1 Ethical Considerations 4 In general, following topics will be discussed in ethical considerations in use of computers 4 Use of copied software 4 Unauthorized access (intrusion) 4 Safety critical applications 4 Encryption, law enforcement and privacy

2 Options to Avoid Software Piracy 4 What is your opinion and why?: A) Software should be free B) Software prices should be reduced drastically C) Software should be treated just like any other commercial product 4 Should the software copyright laws be amended to allow the customer to install it on multiple machines?

3 Options to Avoid Software Piracy 4 Would you prefer a freeware product or commercial product. Justify your answer 4 What are the consequences for the vendors and customers if the general application software prices are reduced to under $10 per package 4 Comment on the following FSF statement 4 “Software should not have owners”

4 Unauthorized Access 4 We look into several suspicious activities similar to each other 4 “Hacking” means accessing a computer system in a way different from normal. The motive can be to test the system for its security, to learn its various features or to damage the system 4 The term “Hacking” is now-a-days being used in a negative sense

5 Unauthorized Access 4 “Intrusion” or “unauthorized access” occurs when the hacker uses an account that was not assigned to him/her by the system administrator AND/OR the usage is inconsistent with the established policies 4 Unauthorized access can take a number of forms some of which are given in “Secrets of a Superhacker”

6 Secrets of a Superhacker 4 Creation of virus programs 4 Creation of worm programs 4 Creation of Trojan horse programs 4 Creation of logic bomb programs 4 Monitoring the network for password sniffing All above activities are unethical and most are declared crimes

7 Worksheet Information 4 In 1996, federal agents tracked down an Argentine student who broke into a Harvard University computer as well as into sensitive US military and space agency files 4 Julio Cesar Ardita used his home computer in Argentina to break into academic and government machines

8 Worksheet Information 4 After watching his activities for months, FBI found that the hacker consistently typed certain words when breaking into computer systems. 4 FBI obtained a court order to install a computer on the Harvard network with a "sniffer" program that would look for those words.

9 Worksheet Information 4 Harvard, unlike many other system owners, did not inform computer users that their communications might be monitored to protect the system's security. 4 Thus FBI was able to track down the intruder by scanning all s, personal messages and other information passing through Harvard network 4

10 Safety Critical Applications 4 We will discuss the responsibilities of software developers in safety critical applications 4 Then we will review the topics of encryption, law enforcement and privacy

11 Safety Critical Systems 4 In general, the systems having a real-time component or components impacting human safety are considered safety critical systems

12 Safety Critical Systems 4 The examples of such systems are aircraft and air traffic control, nuclear reactor control and medical instrumentation 4 For example, air traffic control must issue a warning if two aircrafts come dangerously close to each other 4 A software keeps processing “time to collision” in the background

13

14 Smart Bombs should not fall away from the military targets

15 Traffic Signals should not turn green for two roads that cross each other

16 The disasters 4 Hartford Civic center roof collapsed under a load of snow on Jan 18th, The roof design relied heavily on computer modeling 4 Therac-25, a radiation therapy system, killed and injured several patients between 1985 and 1987

17 The disasters 4 The overdoses were traced to errors in the software and the software/hardware interlock 4 The software for Therac-25 was developed by a single person, using PDP-11 assembly language 4 The software evolved over several years but no documentation was prepared

18 The disasters 4 An opinion expressed by a programmer in response to Therac-25 accidents is interesting 4 The author suggests that the industry’s state of the art in building safe software is not sufficiently advanced to risk human lives 4 Therefore the author decided not to write software for any system involving human lives (i.e. bio-medical systems)

19 The disasters 4 More recently, an error in error checking led $125 million Mars probe to disaster 4 The spacecraft’s builder, Lockheed Martin Astronautics, submitted acceleration data in English units of pounds of force instead of the metric unit called newtons. At JPL, the numbers were entered into a computer that assumed metric measurements. 4 mate html

20 The Code 4 “Accept responsibility in making engineering decisions consistent with the safety, health and welfare of the public” –IEEE Code of Ethics, item 1 4 “Strive to achieve the highest quality in both the process and products of professional work” –ACM Code of Ethics, professional responsibility 1

21 What Can be Done? 4 What can be done to avoid such accidents in future? 4 We would like to give general suggestions for people involved in development of safety critical systems

22 Suggestions 4 Most failures have multiple causes. Software should not be analyzed alone for finding errors. The impact of certain hardware failures on software performance can be devastating 4 Modern software engineering techniques should be used by designers of safety critical systems 4 Over-reliance on computer models can lead to disasters

23 Encryption, Law Enforcement and Privacy Issues 4 There is a conflict between an individual’s right to privacy and the government’s need to invade the privacy to uphold the law 4 Computing has become sophisticated enough to erode the ability of law- enforcement to do “wiretapping” 4 Digital telephony has made it more difficult to manage wiretapping

24 Issues in Digital Telephony and Wiretapping 4 Digital Telephony standards were passed by Congress in 1994 to ensure continued wiretapping 4 Is this the most effective way to fight crime? –In 1991, 856 wiretaps were analyzed. 536 involved narcotics and 114 involved racketeering

25 Issues in Digital Telephony and Wiretapping 4 Is the government expanding its role as “big brother”? –Relatively recent history provides evidence of government abuse. Therefore, the wiretap must occur with the permission of phone company and FBI should not bypass the phone company 4 Could the wiretap capabilities create security problems? –Hackers are very interested in breaking into wiretap capable phone systems. It should be treated as “safety- critical system”

26 Encryption Issues 4 Data encryption has been discussed previously 4 Government has increasingly become concerned about the potential misuse of data encryption 4 Escrowed Encryption Standard (EES) is a new private key encryption standard developed by the federal government

27 Encryption Issues 4 EES devices are given unique serial numbers and 80-bits unit key 4 The unit key is created by two escrow agents using their own secret keys 4 There is a law enforcement access field in an encrypted message thus it can be decrypted by the government

28 How do you feel about computers? THE END yep no