MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 LO1 Describe information technologies that could be used in computer crimes. LO2 Review privacy issues and methods for improving privacy of information. LO3 Explain the eff ects of e- mail, data collection, and censorship on privacy. LO4 Discuss ethical issues of information technology. LO5 Describe intellectual property principles and infringement issues. LO6 Explain information system issues aff ecting organizations, including the digital divide, electronic publishing, and eff ects on the workplace and employees’ health. LO7 Discuss green computing and ways it could help improve the quality of the environment. Hossein BIDGOLI Phishing Email that bites Paying for Privacy Pirates

Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems l e a r n i n g o u t c o m e s LO1 Describe information technologies that could be used in computer crimes. LO2 Review privacy issues and methods for improving privacy of information. LO3 Explain the effects of e-mail, data collection, and censorship on privacy. LO4 Discuss ethical issues of information technology. LO5 Describe intellectual property principles and infringement issues.

l e a r n i n g o u t c o m e s (cont’d.) Chapter 4 Personal, Legal, Ethical, and Organizational Issues of Information Systems l e a r n i n g o u t c o m e s (cont’d.) LO6 Explain information system issues affecting organizations, including the digital divide, electronic publishing, and effects on the workplace and employees’ health.

Risks Associated with Information Technologies Misuses of information technology Invade users’ privacy Commit computer crimes Information technologies can be misused to invade users’ privacy and commit computer crimes. The following sections describe some of these misuses and discuss related privacy issues. Keep in mind, however, that you can minimize or prevent many of these risks by installing operating system up-dates regularly, using antivirus and antispyware software, and using e- mail security features.

Cookies Cookies Can be useful or intrusive Many users disable cookies Small text files with a unique ID tag Embedded in a Web browser Saved on the user’s hard drive Can be useful or intrusive Many users disable cookies By installing a cookie manager Or using Web browser options Cookies are small text files with unique ID tags that are embedded in a Web browser and saved on the user’s hard drive. Sometimes, cookies are useful or innocuous, such as those used by a Web page that welcomes you or those used by a Web site that remembers your personal information for online ordering. Typically, users rely on Web sites to keep this information from being compromised. Cookies also make it possible for Web sites to customize pages for users, such as Amazon. com recommending books based on your past purchases. Other times, cookies can be considered an invasion of privacy, and some people believe their information should be collected only with their consent. Cookies also provide information about the user’s location and computer equipment, and this information could be used for unauthorized purposes, such as corporate espionage.

Spyware and Adware Spyware Install antivirus or antispyware software Software that secretly gathers information about users while they browse the Web Can be used maliciously Install antivirus or antispyware software Adware Form of spyware Collects information about the user to display advertisements in the Web browser Some spyware changes computer settings, resulting in slow Internet connections, changes to users’ default home pages, and loss of functions in other programs. To protect against spyware, you should install antivirus software that also checks for spyware or install antispyware software, such as Spy Sweeper, In addition to antivirus software, install-ing an ad- blocking feature in Web browsers is recom-mended to protect against adware.

Phishing Phishing Direct e-mail recipients to false Web sites Phishing Sending fraudulent e-mails that seem to come from legitimate sources Direct e-mail recipients to false Web sites To capture private information Phishing is sending fraud-ulent e- mails that seem to come from legitimate sources, such as a bank or university. They usually direct e- mail recipients to false Web sites that look like the real thing for the purpose of capturing pri-vate information, such as bank account numbers or Social Security numbers.

Keyloggers, Sniffing and Spoofing Some antivirus and antispyware programs protect against software keyloggers Sniffing Capturing and recording network traffic Often used by hackers to intercept information Spoofing Attempt to gain access to a network by posing as an authorized user to find sensitive information Keyloggers Monitor and record keystrokes Can be software or hardware devices Sometimes used by companies to track employees’ use of e-mail and the Internet Can be used for malicious purposes Some antivirus and antispyware programs protect against software keyloggers Sniffing Capturing and recording network traffic Often used by hackers to intercept information Spoofing Attempt to gain access to a network by posing as an authorized user to find sensitive information

Computer Crime and Fraud Computer fraud Unauthorized use of computer data for personal gain Social networking sites Used for committing computer crime Examples Denial-of-service attacks Identity theft Software piracy Distributing child pornography E-mail spamming In addition to phishing, computer crimes include the following: • Denial- of- service attacks, which inundate a Web site or network with e- mails and other network traffic so that it becomes overloaded and can’t handle legitimate traffic • Identity theft, such as stealing Social Security • Software piracy and other infringements of intellectual • Distributing child pornography. • E- mail spamming. • Writing or spreading viruses, worms, Trojan programs, and other malicious code. • Stealing files for industrial espionage. • Changing computer records illegally. • Virus hoaxes, in which individuals intentionally spread false statements or information through the

Computer Crime and Fraud (cont’d.) Writing or spreading viruses, worms, Trojan programs, and other malicious code Stealing files Changing computer records Virus hoaxes Sabotage • Writing or spreading viruses, worms, Trojan programs, and other malicious code • Stealing files for industrial espionage • Changing computer records illegally • Virus hoaxes, that are false statements or information spread through the Internet and are presented in such a way that the readers believe that they are true. The individual who generates virus hoaxes intention-ally attempts to mislead the readers.

Computer Crime – Unauthorized Access A person gaining entry to a computer system for which they have no authority to use such access THIS IS A COMPUTER CRIME! Internet Fraud Cost $ 559 Million in 20091 Losses from cybercrime more than doubled in 2009, jump-ing from $ 265 million in 2008 to $ 559.7 million, according to a report by the Internet Crime Complaint Center, which is a partnership between the FBI and the National White Collar Crime Center. The number of online complaints about cybercrimes also rose dramatically, according to the report. In 2009, 336,655 complaints were received, a jump of more than 20 percent over 2008. Keep in mind that these fi gures are only the reported complaints; the actual number of cybercrimes could be much higher. Most of the complaints were about e- mail scams and the nondelivery of merchandise or payments. To guard against cybercrime, Internet users should install the most current versions of antivirus and antispyware software on their computers and be very careful when they receive suspicious e- mails, particularly those with attachments. 82% come from inside the organization (employees)

Privacy Issues Concerns about privacy in the workplace Paying for Privacy Privacy Issues Concerns about privacy in the workplace Misuse and abuse of information gathered by: …. Defining privacy is difficult Number of databases increasing rapidly Direct marketing companies major user of this information U.S. government began linking large databases to find information Acceptable use policies Concerns about privacy in the workplace Employers search social networking sites Employee monitoring systems Misuse and abuse of information gathered by: Healthcare organizations Financial institutions Legal firms Defining privacy is difficult Information technologies have increased ease of access to information

E-mail Presents some serious privacy issues Spamming Ease of access Email that bites E-mail Presents some serious privacy issues Spamming Unsolicited e-mail sent for advertising purpose Sent in bulk by using automated mailing software Ease of access People should assume that others could have access to their messages Any e-mails sent on company-owned computers are the property of the organization Presents some serious privacy issues Spamming Unsolicited e-mail sent for advertising purpose Sent in bulk by using automated mailing software Ease of access People should assume that others could have access to their messages Any e-mails sent on company-owned computers are the property of the organization

Table 4.1 E-mail and Spam Statistics

Ethical Issues of Information Technologies Ethics and ethical decision making Moral guidelines people or organizations follow in dealing with others More difficult to determine than legal cersus illegal where they might fall in Exhibit 4.1’ s grid: 1. You make two copies of a software package you just bought and sell one to a friend. 2. You make two copies of a software package you just bought for personal use, in case the original software fails and you need a backup. 3. A banker uses the information a client enters in a loan application to sell other fi nancial products to this client. 4. A credit card company sells its customers’ mailing addresses to other competitors. 5. A supervisor fires a programmer who has intentionally spread viruses to the organization’s network. Number 1 is clearly illegal and unethical ( quad-rant IV). Number 2 is ethical because you made the copy for your own use, but some software vendors who prohibit making copies might consider it illegal ( quadrant II). Numbers 3 and 4 are legal but not ethi-cal ( quadrant III). In number 5, the supervisor’s behav-ior is both legal and ethical. The supervisor has a clear legal reason for fi ring the programmer, and allowing the programmer to continue working there wouldn’t be ethical.

Censorship Who decides what should be on the Internet? Whether or not something can be censored depends in part on who is doing the censoring Parents are concerned about what their children are exposed to Pornography, violence, and adult language Mistaken or mistyped URLs Search terms Who decides what should be on the Internet? Types of information Public Private Whether or not something can be censored depends in part on who is doing the censoring Restricted access to the Internet Burma, China, Singapore

Intellectual Property Pirates Intellectual Property Intellectual property Protections that involve copyrights, trademarks, trade secrets, and patents for “creations of the mind” developed by people or businesses Industrial property Inventions, trademarks, logos, industrial designs Copyrighted material Cybersquatting Registering, selling, or using a domain name to profit from someone else’s trademark Intellectual property Protections that involve copyrights, trademarks, trade secrets, and patents for “creations of the mind” developed by people or businesses Industrial property Inventions, trademarks, logos, industrial designs Copyrighted material Literary and artistic works Exceptions under Fair Use Doctrine Trademark Protects product names and identifying marks Patent Protects new processes Software piracy Laws Cybersquatting Registering, selling, or using a domain name to profit from someone else’s trademark

The Impact of Information Technology in the Workplace New jobs Telecommuting and virtual work Job deskilling Job upgrading One skilled worker might be capable doing the job of several workers Virtual organizations Green Computing promotes a sustainable environment and consumes the least amount of energy New jobs for: Programmers Systems analysts Database and network administrators Network engineers Webmasters Web page developers e-commerce specialists Chief information officers (CIOs) Technicians Job deskilling Skilled labor eliminated by introducing high technology Job downgraded from a skilled to a semiskilled or unskilled position

Advantages and Disadvantages of Telecommuting

Summary Information technologies Organizational issues Affect privacy Can be used for computer crimes Privacy issues E-mail Censorship Organizational issues Digital divide Workplace impacts Health impact

Phishing Phishing Direct e-mail recipients to false Web sites Phishing Sending fraudulent e-mails that seem to come from legitimate sources Direct e-mail recipients to false Web sites To capture private information Phishing is sending fraud-ulent e- mails that seem to come from legitimate sources, such as a bank or university. They usually direct e- mail recipients to false Web sites that look like the real thing for the purpose of capturing pri-vate information, such as bank account numbers or Social Security numbers.