LEGAL, ETHICAL AND SOCIAL ISSUES IN MANAGEMENT
INFORMATION SYSTEMS
Management Information Systems Ethical and Social Concerns
Computer Ethics
Although ethical decision-making is a thoughtful process, based on one�s own personal
fundamental principles, we need codes of ethics and professional conduct for the following
reasons:
- Document acceptable professional conduct to:
i) Establish status of the profession
ii) Educate professionals of their responsibilities to the public
iii) Inform the public of expectations of professionals
iv) Judge inappropriate professional behaviour and punish violators
- Aid the professional in ethical decision-making.
The following issues distinguish computing professionals� ethics from other professionals�
ethics:
- Computing (automation) affects such a large segment of the society (personal, professional,
business, government, medical, industry, research, education, entertainment, law, agriculture,
science, art, etc); it changes the very fabric of society.
- Information technology is a very public business
- Computing is a young discipline
- It changes relationships between: people, businesses, industries, governments, etc
� Communication is faster
� Data can be fragile: it may be insecure, invalid, outdated, leaked, lost,
� unrecoverable, misdirected, copied, stolen, misrepresented, etc.
� The well-being of people, businesses, governments, and social agencies may
� be jeopardised through faulty computing systems and/or unethical behaviour
� by computing professionals
� Computing systems can change the way people work: it can not only make people
� more productive but can also isolate them from one another
� Conceivably could create a lower and upper class society
� People can lose their identity in cyberspace
� Computing systems can change humankind�s quality of life
� Computing systems can take control of parts of our lives: for good or bad.
The Moral Dimension of Management Information Systems
General moral imperatives
- Contribute to society and human well-being: minimise negative consequences of
computing systems including threats to health and safety, ensure that products will be used in
socially responsible ways and be alert and make others aware of potential damage to the
environment.
- Avoid harm to others: this principle prohibits use of computing technology in ways that
result in harm to the users, general public, employees and employers. Harmful actions
include intentional destruction or modification of files and programmes leading to serious
loss of resources or unnecessary expenditure of human resources such as the time and effort
required to purge systems of computer viruses.
- Be honest and trustworthy: the honest computing professional will not make deliberately
false or deceptive claims about a system or system design, but will instead provide full
disclosure of all pertinent system limitations and problems. He has a duty to be honest about
his qualifications and about any circumstance that may lead to a conflict of interest.
- Be fair and take action not to discriminate: the values of equality, tolerance and respect
for others and the principles of equal justice govern this imperative.
- Honour property rights including copyrights and patents: violation of copyrights, patents,
trade secrets and the terms of license agreement is prohibited by the lawin most
circumstances. Even when software is not so protected, such violations are contrary to
professional behaviour. Copies of software should be made only with proper authorisation.
Unauthorised duplication of materials must not be condoned.
- Give proper credit for intellectual property: computing professionals are obligated to
protect the integrity of intellectual property. Specifically, one must not take credit for other�s
ideas or work, even in cases where the work has not been explicitly protected by copyright,
patent, etc.
- Respect the privacy of others: computing and communication technology enables the
collection and exchange of personal information on a scale unprecedented in the history of
civilisation. Thus there is increased potential for violating the privacy of individuals and
groups. It is the responsibility of professionals to maintain the privacy and integrity of data
describing individuals. This includes taking precautions to ensure the accuracy of data, as
well as protecting it from authorised access or accidental disclosure to inappropriate
individuals. Furthermore, procedures must be established to allow individuals to review their
records and correct inaccuracies.
- Honour confidentiality: the principle of honesty extends to issues of confidentiality of
information whenever one has made an explicit promise to honour confidentiality or,
implicitly, when private information not directly related to the performance of one�s duties
becomes available. The ethical concern is to respect all obligations of confidentiality to
employers, clients, and users unless discharged from such obligations by requirements of the
law or other principles of this code.
More specific professional responsibilities
- Strive to achieve the highest quality, effectiveness and dignity in both the process and product
of professional work.
- Acquire and maintain professional competence
- Know and respect existing laws pertaining to professional work
- Accept and provide appropriate professional review
- Give comprehensive and thorough evaluations of computer systems and their impacts,
including analysis of possible risks.
- Honour contracts, agreements and assigned responsibilities
- Improve public understanding of computing and its consequences
- Access computing and communication resources only when authorised to do so
Organisational Leadership Imperatives
� Articulate social responsibilities of members of an organisational unit and encourage full
acceptance of those responsibilities
� Manage personnel and resources to design and build information systems that enhance the
quality of working life.
� Acknowledge and support proper and authorised uses of an organisation�s computing and
communication resources.
� Ensure that users and those who will be affected by a system have their needs clearly
articulated during the assessment and design of requirements; later the system must be
validated to meet requirements.
� Articulate and support policies that protect the dignity of users and others affected by a
computing system.
� Create opportunities for members of the organisation to learn the principles and limitations of
computer systems.
The Legal Issues in Management Information Systems
Software engineers shall commit themselves to making the analysis, specification, design,
development, testing and maintenance of software a beneficial and respected profession. In
accordance with their commitment to the health, safety and welfare of the public, software
engineers shall adhere to the following eight principles.
i. Public � software engineers shall act consistently with public interest.
ii. Client and employer - software engineers shall act in a manner that is in the best interest of
their client and employer consistent with public interest.
iii. Product � software engineers shall ensure that their products and related modifications meet
the highest professional standards possible.
iv. Judgment � software engineers shall maintain integrity and independence in their
professional judgment.
v. Management � software engineering managers and leaders shall subscribe to and promote an
ethical approach to the management of software development and maintenance.
vi. Profession � software engineers shall advance the integrity and reputation of the profession
consistent with the public interest.
vii. Colleagues � software engineers shall be fair to and supportive of their colleagues.
viii. Self � software engineers shall participate in lifelong learning regarding the practice of their
profession and shall promote an ethical approach to the practice of the profession.
Terminology
Digital Signature
A digital signature (not to be confused with a digital certificate) is an electronic signature that
can be used to authenticate the identity of the sender of a message or the signer of a document,
and possibly to ensure that the original content of the message or document that has been sent
is unchanged. Digital signatures are easily transportable, cannot be imitated by someone else,
and can be automatically time-stamped. The ability to ensure that the original signed message
arrived means that the sender cannot easily repudiate it later.
A digital signature can be used with any kind of message, whether it is encrypted or not, simply
so that the receiver can be sure of the sender�s identity and that the message arrived intact. A
digital certificate contains the digital signature of the certificate-issuing authority so that anyone can
verify that the certificate is real.
How it works
Assume you were going to send the draft of a contract to your lawyer in another town. You want to
give your lawyer the assurance that it was unchanged from what you sent and that it is really from
you.
a) You copy-and-paste the contract (it�s a short one!) into an e-mail note.
b) Using special software, you obtain a message hash (mathematical summary) of the contract.
c) You then use a private key that you have previously obtained from a public-private key
authority to encrypt the hash.
d) The encrypted hash becomes your digital signature of the message. (Note that it will be
different each time you send a message.)
At the other end, your lawyer receives the message.
a) To make sure it�s intact and from you, your lawyer makes a hash of the received message.
b) Your lawyer then uses your public key to decrypt the message hash or summary.
c) If the hashes match, the received message is valid.
Digital Certificate
A digital certificate is an electronic �credit card� that establishes your credentials when doing
business or other transactions on the Web. It is issued by organisations known as certification
authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate
holder�s public key (used for encrypting messages and digital signatures), and the digital signature
of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some
digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that
authenticating users can look up other users� public keys.
Summary
To retain a competitive advantage and to meet basic business requirements organizations must
endeavour to achieve the following security goals:
� Confidentiality � protect value of information and preserve the confidentiality of sensitive
data.
� Integrity � ensure the accuracy and reliability of the information stored on the computer
systems.
� Availability � ensure the continued access to the information system and all its assets to
legitimate users
� Ensure conformity to laws, regulations and standards.
Hazards (exposures) to information security - is a form of possible loss or harm. Examples of
exposures include:
� Unauthorised access resulting in a loss of computing time
� Unauthorised disclosure � information revealed without authorisation
Threats to information security - These are circumstances that have potential to cause loss or
Harm
� Human error
� Disgruntled employees
� Dishonest employees
Application controls includes methods for ensuring that:
� Only complete, accurate and valid data is entered and updated in a computer system
� Processing accomplishes the correct task
� Processing results meet expectations
� Data is maintained
There are two common encryptions or cryptographic systems:
a) Symmetric or private key system
Symmetric cryptosystem use a secret key to encrypt the plaintext to the cipher text. The
same key is also used to decrypt the cipher text to the corresponding plaintext.
b) Asymmetric or public key system
Asymmetric encryption systems use two keys, which work together as a pair. One key
is used to encrypt data, the other is used to decrypt data. Either key can be used to
encrypt or decrypt, but once one key has been used to encrypt data, only its partner can
be used to decrypt the data.
A digital certificate is an electronic �credit card� that establishes your credentials when doing
business or other transactions on the Web. It is issued by organisations known as certification
authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate
holder�s public key.