LEGAL, ETHICAL AND SOCIAL ISSUES IN MANAGEMENT

INFORMATION SYSTEMS

Management Information Systems Ethical and Social Concerns

Computer Ethics

Although ethical decision-making is a thoughtful process, based on one�s own personal

fundamental principles, we need codes of ethics and professional conduct for the following

reasons:

- Document acceptable professional conduct to:

i) Establish status of the profession

ii) Educate professionals of their responsibilities to the public

iii) Inform the public of expectations of professionals

iv) Judge inappropriate professional behaviour and punish violators

- Aid the professional in ethical decision-making.

The following issues distinguish computing professionals� ethics from other professionals�

ethics:

- Computing (automation) affects such a large segment of the society (personal, professional,

business, government, medical, industry, research, education, entertainment, law, agriculture,

science, art, etc); it changes the very fabric of society.

- Information technology is a very public business

- Computing is a young discipline

- It changes relationships between: people, businesses, industries, governments, etc

� Communication is faster

� Data can be fragile: it may be insecure, invalid, outdated, leaked, lost,

� unrecoverable, misdirected, copied, stolen, misrepresented, etc.

� The well-being of people, businesses, governments, and social agencies may

� be jeopardised through faulty computing systems and/or unethical behaviour

� by computing professionals

� Computing systems can change the way people work: it can not only make people

� more productive but can also isolate them from one another

� Conceivably could create a lower and upper class society

� People can lose their identity in cyberspace

� Computing systems can change humankind�s quality of life

� Computing systems can take control of parts of our lives: for good or bad.

The Moral Dimension of Management Information Systems

General moral imperatives

- Contribute to society and human well-being: minimise negative consequences of

computing systems including threats to health and safety, ensure that products will be used in

socially responsible ways and be alert and make others aware of potential damage to the

environment.

- Avoid harm to others: this principle prohibits use of computing technology in ways that

result in harm to the users, general public, employees and employers. Harmful actions

include intentional destruction or modification of files and programmes leading to serious

loss of resources or unnecessary expenditure of human resources such as the time and effort

required to purge systems of computer viruses.

- Be honest and trustworthy: the honest computing professional will not make deliberately

false or deceptive claims about a system or system design, but will instead provide full

disclosure of all pertinent system limitations and problems. He has a duty to be honest about

his qualifications and about any circumstance that may lead to a conflict of interest.

- Be fair and take action not to discriminate: the values of equality, tolerance and respect

for others and the principles of equal justice govern this imperative.

- Honour property rights including copyrights and patents: violation of copyrights, patents,

trade secrets and the terms of license agreement is prohibited by the lawin most

circumstances. Even when software is not so protected, such violations are contrary to

professional behaviour. Copies of software should be made only with proper authorisation.

Unauthorised duplication of materials must not be condoned.

- Give proper credit for intellectual property: computing professionals are obligated to

protect the integrity of intellectual property. Specifically, one must not take credit for other�s

ideas or work, even in cases where the work has not been explicitly protected by copyright,

patent, etc.

- Respect the privacy of others: computing and communication technology enables the

collection and exchange of personal information on a scale unprecedented in the history of

civilisation. Thus there is increased potential for violating the privacy of individuals and

groups. It is the responsibility of professionals to maintain the privacy and integrity of data

describing individuals. This includes taking precautions to ensure the accuracy of data, as

well as protecting it from authorised access or accidental disclosure to inappropriate

individuals. Furthermore, procedures must be established to allow individuals to review their

records and correct inaccuracies.

- Honour confidentiality: the principle of honesty extends to issues of confidentiality of

information whenever one has made an explicit promise to honour confidentiality or,

implicitly, when private information not directly related to the performance of one�s duties

becomes available. The ethical concern is to respect all obligations of confidentiality to

employers, clients, and users unless discharged from such obligations by requirements of the

law or other principles of this code.

More specific professional responsibilities

- Strive to achieve the highest quality, effectiveness and dignity in both the process and product

of professional work.

- Acquire and maintain professional competence

- Know and respect existing laws pertaining to professional work

- Accept and provide appropriate professional review

- Give comprehensive and thorough evaluations of computer systems and their impacts,

including analysis of possible risks.

- Honour contracts, agreements and assigned responsibilities

- Improve public understanding of computing and its consequences

- Access computing and communication resources only when authorised to do so

Organisational Leadership Imperatives

� Articulate social responsibilities of members of an organisational unit and encourage full

acceptance of those responsibilities

� Manage personnel and resources to design and build information systems that enhance the

quality of working life.

� Acknowledge and support proper and authorised uses of an organisation�s computing and

communication resources.

� Ensure that users and those who will be affected by a system have their needs clearly

articulated during the assessment and design of requirements; later the system must be

validated to meet requirements.

� Articulate and support policies that protect the dignity of users and others affected by a

computing system.

� Create opportunities for members of the organisation to learn the principles and limitations of

computer systems.

The Legal Issues in Management Information Systems

Software engineers shall commit themselves to making the analysis, specification, design,

development, testing and maintenance of software a beneficial and respected profession. In

accordance with their commitment to the health, safety and welfare of the public, software

engineers shall adhere to the following eight principles.

i. Public � software engineers shall act consistently with public interest.

ii. Client and employer - software engineers shall act in a manner that is in the best interest of

their client and employer consistent with public interest.

iii. Product � software engineers shall ensure that their products and related modifications meet

the highest professional standards possible.

iv. Judgment � software engineers shall maintain integrity and independence in their

professional judgment.

v. Management � software engineering managers and leaders shall subscribe to and promote an

ethical approach to the management of software development and maintenance.

vi. Profession � software engineers shall advance the integrity and reputation of the profession

consistent with the public interest.

vii. Colleagues � software engineers shall be fair to and supportive of their colleagues.

viii. Self � software engineers shall participate in lifelong learning regarding the practice of their

profession and shall promote an ethical approach to the practice of the profession.

Terminology

Digital Signature

A digital signature (not to be confused with a digital certificate) is an electronic signature that

can be used to authenticate the identity of the sender of a message or the signer of a document,

and possibly to ensure that the original content of the message or document that has been sent

is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else,

and can be automatically time-stamped. The ability to ensure that the original signed message

arrived means that the sender cannot easily repudiate it later.

A digital signature can be used with any kind of message, whether it is encrypted or not, simply

so that the receiver can be sure of the sender�s identity and that the message arrived intact. A

digital certificate contains the digital signature of the certificate-issuing authority so that anyone can

verify that the certificate is real.

How it works

Assume you were going to send the draft of a contract to your lawyer in another town. You want to

give your lawyer the assurance that it was unchanged from what you sent and that it is really from

you.

a) You copy-and-paste the contract (it�s a short one!) into an e-mail note.

b) Using special software, you obtain a message hash (mathematical summary) of the contract.

c) You then use a private key that you have previously obtained from a public-private key

authority to encrypt the hash.

d) The encrypted hash becomes your digital signature of the message. (Note that it will be

different each time you send a message.)

At the other end, your lawyer receives the message.

a) To make sure it�s intact and from you, your lawyer makes a hash of the received message.

b) Your lawyer then uses your public key to decrypt the message hash or summary.

c) If the hashes match, the received message is valid.

Digital Certificate

A digital certificate is an electronic �credit card� that establishes your credentials when doing

business or other transactions on the Web. It is issued by organisations known as certification

authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate

holder�s public key (used for encrypting messages and digital signatures), and the digital signature

of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some

digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that

authenticating users can look up other users� public keys.

Summary

To retain a competitive advantage and to meet basic business requirements organizations must

endeavour to achieve the following security goals:

� Confidentiality � protect value of information and preserve the confidentiality of sensitive

data.

� Integrity � ensure the accuracy and reliability of the information stored on the computer

systems.

� Availability � ensure the continued access to the information system and all its assets to

legitimate users

� Ensure conformity to laws, regulations and standards.

Hazards (exposures) to information security - is a form of possible loss or harm. Examples of

exposures include:

� Unauthorised access resulting in a loss of computing time

� Unauthorised disclosure � information revealed without authorisation

Threats to information security - These are circumstances that have potential to cause loss or

Harm

� Human error

� Disgruntled employees

� Dishonest employees

Application controls includes methods for ensuring that:

� Only complete, accurate and valid data is entered and updated in a computer system

� Processing accomplishes the correct task

� Processing results meet expectations

� Data is maintained

There are two common encryptions or cryptographic systems:

a) Symmetric or private key system

Symmetric cryptosystem use a secret key to encrypt the plaintext to the cipher text. The

same key is also used to decrypt the cipher text to the corresponding plaintext.

b) Asymmetric or public key system

Asymmetric encryption systems use two keys, which work together as a pair. One key

is used to encrypt data, the other is used to decrypt data. Either key can be used to

encrypt or decrypt, but once one key has been used to encrypt data, only its partner can

be used to decrypt the data.

A digital certificate is an electronic �credit card� that establishes your credentials when doing

business or other transactions on the Web. It is issued by organisations known as certification

authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate

holder�s public key.