EBUS 400 WS 4 eCommerce Joseph Lewis Aguirre. WS4: Legal, Ethical and Regulations Privacy Information collection Protection Legislation Marketing Intellectual.

EBUS 400 WS 4 eCommerce Joseph Lewis Aguirre

WS4: Legal, Ethical and Regulations Privacy Information collection Protection Legislation Marketing Intellectual Property Copyrights Trademarks Patents Domain names International aspects Other Contracts Gambling Fraud Buyer protection Third party services Sellers protection Accessibility

Marketing Concept Ethics, Law, Regulations Company Effort The Marketing Concept and the Law

Decisions My BASIC principle is that you don't make decisions because they are easy; you don't make them because they are cheap; you don't make them because they're popular; you make them because they're right -- Theodore Hesburgh, C.S.C. Former President of Notre Dame

Decision Strategies Optimization Satisficing Elimination by aspects – eliminate all alternatives that fail with respect to a particular aspect

Decision Strategies Instrumentalism – muddling through – compare alternative courses of action to the current one Mixed scanning – search for, collection, processing, evaluating and weighing of information. The importance of the decision determines the degree of scanning Analytical Hierarchical Process

Tell me, I'll forget, Show me, I may remember, But involve me and I'll understand Involvement

Joseph Lewis Aguirre SecuritySecurity

The BCS Code of Practice says: A system is at risk from the moment that the project which develops it is first conceived. This risk remains until at least after the system is finally discontinued, perhaps indefinitely. Threats to security range from incompetence, accident and carelessness to deliberate theft, fraud, espionage or malicious attack. Security and Risks

Security Convenience Security Scope Convenience Cost Quality

The $10,000 Fence for the $1.00 Horse

Leaks 02-25-05 BoF, 1.2 Million federal government charge cards affected. Computer back up tapes were lost. LexisNexis - 03-09-05 310 consumers affected. Unauthorized use of customer logins and passwords MCI - 05-23-05 16,500 current and former employees,. Laptop stolen from MCI financial analyst CardSystems Solutions 06-17-05 40 million credit card holders affected. Person broke into the computer network of CardSystems USC - 06-20-05, 270,000 consumers affected. Hackers broke into applications database

CyberMines Targeted Attacks - mass mailings of worms and viruses. Using keyloggers, security flaws in web browsers - solution: get unplugged Botnets - robot networks made up of home and business PCs taken over by hackers. ISPs monkey Net crash - arcane protocol, exploit border gateway protocol to advertise their routs so they can carry their network Critical infrastructure attacks - cyberattacks that penetrate supervisory control and data acquisition - compliance with rigorous cybersecurity standards.

CyberMines (Cont) Phraud - Internet-related fraud accounted for 53% of all consumer fraud complaints to FTC in 2004. In Phising, guard personal information. Evil twins, do not use unsecure attach points. Pharming, how to find Nemo. Hijacking - Covert control of computer resources. Use firewalls and secure browsers. Wireless Attacks - smartphones, PDAs, etc.

Cyber Enemy Bot Network Pperators - hackers Organized Crime Groups Corporate Spies Foreign Intelligence Services Hackers Insiders Phishers - trading on sensitive data Spyware/Malware authors Terrorists

Who is the enemy In-house security breaches account for some 70-90% of all security breaches. Hurwitz Group 57% - Worse breaches occurred when their own users accessed unauthorized information. Next problem happened when user accounts remained active when users left the company. Digital Research Only 21% are concerned with external security threats.

Cost of Computer Crime Source: Computer Security Institute Insurance Council of Australia estimates $3 trillion/year

Action Taken After Breach Source: Computer Security Institute

Security Vs Privacy Biggest Problem isnt about privacy…it is sloppy security -----Lee Gomes, Wall Street Journal

Worm Evolution 1988 - Robert Morris First worm 2001 - Code Red, exploited IIS to infect 359,00 hosts to launch a Denial Of Service attack on the White House site…random propagation caused it to clog and contain 2001 - Code Red authors learned and launched Nimda 2003 - Sapphire - exploited vulnerability in MS SQL Server 2004 - Welchia.C - compiled list of addresses - variant SoBig.F 2005 - BotNets - Worm writers partner with spammers for profit.

Risk Exposure by Industry Degree of exposure to risk

Security Vs Privacy Mail: 25-30 % Web Traffic: 50-60%

Hackers, crackers, and thieves, oh my! Viruses, worms, and trojans, oh my! Identity theft running rampant (electronic AND in person) –Internal/external fraud on the rise –Third party vendors selling private information Wireless networks broadcasting data The insecure nature of academic networks Security Landscape

Definition of sensitive data Analysis of where sensitive data is used Assessment of the security of systems with sensitive data Securing systems with sensitive data Developing an information security culture Sensitive Data

Personal information –Name, address, contact information, gender, age –Social Security Number –Banking information, including financial institution, account number, credit/debit card number –Health / medical data Sensitive Data

Corporate information –Operational procedures –Contingency procedures –Bank account and investment information Other information that might be used to conduct fraud or impersonation –Often depends on context –Look at as a whole, not specific pieces individually Sensitive Data

Student systems Cashiering / Bursar / POS systems Application, registration, recruitment systems Accounts Receivable / Payable Human Resources / Payroll Medical / clinical systems Departmental databases –Treasury workstation –Conference registrations (if keep credit card numbers) Research databases Sensitive Data Found in:

Nontechnical assessments: –Physical security assessment –Location of sensitive records –Logical access to data (Who has access? Do they really need access?) –Disaster backup procedures –Contingency procedures –Privacy statement / policies Assessing Security of Sensitive Systems

Third party vendor assessment Boilerplate language for –Protection of data –System security –Secure file exchange –Financial penalties for noncompliance Use of subcontractors ONLY with your permission Assessing Security of Sensitive Systems - Contractual Services Agreement

Do our procedures require sensitive data? –SSN on deposited checks –Credit card number on conference registration server –SSN as student ID Can we replace the data with nonsensitive data? Can we change the procedure entirely? –ACH payments instead of checks Assessing Security of Sensitive Systems - Operational Security

Does the organization have a master privacy policy? Does each departmental web site either have their own privacy policy or link to master? Does the policy comply with local law? (California, other states) Is data access limited to need to know? –Access control lists for everything Assessing Security of Sensitive Systems - Privacy Policies

Visa Cardholder Information Security Program Compliance Questionnaire –77 point technical security checklist SANS SCORE Project checklists Form alliance with internal auditors (EDP auditors) Hire outside expertise for assessment Assessing Security of Sensitive Systems - Technical Assessment

Implement technical security measures –Firewalls, intrusion detection and response, appropriate architecture –Visa CISP checklist measures (SSL, data encryption, etc.) –Access control policies (least possible access to data) implemented and enforced –Enforce good passwords Hire professional security programming expertise (require department to do so) –Particularly if cards accepted over web sites Assessing Security of Sensitive Systems - Securing

Centralized student systems behind mega-firewall Firewalls within firewalls Data inquiries run on server, only results passed to client –Remote access to student data severely limited Web servers never retain credit card information Look at processes and procedures (sanitize reports, etc.) Assessing Security of Sensitive Systems - Centralized Security

Buy-in from the highest levels –Lots of scary stories –Regulatory requirements –Financial liability –Adverse publicity Basic security education for all users AND students Partnership with internal auditors Partnership with campus computer departments Assessing Security of Sensitive Systems - Culture Development

Financial Typical VulnerabilityBreach Invalidated ParametersHijack accounts; steal data; commit fraud Command Injection FlawsDatabase dumps all account information Buffer OverflowsCrash the servers; damage app, other mayhem Cross Site ScriptingSteal account and customer information Broken Accounts/Session MgmtHijack accounts; steal data; commit fraud

Information Security Action Plan 1.Keep it simple 2.Security requirements 3.Assessing threats 4.Establish Security framework 5.Plan for disaster 6.Develop clear security policy 7.Use the right security tools 8.Staff training 9.Monitor

Application Protection Improved QA Scanning/Vulnerability Assessment Host Based Intrusion Detection (IDS) Intrusion Prevention (IPS) Application Firewall

Application Protection - QA Right the first time No runtime performance penalty Built into application development cost Time consuming Protects from known vulnerabilities Lack of specialized security expertise ADVANTAGEDIS-ADVANTAGE

Scanning and Vulnerability Assess. Identifies vulnerabilities Complement lack of security expertise VENDORS SPI Dynamics Sanctum Kavedo Secure as last scan A challenge fixing vulnerabilities discovered ADVANTAGEDIS-ADVANTAGE

Host Based Scanning Plugs security holes once discovered Helps with network level VENDORS Cisco NETA Sana May not address OS, platform dependencies and other vulnerabilities ADVANTAGEDIS-ADVANTAGE

Security Static Content eCommerce Risk of Breach Minimal Severe QA E-COMMERCE Real Time Protection

Application Protection Stops hacks before they get to the application Continuous protection VENDORS Teros Netcontinuum Magnifier/F5 Upfront investment Increased network complexity ADVANTAGEDIS-ADVANTAGE Secure Application Gateway

Web Application Security Market

DECISION ENVIRONMENT Values GOALS STRUCTURE CLIMATE ENVIRONMENT MarketplaceOther Teams Culture Competition Pressures ClarityCommitment Reward System Reporting Relationships Feedback System Behavior Norm Decision Making Competition Enthusiasm Stress Trust Involvement Flexibility CollaborationMission Philosophy Accountability

Fund Transfers Origin Destination

Joseph Lewis Aguirre RegulatoryRegulatory

The Regulatory Landscape The Security Landscape Information Security Resources Regulatory Overview

Privacy of Student Records = FERPA Traditional Higher Education regulations for Information Security Registration of Foreign Students = SEVIS Privacy of Medical Records = HIPAA Regulatory Landscape

Non Traditional Higher Education regulations for Information Security Student / Faculty Lending = GBL / FTC Homeland Security = Patriot Act Accounting Scandals = Sarbanes Oxley Internet/Service Provider = COPPA, DMCA State/Local Privacy Initiatives = Local regulations Private privacy rules = Visa, ACH Regulatory Landscape (Cont)

HIPPA Compliance HIPPA - Health Insurance Portability and Accountability Act of 1996 Under HIPAA, large integrated delivery networks to individual physician offices must put in place physical and technical data security measures to ensure against illegal access to communications networks, databases and applications. The criminal and civil penalties for non-compliance are severe, and present healthcare firms and their executives with significant liability issues

FERPA 20 U.S.C. § 1232g; 34 CFR Part 99 is a Federal law that protects the privacy of student education records. Applies to all schools that receive funds under an applicable program of the U.S. Department of Education. Family Educational Rights and Privacy Act

Higher education institutions as lenders –Student loans –Faculty / real estate loans –Short term cash loans (?) Protection of non-public customer information –Paper or electronic form –Prevent unauthorized use or access –Includes you, affiliates, and third party vendors GBL and FTC Enforcement

Privacy requirements of GLB/FTC met by complying with FERPA Comprehensive written information security program requirement must still be met –Risk assessment –Design and implement information safeguards –Prevent unauthorized use or access GBL and FTC Enforcement

Internal control of customer information –Good internal controls Third party control: –Due diligence before selection –Data protection, information security audit clauses in contracts –Periodic outside verification of third party systems, protections GBL and FTC Enforcement

Enhanced Know Your Customer regulations placed on financial institutions Account opening / entity identification procedures for new accounts No common practices yet developed –Some banks are very intrusive, wanting personal identification of corporate officers –Some banks are very liberal Where are your corporate documents? PATRIOT ACT

TITLE I--ENHANCING DOMESTIC SECURITY AGAINST TERRORISM TITLE II--ENHANCED SURVEILLANCE PROCEDURES Sec. 201. Authority to intercept wire, oral, and electronic communications relating to terrorism. Sec. 202. Authority to intercept wire, oral, and electronic communications relating to computer fraud and abuse offenses. Sec. 204. Clarification of intelligence exceptions from limitations on interception and disclosure of wire, oral, and electronic communications. Sec. 208. Designation of judges. Sec. 209. Seizure of voice-mail messages pursuant to warrants. Sec. 217. Interception of computer trespasser communications. USA Patriot Act

TITLE VI--PROVIDING FOR VICTIMS OF TERRORISM, PUBLIC SAFETY OFFICERS, AND THEIR FAMILIES Subtitle A--Aid to Families of Public Safety Officers Subtitle B--Amendments to the Victims of Crime Act of 1984 TITLE VII--INCREASED INFORMATION SHARING FOR CRITICAL INFRASTRUCTURE PROTECTION TITLE VIII--STRENGTHENING THE CRIMINAL LAWS AGAINST TERRORISM TITLE IX--IMPROVED INTELLIGENCE TITLE X--MISCELLANEOUS SEC. 2. CONSTRUCTION; SEVERABILITY. TITLE I--ENHANCING DOMESTIC SECURITY AGAINST TERRORISM USA Patriot Act (Cont)

Keep America Safe and Free Certain ACLU Allegations re. Patriot Act: The FBI can investigate United States persons based in part on their exercise of First Amendment rights, and it can investigate non-United States persons based solely on their exercise of First Amendment rights. Section 215 might also be used to obtain material that implicates privacy interests other than those protected by the First Amendment. For example, the FBI could use Section 215 to obtain medical records. ACLU

Sarbanes Oxley Act (Sox) Corporate Certification of Financial Statements Correct Complete Effective underlying controls Requires organizations governed by the SEC to establish and maintain an audit committee responsible for the appointment, compensation and oversight of any employed registered public accounting firm Does not apply directly to information security or non- publicly held entities (but...) Sets minimum standards for accountability and integrity of accounting systems/records

ISO 17799 ISO/IEC 17799 Part 1: Is a guide containing advice and recommendations to ensure the security of a companys information according to ten fields of application. BS7799 Part 2: Information security management -- specifications with guidance for use provides recommendations for establishing an effective Information Security Management System (ISMS). At audit time, this document serves as the assessment guide for certification.

ISO 17799 The goal is to provide a common base for developing organizational security standards and effective security management practice and to provide confidence in inter-organizational dealings.

Online collection of personal information from children under 13 Requires privacy policy, consent from parent, and protection of data COPPA (Children's Online Privacy Protection Act)

Protection of intellectual property and property rights –Identification of covered information –Steps to prevent abuse of covered information Posting of appropriate notices on institutional/department web sites Digital Millennium Copyright Act (DMCA)

If electronic information includes social security number and/or banking information AND electronic systems suffer a security breach Consumer customers who are residents of California must be notified of the security breach California Privacy Legislation (SB 1386)

How are we doing business with residents of California? Does it apply to businesses outside California? –Will not know for decade or more –Behave as if it does Model for Federal legislation applicable to all states California Privacy Legislation (SB 1386)

Colorado legislature passed law prohibiting use of SSNO or credit card numbers as identification for check payments –Revision of cashiering procedures –More difficulty researching returned checks / payments Indicative of trend across all states Prohibition of use of SSN

Visa, Mastercard, Discover, American Express, Diners, JCB Visa has most specific information security rules –Other card associations follow Visas lead Probable penalties assessed for noncompliance –Eventually Visa will get to given sector for compliance monitoring –Most likely to occur after you receive serious publicity for a breach Credit Card Association

Specific security requirements for Internet-, telephone-initiated transactions –WEB, TEL Standard Entry Class codes Web site security requirements –128 bit Secure Sockets Layer –Specific transaction authorization –Commercially reasonable security standards Automated Clearing House (ACH) RulesACH Automated Clearing House (ACH) RulesACH

Treasury Institute for Higher Education –http://www.treasuryinstitute.org/default.asp Association for Financial Professionals –http://www.afponline.org/ Assessing Security of Sensitive Systems - More Info

Protecting your own system –http://www.afponline.org/Information_Center/Publicati ons/AFP_Exchange/tinuccisup/tinuccisup.html Graham Leach Bliley / FTC –http://www.ftc.gov/os/2002/05/67fr36585.pdf (Final Rule) –http://www.nacubo.org/business_operations/safeguardi ng_compliance/index.html –http://www.ftc.gov/privacy/glbact/index.html Assessing Security of Sensitive Systems - Resources

USA PATRIOT Act Analysis –http://www.afponline.org/ohc/082003/219_article_13/2 19_article_13.html Sarbanes Oxley –http://www.afponline.org/FRACpublic/sox/sox.html –http://www.treasurystrategies.com/resources/articles/H owILearnedSarbanes.pdf Assessing Security of Sensitive Systems - Resources

COPPA –http://www.ftc.gov/bcp/conline/pubs/buspubs/coppa.ht m –http://www.ftc.gov/bcp/conline/edcams/coppa/index.ht ml DMCA –http://www.educause.edu/ir/library/html/cem9913.html –http://www.educause.edu/issues/issue.asp?issue=dmca –http://www.copyright.gov/legislation/dmca. pdf Assessing Security of Sensitive Systems - Resources

California Privacy Bill SB 1386 –http://info.sen.ca.gov/pub/01-02/bill/sen/sb_1351- 1400/sb_1386_bill_20020926_chaptered. html Colorado Prohibition on SSN for identification –http://www.state.co.us/gov_dir/leg_dir/olls/sl2003a/sl_ 180.htm Assessing Security of Sensitive Systems - Resources

Visa Cardholder Information Security Program (CISP) –http://www.usa.visa.com/business/merchants/cisp_inde x.html MasterCard Electronic Commerce Best Practices –http://www.mastercardmerchant.com/preventing_fraud/ website_security.html –http://www.mastercardmerchant.com/docs/best_practic es.pdf Assessing Security of Sensitive Systems - Resources

ACH WEB transaction requirements –ACH Rules, Operating Guidelines, Section IV, Chapter VI (Special Topics, Internet-Initiated Entries)) SANS SCORE Project homepage –http://www.sans.org/score/ –Assessing the security of third party vendors (ASP checklist) http://www.sans.org/score/asp_checklist.php –(BS 7799 / ISO 17799 checklist) http://www.sans.org/score/checklists/ISO_17799_checklist. pdf Assessing Security of Sensitive Systems - Resources

Joseph Lewis Aguirre EthicsEthics

Common Denominator Krispy Kreme Doughnuts CocaCola Tyson Chicken KPMG Charity Companies Class Action Law Firm Milberg Weiss HealthSouth eToys caretaker CEO, Paul Traub of Taub, Bonacquist & Fox Sony BMG 124-Executive Tax Shelter Harvard University, Andrei Shleifer, (economics professor), Jonathan Hay (attorney), Russian Aid - $30M Cornell, Northwest, Harvard, John Hopkins, and the University of Alabama. MassMutuals CEOs Angry Wife

Next Phase in Psychiatry Largest Ever Studies on Drugs for Depression, Schizophrenia Could Transform Treatment. Federally funded study part of a six year push by the National Institutes of Health to come up with reliable scientific data on the differences between drug treatment strategies for the major psychiatric illnesses Source: WSJ 07-27-05

Next Phase in Psychiatry (cont) Clinical trials to get drugs approved are not designed to provide answers doctors need. Of the several drugs I have to choose from, which one should I use for the person in front of me? Financial implications are great: antidepressants and anty-psychotics are the third and fourth biggest classes of drugs in the country Source: WSJ 07-27-05

Common Truth Everything we say and do represents a choice, & How we decide determines the shape of our lives. - Josephson Institute of Ethics

Vice Crime Prudence Benevolence Good Bad Self Others Choices

B D ACAC Ethical Legal Legal Illegal Choices

ETHICS – NOT! Religion; Political stance; Fad Laws Absolutes Something that can only be understood by extremely intelligent people.

ETHICS IS: What we believe, why we believe it, and how we act out those beliefs; Personal & public display of personal attitudes and beliefs; Fluid through different situations; An aid in decision making; and According to Aristotle: a)A standard of behavior; & b)An area of study exploring the nature of morality..

Act with integrity –Protect the privacy and confidentiality of information –Do not misrepresent or withhold information –Do not misuse resources –Do not exploit weakness of systems –Set high standards –Advance the health and welfare of general public Standard of Conduct Ethics Decision Tree for CPAs CPAs Taxes and Code of Ethics

If It is Necessary, it is Ethical -justify-the-means reasoning The False Necessity Trap - As Nietzsche put it, "Necessity is an interpretation, not a fact." If Its Legal and Permissible, Its Proper -. Ethical people often choose to do less than the maximally allowable, and more than the minimally acceptable. Its Just Part of the Job - Fundamentally decent people feel justified doing things at work that they know to be wrong in other contexts. Its All for a Good Cause - is a seductive rationale that loosens interpretations of deception, concealment, conflicts of interest, favoritism and violations of established rules and procedures. ETHICS - OBSTACLES

Its All for a Good Cause - is a seductive rationale that loosens interpretations of deception, concealment, conflicts of interest, favoritism and violations of established rules and procedures. I Was Just Doing It for You -n"little white lies" or withholding important information in personal or professional relationships, such as performance reviews. Im Just Fighting Fire With Fire - This is the false assumption that promise-breaking, lying and other kinds of misconduct are justified if they are routinely engaged in by those with whom you are dealing. It Doesnt Hurt Anyone - Used to excuse misconduct, ETHICS - OBSTACLES

Everyones Doing It - This is a false, "safety in numbers" rationale fed by the tendency to uncritically treat cultural, organizational or occupational behaviors as if they were ethical norms, just because they are norms. Its OK If I Dont Gain Personally - This justifies improper conduct done for others or for institutional purposes on the false assumption that personal gain is the only test of impropriety. Ive Got It Coming - People who feel they are overworked or underpaid rationalize that minor "perks" I Can Still Be Objective - By definition, if youve lost your objectivity, you cant see that youve lost your objectivity! ETHICS - OBSTACLES

–Proportionality: good must outweigh harm –Informed Consent: understand and accept risk –Justice: fair distribution –Minimized Risk: avoid unnecessary risk Ethical Considerations- Principles

1.Trustworthiness. 2.Respect. 3.Responsibility. 4.Fairness. 5.Caring. 6.Citizenship. Ethical Considerations – 6 Pillars of Character

Ethics Decisions - Requirements Making ethical decisions requires the ability to make distinctions between competing choices. It requires training, in the home and beyond

Ethics Decisions - Conclusion No one can simply read about ethics and become ethical. People have to make many decisions under economic, professional and social pressure. Rationalization and laziness are constant temptations. But making ethical decisions is worth it, if you want a better life and a better world. Keep in mind that whether for good or ill, change is always just a decision away.

Security Ethics and Society Employment -Computer monitoring Working Conditions -Upgrade Individuality -Loss of individuality Health -Ergonomics Ethical Challenges

–Proportionality: good must outweigh harm –Informed Consent: understand and accept risk –Justice: fair distribution –Minimized Risk: avoid unnecessary risk Ethical Considerations- Principles

Joseph Lewis Aguirre GlobalizationGlobalization

Globalization of Technology "New information technologies are integrating the world in global networks of instrumentality. … The first historical steps of informational societies seem to characterize them by the preeminence of identity as their organizing principle." Manuel Castells, The Rise of the Network Society (The Information Age: Economy, Society and Culture, I) (Cambridge, MA; Oxford, UK: Blackwell, 1996)

Globalization of Technology Global cities as points for flows of labor, capital, information, and technology. Aren't we talking about networks of cities when we talk about "globalization"? Where are non- urban regions without an infrastructure in the idea of the "global"? Saskia Sassen, Globalization and its Discontents (New York: The New Press, 1998)

Globalization of Technology Parallel view with Wriston's Law: "capital goes where it's wanted and stays where it's well treated". All types of capital follow this law: financial, intellectual, cultural. Globalization is really the networked matrix of capital concentrations in cities.

Globalization of Technology The new economy in the United States. Use of the Internet in China. The expanding markets in Latin America. Internet-fostered rivalry between the United States and Europe

Globalization of Technology Globalization and positioning of arguments: -globalization discussed from what socially grounded perspective? - from where about whom? Example: Chinese model of education with direct parental involvement; students now left alone to use computers and the Internet without parental control. - An effect of globalization?

Globalization of Technology The use of the Net to communicate local, ethnic, religious, and national cultures to a worldwide and international audience: optimistic multiculturalism, where anyone with access can participate. The worldwide diffusion of dominant cultures through the global marketplace.. as another case of hegemony, cultural imperialism.

Globalization of Technology (cont) The goals of global access and ubiquity of the Net require dealing with two forces, one toward technology development and diffusion, the other toward governmental and institutional controls over international interconnectivity. International business and worldwide Internet ecommerce, promoted by transnational corporations, for access to friction-free worldwide markets.

Globalization of Technology (cont) The general homogenization or "internationalization" of culture, favoring Western developed nations and their languages and values. In the political economy of communications, the movement toward worldwide access to communications technology and connectivity across territorial boundaries.

Globalization of Technology Paradox Paradox of global localization: making local identity politics a global issue through the Internet. Local identity groups using the technologies of globalization to promote political interests. For example, the Taliban in Afghanistan. (See www.taliban.com ) with a Netscape pop-up advertising window!).

Globalization of Technology Paradox COLA WARS: Global ResistanceCoca-Cola Employees1 FT, 1PT39,000 HQShared house in CAAtlanta 2004 Revenues$60,00021.96 B Countries of operation2>200 CEOAmit SrivastavaNeville Isdell CEOs CompensationOwn expenses$3.74 million Source: WSJ 06-07-05

Knowledge Explosion The need for intelligent information management is clear.

Bits Boxes Bandwidth Global Technological Revolution

Major advances in information and communications technologies ( ICT ) –Digital storage and processing of information (information) –Satellite and optical fiber transmission of information (communications) Global Technological Revolution - Origin

Coupling to all information and information processors Pure bits e.g. printed matter Bit tokens e.g. money State: places, things, and people State: physical networks Cyberization: interface to all bits and process information

Library Volume Growth 10X in 150 years

In 1999 in Costa Rica, Malaysia and Singapore, high-tech exports exceeded 40% of the total Transformation of Business and Markets

From 1995 – 97: Scientists in the United States co-authored articles with scientists from 173 other countries: Scientists in Brazil with 114, in Kenya with 81, in Algeria 59. Revolution in Learning and Knowledge Sharing

The six largest internet-based distance- learning universities in the world are located in developing countries -- Turkey, Indonesia, China, India, Thailand and Korea Revolution in Learning and Knowledge Sharing

Global Information Flow

Governance redefined Globalization of civil society –The Philippines: electronic advocacy network set up in response to impeachment trial Communities Empowered in New Ways

E-commerce, business conducted over the Internet, totaled $45 billion as recently as 1998 and an estimate in January 2000 projected it could explode to over $7 trillion as early as 2004. Wealth and Economic Growth Creation

Joseph Lewis Aguirre Digital Divide

Between countries – the global digital divide Between groups of people within countries - the domestic digital divide Digital Divide

2 billion people lack access to reliable electricity As much as 80% of the world's population has never made a phone call Phones and Electricity

More telephones in New York City than in all of rural Asia In the entire continent of Africa, there are a mere 14 million phone lines -- fewer than in either Manhattan or Tokyo. Phones and Electricity

More Internet accounts in London than all of Africa One in two Americans is online, compared with only one in 250 Africans. Internet Accounts and Hosts

http://www.riverdeep.net/current/2002/01/011402t_divide.jhtml,

Of all the Internet users worldwide, 60 per cent reside in North America, where a mere five per cent of the world's population reside Wealthy nations comprise some 16 per cent of the world's population, but command 90 per cent of Internet host computers. Internet Accounts and Hosts

Developed states: 311.2 per 1,000 Globally: 70.6 PCs per 1,000 South Asia: 2.9 per 1,000 Sub-Saharan Africa: 0.75 per 1,000 Digital Divide: PCs

The vast capacity of the Internet is distributed highly unevenly throughout the world. By late 2000 the bulk of Internet connectivity linked the US with Europe (56 Gbps) and, to a lesser extent, the US with the Asia-Pacific region (18 Gbps). Africa had extremely little bandwidth reaching Europe (0.2 Gbps) and the USA (0.5 Gbps) Digital Divide: BW

Internet access costs (as a percentage of average monthly income) –US: 1 to 2 percent –Uganda: over 100 percent –Bangladesh: 191 percent Digital Divide: Costs

Access costs (ISP, and telephone call costs) are almost four times as expensive in the Czech Republic and Hungary as in the United States In Bangladesh a computer costs the equivalent of eight years average pay Digital Divide: Costs

McConnell International "E-Business report –Europe (including Eastern Europe) and Latin America rated well –Middle East and Africa needed to significantly develop their human capital –Asia had a mixed scorecard Digital Divide: Technical Training

Global Perspective There are an estimated 429 million people online globally 429 million represents only 6% of the worlds entire population. 41% of the global online population is in the United States & Canada 27% of the online population lives in Europe, the Middle East and Africa (25% of European Homes are online) 20% of the online population logs on from Asia Pacific (33% of all Asian Homes are online) Only 4% of the worlds online population are in South America The United States has more computers than the rest of the world combined (Source: First Quarter 2001 Global Internet Trends, Neilsen/Netratings) Fact Sheet

Among highly developed nations: 61% of Internet connections are in Sweden Spain trails the list with only 20% of its homes connected. The Pew Internet and American Life Project published in Whos Not Online that 57% of those not online have no intention of going online. 33% of those people have chosen to not go online. Among the biggest reasons were lack of need (40%); no computer (33%); no interest (25%); lack of knowledge for use (25%); and general cost involved (16%). U.S. Perspective In fall of 2000, the U.S. Department of Commerce found that 51% of all U.S. homes had a computer; 41.5% of all U.S. homes had Internet access White (46.1%) and Asian American & Pacific Islander (56.8%) households continued to have Internet access at levels more than double those of Black (23.5%) and Hispanic (23.6%) households. 86.3% of households earning $75,000 and above per year had Internet access compared to 12.7% of households earning less than $15,000 per year. Nearly 65% of college graduates have home Internet access; only 11.7% of households headed by persons with less than a high school education have Internet access. Rural areas, though still lagging behind urban areas, had surpassed inner-cities in Internet availability and use: Fact Sheet (Cont)

infoDeV - Global program managed by the World Bank. Seeks to help developing economies fully benefit from modern information systems SDNP - assist developing countries in acquiring the capacity to access and to contribute to solutions for sustainable development via the medium of information and communication technologies DOI – Digital Opportunity Initiative, a public/private partnership of Accenture DOT Force - Digital Opportunity Task Force drafted at the G-8s Okinawa Summit. Published Digital Opportunities for All in May, 2001. International Institutional Responses

Personal Challenges in Knowledge Management Application of technology to business functions requires critical personal development and adaptation. Key concepts in this process are as follows: Structure influences behavior. Structure in human systems is subtle. Leverage often comes from new ways of thinking.