1 Ethical Considerations 4 In general, following topics will be discussed in ethical considerations...
-
date post
21-Dec-2015 -
Category
Documents
-
view
217 -
download
1
Transcript of 1 Ethical Considerations 4 In general, following topics will be discussed in ethical considerations...
1
Ethical Considerations
In general, following topics will be discussed in ethical considerations in use of computers
Use of copied software Unauthorized access (intrusion) Safety critical applications Encryption, law enforcement and privacy
2
Options to Avoid Software Piracy What is your opinion and why?:
A) Software should be free
B) Software prices should be reduced drastically
C) Software should be treated just like any other commercial product
Should the software copyright laws be amended to allow the customer to install it on multiple machines?
3
Options to Avoid Software Piracy Would you prefer a freeware product or
commercial product. Justify your answer What are the consequences for the vendors
and customers if the general application software prices are reduced to under $10 per package
Comment on the following FSF statement “Software should not have owners”
4
Unauthorized Access
We look into several suspicious activities similar to each other
“Hacking” means accessing a computer system in a way different from normal. The motive can be to test the system for its security, to learn its various features or to damage the system
The term “Hacking” is now-a-days being used in a negative sense
5
Unauthorized Access
“Intrusion” or “unauthorized access” occurs when the hacker uses an account that was not assigned to him/her by the system administrator AND/OR the usage is inconsistent with the established policies
Unauthorized access can take a number of forms some of which are given in “Secrets of a Superhacker”
6
Secrets of a Superhacker
Creation of virus programs Creation of worm programs Creation of Trojan horse programs Creation of logic bomb programs Monitoring the network for password sniffing
All above activities are unethical and most are declared crimes
7
Worksheet Information
In 1996, federal agents tracked down an Argentine student who broke into a Harvard University computer as well as into sensitive US military and space agency files
Julio Cesar Ardita used his home computer in Argentina to break into academic and government machines
8
Worksheet Information
After watching his activities for months, FBI found that the hacker consistently typed certain words when breaking into computer systems.
FBI obtained a court order to install a computer on the Harvard network with a "sniffer" program that would look for those words.
9
Worksheet Information
Harvard, unlike many other system owners, did not inform computer users that their communications might be monitored to protect the system's security.
Thus FBI was able to track down the intruder by scanning all emails, personal messages and other information passing through Harvard network
http://figment.csee.usf.edu/~kwb/nsf-ufe/zubairi1.htm
10
Safety Critical Applications
We will discuss the responsibilities of software developers in safety critical applications
Then we will review the topics of encryption, law enforcement and privacy
11
Safety Critical Systems
In general, the systems having a real-time component or components impacting human safety are considered safety critical systems
12
Safety Critical Systems
The examples of such systems are aircraft and air traffic control, nuclear reactor control and medical instrumentation
For example, air traffic control must issue a warning if two aircrafts come dangerously close to each other
A software keeps processing “time to collision” in the background
16
The disasters
Hartford Civic center roof collapsed under a load of snow on Jan 18th, 1978
The roof design relied heavily on computer modeling
Therac-25, a radiation therapy system, killed and injured several patients between 1985 and 1987
17
The disasters
The overdoses were traced to errors in the software and the software/hardware interlock
The software for Therac-25 was developed by a single person, using PDP-11 assembly language
The software evolved over several years but no documentation was prepared
18
The disasters
An opinion expressed by a programmer in response to Therac-25 accidents is interesting
The author suggests that the industry’s state of the art in building safe software is not sufficiently advanced to risk human lives
Therefore the author decided not to write software for any system involving human lives (i.e. bio-medical systems)
19
The disasters
More recently, an error in error checking led $125 million Mars probe to disaster
The spacecraft’s builder, Lockheed Martin Astronautics, submitted acceleration data in English units of pounds of force instead of the metric unit called newtons. At JPL, the numbers were entered into a computer that assumed metric measurements.
http://abcnews.go.com/sections/science/DailyNews/marsclimate990930.html
20
The Code
“Accept responsibility in making engineering decisions consistent with the safety, health and welfare of the public”– IEEE Code of Ethics, item 1
“Strive to achieve the highest quality in both the process and products of professional work”– ACM Code of Ethics, professional responsibility 1
21
What Can be Done?
What can be done to avoid such accidents in future?
We would like to give general suggestions for people involved in development of safety critical systems
22
Suggestions
Most failures have multiple causes. Software should not be analyzed alone for finding errors. The impact of certain hardware failures on software performance can be devastating
Modern software engineering techniques should be used by designers of safety critical systems
Over-reliance on computer models can lead to disasters
23
Encryption, Law Enforcement and Privacy Issues There is a conflict between an individual’s
right to privacy and the government’s need to invade the privacy to uphold the law
Computing has become sophisticated enough to erode the ability of law-enforcement to do “wiretapping”
Digital telephony has made it more difficult to manage wiretapping
24
Issues in Digital Telephony and Wiretapping Digital Telephony standards were passed by
Congress in 1994 to ensure continued wiretapping
Is this the most effective way to fight crime?– In 1991, 856 wiretaps were analyzed. 536
involved narcotics and 114 involved racketeering
25
Issues in Digital Telephony and Wiretapping Is the government expanding its role as “big
brother”?– Relatively recent history provides evidence of
government abuse. Therefore, the wiretap must occur with the permission of phone company and FBI should not bypass the phone company
Could the wiretap capabilities create security problems?– Hackers are very interested in breaking into wiretap capable
phone systems. It should be treated as “safety-critical system”
26
Encryption Issues
Data encryption has been discussed previously
Government has increasingly become concerned about the potential misuse of data encryption
Escrowed Encryption Standard (EES) is a new private key encryption standard developed by the federal government
27
Encryption Issues
EES devices are given unique serial numbers and 80-bits unit key
The unit key is created by two escrow agents using their own secret keys
There is a law enforcement access field in an encrypted message thus it can be decrypted by the government