1. Steps in ◦ Free try on inettest Algorithms test ◦ Study CSILM’s on csilm.usu.edu => CS3...

Ethics – Set 2

1

Steps in ◦ Free try on inettest Algorithms test◦ Study CSILM’s on csilm.usu.edu => CS3◦ Fill out CSILM survey on survey monkey◦ Attend Algorithms review◦ Take Algorithms test◦ Fill out CSILM survey on survey monkey◦ 5 points added to score on Ethics test

2

CSILM

We, as computer scientists, have the following basic areas of concern◦ Obligation for safe, functional products◦ Management & control of information Acquisition – how do I get it? Access – who can use it? Stewardship – how should I protect it

and keep it accurate?

3

Ethical Concerns

What type of information will be gathered and stored, and how will it be collected◦ Should the student database include your

SS#?◦ Why not just get the student’s name and then

go to another database, e.g. government, and look up their social security number?

◦ Why do we collect your age?◦ For Aggie card users, should we collect

purchase information? How would we use it?

4

Ethical Concerns - Examples

Who will have access Should we sell information we collect? Do we own it, or do you own it? How will information be protected from

unauthorized access◦ Am I responsible if someone illegally accesses

it, or changes it How will accuracy be maintained

◦ Do I have to verify its accuracy when collected? Who is responsible?

5

Ethical Concerns - Information

How do companies protect their software?◦Nondisclosure agreements Prevents employees from leaving and using what they know

◦Copyrights◦Patents

6

Software Ownership

Copyrights and patents can inhibit standards◦Visicalc was not copyrighted or patented

Taiwan is not a signatore of the Berne Convention

7

Software Ownership

◦Copyright Raises question of “look & feel” Reverse Engineering Apple once tried to sue Microsoft for “copying” windows Apple had copied from Xerox

8

Software Ownership

International◦Different countries have different philosophies on patents and copyrightse.g. Japan encourages diffusion of knowledge for greater good

9

Software Ownership

Worker loss (hiring away) Ignorance

◦“mailing” of NetTestCase History – IBM Fujitsu

◦“IBM isn’t the opposition, it’s the environment”

Mid 1990’s, software piracy = ~$7B

10

Software Ownership - Problems

Question – As a company, what is the best way to protect your software?◦NEVER give access to source (Microsoft)

What does this do to the competition?◦WP & DLL naming conventions (load it first or load it second)

11

Software Ownership

Is it really free? Is it ethical to make something free today

with the intention of charging for it in the future?

12

Free Software

Piracy Break-ins

◦Includes Spam Sabotage Different states have different laws

◦In Virginia, it’s a crime to alter the return address of an unsolicited e-mail How do you enforce this law?

13

Computer Crime

Viruses, worms, etc.◦First Internet worm created by a Cornell graduate student – shut down several company networks

Hackers, intruders◦Sabotage◦Challenge

Use of system for illegal benefit Denial of service

14

Computer Crime

~10 port scans of USU/day◦That’s a scan of all “boxes” at USU (there are hundreds)

◦Most common approach is to do a TCIP connection to port 21 and look at the ftp server information (is it up to date, etc.)

What is the life span of an “unprotected” box at USU is ????

15

USU Security

One Hour

16

USU Security

Tent.usu.edu monitors outgoing attacks Dumpster.usu.edu monitors incoming

attacks Real question is what defines an attack

◦Network managers must “tune” these systems to define an attack.

◦If hackers get this information, can tune their attack to go undetected

17

USU Security

You’re building a database system which will have information about individuals. To meet your ethical responsibilities, what security measures should you implement? ◦Access control◦Preservation of system and data integrity

◦Provide for recovery and backup ability

18

Ethics - Security

Companies have a moral and legal obligation to maintain security◦DNA information◦Health records

Question◦When you get a ticket, your insurance company is notified (or finds out) and raises your rate. Is this ok?

19

Ethics - Security

Should I put a GPS device in every new car sold?

20

Moral Issue

Technology is now in use in mission critical systems◦Hospital◦Airplane/airport

Hardware reliability◦Redundancy◦Intel & the Pentium bug

21

Ethics –Reliability/Liability

Who is liable?◦Company that wrote software◦Computer scientist◦User beware?◦In networked environments, is CompuServe liable for libelous material posted on a bulletin board?

22

Ethics –Reliability/Liability

According to Aristotle◦We are responsible for voluntary actions but not involuntary ones

◦Involuntary actions Performed under compulsion The result of ignorance

23

Ethics – Responsibility

Ignorance is excusable when through no fault of the person’s, one is ignorant of the circumstances or consequences of an action

Ignorance is not excusable if that ignorance is the result of carelessness or neglect or it is deliberately willed

Ignorance in the eyes of the law is no excuse

24

Ethics – Ignorance

PM software marketed a product for project management

Market growth and share had been declining

Competitor was rumored to be coming out with a new product

Needed/wanted to know about new product

25

Acquisition of Information Competitive Analysis at PM Software

If you were with this company and your boss told you to find out about the product, how would you do it?

26

Acquisition of Information Competitive Analysis at PM Software

Develop a database of repair information for all of the trucks in the fleet

What are the ramifications of this action?◦Good◦bad

27

Acquisition of InformationFranklin Trucking

Once type & scope of information to be collected is determined, must decide on who has access.

What is an individual’s right to privacy? – to be left alone (Supreme court rule)

Does information gathered from a purchase belong to the company? – It has value so why isn’t the consumer compensated?

28

Information Access

More and more, companies are using micromarketing – targeting their advertising to specific groups.

Example◦A company wants to offer special prices on meals at a restaurant Is there some place or way to target my advertising? Name some

29

Information Access

Public sources◦Computerized real estate record◦DMV records (some states sell these)

Generated by commercial transactions◦Telephone, mail order, rebate coupons, …

30

Information Sources

Johnson & Johnson ran a promotion giving away a female product. All people had to do was call or write. What J&J did not tell was that they were compiling a database of these people, and were marketing this database to other health product companies

OK?

31

Information Sources

Stewardship involves◦Protecting information from unauthorized access

◦Keeping information as up to date as possible

◦Keeping information accurate If a company sells data, do they have a responsibility as to whom they sell it?

32

Information Stewardship

Wasn’t until after WWII that credit rating companies came into existence

There are now only 3◦ TRW(Experian), Equifax, Trans Union

In addition to credit information, they are becoming more value added, e.g. software has been developed to give a recommendation of whether or not to grant a loan

33

Information Stewardship

A 1998 study by the Public Interest Research Group found that 29% of credit reports contained errors that could result in the denial of credit (defined as false delinquencies, or reports listing accounts or public records that did not belong to the consumer).

34

Credit Reports

The study also found that 41% of reports had incorrect demographic identifying information, and 20% were missing major credit cards, loans, or mortgages.

In total, 70% of reports contained an error of some kind.

35

Credit Reports

In 1999 Consumer reports analyzed 1500 randomly selected credit reports

What do you think was the error rate?

43% had errors

36

Credit Reports

What is the most “sensitive” information maintained on you?

Physicians’ Computer Network weekly interrogates patient files of several thousand doctors for medication information. It sells this data to pharmaceutical companies

37

Information Accuracy

Disgruntled consultant◦Called in at 11:00 and told to leave by noon

◦Had just completed a major software project and the software was on his system waiting to be uploaded

◦To work longer hours, company allowed him access to system from home

38

Computer Security & Crimes

Bank to receive software had been told that it was complete

Consultant took home only backup copy of software

When consultant got home, he logged into system and added “bugs” to software, then erased any log files for this work

39

Computer Security & Crimes

When company ran final test on software, it did not work

What went wrong at this company?

Who was liable?

40

Computer Security & Crimes

Student is told by a professor that the University’s payroll system cannot be accessed without authorization

Student takes 4 hours one evening and accesses the payroll file, but then is so tired he simply logs off and goes to bed

41

Computer Security & Crimes

University arrests studentStudent confesses and even tells how to fix security hole

What should be done to the student?

42

Computer Security & Crimes

Therac-25 radiation therapy machine

Developed by a Canadian Government corporation – Atomic Energy of Canada

Therac – 25 was an extension of the Therac-20, with computer control added

43

Liability, Safety, and Reliability

Operated in two modes◦X-ray for internal or deep cancers High intensity electron beam is

deflected by a special tungsten target to give proper level of radiation

◦Electron Tungsten element removed and

intensity reduced for skin lesions

44

Therac-25

The Therac-20 had mechanical interlocks for safety

All safety for the Therac-25 was included in the assembly language software

Error messages were cryptic and usually meant nothing – just being cautious

45

Therac-25

The basic problem with the therac was that the two modes could get mixed and thus give a high dose without the shield – initially could not be detected

1985 – ◦woman receives overdose◦Company informed but no steps taken

◦Woman sues, but settled out of court

◦Sound familiar? 46

Therac-25

Next month, man receives overdose, and dies, but cause of death was cancer

AECL determines that problem is in the turntable switch and “fixes” it – announces◦New solution indicates an improvement over the old system by at least “5 orders of magnitude”

◦In truth they did not know the problem cause 47

Therac-25

AECL told other users that they should not use their machines until new software was delivered◦Did not tell any users of deaths or accidents

Responsibilities?

48

Therac-25

Intel is known as a company with a bunker like mentality

Pentium introduced in 1983October 1994 error shown4159835-

((4195835/3145727)*3145727 = 256

Intel knew about flaw in summer

49

Pentium

Intel refused to replace chips except for those customers that “passed” a questionnaire

Claimed for “average” user error would occur every 27,000 years

IBM claimed error would occur every 24 days

December 12– IBM announces will stop shipping faulty chips (Power PC)

December 20 Intel says will replace all

50

Pentium

Microsoft announced Chicago (Windows 95) long before it was ready◦ IBM’s PS/2 was a major competitor

To “lock” market share, IBM announced System/360, even though several models in the line were not available until 2 years later◦ At the time, Honeywell, among others, had

faster systems for less money

51

Vaporware

AutomationProductivityNew industriesComputerization of the workplace◦Networking◦Travel◦The new “workplace” – safety, etc.

52

Social Issues

Free speech in Cyberspace◦Surveillance

Who owns your e-mail?When can your computer’s files be accessed?

Universal access vs limited access

53

Social Issues

Quality of lifeUse of powerRisks and reliabilityProperty rightsPrivacyEquity & accessHonesty and deception

54

Ethical Issues

Open Source

55

The pricing of software bears no relationship to the cost of its development. The two factors that do matter are:◦ market size (which is limited by price and utility)◦ competition.

Given a market for a software product, the maximum margin can be obtained by precluding or eliminating competition.

56

Software Pricing

Software companies that are able to thwart competition attain pinnacles of power which are inconceivable in other industries.

Example?

57

Software Pricing

Partly this is due to the enormous cash flows that are possible in the absence of competition from products with nil reproduction costs

Largely it is due to the complexity of software itself, which allows dominant companies to design “standards” which exclude future competition.

58

Software Pricing

Stands for GNU’s not Unix Started in 1983 by Richard Stallman at MIT

AI Laboratory It’s really GNU/Linux – started to again

make software free Mostly maintained through donations of

time and material

59

GNU

A Unix-like operating system is much more than a kernel; ◦ Includes compilers, editors, text formatters,

mail software, and many other things. ◦ Thus, writing a whole operating system is a

very large job. We started in January 1984. It took many years. The Free Software Foundation was founded in October 1985, initially to raise funds to help develop GNU.

60

GNU

Restricting copying is not the only basis for business in software.

It is the most common basis because it brings in the most money. If it were prohibited, or rejected by the customer, software business would move to other bases of organization which are now used less often. There are always numerous ways to organize any kind of business.

61

Part of GNU Manifesto

Probably programming will not be as lucrative on the new basis as it is now. But that is not an argument against the change. It is not considered an injustice that sales clerks make the salaries that they now do. If programmers made the same, that would not be an injustice either. (In practice they would still make considerably more than that.)

62

Part of GNU Manifesto

“We maintain this free software definition to show clearly what must be true about a particular software program for it to be considered free software.”

``Free software'' is a matter of liberty, not price. To understand the concept, you should think of ``free'' as in ``free speech,'' not as in ``free beer.''

63

Free Software Foundation

Free software is a matter of the users' freedom to run, copy, distribute, study, change and improve the software.

In this definition, non-free software is software that you can’t change, extend, etc.

More precisely, it refers to four kinds of freedom, for the users of the software:

64

Free Software

The freedom to run the program, for any purpose (freedom 0).

The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this.

The freedom to redistribute copies so you can help your neighbor (freedom 2).

65

Free Software

The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this.

66

Free Software

A program is free software if users have all of these freedoms.

Thus, you should be free to redistribute copies, either with or without modifications, either gratis or charging a fee for distribution, to anyone anywhere.

Being free to do these things means (among other things) that you do not have to ask or pay for permission.

67

Free Software

Copylefted software is free software whose distribution terms ensure that all copies of all versions are free software.

Copyleft says that anyone who redistributes the software, with or without changes, must pass along the freedom to further copy and change it. Copyleft guarantees that every user has freedom.

68

Copylefted Software

Open Source is a definition of how software is to be distributed (sold) – Technically there can be differences between open source and free software

In some cases, people call open source software that has some licensing restrictions that don’t fit the “free” model

69

Open Source Software

Is free software free?◦ Can I sell you a piece of “free” software?◦ What happens if you “own” a piece of free

software that you need to change? You can do whatever you want to it Who do you get to make those

changes?

Cost of Ownership