1

Ethical Considerations

In general, following topics will be discussed in ethical considerations in use of computers

Use of copied software Unauthorized access (intrusion) Safety critical applications Encryption, law enforcement and privacy

2

Options to Avoid Software Piracy What is your opinion and why?:

A) Software should be free

B) Software prices should be reduced drastically

C) Software should be treated just like any other commercial product

Should the software copyright laws be amended to allow the customer to install it on multiple machines?

3

Options to Avoid Software Piracy Would you prefer a freeware product or

commercial product. Justify your answer What are the consequences for the vendors

and customers if the general application software prices are reduced to under $10 per package

Comment on the following FSF statement “Software should not have owners”

4

Unauthorized Access

We look into several suspicious activities similar to each other

“Hacking” means accessing a computer system in a way different from normal. The motive can be to test the system for its security, to learn its various features or to damage the system

The term “Hacking” is now-a-days being used in a negative sense

5

Unauthorized Access

“Intrusion” or “unauthorized access” occurs when the hacker uses an account that was not assigned to him/her by the system administrator AND/OR the usage is inconsistent with the established policies

Unauthorized access can take a number of forms some of which are given in “Secrets of a Superhacker”

6

Secrets of a Superhacker

Creation of virus programs Creation of worm programs Creation of Trojan horse programs Creation of logic bomb programs Monitoring the network for password sniffing

All above activities are unethical and most are declared crimes

7

Worksheet Information

In 1996, federal agents tracked down an Argentine student who broke into a Harvard University computer as well as into sensitive US military and space agency files

Julio Cesar Ardita used his home computer in Argentina to break into academic and government machines

8

Worksheet Information

After watching his activities for months, FBI found that the hacker consistently typed certain words when breaking into computer systems.

FBI obtained a court order to install a computer on the Harvard network with a "sniffer" program that would look for those words.

9

Worksheet Information

Harvard, unlike many other system owners, did not inform computer users that their communications might be monitored to protect the system's security.

Thus FBI was able to track down the intruder by scanning all emails, personal messages and other information passing through Harvard network

http://figment.csee.usf.edu/~kwb/nsf-ufe/zubairi1.htm

10

Safety Critical Applications

We will discuss the responsibilities of software developers in safety critical applications

Then we will review the topics of encryption, law enforcement and privacy

11

Safety Critical Systems

In general, the systems having a real-time component or components impacting human safety are considered safety critical systems

12

Safety Critical Systems

The examples of such systems are aircraft and air traffic control, nuclear reactor control and medical instrumentation

For example, air traffic control must issue a warning if two aircrafts come dangerously close to each other

A software keeps processing “time to collision” in the background

13

14

Smart Bombs should not fall away from the military targets

15

Traffic Signals should not turn green for two roads that cross each other

16

The disasters

Hartford Civic center roof collapsed under a load of snow on Jan 18th, 1978

The roof design relied heavily on computer modeling

Therac-25, a radiation therapy system, killed and injured several patients between 1985 and 1987

17

The disasters

The overdoses were traced to errors in the software and the software/hardware interlock

The software for Therac-25 was developed by a single person, using PDP-11 assembly language

The software evolved over several years but no documentation was prepared

18

The disasters

An opinion expressed by a programmer in response to Therac-25 accidents is interesting

The author suggests that the industry’s state of the art in building safe software is not sufficiently advanced to risk human lives

Therefore the author decided not to write software for any system involving human lives (i.e. bio-medical systems)

19

The disasters

More recently, an error in error checking led $125 million Mars probe to disaster

The spacecraft’s builder, Lockheed Martin Astronautics, submitted acceleration data in English units of pounds of force instead of the metric unit called newtons. At JPL, the numbers were entered into a computer that assumed metric measurements.

http://abcnews.go.com/sections/science/DailyNews/marsclimate990930.html

20

The Code

“Accept responsibility in making engineering decisions consistent with the safety, health and welfare of the public”– IEEE Code of Ethics, item 1

“Strive to achieve the highest quality in both the process and products of professional work”– ACM Code of Ethics, professional responsibility 1

21

What Can be Done?

What can be done to avoid such accidents in future?

We would like to give general suggestions for people involved in development of safety critical systems

22

Suggestions

Most failures have multiple causes. Software should not be analyzed alone for finding errors. The impact of certain hardware failures on software performance can be devastating

Modern software engineering techniques should be used by designers of safety critical systems

Over-reliance on computer models can lead to disasters

23

Encryption, Law Enforcement and Privacy Issues There is a conflict between an individual’s

right to privacy and the government’s need to invade the privacy to uphold the law

Computing has become sophisticated enough to erode the ability of law-enforcement to do “wiretapping”

Digital telephony has made it more difficult to manage wiretapping

24

Issues in Digital Telephony and Wiretapping Digital Telephony standards were passed by

Congress in 1994 to ensure continued wiretapping

Is this the most effective way to fight crime?– In 1991, 856 wiretaps were analyzed. 536

involved narcotics and 114 involved racketeering

25

Issues in Digital Telephony and Wiretapping Is the government expanding its role as “big

brother”?– Relatively recent history provides evidence of

government abuse. Therefore, the wiretap must occur with the permission of phone company and FBI should not bypass the phone company

Could the wiretap capabilities create security problems?– Hackers are very interested in breaking into wiretap capable

phone systems. It should be treated as “safety-critical system”

26

Encryption Issues

Data encryption has been discussed previously

Government has increasingly become concerned about the potential misuse of data encryption

Escrowed Encryption Standard (EES) is a new private key encryption standard developed by the federal government

27

Encryption Issues

EES devices are given unique serial numbers and 80-bits unit key

The unit key is created by two escrow agents using their own secret keys

There is a law enforcement access field in an encrypted message thus it can be decrypted by the government

28

How do you feel about computers?

THE

END

yep

no