PART C: IT ethics, impacts and security
ONLINE MUSIC AND INTELLECTUAL PROPERTY RIGHTS The business problem Before the advent of the Web, people made audiotape copies of music and videos. Few individuals had either the interest or the means to create and distribute copies to larger populations. For the most part, these activities were ignored by the music producers, distributors, and artists who had the legal rights to the content. Then came the Web and a variety of enterprising musicdistribution sites such as MP3.com and Napster.com. MP3.com enabled users to listen to music from any computer with an Internet connection, without paying royalties. Using peer-to-peer (P2P) technology, Napster supported the distribution of music and other digitised content among millions of users. When asked whether they were doing anything illegal, MP3.com and Napster claimed that they were simply supporting what had been done for years and were not charging for their services. Other companies extended the concept to other digitizable media such as videos and movies. The popularity of MP3.com, Napster, and P2P services became too great for the content creators and owners to ignore. Music sales declined (and as of 2004 are still declining). To the creators and owners, the Web was becoming a vast copying machine for pirated software, CDs, movies, and the like. If left undeterred, MP3.com’s and Napster’s services could result in the loss of many thousands of jobs and millions of dollars in revenue.
A SERIES OF “SOLUTIONS” FROM THE MUSIC INDUSTRY Solution 1 In December 2000, EMusic (emusic.com) filed a copyright infringement lawsuit against MP3.com. They claimed ownership of the digital rights to some of the music made available at MP3.com. Other companies—Warner Bros. Music Group, EMI Group PLC, BMG Entertainment, and Sony Music Entertainment—followed suit. A year later, Napster faced similar legal claims. Result 1 MP3.com suspended operations in April 2000 and settled its lawsuit, paying the litigants $20 million each. Napster suspended service and settled its lawsuits for $26 million. After Napster’s demise, a host of other companies (e.g., Morpheus, Grokster, Gnutella, and Kazaa) began offering decentralised peer-to-peer file sharing. Some P2P companies moved to other countries, trying to escape U.S. copyright laws, but legal problems followed
102
them. However, sales of music continued to decline as an estimated 60 million Americans were swapping songs over P2P services. Solution 2 On Monday, September 8, 2003, the Recording Industry Association of American (RIAA) sued 261 American computer users, accusing them of using P2P file-sharing services to illegally distribute and download large amounts of copyrighted music over the Internet. One of the suits involved a 12-year-old girl, Brianna LaHara, who had just started the seventh grade at St. Gregory the Great Catholic School in Manhattan. Result 2 On September, 24, 2003, Sharman Networks, Ltd., the company behind the Kazaa file-sharing software, sued the major record labels, accusing them of using unauthorised versions of its software in their efforts to find users of Kazaa software. Sharman is incorporated in the South Pacific island nation of Vanuatu, with main offices in Sydney, Australia. In October 2003, Verizon (a large Internet service provider) and Charter Communications (a large cable company) sued to prevent the RIAA from obtaining the identities of their customers who have allegedly traded songs illegally online. In addition, the American Civil Liberties Union (ACLU) filed court documents accusing the RIAA of illegally using thousands of subpoenas to unmask alleged copyright infringers. The ACLU said that the RIAA violated due process and constitutional rights shielding Internet users’ anonymity. As for the RIAA lawsuits, about 98 percent of those sued settled out of court, for approximately $2,000 to $3,000 each. When Brianna LaHara settled her suit on September 10, 2003, she paid the RIAA $2,000 and agreed not to share files online. MusicRebellion.com immediately signed her up for its pay service and gave her $2,000 in free songs. Following the RIAA’s lawsuits, universities moved to block music sharing. MIT, Northeastern, and UCLA are among the universities that complied with subpoenas from the RIAA to provide identifying information on those thought to be pirating music. Other universities used different methods. When the U.S. Naval Academy cracked down on illegally downloaded music, 100 midshipmen were stripped of their computers. Penn State limits students in residence halls to 1.5 gigabytes of inbound or outbound network traffic a week. The University of Florida developed its own software, called Icarus, to monitor bandwidth use. Solution 3 On September 23, 2003, BMG Music, one of the RIAA’s member companies, released a music CD with copy protection, the first time it had done so in the United States. Copyproof CDs are the “killer application” in the music industry’s war against digital piracy. The essential idea is to manufacture discs that can be played on stereo audio machines but cannot be copied onto computer hard drives. (Converting CD audio to MP3 files is called “ripping.”) Result 3 Ingenious hackers around the world attack each type of copy protection. For example, CDfreaks.com has posted detailed instructions for cracking Macrovision’s SafeAudio, a CD protection product. Also, hackers in Germany disabled Sony’s Key2audio protection scheme by covering the data track of a CD, which resides near the outer edge of the disc, with ink from a felt-tip marker.
THE CURRENT PICTURE There are currently a number of online services—including a legitimate reincarnation of Napster—that offer music at lower prices. Unlike most music stores, these services allow customers to sample any song or album for free. Usually, customers can buy any song for less than a dollar each or an album of songs for about $10. You can create your own albums, mixing the tracks you want and burning your play lists onto CDs or copying them to a portable audio player. Four of the biggest services are iTunes (from Apple; see CHAPTER 3 | INFORMATION SYSTEMS ETHICS
103
apple.com/itunes), BuyMusic (buymusic.com), MusicMatch (musicmatch._com), and Napster (now a division of Roxio, roxio.com; see napster.com). And the P2P file-sharing services? Use of these services has declined, but all are still in business. Interestingly, two of the original programmers of Kazaa are readying the release of Skype (skype.com), an application that uses P2P technology to allow users to make phone calls over the Internet for free. By April 2004, Skype had been downloaded 9.5 million times. Sources: Compiled from D. Kushner, “Digital Entertainment Post-Napster,” MIT Technology Review (November 2002); J. Schwartz, “Music’s Struggle with Technology,” New York Times (September 22, 2003); C. Metz, “The Changing Face of Online Music,” PC Magazine (September 24, 2003); Associated Press, “Makers of Kazaa Are Suing Record Labels,” eWeek (September 24, 2003); S. Lubell, “Campuses Move to Block Music Sharing,” New York Times (October 2, 2003); S. Olsen, “Charter Files Suit Against RIAA,” msnbc.com (October 6, 2003); Associated Press, “Reborn Napster Unveils Test Version,” msnbc.com (October 9, 2003); P. Burrows, “Napster Lives Again—Sort Of,” Business Week (October 20, 2003); J. Greene, “Music Magic,” Business Week (November 10, 2003); E. Hellweg, “The Skype Is Calling,” MIT Technology Review (November 19, 2003).
What we learned from this case All commerce involves a number of legal, ethical, and regulatory issues. Copyright, trademark, and patent infringement, freedom of thought and speech, theft of property, and fraud are not new issues in the world of commerce. However, as the case above illustrates, electronic commerce adds to the scope and scale of these issues. It also raises a number of questions about what constitutes illegal behavior versus unethical, intrusive, or undesirable behavior. E-commerce is one of the many IT phenomena that have affected individuals, organisations, and society. This chapter examines the impacts that IT has made on these groups. First, though, we present some of the legal and ethical issues related to the emerging electronic technologies and discuss various legal and technical remedies and safeguards. The chapter also looks at the issue of IS vulnerability and at ways of protecting information resources. Figure 3.4 provides a roadmap of these topics in this chapter.
ETHICAL ISSUES Ethics A branch of philosophy that deals with what is considered to be right and wrong.
Code of ethics A collection of principles intended as a guide for the members of a company or an organisation.
wiley.com/college/turban
104
Ethics is a branch of philosophy that deals with what is considered to be right and wrong. Over the years, philosophers have proposed many ethical guidelines. It is important to realise that what is unethical is not necessarily illegal. Thus, in most instances, an individual or organisation faced with an ethical decision is not considering whether to break the law. In today’s complex environment, interpretations of “right” and “wrong” are not always clear. Many companies and professional organisations develop their own codes of ethics. A code of ethics is a collection of principles intended as a guide for the members of a company or an organisation. The diversity of IT applications and the increased use of information technologies have created a variety of ethical issues, as illustrated throughout this text. Ethical issues can be categorised into four types: privacy, accuracy, property, and accessibility. 1. Privacy issues: collection, storage, and dissemination of information about individuals 2. Accuracy issues: authenticity, fidelity, and accuracy of information collected and processed 3. Property issues: ownership and value of information (intellectual property) 4. Accessibility issues: right to access information and payment of fees to access it Representative questions and issues in each category are listed in Manager’s Checklist 3.1.
Figure 3.4 ◗ Roadmap: An overview of ethics, impact, and security topics.
Manager’s Checklist 3.1 A Framework for Ethical Issues Privacy Issues • What information about oneself should an individual be required to reveal to others? • What kind of surveillance can an employer use on its employees? • What things can people keep to themselves and not be forced to reveal to others? • What information about individuals should be kept in databases, and how secure is the information there? Accuracy Issues • Who is responsible for the authenticity, fidelity, and accuracy of information collected? • How can we ensure that information will be processed properly and presented accurately to users? • How can we ensure that errors in databases, data transmissions, and data processing are accidental and not intentional? • Who is to be held accountable for errors in information, and how should the injured party by compensated?
CHAPTER 3 | INFORMATION SYSTEMS ETHICS
105
Property Issues • Who owns the information? • What are the just and fair prices for its exchange? • How should one handle software piracy (copying copyrighted software)? • Under what circumstances can one use proprietary databases? • Can corporate computers be used for private purposes? • How should experts who contribute their knowledge to create expert systems be compensated? • How should access to information channels be allocated? Accessibility Issues • Who is allowed to access information? • How much should be charged for permitting accessibility to information? • How can accessibility to computers be provided for employees with disabilities? • Who will be provided with equipment needed for accessing information? • What information does a person or an organisation have a right or a privilege to obtain, and under what conditions and with what safeguards?
Protecting Privacy Privacy The right to be left alone and to be free of unreasonable personal intrusions.
In general, privacy is the right to be left alone and the right to be free of unreasonable personal intrusions. Information privacy is the right to determine when, and to what extent, information about oneself can be communicated to others. This right applies to individuals, groups, and institutions. The definition of privacy can be interpreted quite broadly. However, the following two rules have been followed fairly closely in past court decisions in many countries: 1. The right of privacy is not absolute. Privacy must be balanced against the needs of society. 2. The public’s right to know is superior to the individual’s right of privacy. These two rules show why it is difficult in some cases to determine and enforce privacy regulations. The right to privacy is recognised today in all U.S. states and by the federal government, either by statute or common law. Some representative issues of privacy are discussed next.
ELECTRONIC SURVEILLANCE Electronic surveillance The tracking of people’s activities, online or offline, with the aid of computers.
106
According to the American Civil Liberties Union (ACLU), the tracking of people’s activities, online or offline, with the aid of computers — that is, electronic surveillance — is a major problem. The ACLU estimates that tens of millions of computer users are being monitored, most without their knowledge. Employees have very limited protection against employers’ surveillance. Although several legal challenges are now underway, the law appears to support employers’ rights to read electronic mail and other electronic documents. Surveillance is also a concern for private individuals (via personal e-mail, for example), whether done by corporations, government bodies, or criminal elements. Many Americans are pondering the right balance between personal privacy and electronic surveillance in terms of threats to national security. The terrorist attacks of 9/11 and the anthrax attack that year made many Americans change their positions, moving toward allowing more government surveillance. The next two examples show the two sides of the controversy about surveillance.
EXAMPLE SVC Tracking Junior with a Microchip Solusat (solusat.com.mx), the Mexican distributor of the VeriChip, has launched a service to implant microchips in children as an anti-kidnapping device. The VeriChip is a rice-size microchip that is injected beneath the skin and transmits a 125-kilohertz radio frequency signal. The chip is being marketed as an emergency ID. Mexico’s Foundation of Investigations of Robbed and Missing Children has estimated that 133,000 Mexican children have been abducted over the past five years. Solusat envisions placing walkthrough scanners — similar to metal-detector portals used in airports — in malls, bus stations, and other areas where a missing child may appear. The chip could also be used to identify children who are found unconscious, drugged, dead, or too young to identify themselves. .
EXAMPLE GOV Are You Ready for Constant Electronic Surveillance? Increasingly, ours is a world of ID checks, surveillance cameras, body scans, fingerprint databases, e-mail sifters, cell phone interceptors, nanny-cams, wireless heart monitors, and swipe-in school and workplace IDs. Three-quarters of U.S. firms now acknowledge that they monitor employees’ e-mail, Web browsing, phone calls, and computer files. Consider an 18-year-old French boy, who was swimming one day in a public pool near his home. At some point, he blacked out and the lifeguards failed to notice. However, 12 large machine eyes deep underwater were watching him sink to the bottom. The swim center had installed an electronic surveillance system called Poseidon, a network of cameras that feeds a computer programmed to use a set of complex algorithms to distinguish between normal and distressed swimming. Poseidon covers a pool’s entire swimming area and can distinguish among blurry reflections, shadows, and actual swimmers. When the computer detects a possible problem, it instantly activates a beeper to alert lifeguards and displays the exact incident location on a monitor. Sixteen seconds after Poseidon noticed the boy, the lifeguards had him out of the pool and had initiated CPR. He recovered fully. In Great Britain, municipalities have installed closed-circuit television cameras (CCTVs) almost everywhere. The country currently has more than four million CCTVs, one for every 15 people. The average visitor to London is now captured on video 300 times in a single day. British authorities have concluded that all Britons should assume that all their behavior outside the home is monitored. The actual effectiveness of the cameras is not clear, but the British public seems to approve of the cameras. For more information, see urbaneye.net.
PERSONAL INFORMATION IN DATABASES Information about individuals is being kept in many databases. Perhaps the most visible locations of such records are credit-reporting agencies. Other places where personal information might be stored are banks and financial institutions; cable TV, telephone, and utilities CHAPTER 3 | INFORMATION SYSTEMS ETHICS
107
companies; employers; apartment companies; mortgage companies; equipment rental companies; hospitals; schools and universities; supermarkets, retail establishments, and mailorder houses; government agencies (Internal Revenue Service, Census Bureau, your state, your municipality); libraries; and insurance companies. Also, data from questionnaires you fill out on the Internet (e.g., when you try to win a prize) are usually stored in a database. There are several concerns about the information you provide to these record-keepers. Do you know where the records are? Are the records accurate? Can you change inaccurate data? How long will it take to make a change? Under what circumstances will personal data be released? How are the data used? To whom are they given or sold? How secure are the data against access by unauthorised people? Information stored in databases can be a problem, as the following example illustrates.
EXAMPLE
States Shy Away from Crime-Fighting Database Seisint (seisint.com) is building a giant database, called the Matrix. The database gr concerns, after the September 11, 2001, terrorist attacks, that law enfor across the nation were doing a poor job of sharing information. Matrix cross-refer fidential government records fr bases, creating exhaustive dossiers on individuals for use by law enforcement. As Geor officials wrestle with sending confidential driver’s license recor bama and Louisiana have withdrawn from the multistate effort, citing concerns about privacy Officials are worried about the potential for inaccurate data. Georgia has alr sex offender, and other public criminal information to Matrix, but transmitting confi driver’s license data has caused much more controversy. Only eight states r inal 14 in the federally funded Matrix project.
INFORMATION ON INTERNET BULLETIN BOARDS AND NEWSGROUPS Every day there are more and more electronic bulletin boards, newsgroups, and electronic discussions such as chat rooms, both on the Internet and within corporate intranets. How does society keep owners of bulletin boards from disseminating information that may be offensive to readers or simply untrue? The difficulty we have addressing this problem highlights the conflict among freedom of speech, privacy, and ethics, a continuing dynamic in American society.
PRIVACY CODES AND POLICIES Privacy policies/ codes An organisation’s guidelines with respect to protecting the privacy of customers, clients, and employees.
108
One way to protect privacy is to develop privacy policies or codes. These are an organisation’s guidelines with respect to protecting the privacy of customers, clients, and employees. In many corporations, senior management has begun to understand that, with the ability to collect vast amounts of personal information on customers, clients, and employees, comes an obligation to ensure that the collected information — and therefore, the individual — is protected. A sampling of privacy policy guidelines is given in Manager’s Checklist 3.2. Having a privacy policy in place can help organisations avoid legal problems. However, privacy codes and policies can be violated, as the following example shows.
EXAMPLE
JetBlue Apologises to Its Customers ways (jetblue.com) apologised for giving information on 1.5 million passengers to a Defense Department contractor to test a security system. The information included itineraries, names, addresses, and phone numbers. The contractor then used another service, pation, and other information. JetBlue said the test had nothing to do with the government’s controversial Computer e-Screening System II (CAPPS II). CAPPS II uses a massive secret database of information to assess individuals’ security-threat levels. However, the flap over JetBlue’s action illustrated the nervousness of passengers and federal officials concerning the launch of the CAPPS II system. The government has already agreed not to include financial data and similar personal data in the CAPPS II profile. But privacy advocates say they are not convinced that the new system will not infringe on personal privacy. JetBlue’s CEO acknowledged that the airline violated its own privacy policy by releasing passenger information.
Manager’s Checklist 3.2 Privacy Policy Guidelines: A Sampler Data Collection • Data should be collected on individuals only for the purpose of accomplishing a legitimate business objective. • Data should be adequate, relevant, and not excessive in relation to the business objective. • Individuals must give their consent before data pertaining to them can be gathered. Such consent may be implied from the individual’s actions (e.g., applications for credit, insurance, or employment). Data Accuracy • Sensitive data gathered on individuals should be verified before it is entered into the database. • Data should be accurate and, where and when necessary, kept current. • The file should be made available so the individual can ensure that the data are correct. • If there is disagreement about the accuracy of the data, the individual’s version should be noted and included with any disclosure of the file.
CHAPTER 3 | INFORMATION SYSTEMS ETHICS
109
Data Confidentiality • Computer security procedures should be implemented to provide reasonable assurance against unauthorised disclosure of data. They should include physical, technical, and administrative security measures. • Third parties should not be given access to data without the individual’s knowledge or permission, except as required by law. • Disclosures of data, other than the most routine, should be noted and maintained for as long as the data are maintained. • Data should not be disclosed for reasons incompatible with the business objective for which they are collected.
INTERNATIONAL ASPECTS OF PRIVACY
Intellectual property The intangible property created by individuals or corporations, which is protected under trade secret, patent, and copyright, laws. Trade secret Intellectual work, such as a business plan, that is a company secret and is not based on public information. Patent A document that grants the holder exclusive rights on an invention or process for 20 years. Copyright A grant that provides the creator of intellectual property with ownership of it for the life of the creator plus 70 years.
110
There are major differences among countries with respect to privacy regulations. For example, the existing inconsistency of standards could obstruct the flow of information among countries in the European Union. To overcome this problem, the European Community Commission (ECC) has issued guidelines to all its member countries regarding the rights of individuals to access information about themselves and to correct errors. The ECC data protection laws that took effect in 1998 are stricter than U.S. laws and therefore may create problems for multinational corporations, which may face lawsuits for privacy violation. The transfer of data in and out of a nation without knowledge of the authorities or individuals involved raises a number of privacy issues. Whose laws have jurisdiction when records are in a different country for reprocessing or retransmission purposes? For example, if data are transmitted by a Polish company through a U.S. satellite to a British corporation, which country’s privacy laws control what data and when? Questions like these will become increasingly more complicated and more common as time goes on. Governments must make an effort to develop laws and standards to cope with rapidly changing information technologies in order to solve some of these privacy issues.
Protecting Intellectual Property The issue of protecting intellectual property is an important one for those who make their livelihoods in knowledge fields. Intellectual property is the intangible property created by individuals or corporations, which is protected under trade secret, patent, and copyright, laws. A trade secret is intellectual work, such as a business plan, that is a company secret and is not based on public information. An example is a corporate strategic plan. Laws about trade secrets are legislated at the state level in the United States. A patent is a document that grants the holder exclusive rights on an invention or process for 20 years. Copyright is a statutory grant that provides the creators of intellectual property with ownership of it for the life of the creator plus 70 years. Owners are entitled to collect fees from anyone who wants to copy the property. The U.S. Federal Computer Software Copyright Act (1980) provides protection for source and object code of computer software, but one problem is that it is not clear what is eligible for protection. For example, copyright law does not protect similar concepts, functions, and general features (such as pull-down menus, colors, or icons).
The most common intellectual property related to IT deals with software. The copying of software without making payment to the owner (such as giving a disc to a friend to install on his or her computer) is a copyright violation, and a major problem for software vendors. Before you go on . . . 1. Define ethics and list its four categories as they apply to IT. 2. Describe the issue of privacy as it is affected by IT. 3. What does a code of ethics contain? 4. Describe the issue of intellectual property protection.
IMPACTS OF IT ON ORGANISATIONS AND JOBS The use of information technologies, most recently the Web, has brought many organisational changes in areas such as structure, authority, power, job content, employee career ladders, supervision, and the manager’s job. In this section, we look at how IT is changing organisational structure and jobs.
How Will Organisations Change? IT may cause a nearly complete change in organisations, including their structure, supervision, and power distribution.
FLATTER ORGANISATIONAL HIERARCHIES IT allows for the increased productivity of managers, an increased span of control (more employees per supervisor), and a decreased number of managers and experts. It is reasonable to assume, then, that fewer managerial levels will exist in many organisations, and there will be fewer staff and line managers. This trend is already evidenced by the continuing phenomenon of the “shrinking of middle management.” Flatter organisational hierarchies will also result from reduction in the total number of employees, reengineering of business processes, increased productivity of employees, and the ability of lower-level employees to perform higher-level jobs with the support of information systems. Starting in the late 1980s and accelerating since then, many organisations are getting smaller and leaner.
CHANGES IN SUPERVISION The fact that an employee’s work is performed online and stored electronically introduces the possibility for greater electronic supervision. For professional employees whose work is often measured by their completion of projects, “remote supervision” implies greater emphasis on completed work and less on personal contacts and office politics. This emphasis is especially true if employees work in geographically dispersed locations, including homes, away from their supervisors. CHAPTER 3 | INFORMATION SYSTEMS ETHICS
111
POWER AND STATUS Knowledge is power — this fact has been recognised for generations. The latest developments in computerised systems are changing the power structure within organisations. The struggle over who will control corporate information resources has become one of the most visible conflicts in many organisations, both private and public. Expert systems, for example, may reduce the power of certain professional groups because the employee’s knowledge will be in the public domain. On the other hand, individuals who control ecommerce applications may gain considerable prestige, knowledge, power, and status. As a result, a power redistribution is underway in many organisations.
How Will Jobs Change? One issue of concern to all employees is the impact of IT on their jobs. The content of jobs, career ladders, functional areas, and managerial duties will undoubtedly be affected. Changes will occur particularly in jobs of intermediaries, such as insurance, real estate, and travel agents. Many jobs will be eliminated. Many other changes will take place that we can only speculate about at this point.
JOB CONTENT Job content is important not only because it is related to organisational structure, but also because it is related to employee satisfaction, compensation, status, and productivity. Changes in job content occur when work is redesigned — for example when business process restructuring is attempted, or when e-commerce changes the marketing distribution system. Certainly many jobs are being redesigned to take advantage of the Web and emerging information technologies. These will, in turn, require higher levels of computing literacy from workers and need for retraining. Many additional job-related questions could surface as a result of using IT. For example: What will be the impact of IT on job qualifications and on training requirements? How can jobs that use IT be designed so that they present an acceptable level of challenge to users? How might IT be used to personalise or enrich jobs? What principles should be used to allocate functions to people and machines, especially those functions that can be performed equally well by either one? Should cost or efficiency be the sole or major criterion for such allocation?
EMPLOYEE CAREER LADDERS Increased use of IT in organisations could have a significant and somewhat unexpected impact on career ladders. Today, many highly skilled professionals have developed their abilities through years of experience, holding a series of positions that expose them to progressively more difficult and complex situations. The use of e-learning and intelligent tutoring systems may shortcut a portion of this learning curve by capturing and more efficiently managing the use of knowledge. However, several questions relating to employee career paths are subject to thought and debate: How will high-level human expertise be acquired with minimal experience in lowerlevel tasks? What will be the effect on compensation at all levels of employment? How will human resources development programs be structured? What career paths will be offered to employees in a rapidly changing technological environment? 112
THE MANAGER’S JOB One of the most important tasks of managers is making decisions. IT can change the manner in which many decisions are made, and consequently change managers’ jobs. Many managers have reported that information technology has finally given them time to get out of the office and into the field. They also have found that they can spend more time planning activities instead of “putting out fires.” Information gathering for decision making can now be done much more quickly with search engines and intranets. Web-based intelligent agents can monitor the environment, and scan and interpret information. Managers used to work on a large number of problems simultaneously, moving from one to another as they waited for more information on their current problem or until some external event interrupted them. IT tends to reduce the time necessary to complete any step in the decision-making process. Therefore, managers today can work on fewer tasks during each day and complete more of them. Another possible impact on the manager’s job could be a change in leadership requirements. What are generally considered to be good qualities of leadership may be significantly altered with the use of IT. For example, when face-to-face communication is replaced by electronic mail and computerised conferencing, leadership qualities attributed to physical presence may be lessened. As a result, effective leadership may be perceived to be more closely linked to effective computer-based communication. Before you go on . . . 1. List the major organisational impacts of IT. 2. How might jobs change? 3. How is the manager’s job likely to change?
IMPACTS ON INDIVIDUALS AT WORK IT may have a variety of impacts on individuals at work. This section discusses some of the ways that IT may affect individuals, their perceptions, and their behaviors.
Will My Job Be Eliminated? One of the major concerns of every employee, part-time or full-time, is job security. This issue is not new; it has frequently been brought to the attention of the public since the beginning of the Industrial Revolution and the introduction of automation. For years, unemployment has been a major concern of countries that use little automation (developing countries). However, since the 1990s, this concern has spread to industrialised countries as well. Due to difficult economic times, increased global competition, demands for customisation, and increased consumer sophistication, many companies have increased their investments in IT. In fact, as computers gain in intelligence and capabilities as time passes, the competitive advantage of replacing people with machines is increasing rapidly. For this reason, some people believe that society is heading toward massive unemployment; others disagree. The answers to the employment debate will be provided in part by future developments in IT. They are also influenced by national and cultural differences. Some countries (or communities within countries) have unemployment rates of 50 percent or more (e.g., East CHAPTER 3 | INFORMATION SYSTEMS ETHICS
113
Timor, Kosovo). While the unemployment rates in other countries may seem low, these rates must be measured against the need of people in society for work, as well as the ability or intention of the government to provide a social safety net. For example, Hong Kong lacks such a comprehensive safety net, and many who would be eligible claimants believe it beneath their dignity to claim benefits anyway. When unemployment reaches 3 or 4 percent in Hong Kong, as during the recent Asian financial crisis, this is considered a very high rate. In other countries, for example, in North America and Western Europe, 3 to 4 percent may be considered unimaginably low.
Dehumanisation and Psychological Impacts Dehumanisation Loss of identity.
A frequent criticism of traditional data processing systems was their impersonal nature and their potential to dehumanise and depersonalise the activities that have been computerised. Many people felt, and still feel, a loss of identity, a dehumanisation, because of computerisation: They feel like “just another number� because computers reduce or eliminate the human element that was present in noncomputerised systems. On the other hand, while the major objective of newer technologies, such as e-commerce, is to increase productivity, they can also create personalised, flexible systems that allow individuals to include their opinions and knowledge in the system. These technologies attempt to be people oriented and user friendly. The Internet threatens to have an even more isolating influence than has been created by television. If people are encouraged to work and shop from their living rooms, then some unfortunate psychological effects, such as depression and loneliness, could develop. Some people have become so addicted to the Web that they have dropped out of their regular social activities, at school, work, or home, creating new societal and organisational problems. Another possible psychological impact relates to distance learning. In some countries, it is legal to educate children at home through IT. Some argue, however, that the lack of social contacts could be damaging to the social, moral, and cognitive development of school-age children who spend long periods of time working alone on the computer.
(Cartoon by Sidney Harris.)
114
Another one of the negative impacts of the information age is information anxiety. This disquiet caused by an overload of information can take several forms, such as frustration with our inability to keep up with the amount of data present in our lives. Information anxiety can take other forms as well. One is frustration with the quality of the information available on the Web, which frequently is not up-to-date or is incomplete. Another is frustration or guilt associated with not being better informed or being informed too late (“How did others manage to know this before I did?”).
Information anxiety Disquiet caused by an overload of information.
Impacts on Health and Safety Computers and information systems are a part of the environment that may adversely affect individuals’ health and safety. To illustrate, we will discuss the effects of three issues: job stress, video display terminals, and long-term use of the keyboard. An increase in workload and/or responsibilities can trigger job stress. Although computerisation has benefited organisations by increasing productivity, it has also created an everincreasing workload for some employees. Some workers feel overwhelmed and start feeling anxious about their jobs and their performance. These feelings of stress and anxiety can adversely affect workers’ productivity. Management’s responsibility is to help alleviate these feelings by providing training, redistributing the workload among workers, or hiring more individuals. Exposure to video display terminals (VDTs) raises the issue of the risk of radiation exposure, which has been linked to cancer and other health-related problems. Exposure to VDTs for long periods of time is thought to affect an individual’s eyesight, for example. Also, lengthy exposure to VDTs has been blamed for miscarriages in pregnant women. However, results of the research done to investigate these charges have been inconclusive. Other potential health and safety hazards are repetitive strain injuries such as backaches and muscle tension in the wrists and fingers. Carpal tunnel syndrome is a painful form of repetitive strain injury that affects the wrists and hands. It has been associated with the long-term use of keyboards.
LESSENING THE NEGATIVE IMPACTS ON HEALTH AND SAFETY Designers are aware of the potential problems associated with prolonged use of computers. Consequently, they have attempted to design a better computing environment. Research in the area of ergonomics, the science of adapting machines and work environments to people, provides guidance for these designers. For instance, ergonomic techniques focus on creating an environment for the worker that is safe, well lit, and comfortable. Devices such as antiglare screens have helped alleviate problems of fatigued or damaged eyesight, and chairs that contour the human body have helped decrease backaches. Some sample ergonomic products are shown in Figure 3.5.
Ergonomics The science of adapting machines and work environments to people.
Before you go on . . . 1. List the major potential impacts of IT on the individual’s job. 2. List potential impacts on an individual’s health and safety.
CHAPTER 3 | INFORMATION SYSTEMS ETHICS
115
(a)
(b)
(c)
(d)
Figure 3.5 â—— Ergonomic products protect computer users. (a) Wrist support. (b) Back support. (c) Eyeprotection filter (optically coated glass). (d) Adjustable foot rest.
SOCIETAL IMPACTS AND INTERNET COMMUNITIES Several positive and some negative social implications of IT could be far-reaching. IT has already had many direct beneficial effects on society. Some such benefits include the use of IT for complicated human and social problems such as medical diagnosis, computerassisted instruction, government-program planning, environmental quality control, and law enforcement. This section discusses a number of societal impacts of information technology.
Opportunities for People with Disabilities The integration of artificial intelligence technologies, such as speech and vision recognition, into a computer and especially into Web-based information systems can create new employment opportunities for people with disabilities. For example, those who cannot type are able to use a voice-operated keyboard, and those who cannot travel can work at home. 116
Adaptive equipment for computers permits people with disabilities to perform tasks they would not normally be able to do. Figure 3.6 shows a PC for a user with hearing impairment, a PC for a visually challenged user, and a PC for a motor-disabled user. In Thailand, students at a vocational school developed a special telephone for sight-impaired people because they wanted to help them to live on more equal terms with the rest of society and not need to depend on help from others. Other devices help improve the quality of life for disabled people in more mundane, but useful, ways: a two-way writing telephone, a robotic page-turner, a hair-brusher, and a hospital-bedside video trip to the zoo or the museum. Several organisations deal with IT and people with disabilities. An example is halftheplanet.org.
Quality-of-Life Improvements On a broader scale, IT has significant implications for the quality of life. An increase in organisational efficiency may result in more leisure time for workers. The workplace can be expanded from the traditional nine-to-five job at a central location to 24 hours a day at any location. This expansion provides a flexibility that can significantly improve the quality of leisure time, even if the total amount of leisure time is not increased. Here we discuss some major areas of improvement in quality of life.
ROBOT REVOLUTION ON THE WAY Robots are becoming more common. “Cyberpooches,” nursebots, and more may be our companions before we know it. Around the world, quasi-autonomous devices have become increasingly common on factory floors, in hospital corridors, and in farm fields. Military applications are also being developed. The Pentagon is researching self-driving vehicles and bee-like swarms of small surveillance robots, each of which would contribute a different view or angle of a combat zone.
Figure 3.6 ◗ Enabling people with disabilities to work with computers. (a) A PC for a blind sight-impaired user, equipped with an Oscar optical scanner and a Braille printer, both by TeleSensory. The optical scanner converts text into ASCII code or into proprietary word processing format. Files saved on disc can then be translated into Braille and sent to the printer. Visually impaired users can also enlarge the text on the screen by loading a TSR software magnification program. (b) The deaf hearing-impaired challenged user's PC is connected to a telephone via an Ultratec Intele-Modem Baudot/ASCH modem. The user is sending and receiving messages to and from someone at a remote site who is using a telecommunications device for deaf people (right). (c) This motor-disabled person is communicating with a PC using a Pointer Systems optical head pointer to access all keyboard functions on a virtual keyboard shown on the PC's display. The user can “strike” a key in one of two ways. He can focus on the desired key for a userdefinable time period (which causes the key to be highlighted), or he can click an adapted switch when he chooses the desired key. (Source: J. J. Lazzaro, “Computers for the Disabled,” Byte, June 1993.)
CHAPTER 3 | INFORMATION SYSTEMS ETHICS
117
However, it probably will be a long time before we see robots making decisions by themselves, handling unfamiliar situations, and interacting with people. Nevertheless, robots abound that can do practical tasks. Carnegie Mellon University, for example, has developed self-directing tractors that harvest hundreds of acres of crops around the clock in California, using global positioning systems combined with video image processing that identifies rows of uncut crops. Robots are especially helpful in various environments, as illustrated in IT’s about Business.
IMPROVEMENTS IN HEALTH CARE IT has brought about major improvements in health-care delivery, ranging from better and faster diagnoses, to expedited research and development of new drugs, to more accurate monitoring of critically ill patients. One technology that has made a special contribution is artificial intelligence. For example, expert systems support diagnosis of diseases, and machine vision is enhancing the work of radiologists. Recently, surgeons started to use virtual reality to plan complex surgeries and have used a surgical robot to perform longdistance surgery. Cardiologists also can interpret patients’ hearts’ vital signs from a distance (see micromed.com). Now, doctors can discuss complex medical cases not only on the telephone, but also with the support of pictures and sound. The medical industry has long been using advanced technologies to diagnose and treat health problems. For example, there is an “ingestible camera” pill that, when swallowed, takes color images from inside the intestines and transmits the images wirelessly to a device worn on a patient’s belt for later examination (go to givenimaging.com and see the M2A capsule). In addition, new computer simulations recreate the sense of touch, allowing doctors-in-training to perform virtual procedures without risking harm to an actual patient (see technologyreview.com/articles/amato0401.asp). POM
GOV
IT’S ABOUT BUSINESS The Working Lives of Robots
Laying Fiber-Optic Cables Cities around the world are moving into the digital era by installing fiber-optic cables. To attract high-tech businesses, cities must provide fiber-optic access to all commercial buildings. Installing fiber-optic cable is difficult: Workers cut up the street, creating noise, dust, and traffic pr months, just to complete one city block. Now, robots ar process. City Net T lay the cables. This way no trenches need to be dug in the str done in Albuquer spring 2001). How did the robots help? Robots are waterproof and do not have noses, and so they are not bothered by working in the sewer the fiber-optic cables inside the sewer system. What does it cost? The company claims that laying the fiber-optic cable with robots 60 percent faster and without disruption to people’s lives. 118
The Republic, a 150-year-old steamship, sailed from New York in 1865, just after the Civil War, carrying 59 passengers and crew and a mixed cargo meant to help New Orleans recover from the war. About 100 miles off Georgia, battling a hurricane, it sank in waters almost 2,000 feet deep. Its cargo of lost coins, experts say, may now be worth up to $150 million. After a long search by a small robot that used sonar to find the wreck and took thousands of pictures, Odyssey Marine Exploration of Tampa, Florida, was ready for its larger robot. To salvage the treasure, Odyssey is using a tethered, seven-ton robot. This robot first vacuumed away the sand from the wreckage, and then using its mechanical arms, has begun hauling up a fortune in gold and silver coins. Sources: Compiled from J. Schwartz, “A Robot That Works in the City Sewer,” New York Times (March 8, 2001); and W. Broad, “Salvagers Say a Shipwreck Trove Is Worth Millions,” New York Times (November 30, 2003).
QUESTIONS 1. If robots are so effective, what will be the impact on unemployment when more tasks are robotised? 2. What will people do if robots take over? Of the thousands of other applications related to health care, it is interesting to point out the administrative systems, which range from insurance fraud detection, to nursing scheduling, and financial and marketing management. We see in IT’s about Business that IT can dramatically affect health care in a variety of ways. The Internet is a gold mine of medical information. For example, a site about cancer (cancer.med.upenn.edu) features a huge array of documents, reviews, descriptions of personal experiences, suggested diets, and links to global resources for people who suffer from cancer or who are interested in oncology. It offers information on the latest research studies and cancer pain management. It also helps families cope with emotional and financial burdens.
IT’S ABOUT BUSINESS
SVC
Transforming Health Care Health care costs 14 percent of the U.S. gross national product ($1.4 trillion annually). As the population ages, this percentage is expected to increase. If this trend continues, by 2050 (when you are about 70 years old and in need of health care yourself), health-care costs may consume one-third of the U.S. GNP, and the costs of your individual health care could be prohibitive. Consider these facts: • Hospitals spend only 2.5 percent of their budgets on IT, where other industries spend three to four times that percentage. • Only 28 percent of physicians use a computer to access patient information. • Over 40 percent of a doctor’s day is spent searching for information. • Almost one-half of critical patient information is missing when doctors need it. Health-care institutions face intense pressure to reduce costs and improve health care. IT systems can help with these problems, but there is enormous resistance to them, partly as a result of large up-front costs and partly as a result of physician resistance.
CHAPTER 3 | INFORMATION SYSTEMS ETHICS
119
Two IT systems that help solve these problems include electronic medical recor (EMR) and computerised physician order-entr is to eliminate paper. By doing so, EMR will help prevent errors, enforce standar health-care workers more efficient, simplify record keeping, and improve patient car systems digitise all paper recor allow a doctor to request medications, lab tests, and radiology procedur an automatic notification about test results. Health-care information has to be available any time, anywhere. Therefore, wir systems are being installed to go along with EMR and CPOE systems. Hospital wir systems typically involve setting up wireless access points in patient wards, tr ities, and in corridors in which patients and doctors travel. Wir top of carts are rolled fr medical records and order tests and medications wherever they are. These shar complement existing networked desktops at nurses’ stations and other locations. Wir tablets and PDAs supplement the laptops. One hospital is using information technology with impressive r monides Medical Center (maimonidesmed.org) in Brooklyn, NY, fi implementation of sophisticated EMR and CPOE systems with wireless connectivity. Today every one of Maimonides’ doctors logs on to order medications and tests, checks lab r and tracks treatment. One in every five prescriptions is fl problem — an allergy or an adverse drug interaction. The average turnar administering medicine to in-patients now has been cut from 5 cians receive all reports from the radiology department online within 24 hours (formerly was 5 days), and they no longer have to reorder tests for the estimated 15 percent of fi records that previously were lost. Last year, revenue incr officials attribute most of that increase in r annual cost of the hospital’s malpractice insurance has dr ings also credited to the new IT systems. Source: Compiled from S. D. Scalet, “Saving Money, Saving Lives,” CIO Magazine (August 1, 2003).
QUESTIONS 1. What are the advantages of EMR, CPOE, and wireless systems in hospitals? 2. What are the problems with implementing such systems?
There are numerous Web sites devoted to all kinds of specific health topics. The bestknown health supersite is WebMD (webmd.com). Specific sites include the following: iEmily (iEmily.com) provides information on the physical and mental health of teenage girls. TeenGrowth (teengrowth.com), KidsHealth (kidshealth.org), and ZapHealth (zaphealth.com) provide articles on general, sexual, and emotional health, as well as fitness, sports, family, and safety issues. Organised like interactive magazines, these sites also offer discussion forums, chat rooms, and hyperlinks to other related resources. Finally, the outbreak of Severe Acute Respiratory Syndrome (SARS) demonstrated the use of IT in supporting the social and psychological needs of patients. Technologies such as Web cameras, audio/video phones, and Web-conferencing software enabled patients to stay in touch with their relatives and friends while under quarantine 120
CRIME FIGHTING AND OTHER BENEFITS Other quality-of-life improvements brought about by IT relate to crime fighting and other government-services benefits. Here are some examples of how computer applications can benefit society: • Since 1997, information about sex offenders has been available on the Internet, so that people can be aware of whether previously convicted offenders are living in their localities. • Los Angeles County has a sophisticated computer program for reporting and tracking over 150,000 gang members in the county. The program significantly helps reduce gang crime. • Electronic imaging and electronic fax enhance searches for missing children. In addition to its Web site (missingkids.com), which attracts more than a million hits each day, the Center for Missing and Exploited Children can send high-quality photos plus text to many fax machines and to portable machines in police cars. Computers have improved the quality of fax transmission and increased the number of people who receive the announcements. • A geographical information system helps the San Bernardino Sheriff’s Department to better visualise crime patterns and allocate resources. • Electronic Sensors and computers reduce traffic congestion in many major cities, from Los Angeles to Tokyo. • Police can now track emergency (911) calls made from cell phones equipped with GPS systems.
Technology and Privacy We have provided examples of invasion of privacy by IT applications. Here we discuss some additional examples related to societal impacts.
SCANNING CROWDS FOR CRIMINALS One major debate involves situations in which police are using technology to reduce crime. In January 2001, for example, during the Super Bowl game in Tampa, Florida, video cameras took a picture of each of 100,000 fans when they entered the stadium. No one knew about it, so permissions were not obtained. Within seconds, thousands of photos were compared with digital portraits of known criminals and suspected terrorists; several matches were found. The technology is not new, but its magnitude and speed is. Never before had such a large number of people been photographed and the photos analyzed in such a short time. Is this technology Big Brother watching over you, or just a friendly uncle? The ACLU says it is Big Brother. The police say it is the uncle, trying to protect the public. With whom do you agree?
COOKIES AND INDIVIDUAL PRIVACY A Microsoft product called Passport has raised some of the same concerns as cookies. Passport is an Internet strategy that lets consumers permanently enter a profile of information along with a password and use this information and password repeatedly to access services at multiple sites. Critics say that Passport affords the same opportunities as cookies to invade an individual’s privacy by permitting unauthorised people (e.g., Microsoft employees or vendors) to look at your personal data. Critics also feel that the product gives Microsoft an unfair competitive edge in EC. CHAPTER 3 | INFORMATION SYSTEMS ETHICS
121
DIGITAL MILLENNIUM COPYRIGHT ACT AND PRIVACY CONCERNS As described in Part C, the Recording Industry Association of America (RIAA) blames online music piracy for falling sales of CDs. The RIAA has tried to use the Digital Millennium Copyright Act (DMCA) to get ISPs to reveal the identity of customers who illegally swap pirated files. This act has raised some public concern about giving too much power to copyright holders at the expense of Internet users.
The Digital Divide Digital divide The gap in computer technology in general, and now in Web technology, between those who have such technology and those who do not.
The term digital divide refers to the gap in computer technology in general, and now in Web technology in particular, between those who have such technology and those who do not. A digital divide exists both within and among countries. According to reports by the United Nations, more than 90 percent of all Internet hosts are in developed countries, where only 15 percent of the world’s population resides. Nearly 60 percent of the U.S. population has Internet access, with a distribution highly correlated with household income.
“I was sad because I had no onboard fax until I saw a man who had no mobile phone.” © The New Yorker Collection 1993 Warren Miller from cartoonbank.com. All rights reserved. The U.S. federal and state governments are attempting to close this gap within the country, by encouraging training and by supporting education and infrastructure improvements (see ecommerce._gov). Many other government and international organisations are also trying to close the digital divide around the world. As technologies develop and become less expensive, the speed at which the gap can be closed will accelerate. For example, it is still expensive to have a DSL-based broadband line to access the Internet as of 2004, but some predict that it could cost as little as $10/month in 2005. Yet even this amount would be expensive in some countries where wages are only few dollars a day. Cell phones will also increase inexpensive access to the Internet as will Web TV.
CYBERCAFÉS AND PUBLIC WEB TERMINALS One of the developments that can help close the digital divide is Internet kiosks in public places and cybercafés. In the United States, computers with Internet access usually are also available at public libraries. 122
Cybercafés are public places such as a coffee house in which Internet terminals are available, usually for a small fee. Cybercafés come in all shapes and sizes, ranging from a chain of cafés (easyeverything.com and easy.com) that include hundreds of terminals in one location (e.g., 760 in one New York setting), to a single computer in a corner of many restaurants. According to cybercaptive.com, in 2003 there were more than 6,000 cybercafés, public Internet access points, and kiosks in 169 countries. Computers have popped up in many other public locations: discos, laundromats, karaoke bars, bookstores, CD stores, hotel lobbies, and convenience stores. Some facilities give free access to patrons; others charge a small fee. The number of publicly accessed Wi-Fi hotspots is increasing rapidly, and some do not charge fees.
Cybercafés Public places in which Internet terminals are available, usually for a small fee.
Free Speech versus Censorship Several surveys indicate that the issue of censorship is one of the most important to Web surfers. Censorship is an important concern in Europe and the United States (e.g., see the GVU User Surveys at gvu.gatech.edu/user_surveys/). On the Internet, censorship refers to government’s attempt to control, in one way or another, material that is broadcast. Take, for example, the question, “How much access should children have to Web sites, newsgroups, and chat rooms containing ‘inappropriate’ or ‘offensive’ materials, and who should control this access?” This is one of the most hotly debated issues between the advocates of censorship and the proponents of free speech. The proponents of free speech contend that there should be no government restrictions on Internet content. They say that parents should be responsible for monitoring and controlling their children’s travels on the Web. The advocates of censorship feel that government legislation is required to protect children from offensive material. It is estimated that about 20 countries are filtering Internet pornography. In addition to concern for children, there is also a concern about hate sites, about defamation of character, and about other offensive material. On December 10, 2002, in a landmark case, Australia’s highest court gave a businessman the right to sue in Australia for defamation over an article published in the United States and posted on the Internet. This reasoning basically equates the Net to any other published material. The publisher, Dow Jones & Co., said that it will defend those sued in a jurisdiction (Australia) that is far removed from the country in which the article was prepared (the United States). The advocates of censorship also believe that it is the responsibility of ISPs to control the content of the data and information that flow across their networks and computers. The difficulty is that ISPs have no easy way of monitoring the content or determining the age of the person viewing the content. The only way to control “offensive” content is to block it from children and adults alike. This is the approach that America Online (AOL) has taken, for instance, in blocking sites pandering to hate crime and serial killer enthusiasts.
Controlling Spam Spamming refers to the practice of indiscriminately broadcasting messages over the Internet (e.g., junk mail and pop-up screens). At some of the largest ISPs, spam now comprises 25 to 50 percent of all e-mail. This volume significantly impairs bandwidth, slowing down the Internet in general and in some cases shutting down ISPs completely. ISPs are required to offer spam-blocking software. Recipients of spam have the right to request termination of future spam from the same sender and to bring civil action if necessary. On December 16, 2003, President Bush signed a law to restrict junk commercial e-mail, or spam. The law,
Spamming The practice of indiscriminately broadcasting messages over the Internet.
CHAPTER 3 | INFORMATION SYSTEMS ETHICS
123
which took effect on January 1, 2004, bans sending spam using false identities and misleading subject lines. It requires all commercial e-mail messages to include a valid postal address and gives recipients the opportunity to opt out of receiving more messages.
Virtual Communities Social loafing is the tendency of some people to avoid responsibility by ‘freeriding’ in groups.
A community is a group of people with some interest in common who interact with one another. A virtual (Internet) community is one in which the interaction among group members takes place by using the Internet. Virtual communities parallel typical physical communities such as neighborhoods, clubs, or associations, except that people do not meet face-to-face. Instead, they meet online. Virtual communities offer several ways for members to interact and collaborate, including communication, information sharing, and e-commerce. Similar to the click-and-mortar e-commerce model, many physical communities also have a Web site for Internet-related activities.
CHARACTERISTICS OF COMMUNITIES
wiley.com/college/turban
Pure-play Internet communities (those that exist solely online) may have thousands or even millions of members. This is one major difference from purely physical communities, which are usually smaller. Another difference is that offline communities are frequently confined to one geographical location, whereas only a few online communities are geographically constrained. Virtual communities can be classified in several ways. The most common classification includes four types of Internet communities: communities of transactions, communities of interest, communities of practice (or relations), and communities of fantasy. Examples of these types of communities are provided in Table 3.7. IT’s about Business demonstrates how an online game company successfully generates profit through building an online community. Table 3.7 ◗ Types of Virtual Communities
Community Type
Description
Transactions
Facilitates buying and selling (e.g., ausfish.com.au). Combines information portal with infrastructure for trading. Members are buyers, sellers, intermediaries, etc. Focused on a specific commercial area (e.g., fishing).
Purpose or interest
No trading, just exchange of information on a topic of mutual interest. Examples: Investors consult The Motley Fool (fool.com) for investment advice; music lovers go to mp3.com; Geocities.yahoo.com is a collection of several areas of interest in one place.
Relations or practice
Members are organised around certain life experiences. For example, ivillage.com caters to women. Professional communities also belong to this category. For examples, see isworld.org for information systems faculty, students, and professionals.
Fantasy
Members share imaginary environments. Examples: sport fantasy teams at espn.com.; Geocities members can pretend to be medieval barons at geocities.com/timessquare/4076.
Sources: Compiled from A. G. Armstrong and J. Hagel, “The Real Value of Online Communities,” Harvard Business Review (May–June 1996); and from J. Hagel and A. G. Armstrong, Net Gain: Expanding Markets through Virtual Communities (Boston: Harvard Business School Press, 1997).
124
IT’S ABOUT BUSINESS Net Fun: Online Game Player Community Net Fun (netfun.com) is an entertainment Web site founded in 1994. In 1996, the firm launched its flagship product, CyberCity. Installing CyberCity on the user’s PC enables the user to access the variety of online games available from the Web site. CyberCity also provides other functions such as chat rooms, scoreboards, and searching for online game-playing partners. The site provides a three-dimensional (3-D) virtual reality interface between the user and the games and other facilities available on the eb site. Membership shot up quickly, reaching 180,000 within two years. At that time, the total Internet user population was only around one million. However, the firm was incurring substantial losses. By 1997 losses had mounted up to over $2.56 million, and the firm changed ownership. In 1998, the new owner of the firm, Peggy Chan, changed its revenue model from advertising-based to subscription-based. Membership dropped rapidly by almost 95 percent to a low of 10,000 but then gradually picked up again to 25,000 in 1999, 34,000 in May 2001, and about 45,000 in July 2003. As of April 2002, Net Fun became a profitable firm with a digital product delivered online. Net Fun operates in the Chinese multiplayers online games (MPOG) industry. Although there are numerous players operating in the MPOG industry and many of them offer free online games, surprisingly almost none focus exclusively on classical Chinese games (e.g., Mahjong). The global Chinese online game player community is the target of Net Fun, as the user market was huge, and the competition was not keen. Net Fun is also a virtual community in which game players can interact with each other through game competitions, chat rooms, private messaging, and even online voice messaging. The high level of customer “stickiness” to the online games Web site helped the firm successfully switch a failing advertising-based revenue model to a successful subscriptionbased model. Sources: Compiled from Lee (2002) and netfun.com (2003).
QUESTIONS 1. Why are advertising revenue models generally ineffective? 2. Are the community aspects helpful? Why or why not? How could such a site be even more profitable?
Before you go on . . . 1. Discuss the ways that IT can improve your quality of life. 2. How can IT improve health care and crime fighting? 3. What is the digital divide? 4. What is a virtual community?
CHAPTER 3 | INFORMATION SYSTEMS ETHICS
125
SUMMARY The ongoing viability of a fair market is founded on ethical inter-relationships among the market players. The market and the regulatory regime influence the functioning of an entity, and demand and support an effective framework of ethics in business entities. The ethics framework was introduced to illustrate the impact of individual ethics, workplace ethics and corporate governance. The chapter discussed the elements of the ethics framework, the ethical expectations of the market, the role of the accountant and the latest developments and expectations of the regulatory regime in the framework. Various types of ethics threats or risks were discussed. 1. Describe the different perspectives that can be adopted for an ethical problem. The ethical perspectives that can be adopted can be classified as deontological and teleological. A deontological perspective emphasises the nature of the actions required to achieve an outcome and includes the social contract, divine deontology and Kantian perspectives. The teleological approach emphasises the desired outcome from the decision and can be based on a hedonistic, utilitarian or relativism perspective. 2. Consider the role of moral development in making ethical decisions. The model of cognitive moral development was developed by Kohlberg and affects an individual’s ethical decision making. Each stage of the model represents a different level of moral awareness, from rule-based egocentric perspectives to higher-order morality. The level a person is at on this model will affect the frames of reference he or she uses when making an ethical decision and how he or she applies the ethical perspectives within the ethical decision-making model. 3. Describe and apply the ethical decision-making model. The ethical decision-making model represents a way of working through ethical dilemmas. There are seven stages in the model, these being: (1) Identify the facts, (2) define the issues, (3) identify the principles, (4) identify possible actions and those affected, (5) compare steps 3 and 4, (6) select an action/outcome and (7) implement the action chosen in step 6. 4. Consider some areas in which ethical problems may emerge for businesses that use AIS. The ethical problems related to the area of AIS vary, depending on the perspective from which they are viewed. These include issues from the customer’s perspective, which can be the right to privacy, the accuracy of information being gathered and the use of information that is gathered about customers. From an organisation’s perspective, some of the ethical issues include how the resources of the AIS are used within the organisation, with a responsibility to ensure that usage matches the purpose for which information was originally gathered. Employees’ use of the AIS and the broader set of IT resources is also an issue for organisations. This can include the use of email and the Internet. A social issue that is emerging as ecommerce becomes increasingly prevalent is that of access to the technology required to support e-commerce and the potential discrimination and alienation that can emerge. 5. Describe some of the different perspectives of computer crime. Computer crime can be broadly defined, potentially including crimes committed through the use of the computer and crimes where computers are the object of the 126
crime. This creates a range of potential actions that could fall within the scope of computer crime. 6. Explain what is meant by spam, phishing, hacking, identity theft and money laundering. Spam, phishing, identity theft and hacking are threats faced by the AIS in the increasingly popular world of e-commerce. Spam is the sending of unsolicited emails and exposes the organisation to excessive email traffic and potential viruses and computer attacks. Phishing and identity fraud affect the validity of transactions that individuals and organisations engage in, as individuals pretend to be others through the fraudulent use of websites (phishing) or personal details such as credit card numbers and other identifying traits (identity theft). Hacking is someone gaining unauthorised access to a system. These areas all represent threats to the effective running of the AIS within the organisation. 7. Consider potential ways to reduce the risk of computer crime. There are varied ways to reduce the risk of computer crime. The establishment of a sound internal control policy can be a good start. Other strategies can include codes of conduct and registration with professional bodies. These can be ways of encouraging ethical behaviour and a shared set of attitudes and beliefs throughout the organisation. Management’s possession of knowledge of employees — enabling the identification of changes in lifestyle and the opportunities employees may face to act illegally or unethically — can also be effective.
DISCUSSION QUESTIONS 1. What is meant by ethics and how do ethics relate to an accountant’s role? 2. Explain the relationship between ‘governance’ and ‘accountability’. 3. What are the ethical expectations of the market for the accountant? Explain how the ethical expectations have not been met. 4. Discuss the role of regulation in corporate governance. 5. Ethics is an individual matter, and it should not be influenced by an individual’s employment status. Discuss this contention with examples. 6. After some years of complacency and even cynicism, corporate governance again became a topic of some international interest. Do you think the debate on corporate governance is purely a knee-jerk reaction to the recent corporate collapses? Explain your answer. 7. What is the current state of the accounting profession’s credibility? Why is credibility so important to the profession? 8. Provide three examples of ethical threats for each of the following categories: (a) stakeholders (b) products or services (c) culture of an organisation (d) reputation 9. How does incompetence give rise to ethical problems? Provide an example to illustrate an accounting ethical problem resulting from the incompetence of an auditor. 10. Discuss the implications of CLERP (Audit Reform and Corporate Disclosure) Act 2004 as it affects the accountant. 11. Discuss the differences between the teleological and deontological ethical perspectives. CHAPTER 3 | INFORMATION SYSTEMS ETHICS
127
12. Summarise the key features of each stage of Kohlberg’s model of moral development. 13. What is the relationship among the ethical perspectives, ethical decision model and Kohlberg’s moral development model? 14. Discuss some of the ways in which a person’s privacy is threatened through AIS and ecommerce. 15. What strategies can firms employ to promote ethical behaviour among staff? 16. Describe the key differences between express and implied consent when gathering information about someone. 17. What are some of the organisational concerns with spam? 18. Can hacking be ‘good’? Explain.
FURTHER READING AND WEBSITES Journal articles Australian Council of Superannuation Investors Inc. 2002, Non-audit services performed by auditors in the top 100 companies, ACSI, Melbourne. Barrier, M 2003, ‘One right path — Cynthia Cooper’, Internal Auditor, December, pp. 52–7. CLERP (Audit Reform and Corporate Disclosure) Act 2004. Corporate Governance Australian Standards 2003, Standards Australia, Standards Australia, Melbourne. Eakin, J 2003, ‘H Norman “fails” governance’, Sydney Morning Herald, 10 November, p. 33. Gettler, L 2002, ‘Audit fees soar after scandals’, The Age, 26 November, viewed 23 January 2004, www.theage.com.au. Flanagan, J 2004, ‘Role of personal values in ethical decisions’, Australian Financial Review, 5 January, p. 43. Illawarra Mercury 2003, ‘Ex HIH finance boss walks free from court’, Australian Financial Review, 24 December, p. 35. Jennings, MM 2003, ‘The critical role of ethics’, Internal Auditor, December, pp. 47–51. Peaple, A 2004, ‘Survey reveals poor reporting practices’, Australian Financial Review, 8 January, viewed 23 January 2004, www.afr.com.au. Ryan, M 2002, ‘The inside job’, The CFO Magazine, 1 October, p. 20. Sarbanes–Oxley Act 2002, United States Congress. Sexton, E 2003, ‘Secret meetings, cash bribes and dirty deals’, Sydney Morning Herald, 17 December, p. 6. Albrecht, WS & Albrecht, C 2004, Fraud examination and prevention, Thomson South Western, Ohio. Culnan, MJ 1993, ‘“How did they get my name?”: an exploratory investigation of consumer attitudes toward secondary information use’, Management Information Systems Quarterly, vol. 17, no. 3, pp. 341–61. Internet Industry Association 2001, ‘Internet Industry Association privacy code of practice: consultation draft 1.0 — a code for industry co-regulation in the area of privacy’, www.iia.net.au. Smith, HJ & Hasnas, J 1999, ‘Ethics and information systems: the corporate domain’, Management Information Systems Quarterly, vol. 23, no. 1, pp. 109–27.
Websites Australian Stock Exchange 2003, Corporate governance principles and guidelines, viewed 12 April 2004, www.asx.com.au. Commonwealth of Australia 2003, HIH Royal Commission Report, vols 1–3, Canberra, viewed 10 June 2004, www.hihroyalcom.gov.au. Horwath and the University of Newcastle 2003, Key Findings from the Horwath 2003 Corporate Governance Report, Horwath, Melbourne, viewed 28 February 2004, www.horwath.com.au. Lucy, J 2004, ‘FSR, CLERP 9 and surveillance programs: ASIC priorities over the next 12 months’, an address by the Acting Chairman, ASIC, Jeffrey Lucy AM, FCA, to the Institute of Chartered Accountants in Australia, Queensland CA Business Forum, 13 March.
128
ACTIVITIES 1. A person who, when confronted with an ethical problem, considers the appropriate action based on guidance from religion is adopting a (a) hedonist approach. (b) social contract approach. (c) Kantian deontology. (d) divine deontology approach. 2. A person who, when confronted with an ethical problem, makes a decision based on the best outcome is using a (a) deontological approach. (b) teleological approach. (c) utilitarian approach. (d) relativism approach. 3. A data manager is approached by a customer with a bad credit record and offered a significant sum of money to change the credit rating on file. The data manager refuses to do this because it would be illegal. Based on Kohlberg’s model of moral development, the data manager is at what stage? (a) Instrumental–relativist (b) Good boy–nice girl (c) Law and order (d) Social contract 4. Deindividuation, if it is not reduced, is likely to lead to (a) ethical behaviour because employees know they are being observed. (b) unethical behaviour because employees can collude and overcome observation mechanisms. (c) ethical behaviour because employees feel a part of the organisation. (d) unethical behaviour because employees feel their actions are anonymous. 5. The relevant use principle of the Privacy Act 1988 (Cth) says that: (a) Information shall only be used for the purpose it was gathered for. (b) Information can only be gathered in lawful ways. (c) Information being used must be accurate. (d) Information shall not be disclosed unless consent is obtained. 6. Which of the factors below were not mentioned as influencing access to technology? (a) Age (b) Geography (c) Income (d) Religion 7. The CPO (a) represents consumers in issues about privacy and data gathering. (b) prosecutes organisations charged for breaches of the Privacy Act 1988 (Cth). (c) acts as an advocate for all companies accused of violating the Privacy Act 1988 (Cth). (d) creates and enforces privacy policies within an organisation. 8. Spam is (a) sending unsolicited emails. (b) acquiring personal details by means of deception. (c) gaining unauthorised access to a system. CHAPTER 3 | INFORMATION SYSTEMS ETHICS
129
(d) pretending to be someone else in an online transaction. 9. A company discovers that an employee has created a fictitious vendor on the vendor master file and the company has paid a total of $250 000 to this vendor through fake invoices. This is an example of fraud in the (a) revenue cycle. (b) inventory management cycle. (c) payment cycle. (d) cash receipts cycle. 10. Which of the following is not needed for a fraudulent act? (a) A reason (b) Pressure (c) A system with weak internal controls (d) An opportunity
PROBLEMS 1. For each of Coles, David Jones, Telstra and Bunnings, go to its website and answer the following questions: (a) Does it have a privacy policy that relates to customers and data gathered from customers? (b) Does it disclose the use of cookies on their page? (c) Is there an option for the user to disable cookies? (d) Does the company disclose how data gathered will be used? Does it expressly rule out the possibility of the data being given to third parties for purposes other than that for which it was originally gathered? 2. SellItNow is an online company that sells hardware products for new houses to both industrial clients and individual consumers. As a result of its very competitive price schemes, SellItNow has developed an extensive customer base, which is reflected in its burgeoning database of customer details, purchasing history and Web usage data. Recognising that these data are potentially valuable to third parties, SellItNow’s directors discuss the prospect of selling its customer database to a large insurance company, thus allowing the insurance company to target advertising and mailouts about home and contents insurance packages to new home buyers. The directors are split on the issue — some view this as an exciting way to add value to their customers, through complementary product offerings, while others see it as a gross misuse of information that is not in keeping with the original purpose for which the data were gathered. You have been engaged by SellItNow as an ethics consultant and requested to advise it on the possibilities that exist to resolve the boardroom debate. Required: Work through the steps of the ethical decision-making model and evaluate what SellItNow should decide and what it should do. 3. Refer to AIS Focus 3.1, which discussed the use of microchipping technology in humans. Analyse this case and identify the ethical issues involved from the point of view of the individual and society. Is this technology an invasion of individual privacy? Discuss the advantages and disadvantages and potential applications of the system. 4. For each of the examples of fraud mentioned in the chapter, discuss: (a) What fraud is occurring. (b) Why this is a problem. 130
(c) Some control plans that may help reduce the likelihood of this fraud occurring. 5. You work as the credit manager for Broad Sounds, a music store that supplies recording equipment and performance apparatus to bands and DJs. Your job is to ensure that data on customer credit ratings, credit limits and credit history are maintained accurately and completely, because these records are consulted before the sales staff approve a sale. One customer, a new young DJ in the area, has recently purchased a large amount of equipment from your company and has almost used up all of his or her credit limit. Because he or she is a new customer to the organisation, Broad Sounds is reluctant to extend his or her credit limit any further. The DJ contacts you directly and asks you to either increase his or her credit limit or create a new account for him or her under his or her personal name, rather than his or her business name, so he or she can purchase a new turntable to develop his or her business. You are confident of his or her ability to repay the credit purchases but feel bound by company credit policy, which clearly states how and when credit limits should be increased. When you joined Broad Sounds it was mentioned to you that company policies form part of your terms and conditions of employment. You tell the DJ this and he or she says, ‘Look, OK — do it and I will promote your services at my gigs. Or I can pay you some cash now to make it worth your while.’ (a) Analyse the scenario above using the ethical decision-making model presented in the chapter. (b) What would you do in this situation? (c) If the credit manager went ahead with these actions, would it be a case of computer crime? (d) Would it be ethical? 6. ‘Ethical behaviour is all about following the law.’ Do you agree with this statement? Why?
CASE STUDY Wholesalers Ltd ee, Ai Ming joined Wholesalers Ltd, a textile wholesale company, as an assistant accountant 6 months ago. He encountered the following situations: 1. For the past five months, the chief accountant, Bing Ho, authorised a number of expense invoices, which Ai Ming was instructed to include as company expenses. Ai Ming discovered last Friday that these expenses were household expenses incurred by Bing Ho’s family. Ai Ming felt uneasy about the situation, especially when Bing Ho came in with another invoice of $12 000 for an entertainment system installed at Bing Ho’s address. Bing Ho told Ai Ming to put it through to the Repairs and Maintenance account. 2. Bing Ho’s daughter Alice, who is studying accountancy at a university in Melbourne, has obtained a part-time job in Wholesalers Ltd, working as an accounting clerk in Ai Ming’s office. Alice has become very friendly with Ai Ming and they have gone out a few times. Alice asked Ai Ming to help her with her studies, as she wishes to be as successful as her father, referring to her father Bing Ho’s motto that ‘being a professional accountant holds the key to all’.
CHAPTER 3 | INFORMATION SYSTEMS ETHICS
131
Required 1. For case scenario 1, what are the duties owed by Ai Ming? Is there any conflict of inter faced by Ai Ming as an assistant accountant in Wholesalers Ltd? 2. when dealing with Alice. Comment on Bing Ho’s motto and advise of Ai Ming’ actions. 3. Taking both scenarios 1 and 2 together, what are the ethical and pr by Ai Ming?
CASE STUDY National Australia Bank
The following appears in an article entitled ‘NAB struggling to r Stewart Oldfield, Australian Financial Review, 8 April 2004, p. 11. One fact is certain. The impact on NAB of its currency option scandal goes well beyond the $360 million it has owned up to, when issues such as reputation and staff morale are included. It goes well beyond the mispricing of a book of options written against a US dollar that was meant to rally over Christmas. Bank staff have complained of ‘gridlock’ in internal processes after a spate of executive departures and expectations of many more . . .
Required As an independent ethics consultant, write a report to a competitive organisation regar the significance of internal control failures, taking into consideration the lessons lear from the NAB case. You may make assumptions about the organisation’s internal processes.
132