Computer Law and Ethics
...which a trespasser acquired remote access to a computer system. The computer system contained confidential records about people, and the integrity of the data was important. The prosecution of this case had to be phrased in terms of theft of computer time and valued as such, even though that was insignificant compared to loss of privacy and integrity. Why? Because the law recognised theft of computer time as a loss, but not loss of privacy or destruction of data. 3.3.2 Several laws recognise the privacy of data about individuals. For example, disclosing grades of financial information without permission is a crime. These laws prevent computing Centre employees from disclosing data, but the law does not apply to someone acquiring access without permission. 3.4 Value of data 3.4.1 In another computer crime, a person was found guilty of having stolen a substantial amount of data from a computer data bank. However, the high court determined that the value of the data was the cost of the paper on which it was printed, which was only a few pence. Due to the value, this crime was classified as petty theft. Fortunately, the high court has since determined that information and other intangibles can have significant value. 3.5 Why Computer Crime is Hard to Define 3.5.1 From these examples, it is clear that the legal system has not accommodated advances in computers as rapidly as the rest of Society. Some people in the legal profession do not understand computers and computing; therefore they cannot treat properly, claims involving computers. Creating and changing laws are slow processes, intended to involve substantial thought about the effect of the proposed changes. This deliberate process is very much out of pace with a technology that is progressing as fast as computing. 3.5.2 Adding to the problem of a rapidly changing technology, a computer can perform many roles in a crime. A particular computer can be the subject, object, or medium of a crime. A computer can be attacked (attempted unauthorised access), used to attack (impersonating a legitimate node on a network), and used as a means to commit crime (Trojan horse or fake login). Computer crime statutes have to include all these evils. 3.6 Why Computer Crime is Hard to Prosecute 3.6.1 Even when it is acknowledged that a computer crime has been committed, there are several reasons why computer crime is hard to prosecute. Understanding. Neither courts, solicitors, police, not jurors necessarily understand computers. Many judges began practising law before the invention of computers, and most began before the widespread use of the personal computer. Fortunately, computer literacy in the courts is improving, as judges, lawyers, and police officers become more computer literate. Fingerprints. Police and courts have for year’s depended and tangible evidence, such as fingerprints. But with many computer crimes there are no fingerprints, therefore no physical clues. Forms of assets. We know what cash is, or diamonds, or even negotiable securities. But are 20 invisible magnetic spot's really equivalent to £1 million? Is computer time an asset? What is the value of stolen computer time if the system would have been idle during the time of theft? Juveniles. Many computer claims involve juveniles. Society understands immaturity and can treat even very serious crimes by juveniles as being done with less understanding, than when the same crime is committed by an adult. And more serious, related problem is that many adults view juvenile computer crime as childhood pranks, the modern equivalent of tipping over a dustbin. 4. Examples of current UK legislation. 4.1 Computer misuse Act. 4.1.1 The computer misuse act was introduced in 1990 to secure computer material against unauthorised access or modification. Three categories of criminal offences were established to cover the following conduct; 4.1.2 Unauthorised access to computer material including the illicit copying of software held in any computer. Penalty, up to six months imprisonment or up to a £5000 fine. 4.1.3 Unauthorised access with intent to commit a facility commission of further offences, which covers more serious cases of hacking. The penalty for this is up to five years imprisonment arms and unlimited fine. 4.1.4 Unauthorised modification of computer material, which includes: · international and unauthorised destruction of software or data. · Circulation of infected materials on line. · And unauthorised addition of passwords to data files. The penalty for this is up to five years imprisonment and an unlimited fine. 4.1.5 You must not: · Display any information which enables others to game unauthorised access to computer material. · Display any information that may lead any unauthorised modification of computer material. · Display any material, which may state or encourage others to carry out unauthorised access to or modification of computer material. Copyright 4.2 The Copyright, design and Patents act 1988 4.2.1 The Copyright, design and Patents act 1988 is applicable to all types of creations, including text, graphics, moving images, and sounds by an author or an artist. Distant lead any which are accessible through IT facilities. Any uploading on downloading of information through online technologies which is not authorised by the copyright owner will be deemed to be an infringement of their rights. 4.2.2 You must not: · Make, transmit or steal an electronic copy of copyright material without the permission of the owner. 4.3 Data protection Act 1984 4.3.1 The data protection act 1984 concerns information about leading individuals, which is processed automatically. It basically gives rights to those individuals about whom information is recorded on computer, and demands good computer practice in handling information about people. 4.3.2 You must: · Only use personal data for registered purpose. · Contact the Data Protection Registrar before conducting any activity, which involves a collection, storage, are display of personal data through IT facilities. 4.4 Official Secrets Act 1911- 1989 4.4.1 The official secrets act established several criminal penalties for any person who discloses any material which relates to security, intelligence, defence or international relations and which has come into a person's possession through and an unauthorised disclosure by a crown servant or government contractor. 4.4.2 You must: · Ensure that any such material securely stored and not accessed by authorised personnel. 4.5 Defamation Act 1996 4.5.1 Defamation consists of the publication of opinions and untrue statements, which adversely affect the reputation of a person or a group of persons. If such a statement is published independently, as is the case with statements published on Internet, an action for libel may be brought against those responsible, in line with the defamation act 1996. 4.5.2 You must: · Ensure that all published facts are accurate. · Ensure that opinions and views expressed impersonal: pages of the ability boards do not discredit their subjects in any way, which could damage their reputation. 4.6 Obscene Publications Act 1959 4.6.1 Material which is considered pornographic, excessively violent comes under the provisions of the obscene publications act 1959 other protection of children act 1978. 4.6.2 You must not: · Disseminate or encourage access to material for the purposes other than that permitted by the acceptable company policy. 4.7 Discrimination. 4.7.1 Both the Sex Discrimination Act 1975 and Race Relations Act 1976 and guided by the same principle, which is the prevention of unfair discrimination. both Acts established fines of up to £5000 for criminal offences concerning discriminatory statements. In addition, European Union legislation can cover situations where discrimination takes place on grounds of sexual orientation. Any material located on or disseminated through IT facilities which is considered discriminatory or encourages discrimination on grounds of gender, marital status, colour, race, nationality, ethnic or national origin, employment, education, sexual orientation, age, or disability may be illegal. 4.7.2 You must not: · Use IT facilities to place on or disseminate materials, which discriminate or encourage discrimination on grounds contrary to these acts. 4.8 Health and Safety Regulations 1992 4.8.1 The Health and Safety Regulation (1992), establishes an employer/employee duty for the operation of workstations that employ VDUs. The employer is responsible for ensuring that the workstation meets a minimum physical requirement, that users daily work on a display screen is periodically interrupted by breaks and changes of activity. The Regulation further lays down that the employer must provide an eye test carried out by a competent person, if requested by the employee, and further regular tests thereafter. The Regulation for the first time compelled employers to provide appropriate corrective appliances to enable an employee to use the workstation. 4.8.2 Employers were compelled to introduce adequate health and safety training in the use of any workstation in which an employee may be required to work. 4.8.3 Appendix 2, OfficeWise, outlines the other health and safety issues related to office and computer operation. 4.9 European Council Directive 90/270/EEC 4.9.1 Article 3. Employers are obliged to perform an analysis of workstations in order to evaluate the safety and health conditions to which they give rise for their workers, particularly as regards possible risks to eyesight, physical problems and problems of mental stress. Workers shall receive information on all aspects of safety and health relating to their workstation. Every worker shall also receive training in use of the workstation before commencing this type of work. 4.9.2 The employer must plan their workers activities in such a way that daily work on a display screen is periodically interrupted by breaks or changes of activity reducing the workload at their display screen. 4.9.3 Appendix 3 ( Community legislation in force) outline of this directive in more detail. 4.10 Criminal law. 4.10.1 Incitement to commit a crime is a criminal offence in itself regardless of whether a crime has actually been committed or not. This includes the provision of information via computerised services, which facilitates any activity, which could be construed as a criminal offence. Relevant law might also include the Criminal Justice and Public Order Act 1994. 4.11 International law and Internet 4.11.1 Since there is not international convention on Internet regulation, caution is necessary in considering what law may be applicable. As a basic rule, users of IT facilities must note that although certain materials may be considered legal in their place of origin, that does not prevent the application of UK law if there was materials is considered to be illegal under the law in this country. 4.12 What computer crime does not address 4.12.1 Even with the definitions included in the statutes, the courts must interpret what is computer. MPs have had difficulty in defining precisely what computer is because computer technology is used in many other devices, such as robots, calculators, cars, watches, and medical instruments. More importantly, we cannot predict what kind of devices may be invented in 10 to 15 years from now. Therefore, the language in each of these laws, indicates the type of devices the legislation seeks to include as computers, and is up to the courts to rule on specific cases. Unfortunately, it has taken at while for the courts to build up a pattern of cases, and different courts rule differently in similar situations. Interpretation of each of these terms will be unsettled for some time to come. 4.12.2 Value presents a similar problem. Traditionally, the courts have had trouble separating the intrinsic value of an object such as a sheet of paper with writing on it from its cost to reproduce. The courts now recognise that a pound note is worth more than the cost of paper it is printed on. But the courts have not agreed on the value of printed computer output. The cost of a blank floppy disk is less than one pound, but it may have taken thousands of hours of data gathering and machine time to produce the data recorded on the disk. The courts are still striving to compute the value of computer objects. 5. Ethics. 5.1 Human behaviour 5.1.1 As explained above, the law is not always appropriate, to deal with issues of human behaviour. It is difficult to define a law to preclude only the events we wanted. For example, a law that prevents animals and public places must be refined into guide dogs for the blind. Therefore, it is impossible or impractical to develop laws to describe enforceable forms of behaviour acceptable to society. Instead, society relies on ethics of morals to prescribe generally accepted standards are proper behaviour. And ethnic design objectively defined standard of right and wrong. Ethical standards are often idealistic principles because they focus on one objective. In a given situation, however, several moral objectives may be involved, so that people have to determine and action that is appropriate, considering all the objectives. A set of ethical principles is called and difficult system. 5.1.2 Ethical values vary by society, and from person to person within a society. For example, the concept of privacy is very important in the western cultures. But in eastern cultures, privacy is not desirable because people associate privacy as having something to hide. Therefore, the attitude of people may be affected by culture of background. Also, and individual standards of behaviour may be influenced by past events in life. A person who grew up large family may place greater emphasis on personal control an ownership of possessions language and only child who seldom had to share. Major events are close contact with others can also shape one's ethical position. 5.1.3 Although these aspects of ethics are quite reasonable and understandable, the people to distrust ethics because it is not founded on basic principles all can accept. Also, people from scientific and technical background expect precision and universality. 5.2 Ethical reasoning 5.2.1 Most people make ethical judgments often, perhaps daily. Because we all engaged in ethical choice, there is need to clarify how we do this, so that we apply the principles of ethics in professional situations, as we do and private life. The study of ethics may yield to positive results. First, in situations where we already know what is right and what is wrong, if it should help must justify a choice. Second, if we do not know what ethical action to take in situation, ethics can help us to identify the issues involved, so that we can make reasoned judgments. 5.2.2 The technological theory of ethics focuses on the consequences of an action. The action to be chosen as that which will result in the greatest future good and least harm. For example, if another student were to ask for help with an assignment, you may consider the good (he will owe you a favour), against the bad (you might get caught), plus he will not learn the techniques to be gained from writing his own work. The negative consequences clearly outweigh the positive, so you would refuse. Teleology is a general name applied to many theories of behaviour, of which focus on the goal, outcome, or consequences of the action. 5.2.3 There are two important forms of teleology. Egoism is the form that says a moral judgment is based on the positive benefits to person taking action. The principal of Unitarianism is also an assessment of good and bad results, but the reference group is entire universe. Rule-based principles 5.2.4 Another ethical theory is deontology, which is founded in a sense of duty. This ethical principal state's that certain things are good in and of themselves. These things are naturally good rules or acts, which require no higher justification. Something is just good; it does not have to be judged for its effect. 5.2.5 According to Frankena (1973), examples of intrinsic good things are; · Truth; knowledge country opinion of various kinds, understanding, wisdom. · Just distribution of good and evil; justice. · Pleasure, satisfaction; happiness; life, consciousness. · Peace, security, freedom. · Good reputation, honour, esteem; mutual affection, love, friendship, cooperation; morally good disposition of virtue. · Beauty, aesthetic experience. 5.3 Defining the Field of Computer Ethics 5.3.1 From the 1940s through the 1960s, there was no discipline known as "computer ethics". However, beginning with Walter Maner in the 1970s, active thinkers in computer ethics began trying to delineate and define computer ethics as a field of study. When he decided to use the term "computer ethics" in the mid-70s, Maner defined the field as one, which examines "ethical problems aggravated, transformed or created by computer technology". Some old ethical problems, he said, are made worse by computers, while others are wholly new because of information technology (Maner,1980). 5.3.2 By comparison with the more developed field of medical ethics, Maner focused attention upon applications of traditional ethical theories used by philosophers, especially analysts using the utilitarian ethics of the English philosophers Jeremy Bentham and John Stuart Mill, or the rationalist ethics of the German philosopher Immanual Kant. 5.3.3 Moor’s definition of computer ethics in his article "What Is Computer Ethics?" (Moor, 1985), has been much broader and more wide-ranging than that of Maner. It is independent of any specific philosopher’s theory; and it is compatible with a wide variety of methodological approaches to ethical problem solving. 5.3.4 Moor defined computer ethics as a field concerned with "policy vacuums" and "conceptual muddles" regarding the social and ethical use of information technology: A typical problem in computer ethics arises because there is a policy vacuum about how computer technology should be used. Computers provide us with new capabilities and these in turn give us new choices for action. Often, either no policies for conduct in these situations exist or existing policies seem inadequate. A central task of computer ethics is to determine what we should do in such cases, that is, formulate policies to guide our actions.... One difficulty is that along with a policy vacuum there is often a conceptual vacuum. Although a problem in computer ethics may seem clear initially, a little reflection reveals a conceptual muddle. What is needed in such cases is an analysis that provides a coherent conceptual framework within which to formulate a policy for action (Moor, 1985). 5.3.5 Moor’s way of defining the field of computer ethics is very powerful and suggestive. It is broad enough to be compatible with a wide range of philosophical theories and methodologies, and it is rooted in a perceptive understanding of how technological revolutions proceed. Currently it is the best available definition of the field. Nevertheless, there is yet another way of understanding computer ethics that is also very helpful, and compatible with a wide variety of theories and approaches. 5.3.6 This "other way" was the approach taken by Wiener in his book The Human Use of Human Beings (Weiner, 1950), and Moor also discussed it briefly in "What Is Computer Ethics?" (1985). According to this alternative account, computer ethics identifies and analyses the impacts of information technology upon human values like health, wealth, opportunity, freedom, democracy, knowledge, privacy, security, self-fulfilment, and so on. 5.3.7 In the 1990s, Donald Gotterbarn became a strong advocate for a different approach to defining the field of computer ethics. In Gotterbarn’s view, computer ethics should be viewed as a branch of professional ethics, which is concerned primarily with standards of practice and codes of conduct of computing professionals: There is little attention paid to the domain of professional ethics, the values that guide the day-to-day activities of computing professionals in their role as professionals. By computing professional I mean anyone involved in the design and development of computer artefacts... The ethical decisions made during the development of these artefacts have a direct relationship to many of the issues discussed under the broader concept of computer ethics [Gotterbarn, 1991]. 5.4 Ethical case studies. 5.4.1 In order to analyse how ethics affected professional actions, Parker (1979) carried out a study of ethics in computer technology. Each case study was designed to bring out certain ethical points, some of which are listed below. 5.4.1.1 Case One: Use of computer services. Dave works as a programmer for a large software company. He writes and tests utility programs such as compilers. His company operates two computer shifts: during the day, programme development and online applications are run; at night batch production jobs are completed. Dave has access to work load data, and learns that the evening batch runs are complimentary to daytime programming tasks; that is, adding programming work during the nightshift would not adversely affect performance of computer to other users. He comes back after normal hours to develop his own stock portfolio. His drain on the system is minimal, and he uses very few expendable supplies, such as printer paper. Is Dave’s behaviour ethical? Analysis The utilitarian would consider the total excess of good over bad for all people. Dave receives benefit from use of computer time, although for this application the amount of time is not large. Dave has the possibility of punishment, but he may rate that as unlikely. The company is neither harmed nor helped by this. Thus, to the utilitarian, Dave’s use is justifiable. The Universalism principles seems as if it would cause a problem because clearly if everyone did this, quality of service would degrade. The utilitarian would say that each new user has to weigh good and ba...