Ethical Security And Privacy Issues Information Technology Essay
In the early 1980s your desktop┬Ł was a wooden or metal surface and your contact list was on a rolodex. People communicated via telephone or letters sent through the U.S. mail and shopping was done at the mall or through mail order companies. Your friends┬Ł were people that you actually met at work, school, and church or through mutual friends and your network┬Ł were people in your community. Today, information technology is everywhere. Almost every aspect of our lives is touched by technology. With the exception of a staple gun and paper clips, almost everything we need to get our work done is located on our computer and we do not need to leave our house to shop for clothing or food. The increased importance of technology in our society makes the interrelated tasks of profiting from its opportunities and containing its dangers a major intellectual and political challenge of our time. This paper will examine some of the issues brought on by the emergence of information technology: Ethical, Security and Privacy issues.
What is Ethics?
Ethics is a set of beliefs about right and wrong behavior. Ethical behavior conforms to generally accepted social norms, many of which are almost universal. However, although nearly everyone would agree that lying and cheating are unethical, what constitutes ethical behavior on many other issues is a matter of opinion. For example, most people would not steal an umbrella from someones home, but a person who finds an umbrella in a theater might be tempted to keep it. A persons opinion on what represents ethical behavior is strongly influenced by a combination of family influences, life experiences, education, religious beliefs, personal values, and peer influences (Teich, 2006, p. 93).
Ethics and Information Technology
Ethical issues long preceded information technology. Nevertheless, information technology has caused and will continue to cause enormous changes in the ways we do things. Very often, the introduction of new technologies results in dramatic alterations in old ways of relating to each other. Examples range all the way from entirely new ways of meeting romantic partners to making travel arrangements; from new ways of connecting with suppliers to entirely new kinds of businesses. It is, therefore, only to be expected that technology produces new challenges and issues for us to deal with ethically. Issues about privacy, security, piracy, and ownership take on new aspects when applied to new IT applications (Schultz, 2006, p. ix).
Technology brings all sorts of ethical dilemmas for computer users. Some of these dilemmasÔÇŁsuch as whether or not to copy softwareÔÇŁare entirely new, while others are new versions of old moral issues, such as right and wrong, honesty, loyalty, responsibility, confidentiality, trust accountability, and fairness. Some of these ethical dilemmas are faced by all technology users; others are faced only by technology professionals. But many of these dilemmas constitute new gray areas for which there are few accepted rules or social conventions, let alone established legal case law. Another way of saying that computers create new versions of old moral issues is to say that information technology transforms the context in which old ethical issues arise and adds interesting new twists to old problems. For example, new storage devices allow us to store massive amounts of information, but they also generate new ethical choices about access to that information and about the use or misuse of that information. Ethical issues concerning privacy, confidentiality, and security thus come to the forefront. The arrival of media such as text messages, smartphones and social networks, has generated new ethical and legal issues concerning user identity, authenticity, the legal status of such communications, and whether or not free speech protection and/or defamation law applies to them (Teich, 2006, p. 272)
Ethics within an Organization
Business ethics can be dined as principles of conduct within organizations that guide decision making and behavior┬Ł (David, 2009, p. 19). Good business ethics is a prerequisite for good strategic management; good ethics is just good business. In many cases within an organization, ethical considerations will be fairly clearÔÇŁthe ethical manager will execute his responsibilities to the best of his ability and the ethical employee will also do the same. The value to be maximized is the welfare of the organization, corporation, or business. If Joe Smith is employed to do technical support for Company X, his ethical responsibilities as an employee will be determined by his job description and company policies, the background company culture, and the background social and legal institutions governing employment by a company. Typically, he will be required to be present at the job location for certain hours and during those hours provide technical support to specified employees, involving certain defined responsibilities and actions. If Ron Right is the Chief Information Officer (CIO) of Company Y, he too has ethical responsibilities determined in the same wayÔÇŁby his job description and company policies, the background company culture, and the background social and legal institutions governing employment by a company. Typically, his responsibilities will be defined more generally, almost certainly including ensuring the continuing smooth functioning of IT in support of the goals of the organization. Relevant IT ethical issues can arise about the background justice of any of these determinants, that is, about documented company policies and procedures, the company culture, and the background social and legal institutions. IT ethical issues within organizations also arise from the relation between IT professionals and non-IT personnel, who are also known as users. The questions are: How should users deal with IT professionals? How should IT professionals deal with the rest of the organization? And, how do we deal with issues stemming from the interaction of IT with the rest of the organization when such issues are not clearly the responsibility of either IT professionals or users? General management is responsible for answers to the last question. Of course, the company culture and documented policies will be the first source to consult for answers to these questions ((Applegate, Austin & McFarlan, 2003 (as cited in Schultz, 2009, p. 34)).
Security Issues with Technology
Information Systems Security
The security of information technology used in business is of utmost importance. Confidential business data and private customer and employee information must be safeguarded, and systems must be protected against malicious acts of theft or disruption. Although the necessity of security is obvious, it often must be balanced against other business needs and issues. Business managers, IT professionals, and IT users all face a number of ethical decisions regarding IT security:
If the firm is a victim of a computer crime, should they pursue prosecution of the of the criminals at all costs, should they maintain a low profile to avoid the negative publicity, must they inform their affected customers, or should they take some other actions?
How much effort and money should be spent to safeguard against computer crime?
If their firm produces software with defects that allow hackers to attack customer data and computers, what actions should they take?
What tactics should management ask employees to use to gather competitive intelligence without doing anything illegal?
What should be done if recommended computer security safeguards make life more difficult for customers and employees, resulting in lost sales and increased costs? (Reynolds, 2007, p. 69).
Security of computer facilities, stored data, and the information generated is an ongoing concern for todays organizations. Recognition of the need for security is a natural outgrowth of the belief that information is a key organizational resource. With increasingly complex transactions and many innovative exchanges, the Web has brought heightened security concerns to businesses all around the world (Kendall & Kendall, 2009, p. 688). Although there is no such thing as a totally secure system, the actions IT professionals and end-users take are meant to move the companys information systems toward the secure end of the continuum by lessening the systems vulnerability. As more people in the organization gain greater computer power, gain access to the Web, or connect to intranets and extranets, security becomes increasingly difficult and complex. Security is the responsibility of all those who come into contact with the system and is only as good as the most lax behavior or policy in the organization. Security has three interrelated aspects; physical, logical, and behavioral. All three must work together if the quality of security is to remain high:
Physical Security refers to securing the computer facility, its equipment, and software through physical means. It can include controlling access to the computer room by means of machine-readable badges, biometric system, or a human sign-in/sign-out system, as well as using closed-circuit television cameras to monitor computer areas, backing up data frequently, and storing backups in a fireproof, waterproof area, often at a secure offsite location.
Logical security refers to logical controls in the software itself. The logical controls familiar to most users are passwords or authorization codes of some sort. When used, they permit the user with the correct password to enter the system or a particular part of the system. Passwords however, are treated cavalierly in many organizations. Employees have been overhead yelling a password across crowded offices, taping passwords to their display screens, and sharing personal passwords with authorized employees who have forgotten their own. Logical and physical controls are important but clearly not enough to provide adequate security. Behavioral changes are also necessary.
The behavioral expectations of an organization are implicit in its policy manuals and even on signs posted in work rooms and lunch rooms. The behavior that organization members internalize, however, is also critical to the success of security efforts. Policies regarding security must be written, distributed, and updated so that employees are fully aware of the expectations and responsibilities. (Kendall & Kendall, 2008, p. 689)
According to Gary Chen, a senior analyst at Yankee Group, a market-research firm in Boston, security can be a pretty overwhelming┬Ł task for some small businesses. They tend to be reactive and consume a lot of their time putting out fires when a security breach takes down desktop computers or a virus causes e-mail to freeze┬Ł instead of focusing on preventive measures (Covel, 2007). But for these small businesses, looking for an outsider to do security work for them can be just as overwhelming. Most have limited funds and often are not sure where to turn for help. More importantly, they are hesitant to give an outsider access to their most sensitive data. Allowing an outsider access to your data requires a certain amount of trust and education┬Ł says Mr. Chen (2007). However, the benefits include added safety and awareness, since its the vendors job to stay on top of the latest security threats and to know how to prevent and fix them.
The Internet and personal computers are changing the way we organize our lives; inhabit our homes; and relate to and interact with family, friends, neighbors, and even ourselves. The Internet promotes endless comparison shopping, which thus enables consumers worldwide to band together to demand discounts. The Internet has transferred power from businesses to individuals. Buyers used to face big obstacles when attempting to get the best price and service, such as limited time and data to compare, but now consumers can quickly scan hundreds of vendor offerings. The Internet has changed the very nature and core of buying and selling in nearly all industries. It has fundamentally changed the economics of business in every single industry worldwide (David, 2009, p. 10).
While the Internet has brought us many benefits and advancements it is not without cost. The very things that have made our lives easier and more convenient are some of the very things that make us more vulnerable and can be the cause of enormous problems for a business or private consumer. Widespread use of e-mail, instant messaging (IM), and peer-to-peer file-sharing programs are the cause of our increased vulnerability. E-mail may contain attachments that serve as springboards for malicious software or unauthorized access to internal corporate systems. Employees may use e-mail messages to transmit valuable trade secrets, financial data, or confidential customer information to unauthorized recipients. Popular instant messaging applications for consumers do not use a secure layer for text messages, so they can be intercepted and read by outsiders during transmission over the public Internet. IM activity over the Internet can in some cases be used as a back door to an otherwise secure network. Sharing files over peer-to-peer (P2P) networks, such as those for illegal music sharing, may also transmit malicious software or expose information on either individual or corporate computers to outsiders (Laudon & Laudon, 2010, p. 296)
According to an article in publication Foreign Affairs, there is no form of military combat more irregular than an electronic attack. It is extremely cheap, is very fast, can be carried out anonymously, and can disrupt or deny critical services precisely at the moment of maximum peril. The United States is already engaged in low-intensity cyber conflicts, characterized by aggressive enemy efforts to collect intelligence on the countrys weapons, electrical grid, traffic-control system, and even its financial markets. Fortunately, the Obama administration recognized that the US is utterly dependent on Internet-based systems and that its information assets are therefore precariously exposed. Accordingly, it has made electronic network security a crucial defense priority. Seeking to completely obliterate the threats of electronic infiltration, data theft, and hardware sabotage is neither cost-effective nor technically feasible; the best the US can achieve is sensible risk communications network to the individual chips inside computers (Clark & Levin, 2009). According to Defense Secretary Robert Gates [T]he United States cannot kill or capture its way to victory┬Ł in the conflicts of the future. When it comes to cyber security, Washington faces an uphill battle. And as a recent Center for Strategic and Internal Studies report put it, ╦ťit is a battle we are losing (2009). The Foreign Affairs article goes on to report that in 2007, there were almost 44,000 reported incidents of malicious cyber activity one-third more than the previous year and more than ten times as many as in 2001. Every day, millions of automated scans originating from foreign sources search U.S. computers for unprotected communications ports, the built-in channels found in even the most inexpensive personal computers. For electronically advanced adversaries, the United States information technology infrastructure is a target (2009).
Privacy with Technology
The other side of security is privacy. The use of information technology in business requires balancing the needs of those who use the information against the rights and desires of the people whose information may be used. On one hand information about people is gathered stored, analyzed, and reported because organizations can use it to make better decisions. Some of these decisions, including whether to hire a job candidate, approve a loan, or offer a scholarship, can profoundly affect peoples lives. In addition, the global marketplace and increased competitiveness have increased the importance of knowing consumers purchasing habits and financial condition. Companies use this information to target marketing efforts to consumers who are most likely to buy their products and services. Organizations also need basic information about customers to serve them better. It is hard to imagine an organization having a relationship with its customers without having data about them. Thus organizations want systems that collect and store key data from every interaction they have with a customer (Reynolds, 2007, p. 107).
Workplace privacy issues are being presented with increasing frequency as terminated employees lodge discrimination claims. Similar scenarios are played out in the workplace on a regular basis: An employee gets terminated, and then the company analyzes his or her computer for information. Incriminating e-mail messages get recovered or monitoring software picks up the employees visits to inappropriate Web sites. Alternatively, employees sue for violation of privacy for being videotaped or having their e-mails read. Recent decisions and cases being reviewed by the U.S. Supreme Court and the New Jersey Supreme Court suggest that what once seemed liked and open and closed┬Ł case when it came to workplace privacy may be about to change. In the past, if an employer has a policy that tells employees they are able to review e-mails and text messages, then the employees do not have a legitimate expectation of privacy┬Ł in the workplace. However, a review of some recent cases, indicate that even though an employer has posted such policy, it may not end the discussion on whether an employer can read an employees private e-mail or text messages (Dillenberger, 2009). Last year, a federal appeals court in San Francisco came down on the side of employee privacy, ruling employers that contract with an outside business to transmit text messages ca not read them unless the worker agrees. The ruling came in a lawsuit filed by Ontario, California policy officers who sued after a wireless provider gave their department transcripts of an officers text messages in 2002. The case is on appeal to the U.S. Supreme Court (Searcey, 2009).
Employees often use their employers computer equipment to conduct their private and personal business. Some even store sensitive and embarrassing details about their lives on company equipment assuming that they are entitled to a certain level of privacy. Sometimes employees even go as far as conducting business for their personal company or another employer during the hours that they are expected to be conducting work for their employers (Miedema & Pushalik, 2009). For these and other reasons, many organizations have developed a policy on the use of IT to protect against employee abuses that reduce worker productivity or that could expose the employer to harassment lawsuits. As noted before, the institution and communication of an IT usage policy establishes boundaries of acceptable behavior and enables management to take action against violators. The potential for decreased productivity, coupled with increased legal liabilities from computer users, have led employers to monitor workers to ensure that the corporate IT usage policy is followed. More than 80 percent of major U.S. firms find it necessary to record and review employee communications and activities on the job, including phone calls, e-mail, Internet connections, and computer files. Some are even videotaping employees on the job. In addition, some companies employ random drug testing and psychological testing. With few exceptions, these increasingly common (and many would say intrusive) practices are perfectly legal (Reynolds, 2007, p. 127).
The Fourth Amendment of the Constitution protects citizens from unreasonable government searches and is often invoked to protect the privacy of government employees. Public-sector workers can appeal directly to the reasonable expectation of privacy┬Ł standard established by the Supreme Court rule in Katz v. United States in 1998. However, the Fourth-Amendment cannot be used to limit how a private employer treats its employees, because such actions are not taken by the government. As a result, public sector employees have far greater privacy rights than those in private industry. Although private-sector employees can seek legal protection against an invasive employer under various state statutes, the degree of protection varies widely by state (Reynolds, 2007, p. 128). Courts continue to examine the scope of an employees privacy interest while at work, particularly as new technologies are introduced in the workplace. Californias Constitution, as well as statutes, protects employee privacy. The questions courts ask when assessing privacy interests in the workplace are generally the same: Does the employee have a reasonable expectation of privacy? Was that expectation violated under the circumstances? Courts have considered employee privacy interests in e-mails and text messages, social network group messages, social network groups and videotaping (Employee Privacy, 2009).
Unsolicited advertising by e-mail, which is known as spam, is usually viewed as an undesirable e-commerce practice, and often a violation of the recipients privacy. Companies who spam potential buyers seldom develop a loyal customer base in this way, often earning their displeasure instead. The most privacy-conscious companies now ask visitors to their Web sites for permission to send them information via e-mail. Their messages also include instructions telling them how to opt out of receiving future e-mail. Email spam has become such a nuisance that information service providers and manufactures of virus scanning software now routinely seek to detect and eliminate spam messages (Senn, 2004, p. 405). Online shopping usually increases during the holiday season, unfortunately, so does spam activity and other schemes aimed at online shoppers. Because the array of Web promotions and discounts at e-commerce sites is so overwhelming during the holiday season, security experts warn consumers to be extra skeptical as they surf the Web for holiday deals (Wong, 2009). Even with the onslaught of scams, consumers can follow a few guidelines to keep their online activities safe:
Separate password: Consumers should avoid using the same password everywhere out of convenience. The message warrants reinforcement during the holidays because shoppers may be setting up new accounts at online retailers. It is recommended that consumers should choose one password for all online baking sites, one for e-commerce sites such as eBay or Amazon, and a disposable password for sites that require registration but the consumer does not plan to visit again. For e-mail, passwords should be unique because hackers can use the address to reset information on other accounts.
Vet unfamiliar sites: Researchers at McAfee Labs noticed a new campaign this year that uses e-mails and ads to direct consumers to Web sites purporting to sell discounted luxury goods from popular brands. These sites are loaded with malicious software.
Keep security updated: Security experts say consumers should make sure they have the most up-to-date operating systems and browsers on their computers, and turn on automatic security update features (Wong, 2009).
Identify theft occurs when someone steals key pieces of personal information to gain access to a persons financial accounts. This information includes names, address, date of birth, Social Security number, passport number, drivers license number, and mothers maiden name. Using this information, an identity thief may apply for new credit or financial accounts, rent an apartment, set up utility or phone service, and register for college coursesÔÇŁall in someone elses name. Although estimates of the number of incidents vary greatly, identity theft is widely recognized as the fastest growing form of fraud in the United States (Reynolds, 2007, p. 122).
One of the primary ways consumers identities are being stolen is through the use of spyware and adware. Spyware is a term for keystroke-logging software that is downloaded to users computers without adequate notice, consent, or control for the user. It is often promoted as a spouse monitor, child monitor, or surveillance tool. Spyware creates a record of the key-strokes entered on the computer, enabling the capture of account usernames, passwords, credit card numbers, and other sensitive information. The spy can even view the Web sites visited and transcripts of chat logs (Sriramachandramurthy, Balasubramanian & Hodis, 2009). Spyware operates even if the infected computer is not connected to the Internet. Then, the data captured by the spyware is e-mailed directly to the spy or is posted to a Web site where the spy can view it. Spyware frequently employs sophisticated methods to avoid detection by popular software packages that are specifically designed to combat it. Consumers fear of spyware has become so widespread that many people now delete e-mail from unknown sources without even opening the messages. This trend is seriously damaging the effectiveness of e-mail as a means for legitimate companies to communicate with customers (Reynolds, 2007, p. 122).
The defensive measures employed by Internet users can be broadly classified into two types. The first and more common method is the installation of antivirus and firewall packages. Such programs represent a technical defense measure as these measures require the explicit installation of software packages that are specifically designed to prevent spyware and adware infections. Other software, such as Windows Defender, is automatically installed during routine windows updates and may also provide protection against spyware. However, the user may not be completely aware of the installation of these packages as the application of updates is often part of an automated process. Many users therefore may resort to a second approach to try and avoid risk. Users should exercise extreme caution or avoid altogether the following Internet and networking activities:
Utilizing peer-to-peer networks
Visiting Web sites with questionable reputations
Using Vulnerable browsers
Opening e-mail attachment files from unknown addresses
Such activities increase users exposure to spyware, restricting or avoiding them may serve as an effective means of keeping spyware at bay (Sriramachandramurthy, Balasubramanian & Hodis, 2009).
Wayne Ivey, a Florida law enforcement officer who has specialized in identity theft investigations for more than 15 years, says that whatever tools an identity thief is using, dumpster diving for individual credit card numbers, or stealing identities by the millions┬ŁÔÇŁthe damage that can be done to someone is exactly the same. According to Ivey, this rapidly evolving crime is becoming more difficult to stop. Only one in 700 identity thieves is ever arrestedÔÇŁwere looking at a crime that has reached epidemic proportions┬Ł (Shah, 2009). Ivey goes on to say that while credit card companies may be forgiving for some unauthorized charges to your card due to theft, the more clever identity thieves can use an unsuspecting consumers credit and personal data to apply for new credit, purchase a new car or house. In some cases, they will use the consumers identity if they get arrested or in trouble with the law (Shah, 2009).
Unfortunately, most of the burden still remains with the consumer to protect themselves from these potential attacks. Additionally, companies are urged to take better care of their customers data. Sean Arries, a security expert with Terremark in Miami, says [ho]pefully, the American public will start to realize whats going on and push for more security┬Ł. While many major retailers have updated the security of their networks, some smaller stores have not. According to a recent survey by the National Retail Federation, small merchants that have never been breached may have an unrealistic expectation of their security. According to the survey, 72 percent of them believe the risk their company faces from a data compromise is low, or not possible. Conversely, 67 percent of merchants who have been breached call the risk high. As a result, the survey showed, the latter group typically spends more to help secure their businesses (Shah, 2009).
When it comes to identity theft, the old adage an ounce of prevention is worth a pound of cure┬Ł definitely applies. Consumer education can completely thwart thieves, says Reagan Rick, regional president of Milwaukee based M&I Bank (Schnitzler, 2009).
Social Networking Issues
Social networks such as MySpace and Facebook feature tools to help people share their interests and interact. They are also helpful in allowing people to connect or reconnect with people all around the world. LinkedIn.com is a social network that provides networking services to business professionals, other niche sites have begun to spring up to serve professional groups such as lawyers, doctors, engineers, and dentists. Members of social networking sites spend hours surfing pages, checking out other members, and exchanging messages, revealing a great deal of information about themselves (Laudon, 2010, p. 61)
Although social networking has raised security and liability concerns, businesses are embracing it, even leveraging it, for its attendant benefits of collaboration, enterprise knowledge management and brand and mission extension. Social networks which are interactive, collaborative online communities created by technology, have certainly gone mainstream. And now they are becoming a value-added feature of the corporate landscape. Miley Ainsworth, director of IT innovation at FedEx Services, started using social networking principles in late 2006 as part of FedExs internal innovation-focused website, Face Net (a play on Facebook). FedEx users enter areas of personal interest and expertise and then identify colleagues with similar entries. Users can join issue groups, collaborate on projects and even post training video (Mathews, 2007).
However, as more workers spend a greater part of their days on social networks like Facebook and Twitter, hackers have turned their energies toward spreading their malware across those services, harming workstations and company networks. Increasingly, hackers have turned their attentions away from e-mail, in part due to the fact people spend more of their time communicating with friends, family and colleagues over mediums like Facebook and Twitter. In addition, the e-mail environment has reached a level of maturity that makes the new frontier of social networks more attractive to hackers and spammers, says David Lavenda, a vice president at WorkLightt, a vendor that sponsored recent study measuring Web 2.0-targeted hacking. The list of security hacks on Web 2.0 and social networking sites were impressive, the report found. Nearly one-fifth were caused by authentication hacking (where someone is able to gather user names and passwords). Others included database hacking (21 percent), content spoofing (11 percent) and cross site scripting (XSS), an incident where malicious code runs on a webpage and eventually can enable phishing attacks. The consequences of these types of hacks can be incredibly harmful. According to the report, nearly 30 percent lead to the leakage of sensitive information. Around 13 percent resulted in actual monetary loss, while more than 10 percent installed malware on computers or their corresponding networks (Lynch, 2009). The question then becomes should employers forbid the use of social networks to their employers┬Ł? Even if they do, the employees will find a way to use them anyway. Therefore, employers should be proactive and address the potential threats.
Advances in technology have made our lives easier and more convenient. Technology has been integrated into almost every aspect of the products and services that we utilize every day. The most successful people are those who know to make the most of information technology. That involves more than just know how to key data into a computer or how to print reports. Success requires knowing what information technology can do to improve your personal and social life and how it can enhance your businesss products and services in ways that add to their value for customers. It also requires being savvy enough to avoid the pitfalls that are inherent in todays technological advances. Such as, computer viruses, identity theft, spamming and cyber bullying. Being technologically savvy will assist you in navigating through all of technologys ethical, security and privacy issues.
If you are the original writer of this essay and no longer wish to have the essay published on the UK Essays website then please click on the link below to request removal: