CHAPTER 12 Ethics and Privacy Copyright John Wiley & Sons Canada

CHAPTER 12: Ethics and Privacy 12.1 Ethical Issues 12.2 Privacy Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada LEARNING OBJECTIVES Define ethics, list and describe the three fundamental tenets of ethics, and describe the four categories of ethical issues related to information technology. Identify three places that store personal data, and for each one, discuss at least one potential threat to the privacy of the data stored there. Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada OPENING CASE CASE 12.1 What to Do About WikiLeaks? The Problem Whistleblowers can capture huge amounts of incriminating documents on a laptop, memory stick, or portable hard drive. This information can be sent through personal e-mail accounts or online drop sites, or they can simply submit it directly to WikiLeaks (www.wikileaks.org). WikiLeaks receives approximately 10,000 new documents every day. Since its inception in December 2006, WikiLeaks has had significant impacts on both businesses and governments; how can future disclosures be prevented? Whistleblowers: employees with insider knowledge of an organization WikiLeaks serves as a dropbox for anyone, anywhere, who disagreed with any organization’s activities or secrets. Example: In January 2008, WikiLeaks posted documents alleging that the Swiss bank Julius Baer (www.juliusbaer.com) hid its clients’ profits from even the Swiss government by concealing them in what seemed to be shell companies in the Cayman Islands. The bank filed a lawsuit against WikiLeaks for publishing data that it claimed had been stolen from its clients. Baer later dropped the lawsuit—but only after generating embarrassing publicity for itself. Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada OPENING CASE The Solution Several cyber security measures from the DLP (data leak protection) industry have been tried. However, none have been effective. Recently, organizations have turned to network forensics, which is the process of constantly collecting every digital “fingerprint” on an organization’s servers to trace and identify an intruder who has broken into the system. Although this software gathers data and makes them easily available, it does not identify the culprit. Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada OPENING CASE The Results How can organizations and governments respond to WikiLeaks? Lawsuits will not work, because WikiLeaks, is a mere conduit for documents. Moreover, even if a company or a government somehow won a judgment against WikiLeaks, that would not shut down the company, because its assets are spread all over the world. Governments may need to revise their practices to avoid being targeted. Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada OPENING CASE Discussion Define the term “whistleblower” as it relates to IT issues. How can governments, organizations, and even individuals prevent future disclosures from whistleblowers? Is it possible to accomplish this task, given that the sources of WikiLeaks’ information appear to be internal? Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada OPENING CASE What We Learned From This Case All organizations, large and small, must be concerned with ethics. You will encounter numerous ethical and privacy issues in your career, many of which will involve IT requiring solutions that do not violate the privacy of governments, organizations, and individuals. Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada 12.1 ETHICAL ISSUES Ethics refers to the principles of right and wrong that individuals use to make choices that guide their behaviour. Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada ETHICAL FRAMEWORKS Ethical Frameworks are standards used to develop general frameworks for ethics or ethical decision making: Utilitarian Rights Fairness Common Good For examples of standards used in Canada click here: www.csa.ca Utilitarian approach: an ethical action is the one that provides the most good or does the least harm. Rights approach: ethical action is the one that best protects and respects the moral rights of the affected parties. Fairness approach: ethical actions treat all humans equally, or if unequally, then fairly, based on some defensible standard. Common good approach: highlights the interlocking relationships that underlie all societies. Copyright John Wiley & Sons Canada

ETHICAL FRAMEWORKS (CONTINUED) Traditional GVV 1. Recognize an ethical issue 1. Identify an ethical issue 2. Get the facts 2. Purpose and choice 3. Evaluate alternative actions 3. Stakeholder analysis 4. Make a decision and test it 4. Powerful response 5. Scripting and coaching Standards are used to develop general frameworks for ethics (or ethical decision making). For the full example of the approaches in this slide refer to Table 12.1 in the textbook that illustrates the “traditional” approach, and the GVV (Giving Voice to Values) approach. Using a general ethical framework provides a tool for deciding the nature of an action response that you can take. Table 12.1 Traditional and GVV Approaches: Steps to Take and Questions to Ask When Resolving Ethical Issues Copyright John Wiley & Sons Canada

ETHICS IN THE CORPORATE ENVIRONMENT Code of ethics: a collection of principles that are intended to guide decision making by members of an organization. Fundamental tenets of ethics include: Responsibility Accountability Liability Responsibility means that you accept the consequences of your decisions and actions. Accountability means a determination of who is responsible for actions that were taken. Liability is a legal concept meaning that individuals have the right to recover the damages done to them by other individuals, organizations, or systems. For an example of a code of ethics click on the link in this slide to review the Association for Computing Machinery’s code of ethics for its members. Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada ETHICS AND IT Four general categories of ethical issues in IT applications: Privacy Accuracy Property Accessibility 1. Privacy issues involve collecting, storing, and disseminating information about individuals. 2. Accuracy issues involve the authenticity, fidelity, and accuracy of information that is collected and processed. 3. Property issues involve the ownership and value of information. 4. Accessibility issues revolve around who should have access to information and whether a fee should be paid for this access. Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada UNETHICAL VS. ILLEGAL What is unethical is not necessarily illegal. Ethics scenarios The link will take you to Online Ethics Cases. Each of these scenarios elicits interesting class discussions, because none are particularly “clear cut” as to what the “right thing to do” is. Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada IT’S ABOUT BUSINESS 12.2 The Dot Clones Fab is a highlight successful flash-deal Web site for designer goods. Launched in June 2011, Fab recorded sales of $20 million in its first six months, but six months after Fab launched its operations, other sites began to create knock-offs of their products. German brothers Oliver, Marc, and Alexander Samwer hit upon this wildly successful business model: identify promising U.S. Internet businesses and then clone them for the international market. In total, they have launched more than 100 companies. But, despite their questionable image, the Samwers deny that they are copycats. Rather, they claim that they simply take an idea that is already on the Internet and “make it better.” Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada IT’S ABOUT BUSINESS 12.2 Discussion Discuss the ethics of the Samwers’ business model. Then, discuss the legality of the Samwers’ business model. Compare the two discussions. What are some alternative strategies that companies might use to combat dot clones? Discuss the ethical implications of the statement from Groupon’s CEO that the Samwers are superb operators, not simply copycats. Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada 12.2 PRIVACY Court decisions have followed two rules for defining privacy: The right of privacy is not absolute. Your privacy must be balanced against the needs of society. The public’s right to know supersedes the individual’s right of privacy. Privacy is the right to be left alone and to be free of unreasonable personal intrusions. Information privacy is the right to determine when, and to what extent, information about you can be gathered and/or communicated to others. Privacy rights apply to individuals, groups, and institutions. Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada IT TECHNOLOGIES Data aggregators, digital dossiers, and profiling Electronic Surveillance Personal Information in Databases Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites Rapid advances in information technologies have made it much easier to collect, store, and integrate data on individuals in large databases. Copyright John Wiley & Sons Canada

DATA AGGREGATORS, DIGITAL DOSSIERS, AND PROFILING Data Aggregators collect public and non-public data then integrate these data to form digital dossiers on most adults in North America. Click on the following links to review examples of data aggregators: http://www.lexisnexis.ca/en-ca/home.page www.acxiom.com http://www.statcan.gc.ca/ Data aggregators are companies that collect public data (e.g., real estate records, telephone numbers) and nonpublic data (e.g., social security numbers, financial data, police records, motor vehicle records) and integrate them to produce digital dossiers. Digital dossier: an electronic description of you and your habits. They also sell the dossiers to companies that want to know their customers better, a process called customer intimacy. Profiling: the process of creating a digital dossier. Copyright John Wiley & Sons Canada

ELECTRONIC SURVEILLANCE The law supports the right of employers to read their employees’ e-mail and other electronic documents and to monitor their employees’ Internet use. See the Globe & Mail article regarding surveillance in Canada. Electronic Surveillance. The tracking of people‘s activities, online or offline, with the aid of IT. Electronic surveillance is conducted by employers, the government, and other institutions. Copyright John Wiley & Sons Canada

PERSONAL INFORMATION IN DATABASES Banks and financial institutions Utility companies Employers Government agencies Credit reporting agencies Hospitals Schools and universities Retail establishments Personal Information in Databases. Information is being kept about individuals in many databases. Click on the links in this slide for examples of agencies that collect personal information for their databases: Revenue Canada (government agency) & Equifax Canada (credit reporting agency) © Nicolas Nadjar/Age Fotostock America, Inc. Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada INFORMATION ON INTERNET BULLETIN BOARDS, NEWSGROUPS, AND SOCIAL NETWORKING SITES Social Networking Sites often include electronic discussions such as chat rooms. These sites appear on the Internet, within corporate intranets, and on blogs. A blog (Weblog) is an informal, personal journal that is frequently updated and intended for general public reading. Clicking here will take you to the Government of Canada article on the Pros and Cons of Social Networking in business Social Networking Sites often include electronic discussions such as chat rooms. These sites appear on the Internet, within corporate intranets, and on blogs. A blog (Weblog) is an informal, personal journal that is frequently updated and intended for general public reading. Clicking here will take you to the Government of Canada article on the Pros and Cons of Social Networking in business © Marina Bordjieva/Age Fotostock America, Inc. Click on the picture to read about the pros and cons of Social Networking in business Copyright John Wiley & Sons Canada

PRIVACY CODES AND POLICIES Opt-in Model prohibits an organization from collecting any personal information unless the customer specifically authorizes it. Opt-out model permits the company to collect personal information until the customer specifically requests that the data not be collected. Privacy policies or privacy codes are an organization’s guidelines for protecting the privacy of its customers, clients, and employees. Click on the link for Canada’s anti-spam legislation (opt-in model) and the American Express privacy statement (opt-out model) Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada IT’S ABOUT BUSINESS 12.3 Big Brother is Watching You People today live with a degree of surveillance that would have been unimaginable just a few decades ago. Several developments are helping to increase the monitoring of human activity, including low-cost digital cameras, motion sensors, and biometric readers. Clearly, privacy concerns must be addressed, particularly with the capacity of databases to share data and, therefore, to put together the pieces of a puzzle that can identify us in surprising ways. One of the most troubling privacy problems involves Google and Facebook’s facial-recognition software. Once you are tagged in a photo, that photo could be used to search for matches across the entire Internet or in private databases. Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada IT’S ABOUT BUSINESS 12.3 Discussion Apply the general framework for ethical decision making to the practices of photo tagging and geotagging. Discuss and provide examples of the benefits and the drawbacks of photo tagging and geotagging. Are users responsible for their loss of privacy if they do not know that their photos can be tagged and that they can be located with GPS sensors? Copyright John Wiley & Sons Canada

INTERNATIONAL ASPECTS OF PRIVACY Approximately 50 countries have some form of data-protection laws. Many of these laws conflict with those of other countries, or they require specific security measures. Some countries have no privacy laws at all Whose laws have jurisdiction when records are stored in a different country for reprocessing or retransmission purposes. The absence of consistent or uniform standards for privacy and security obstructs the flow of information among countries, is called transborder data flows. Click on the link in this slide to review the data-protection laws of the European Union. Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada CHAPTER CLOSING Ethics refers to the principles of right and wrong that individuals use to make choices that guide their behavior including responsibility, accountability, and liability. Major ethical issues related to IT are privacy, accuracy, property and access to information. Copyright John Wiley & Sons Canada

CHAPTER CLOSING (CONTINUED) Threats to privacy include advances in information technologies, electronic surveillance, personal information in databases, Internet bulletin boards, newsgroups, and social networking sites. One personal threat to the privacy of data stored is that you might post too much personal information that many unknown people can see. Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada CLOSING CASE CASE 12.2 Target Provides a Surprise The Problem When you shop, you provide details about your buying habits and about yourself to retailers. The retailers then analyze that information to determine what products you like, what products you need, and how to provide you with incentives so you will buy more of their products. For example, because birth records are usually made public, parents immediately begin to receive offers, incentives, and advertisements from all kinds of companies. To be successful, a retailer needs to reach parents before its competitors are aware that a baby is on the way. In the case of Target, its marketing managers aim to send “targeted” ads to women while they’re in their second trimester. Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada CLOSING CASE The Solution Target has long been collecting huge quantities of data on every person who regularly frequents its stores. The company assigns each shopper a unique Guest ID number that collects and maintains data on everything the shopper buys. Target also links demographic information to your Guest ID, such as age, marital status, where you live, estimated salary, what Web sites you visit, etc. The company is also able to buy information such as your ethnicity, employment history, what topics you talk about online, your political leanings, etc. All of this information is meaningless unless it is analyzed and made sense of. Using analytics techniques, analysts at Target created a “pregnancy prediction” score for each female customer, allowing the company to send coupons to female customers according to the pregnancy scores that had been calculated. Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada CLOSING CASE The (Unexpected) Results One day, an angry man entered a Target store and claimed that his daughter had received coupons from Target for baby clothes and cribs, even though she was still in high school. The manager apologized to the man, but when they called a few days later to apologize again, the father confessed that his daughter confided in him that she was indeed pregnant. Target responded to this problem my modifying its marketing policies. Specifically, it began to mix in ads for items the company knew pregnant women would typically never buy. The purpose was to make these ads appear random, so women would assume that everyone else on their block received the same mailer for diapers and cribs. Copyright John Wiley & Sons Canada

Copyright John Wiley & Sons Canada CLOSING CASE Discussion Are Target’s data collection and analysis legal? Why or why not? Support your answer. Are Target’s data collection and analysis ethical? Why or why not? Support your answer. Apply the general framework for ethical decision making to Target’s data collection and analysis. Do you feel that Target’s data collection and analysis invade your privacy? If so, how? If you feel that your privacy is being compromised, what can you do about this problem? Copyright John Wiley & Sons Canada