </li></ul><ul><li>We believe we have a right to privacy </li></ul><ul><li>We expect gov...
Privacy II <ul><li>Who holds what sort of data about you? </li></ul><ul><li>Australian Federal Government debate over regu...
Privacy III <ul><li>Do Governments need access to private data to enforce the law? </li></ul><ul><ul><li>National security...
The Corporate Scenario <ul><li>Corporations vs. Customers </li></ul><ul><ul><li>Market surveys </li></ul></ul><ul><ul><li>...
The Corporate Scenario <ul><li>Employers vs. Employees </li></ul><ul><ul><li>Several court cases (esp. in USA) upheld the ...
Contradictions <ul><li>From the AOL Privacy Policy: </li></ul><ul><ul><li>Section B (iii) … “[AOL] do not release Members’...
Security I <ul><li>Increase in use of public domain networks within organisations </li></ul><ul><ul><li>intranets, extrane...
Security II <ul><li>Physical Security </li></ul><ul><ul><li>Ensure that the physical elements of the network are protected...
Security III - Phyiscal <ul><li>Most network violations come from insider attack </li></ul><ul><li>A substantial proportio...
Security IV - Network <ul><li>Most network violations come from insider attack </li></ul><ul><li>A substantial proportion ...
Security V – Contents <ul><li>Many network traffic monitoring tools permit access to the content of messages </li></ul><ul...
Network Management Responsibilities I <ul><li>Ensuring the information assets of the organisation are protected from unlaw...
Network Management Responsibilities II <ul><li>Password administration </li></ul><ul><li>Monitor network/internet usage </...
Responsibility vs. Accountability <ul><li>Self Regulation, can it work? </li></ul><ul><li>Responsibility: </li></ul><ul><u...
Hypotheticals <ul><li>A User asks you to suggest a good password? </li></ul><ul><li>Emergency access to a Users files whil...
References <ul><li>Copyright & Convergence group (1994)  Highways to change: Copyright in the New Communications Environme...
Upcoming SlideShare
Loading in …5
×

ethics.ppt

770
-1

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
770
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

ethics.ppt

  1. 1. Ethics, Accountability & Regulation UOW IACT418/918 Spring 2001 Bob Brown
  2. 2. Overview <ul><li>As economics continue to move towards the Information Age , issues such as the privacy and security of information for which organisations are responsible emerge as an integral part of the network & telecommunications management role. </li></ul><ul><li>A non-legal discussion of the issues as they pertain to Network Management </li></ul>
  3. 3. Ethics <ul><li>Definitions of Ethics </li></ul><ul><ul><li>The science of morals (1602) </li></ul></ul><ul><ul><li>Science of human duty in the widest extent (1690) </li></ul></ul><ul><ul><li>From Greek, ethos, meaning character & manners </li></ul></ul><ul><li>Modern context: </li></ul><ul><ul><li>Nowadays often seen as the self-regulating Codes of Conduct of professional bodies </li></ul></ul><ul><ul><ul><li>Eg: The medical professions’ HYPOCRATIC OATH </li></ul></ul></ul>
  4. 4. Ethics in Telecommunications <ul><li>Codes of Conduct eg: from the West Australian Internet Association: </li></ul><ul><ul><li>(1) I, as an internet provider shall not: </li></ul></ul><ul><ul><ul><li>(b) knowingly permit a user to engage in criminal activity using access to my system, provided that such activity is identified by competent law enforcement authorities. </li></ul></ul></ul><ul><ul><li>(2) I, as an internet provider shall: </li></ul></ul><ul><ul><ul><li>(a) attempt to establish the name and age of all users with accounts on my system by reference to proof of name and address on application </li></ul></ul></ul><ul><ul><ul><li>(c) attempt to safeguard the privacy of my users and their data in all respects subject to reasonable actions necessary to ensure proper operation of my system and compliance with this Code. </li></ul></ul></ul>
  5. 5. Problems with ethical codes knowingly permit a user to engage in criminal activity using access to my system … attempt to establish the name and age of all users … And also … Attempt to safeguard the privacy of my users and their data … A German court found the CEO of CompuServe (Germany) guilty of distributing child pornography Are these conflicting goals? Sometimes it is impossible to achieve all the aims of a Code of Conduct equally without making compromises
  6. 6. Problems with ethical codes <ul><li>All rules, such as ethical codes, are systems </li></ul><ul><li>ALL structured systems lend themselves to maximisation … </li></ul><ul><ul><li>eg: basketball attracts tall people </li></ul></ul><ul><ul><li>Lawyers are trained and paid to influence the interpretation of rules systems, to find the most convenient meanings for their clients </li></ul></ul><ul><li>Most industry codes are self-regulating </li></ul>
  7. 7. Issues <ul><li>Privacy </li></ul><ul><li>Security </li></ul><ul><li>Responsibility - Accountability </li></ul><ul><li>These are inter-related and must NOT be considered in isolation from each other. </li></ul>
  8. 8. Privacy I <ul><li>Personal Privacy </li></ul><ul><li>We believe we have a right to privacy </li></ul><ul><li>We expect governments, institutions, corporations and individuals to respect our privacy </li></ul><ul><li>We expect that we have a right to examine any information held about ourselves – medical records, credit references etc. </li></ul>
  9. 9. Privacy II <ul><li>Who holds what sort of data about you? </li></ul><ul><li>Australian Federal Government debate over regulating corporate access to private details - will it destroy the telemarketing industry? </li></ul><ul><li>Government bodies are not allowed to collate their databases, but private organisations may, there is no law against it. </li></ul><ul><li>Governments are outsourcing their administrative functions to private groups </li></ul>
  10. 10. Privacy III <ul><li>Do Governments need access to private data to enforce the law? </li></ul><ul><ul><li>National security </li></ul></ul><ul><ul><li>Organised crime </li></ul></ul><ul><ul><li>Drug trafficking </li></ul></ul><ul><ul><li>Child pornography etc. </li></ul></ul><ul><li>Is that why governments don’t like people using the best encryption systems? </li></ul>
  11. 11. The Corporate Scenario <ul><li>Corporations vs. Customers </li></ul><ul><ul><li>Market surveys </li></ul></ul><ul><ul><li>Demographics </li></ul></ul><ul><ul><li>Telemarketing databases </li></ul></ul><ul><ul><li>Leaving your digiprints behind </li></ul></ul><ul><ul><li>“ Intelligent Agents” on websites </li></ul></ul><ul><ul><ul><li>Eg: Amazon & buying trends </li></ul></ul></ul>Would the level & quality of service, suffer if corporations could NOT collect customer data and follow trends?
  12. 12. The Corporate Scenario <ul><li>Employers vs. Employees </li></ul><ul><ul><li>Several court cases (esp. in USA) upheld the right of the employer to invade the privacy of the employee … </li></ul></ul><ul><ul><ul><li>Searching employee cars, desks </li></ul></ul></ul><ul><ul><ul><li>Enforcing “lifestyle rules” </li></ul></ul></ul><ul><ul><li>Trade Unions & employee rights: good or bad? </li></ul></ul><ul><ul><ul><li>Video surveillance, phone recording </li></ul></ul></ul><ul><ul><ul><li>Loss prevention, OH&S, training purposes </li></ul></ul></ul>Are ‘management softwares’ that monitor & track employee computer use an invasion of privacy or a necessary tool?
  13. 13. Contradictions <ul><li>From the AOL Privacy Policy: </li></ul><ul><ul><li>Section B (iii) … “[AOL] do not release Members’ telephone numbers, credit card numbers, or checking account numbers (or other Individual Information, such as navigational or transactional information…” </li></ul></ul><ul><ul><li>Section C (i) … “We may collect and store certain navigational and transactional information, such as data on the choices you make from the range of available services or merchandise, and the times and ways you use AOL and the internet…” </li></ul></ul>
  14. 14. Security I <ul><li>Increase in use of public domain networks within organisations </li></ul><ul><ul><li>intranets, extranets, VPN </li></ul></ul><ul><li>Moves towards end-user services, such as </li></ul><ul><ul><li>Provision of government information </li></ul></ul><ul><ul><li>Full scale e-commerce & I-commerce </li></ul></ul><ul><li>B2B is the biggest growth area in the Internet </li></ul>
  15. 15. Security II <ul><li>Physical Security </li></ul><ul><ul><li>Ensure that the physical elements of the network are protected. Includes routers, switches, servers, computer rooms etc. </li></ul></ul><ul><li>Network Security </li></ul><ul><ul><li>Ensure that access to the network is controlled and the network protected from unauthorised access. </li></ul></ul><ul><li>Content Security </li></ul><ul><ul><li>Ensure the integrity and confidentiality of the contents on the network, both stored and message traffic. </li></ul></ul>
  16. 16. Security III - Phyiscal <ul><li>Most network violations come from insider attack </li></ul><ul><li>A substantial proportion of enterprises’ information assets reside on users desktop computers </li></ul><ul><li>After their initial creation, networks often evolve outside the knowledge of network management </li></ul>
  17. 17. Security IV - Network <ul><li>Most network violations come from insider attack </li></ul><ul><li>A substantial proportion of enterprises’ information assets reside on users desktop computers </li></ul><ul><li>Most users leave their computers ‘logged-in’ all day </li></ul><ul><li>Procedures which involve users changing passwords every n days are unpopular (especially among senior management) and often result in simplistic passwords </li></ul>
  18. 18. Security V – Contents <ul><li>Many network traffic monitoring tools permit access to the content of messages </li></ul><ul><li>Encryption makes many problems </li></ul><ul><ul><li>Needs universal adoption </li></ul></ul><ul><ul><li>Governments do not encourage top-end encryption systems in private hands </li></ul></ul><ul><ul><ul><li>Data encryption by individuals is actually illegal in some countries </li></ul></ul></ul><ul><li>Security/privacy/ethics are interlinked </li></ul>
  19. 19. Network Management Responsibilities I <ul><li>Ensuring the information assets of the organisation are protected from unlawful activity </li></ul><ul><li>Ensuring that the integrity of the recorded data are maintained </li></ul><ul><li>Compliance with governmental regulation </li></ul><ul><li>Protection of intellectual property rights </li></ul><ul><li>Protection of individual privacy </li></ul>
  20. 20. Network Management Responsibilities II <ul><li>Password administration </li></ul><ul><li>Monitor network/internet usage </li></ul><ul><li>Training & mentoring (skills assessment) </li></ul><ul><li>Email monitoring </li></ul><ul><ul><li>Offensive or illegal language, material </li></ul></ul><ul><ul><li>Protection of corporate secrets </li></ul></ul><ul><li>Pressure from senior management </li></ul><ul><li>Documentation vs. Privacy </li></ul><ul><ul><li>Eg: fault reporting & operator identification </li></ul></ul>
  21. 21. Responsibility vs. Accountability <ul><li>Self Regulation, can it work? </li></ul><ul><li>Responsibility: </li></ul><ul><ul><li>A trust or obligation or duty </li></ul></ul><ul><li>Accountability </li></ul><ul><ul><li>Being answerable or liable </li></ul></ul><ul><li>BUT, are those held accountable always the same as those who are responsible? </li></ul><ul><ul><li>Beware of scapegoating </li></ul></ul>
  22. 22. Hypotheticals <ul><li>A User asks you to suggest a good password? </li></ul><ul><li>Emergency access to a Users files whilst they are away on leave and cannot be contacted </li></ul><ul><li>Management asks you to identify “problem users” – with highest error rates or lowest skills </li></ul><ul><li>The employees union decides that server-side virus checking of incoming emails invades their privacy </li></ul><ul><li>Marketing section requests full User details for their database </li></ul><ul><li>A User refuses to clear low-priority emails from their inbox but the system is becoming congested </li></ul>
  23. 23. References <ul><li>Copyright & Convergence group (1994) Highways to change: Copyright in the New Communications Environment, Commonwealth of Australia </li></ul><ul><li>Graham, S. & Marvin, S. (1996) Telecommunications and the City, Routledge, London </li></ul><ul><li>Grant, A. (ed) (1997) Australian Telecommunications regulation, Communications Law Centre, Sydney </li></ul><ul><li>Jackson, D. (1998) ‘Thugs on the Web’ in The Weekend Australian Living IT , May 30-31, p16 </li></ul><ul><li>Miller, S.E. (1996) Civilising Cyberspace, ACM Press, New York </li></ul><ul><li>Murphy, K. (1998) ‘No Secrets’ in Weekend Australian Living IT, may 9-10, pp4-5 </li></ul><ul><li>Rowe, S.H. (1995) Telecommunications for Managers – 4 th Ed, Prentice Hall, Enmglewood Cliffs, NJ </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×