Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

CS 305: Social, Ethical, and Legal Implications of Computing

No description

Wu-chang Feng

on 3 May 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of CS 305: Social, Ethical, and Legal Implications of Computing

CS 305: Social, Ethical and Legal Implications of Computing Agenda for Today Chapters 1 & 2
Computing, Introduction to Ethics See course homepage
http://www.thefengs.com/wuchang/work/courses/cs305 Course objectives and Syllabus Course objectives
Chapters 1 & 2 Morality consists of rules governing how people treat one another, that rational people agree to accept, for their mutual benefit, on the condition that others follow those rules as well
Hobbes (1603-1679)‏
Requires two things
Moral rules to gain the benefits of social living and prevent us from living in a “state of nature”
Government willing and capable of enforcing the rules
Arrangement of giving rights to rational people is the “social contract”
Modified by Rawls's “Principles of Justice”
Each person has basic rights and liberties (freedom of thought, speech, association, to be safe from harm, to own property)‏
Social and economic inequalities must satisfy two conditions (difference principle)
That everyone had equal opportunity
That they are justified and their overall affect is to provide the greatest benefit to the least-advantaged members of society
Graduated income tax OK
Military draft that favors low-income citizens is not OK Social contract theory Case Against
No single rule fully characterizes some situations
Stealing food to feed starving children
Need a secondary system to resolve conflict between rules
Perfect duties (rules you unequivocally obey)
Imperfect duties (rules you fulfill in general, but not in every instance)‏
e.g. Not stealing is a perfect duty that overrules helping others
No exceptions to rules
White lies? Do I look good? Kantianism Kant’s categorical imperative (second formulation)‏
Act so that you always treat both yourself and other people as ends in themselves, and never only as a means to an end
Chip plant example
Manager must hire employees to finish a job
Manager knows the plant will close in a year
Best candidates are from out-of-state
Should the manager inform the candidates of the pending closure?
No disclosure – you treat candidates as a means to an end
With disclosure – you treat them as the ends in themselves
From Kant’s second formulation, the answer is to disclose Kantianism Case Against
Many holy books, some disagree
Unrealistic to assume a multi-cultural society can agree on a religion-based morality
Some moral problems are not addressed directly in Scripture
Example: What can the bible tell us about Internet conflicts?
Usually draw conclusion based on analogy
Based on obedience, not reason
Not a powerful weapon for ethical debate in a secular society Divine command theory Ethical theories Introduction to Ethics Has a way of impacting society, often in unforeseen ways
Digital photography eliminating dark rooms
E-mail reducing snail mail volumes
Laptop computers increasing neck and back pain
Cell phones making users feel safer
Automobile solves travel problem but creates new ones (emissions, traffic jams)‏
Refrigerators can keep foods longer, but freon impacts the ozone layer
Internet enables effective communication but also outsourcing of jobs overseas
Quick access to information via browsers triggers dopamine release in brain Technology Case Against
None of us signed the contract
Actions can be characterized in multiple ways
Does not deal well with moral problems that have conflicting rights
Mother's right to privacy versus fetus's right to life
Can be unjust to those who can't uphold their side of contract
What to do for people who can not understand the moral rule?
e.g. Drug addicts: prison or hospital? Social contract theory Case against
Forces a single scale or measure to evaluate different kinds of consequences
Highway example: what if condemning 150 homes leads to 15 divorces? How does an easier, safer commute stack up against the impact of displacing families?
Ignores unjust distribution of good consequences
Hyper-taxation of the rich to redistribute wealth? Rule utilitarianism Adopt moral rules which, if followed by everyone, will lead to the greatest increase in total happiness
Principle of utility applied to moral rules not individual actions
A workable theory for evaluating moral problems
Case For
Not every moral decision requires utility calculation
Exceptional situations do not overthrow moral rules
“A” must keep promise of repaying 1000 rather than give “B” 1001 since keeping promises is a rule with high utility
Solves the problem of moral luck
It is interested in typical results of actions (sending flowers OK)‏
Avoids problem of egocentrism
Personal view influences utility analysis in act utilitarianism
Appeals to a wide cross-section of society
Many people who claim no moral theory will fit under this
“It is all right to do anything as long as no one gets hurt” Rule utilitarianism Case Against
Hard to define boundaries to draw the line
Who is included or excluded in calculation?
How far into the future must we consider the consequences?
A new highway cutting through an old neighborhood
Egocentrism in calculating utilities
Not practical to calculate for every moral decision
“Rule of thumb” to mitigate
Ignores our innate sense of duty (e.g. good will)‏
Breaking a debt to A for 1000 units of good in order to give B 1001 units of good
Can not accurately predict consequences to measure utilities ahead of time
Susceptible to moral luck
Unforseen negative consequences will judge your actions to be bad!
Is sending someone flowers good or bad? Act utilitarianism An action is right (or wrong) to the extent that it increases (or decreases) the total happiness of the affected parties/beings (Greatest Happiness Principle)
Bentham (1748-1832) and Mill (1806-1873)‏
Based on the principle of utility
Focus is on consequences (consequentialist theory)‏
Motive is irrelavent (compared to Kant?)‏
Agreeing on affected parties is an issue (animals?)‏
A rational ethical theory for determining right or wrong
Case For
Focuses intuitively on happiness for measuring moral behavior
Down-to-earth and easily applied
e.g. where to build a new prison
Takes into account all elements of a particular situation (e.g. white lies easier to reason)‏ Act utilitarianism Act so that you always treat both yourself and other people as ends in themselves, and never only as a means to an end
A workable ethical theory
Case For
Logical reasoning can explain solutions to ethical problems
Universal moral guidelines
Clear moral judgments can result
e.g. sacrificing living human beings to appease the gods is wrong
All persons treated as moral equals Kantianism Kant’s categorical imperative (first formulation)‏
Act only from moral rules that you can at the same time will to be universal moral laws
False promises
Do determine if this is moral, apply it universally
Fails Kant’s categorical imperative by producing a logical contradiction
Promises are meaningless when they are universally false!
Contradiction in what I wish to do and what I expect others to do Kantianism Reasoning method to determine universal morals
Immanuel Kant (1724-1804)‏
Often coincide with those in the Bible, but derived via reason
What is always good without qualification?
Intelligence and courage applied to rob a bank is not good
A good will is
Kant argues for dutifulness
Doing what we ought to do (based on moral rule) versus what we want to do
How does one know if an action is grounded in a moral rule? Kantianism Case Against
Injustices can occur when powerful individuals put their own interests first
Other moral principles are superior
Is the principle of preserving life greater than your own self-interest?
Form of bigotry
Puts you and your interests above others Ethical egoism Each person should focus exclusively on his/her self-interest
Man as a heroic being with his own happiness as the moral purpose of his life
Only help others if it helps you
Case For
Acknowledges that we should focus on our own well-being
Compared to other theories that focus on the good of others
Community can benefit sometimes
Entrepreneur looking out for him/herself brings jobs to community
Moral principles rooted in principle of self-interest
Lying and cheating is not in your long-term self-interest Ethical egoism Good actions are those aligned with the will of God, bad actions are contrary to the will of God
Driven by religious traditions out of the middle east (Judaism, Christianity, and Islam)‏
Case For
We owe obedience to our Creator
God is all-good, all-knowing and the ultimate authority
Most people are religious and submit to God’s law
Create rules that align with it Divine command theory “Right” and “Wrong” rests with a society’s actual moral guidelines
Vary from place to place and from time to time
Case For
Different social contexts demand different moral guidelines
Arrogant for one society to judge another
Case Against
Does not explain how individual discovers moral guidelines
Does not do a good job of explaining how moral guidelines evolve or what to do if no norms exist for a new situation
No framework for reconciliation between cultures in conflict.
Both societies may seem to be right, but conflict
Fight over territorial borders (Palestine?)‏
Suggests that there are no universal guidelines
Societies do, in fact share certain core values
May serve basis for common universal ethical theory
Only indirectly based on reason
Sumner observed that moral guidelines are a result of tradition
Not a powerful tool to construct ethical evaluations Cultural relativism Each person decides right and wrong
Case For
Intelligent people can have opposite opinions about moral issues
Ethical debates are disagreeable and pointless
Morality is relative so you don’t have to reconcile opposing views
Case against
What is right and what you do are not sharply drawn
People are good at rationalizing bad behavior
No moral distinction between actions of different people
Crossing streets in the middle?
Stopping traffic
Subjective relativism does not necessarily lead to tolerance
Tolerance or intolerance is a subjective choice
Can accommodate racism
Should not give legitimacy to an ethical theory that is not based on reason Subjective relativism Provide a framework for moral decision-making
Applied consistently to determine whether an action is right or wrong
Allow a person to present a persuasive, logical argument as to why certain actions should or should not be allowed
Theories covered in book
Subjective relativism
Cultural relativism
Divine command theory
Ethical egoism
Act utilitarianism
Rule utilitarianism
Social contract theory Ethical theories Technology forces us to update our moral guidelines constantly!
We must decide if problems are morally bad, good, or neutral based on our current (possibly out-of-date) moral guidelines
Exercise #1: E-mail spam
Consider E-mail spam problem from your view and the view of a spammer making $100k a week who believes it is his/her 1st ammendment right
How would you craft moral guidelines to govern spam?
Scenario 2:
Blacklisting East Asian mail servers
Exercise #2: P2P networks
Consider P2P file sharing from your view
Consider P2P file sharing from the content producer’s view
How would you craft moral guidelines to govern P2P networks?
How were you consistent in generating rules between these examples? How were you inconsistent? Ethics and technology Book example
Society is a town full of people driving cars
Morality is the road network within the town
People that “do ethics” are in balloons above town observing
Can examine individual roads (moral guidelines)‏
Can examine quality of road network (moral system)‏
Can see if people are acting morally (i.e. adhering to the rules of the road) or immorally (i.e. taking short cuts through yards)‏
Can propose and evaluate modifications for improvement (alternate moral systems)‏
Note that observers each have their own view so agreeing on new moral guidelines can be difficult! Ethics analogy Ethics
Philosophical study of morality
Examination of moral beliefs and behavior
Rational, systematic analysis of conduct that can cause benefit or harm to other people
Focused on voluntary, moral choices people make
Not focused on choices that do not affect others
Choosing the color of your car
Not focused on involuntary choices
Swerving to miss one pedestrian, but hitting another instead
However, if you the reason you swerved was because you were intoxicated, it is under the realm of ethics! Terms Society
Association of people organized under a system of rules designed to advance the good of its members over time
Cooperation promotes the common good
People in society compete with each other to divide limited benefits amongst themselves
Rules of conduct describing how people should behave in various situations
Moral dilemma – When a person belongs to multiple societies with conflicting rules
A pacifist living by the rules of his/her religion forced to live in a country with a mandatory draft law
What are some moral dilemmas you have encountered? Terms List the last several consumer electronic devices that you have purchased
List a number of benefits to society this has provided to you
List a number of potentially harmful effects
List three computer applications that you believe have a huge impact on society.
What benefits have this provided?
What harmful benefits did they provide? In-class exercise Are there technologies you wish had never been adopted?

Give examples of how new technologies require society to create new rules

Should ripping a CD of your own legal? Would it be legal to leave the digital copy on an open network share? Would it be legal to add it to a P2P sharing library?

Should Amazon or credit card companies be able to sell your personal information such as purchasing behavior to third-party partners and advertisers?

Who is liable for software failures that cause injury or death?

What are limits to workspace monitoring?

Should one be prevented from posting content on the Internet that is legal in one country, but not in another? Discussion Can not control invention, but can control deployment
Nuclear power
P2P networks
Adopting new technologies affects how people relate
Bishops meet twice a year to determine which ones to allow
Cars? No
Gas barbeque? Yes
Telephone? No Controlling technology Case For
Framed in the language of individual rights
Explains why rational people act out of self-interest in absence of a common agreement and its enforcement
Gasoline rationing only works if there are negative consequences for selfish behavior
Provides a clear ethical analysis of important issues between people and government
Punishment for crime takes away an individual right
Must occur in order to enforce social contract
Explains how civil disobedience can be moral
Segragation laws put greater burden on disadvantaged Social contract theory Chapters 8, 9, 10
Computer Reliability,
Professional Ethics, Work and Wealth Chapter 3
Networked Communications Chapter 4
Intellectual Property Chapters 5 & 6
Information Privacy
Privacy and the Government Chapter 7
Computer and Network Security Broadcast media is uniquely pervasive
Indecent material broadcast into privacy of homes
People can turn it on or off at any time, making the warning ineffective
Damage is done as soon as it is heard (can not undo its harm by turning it off)
Uniquely accessible to children
Can restrict access in bookstores and movie theaters
Time of day is an important consideration, however, for broadcast radio/television FCC v. Pacifica Foundation (1978) Censorship and the Internet Run their own server farms for sending spam
Typically located off-shore
Use ISPs that do not care about spam (McColo)
Less effective now with proliferation of blacklists and efforts to shut down rogue ISPs
Locate open mail proxies and bounce spam through them
Less effective due to preventative steps and blacklists
Use networks of compromised machines (botnets)
Single, most popular use for a botnet
Monetization of botnet to send spam drives much of the malware effort
Some steps taken at prevention (i.e. ISPs allowing direct port 25 access only to their own mail servers) How do they do it? E-mail and Spam Suppose 99% of all e-mail from country X is spam
Discuss the ethics behind blacklisting all e-mail from X

Kantian analysis

Act/rule utilitarianism analysis Spam control and collateral damage
At what level are people responsible for choices that they make?
At what age?
Whom does it harm?

Kantian analysis

Utilitarian analysis

Social contract theory analysis Internet addiction Police sting operations to lure pedophiles
Kantian analysis
Is the will leading to the action OK?
Yes and no
Overall goal is good
But, using deceptiveness to do so is always wrong to a Kantian!
Utilitarian analysis
Result is a public benefit (e.g. harm one pedophile so that the rest of society benefits)
Publicity may deter other pedophiles
Impact on chat rooms as an effective medium for communication if one knows they are being “watched”?
Social contract theory analysis
Misrepresentation by pedophile should be punished
Police are also misrepresenting themselves
Not a clear cut argument Catching chat-room predators Police sting operations to lure pedophiles
Kantian analysis

Utilitarian analysis

Social contract theory analysis Catching chat-room predators Kantian evaluation
Protecting children from harm using filters
Assumption is that some non-pornographic web pages are filtered
Filters treat the creators of non-offensive, but blocked web pages solely as a means to the end for restricting children’s access to pornographic materials
Act utilitarian evaluation
Up to each of us.
Enacting CIPA results in fewer children being exposed (+)
Some legitimate sites filtered (-)
Stigma for legitimate users trying to get those sites unfiltered (-)
Social contract theory evaluation
Private viewing of pornography does not make social living impossible
Public libraries offers arguments on both sides (assumption is that filters block useful sites) Is CIPA ethical? Kantian evaluation

Act utilitarian evaluation

Social contract theory evaluation Is CIPA ethical? Child Internet Protection Act (CIPA)
Government requirement for installing antipornography filters in libraries before receiving federal funds for Internet access
Argument for: Libraries do not provide X-rated magazines or movies so they should not be obliged to provide Internet pornography. Damage to children significant unless filtered.
Argument against: Filters are inaccurate and inconvenient. They restrict freedom of speech from some web publishers
Upheld by U.S. Supreme Court in 2003
Not the role of libraries to provide a public forum for free speech Censorship and children Uploading photos of people without their consent
Kate and Jerry go to a party
Kate takes a picture of Jerry
Kate posts it on her blog
Jerry gets upset and asks for her to take it down
Kate takes it down, but Jerry gets more popular as a result of photo
Jerry ends up being fine with the incident and with Kate
Kantian analysis

Act utilitarian analysis

Rule utilitarian analysis

Social contract analysis Public photos Radio broadcast of George Carlin performance “Filthy Words” in 1973
Preceded by warning of sensitive language
Exercise: Ethical analysis FCC v. Pacifica Foundation (1978) First amendment – freedom of religion, speech, press, assembly
Not an absolute right in the eyes of the US Supreme Court
Right is balanced against the public good
Abuse of the freedom to harm the public may be punished
Libel, reckless or calculated lies, slander, misrepresentation, perjury, false advertising, obscenity/profanity, solicitation of crime, and personal abuse or fighting words
Example: Cigarette advertising on television
How many of you have seen one?
Ethical argument for why it should not be allowed?
What about fast-food and beer advertisements? Freedom of expression in the US Mill’s Principle of Harm
The only ground on which intervention is justified is to prevent harm to others; the individual’s own good is not a sufficient condition
What ethical framework does this follow?
Explains the position of most western democratic governments with regard to pornography
Adults viewing hurt mostly themselves by doing so as opposed to others Limits on freedom of expression Kant
Censorship a backwards step
Prevents people from getting information they need to make their own decisions
Mill's 4 arguments for freedom of expression
None of us is infallible and knows the whole truth. Censorship may be silencing the voice of truth
Majority opinion is not the whole truth usually. Must allow others to express their opinions to get a better sense of what is the truth
Majority opinion must be tested and validated. Otherwise it is prejudice
Tested opinions using free and open discourse has a vital effect on character and conduct Censorship and ethics Many-to-many communication
Prevents governments from controlling the content
New web sites and content continuously published
Millions of sites
Limited authority for governments to restrict activities originating from overseas
Difficult to distinguish children and adults Internet censorship issues Direct censorship
Government monopolization
Government controls all means of communication (e.g. Soviet television stations)
Cuban sovereignty and jamming Voice of America broadcasts
Prepublication review
Sensitive classified documents must go through process to become declassified and published
Licensing and registration
Controlling who gets access (i.e. television stations reserving electromagnetic spectrum in exchange for not broadcasting profanity).
Self censorship
Suppressing information as a means to an end
CNN suppressing anti-government protest in Iraq to maintain access after Saddam Hussein removed
Voluntary rating systems so users can avoid certain content Censorship in media Should the Internet be filtered/censored?
Access tightly controlled in N. Korea, Cuba, Myanmar
Content tightly controlled in
Saudi Arabia (centralized control center blocks pornography, gambling, and sites offensive to Islam and the government)
China’s Great Firewall (human censors who perform similar functions)
Special interesting cases
Germany banning neo-Nazi web sites
US controls pornography (Communications Decency Act, Children’s Internet Protection Act) Censorship and the Internet Require explicit opt-in to email lists
Require labeling of email advertising, e.g. “ADV” in the subject line
Add a cost to every e-mail that is sent
Ban all unsolicited e-mail
1991 – Telephone consumer protection act, included a provision against junk faxes
Problems? Solutions to SPAM How would you create rules to help resolve the problem in an ethical manner? Solutions to SPAM Social contract theory evaluation of spam
Morality consists of the set of rules, governing how people are to treat one another, that rational people will agree to accept, for their mutual benefit, on the condition that others follow those rules as well

In-class exercise
Right to free speech as applied to mass communication Spam and ethics Rule utilitarian evaluation of spam
We ought to adopt moral rules which, if followed by everyone, will lead to the greatest increase in total happiness

In-class exercise
Scenario: Products being advertised where only a small fraction of targets are interested

What if 1% of the small businesses in America sent you 1 e-mail per year?
There are 24,000,000 small businesses in America
1% => 240,000 e-mails/year
240,000/365=>657 e-mails/day Spam and ethics Act utilitarian evaluation of spam
An action is right (or wrong) to the extent that it increases (or decreases) the total happiness of the affected parties.

In-class exercise
Scenario: A product that costs $10 to make, is sold for $25, and that purchasers value at $30 (i.e. their derived happiness)
100 million bulk messages sent costing those who receive it and are not interested $0.01 of unhappiness (time wasted)
10,000 customers purchase product and get full happiness Spam and ethics Kantian evaluation of spam
Act only from moral rules that you can at the same time will to be universal morals
Act so that you always treat both yourself and other people as ends in themselves, and never only as a means to an end

In-class exercise:
Scenario: Suppose I have a great new product that I wish to advertise. I send an unsolicited email to a large group of people knowing only a tiny fraction are interested. Spam and ethics Phishing accounts
Trick legitimate user to give up username/password
Send as the user (reputation hijacking) to avoid blacklisting based on IP addresses
Creating bogus webmail accounts
Rely on good reputation of popular webmail services such as GMail and Yahoo! Mail to avoid blacklisting based on IP addresses How do they do it? Let’s say I want to send an advertisement to 1,000,000 “targeted” people
To send by regular bulk mail will cost ~$500,000
To send by e-mail it will cost ~$1,000 to buy from an Internet company a list of e-mail addresses
E-mail addresses harvested from web sites, mailing lists, chat rooms, and newsgroups, then sold to spammers
Dictionary attacks (john@yahoo.com, john@hotmail.com, etc.) Why Spam? Discuss the ethics behind the rule in China that mandates a time-limit for playing MMORPGs. Is this law moral? What would the judgement depend upon?
Act/rule utilitarianism
Social contract theory Addictive games Spam In 2000 spam accounted for 8% of all e-mail
In 2003 spam accounted for 40% of all e-mail
In 2009 spam accounted for 90% of all e-mail
In 2012 spam accounted for 70% of all e-mail Newer end-user license agreements stipulate copyright and other things:
Can install on only one computer
May phone home
May collect “aggregated data” and other things
Automated work
1. OVERVIEW. At the time the tool is running, the software checks your device for certain malicious software listed at http://go.microsoft.com/fwlink/?LinkId=39249 (“Malware”) and if detected, the software removes Malware from your device. The tool must be run again on the specific device to detect and remove subsequent Malware updates….
“It is further agreed and understood that such conditions are not exhaustive and that may from time to time **impose further conditions outside of this EULA**.”
Virtual reach Copyright protection rolled into EULAs Section 107 of the Copyright Act
What is purpose and character of use?
Educational versus commercial
Transformational versus derivative
Educational uses are more permissible
What is the nature of the work being copied?
Fiction versus non-fiction
Published versus non-published
Non-fiction is more likely permissible to be copied
How much of the copyrighted work is being used?
The amount copied in proportion to the whole size of the work
Easiest to determine
How will this affect the market for the copyrighted work?
Represents the heart of fair use, but hardest to measure definitively 4 factors U.S. government provides authors certain rights to their original works
Major revisions in 1976 and 1998
5 principal rights
right to reproduce work
right to distribute copies of work to public
right to display copies of the work in public
right to perform work in public
right to produce new works derived from copyrighted work
Owner can authorize others to exercise these rights
e.g. radio stations to play songs Copyright Simultaneous inventions
Only one piece of physical property so its ownership is easily assigned
Intellectual property can be invented simultaneously!
Can only give exclusive rights to one of them
Differing notions of “stealing”
Intellectual property can be “stolen” without taking property away
Idea can be copied
Only way to prevent this is to keep confidential Problems dealing with IP Benjamin Franklin
Invented many things, patented none
“As we enjoy great advantages from the invention of others, we should be glad of an opportunity to serve others by any invention of ours; and this we should do freely and generously”
Alternative view
Allure of wealth gives a powerful incentive to invest the long hours of labor needed to create something useful Why protect Intellectual Property? Is it ethical to record a live concert and post it on the Internet?

Is it ethical to use pirated software?

Is it ethical to download music files for songs that have not been purchased?

Was it ethical to post the 32-character encryption key for HD-DVDs?

What does MGM v. Grokster mean for aspiring developers of P2P filesharing software? Discussion Founded in 2001 by Lessig et. al.
Allows one to share and share alike
Contributor retains copyright while allowing some uses of the intellectual property
Allow commercial uses?
Allow modifications? If so, share alike?
Require attribution?
Others do not have to ask for permission to use if they follow your stipulations Creative Commons Utilitarian analysis
Copied software reduces purchases
Less software purchased means producers will make less software
Software benefits society so allowing copying is wrong
Would those who copied the software bought it or done without it? (e.g. Windows in China)
Stallman: freely exchanged/copied code stimulates innovation allowing developers to see each other’s code Intellectual property and software Should software get copyright and patent protection to begin with?
Rights-based analysis
Locke: mixing your labor with something gives you an ownership right
Farmers having rights to crops they labor to produce
Programmers having rights to software they labor to produce
Pouring a can of tomato juice into the ocean?
Copying intellectual property is different than stealing something physical. Intellectual property and software Critical mass of developers on a project

Forking of projects and fragmenting of the development community

Removing financial reward reduces innovation and investment from commercial software developers(?) Issues with open-source Operating systems
Linux, Android, OpenBSD, FreeBSD (OS X)
Internet services
BIND, Apache, sendmail, postfix, MySQL, PostgresSQL, MongoDB, Hadoop
Client applications
Firefox, OpenOffice, WebKit
Programming languages and compilers
gcc, perl, Python, Ruby, PHP Open-source examples GPL v2
Vendor that distributes any code that uses GPL’d code must publish all of their source code modifications as well
Share and share alike
You may modify and redistribute without publishing the source code.
Other variants
Combination licenses
Free/GPL for non-commercial use, but commercial use requires a different license agreement Different flavors Alternative software development and distribution model
No restrictions on selling or even giving away the software
For some licenses, source code must be published if modified and distributed.
No restrictions on use
Rights apply to all who receive redistributions
Anyone can improve the software
Eliminates tension between obeying copyright law and helping others (since code is given away)
Code is property of the community and lives indefinitely (no EOL)
Turns software into service industry rather than a manufacturing one Open-source Proprietary software
Government gives rights to those who produce software
Benefit of profiting from licensing gives incentives for people to work harder and be more creative
Copyright protects the benefit
Digital technology makes it trivial to copy and results in harsh steps being taken to prevent
Purpose of copyright is to promote progress not necessarily to enrich authors Open-source vs. proprietary software Avoid software patent issues by reimplementing
General strategy
Clean-room development environment
Two teams work on project
First team develops specifications of functionality based on working with the competitors products
Second team creates code based upon specifications Safe software development Until early 1980s, no software patents
Programs are mathematical algorithms, not a process or a machine
Diamand vs. Diehr (1981)
Invention curing rubber using computer controlled heating
Distinction based on data
Manipulates values only (e.g. sorting numbers) – not patentable
Manipulates data representing measurements made in the real world – patentable
Software that takes EKG signals to drive pacemaker is patentable
Opens the floodgates
Prior art is huge issue given the many decades of software before 1981
Prior art searches typically review prior patents!
Many “bad” patents due to lack of knowledge of prior art
Leads to “patent trolls”
Patent-holding companies Software patents Apple V. Franklin computer
Franklin ACE was Apple II compatible
Franklin copied OS functions from Apple ROM to ensure this
Ruled in favor of Apple
Franklin held liable – establishing copyright for object programs
Sega V. Accolade
Accolade disassembled object code of a Sega game to determine how to interface their own game with a Sega console (Sega didn’t publish it)
Ruled in favor of Accolade
Reverse engineering considered fair-use
Public benefit from more video games on a Sega! Software copyright cases Software copyrights
Copyright act of 1976 explicitly recognized software
Expression of idea – copyright implementation, not the idea
Protects object code, not source code (typically the source code is considered “confidential”.
Exception: open-source software
Violations of software copyrights
Not a violation
Copying a program from CD-ROM to hard disk to run
Copying a program from hard disk to RAM upon execution
Generally in violation if:
Copying a program onto a CD to give/sell to someone else
Preloading a program onto a computer being sold
Distributing program over the Internet Copyright protection for software Founders sued in 2008 by International Federation of the Phonographic Industry
Found guilty in 4/2009 for hosting torrents of 33 copyrighted works (not for indexing torrents)
TPB transitioned solely into indexing torrents
Sentenced to one year in prison
Blocked in many countries
China Pirate Bay Search index for torrents
#1 Torrent tracker in the world
Bowing to international pressure, Swedish police attempted to shut it down in 2006
All servers confiscated
After 3 days, site brought back up
Site hosted in Netherlands with backups in Belgium and Russia
“Just some stats… here are some reasons why TPB is down sometimes – and how long it usually takes to fix:
Tiamo [Neij] gets *very* drunk and then something crashes: 4 days
Anakata [Svartholm] gets a really bad cold and noone [sic] is around: 7 days
The US and Swedish gov. forces the police to steal our servers: 3 days
…yawn” (06-05-2006) Pirate Bay Technology to transfer large files quickly
Extends P2P to allow multiple peers to serve file
Still requires a way for a user to “search” for content
Used for many legitimate purposes (i.e. free software distribution)
Achilles heel
Must be able to find torrents BitTorrent Injunction against distribution of Grokster software
Initial ruling compared P2P software to legal home recording devices and denied injunction
Overturned by US Supreme Court unanimously in June 2005
Distributor who promotes a product’s use to infringe copyright is liable for acts of infringement by parties using the software.
Software company profits via advertising
Gains when there are more users
More users only come when high-value copyrighted material is available
Unlawful objective is unmistakable
Fair use rules on the side of the copyright holder
Grokster shut down in November 2005 MGM v. Grokster FastTrack (Kazaa, Grokster)
Hosting central directory killed Napster
Decentralize directory across peers
Only distribute software to create P2P file sharing network
RIAA response
Use fake accounts to poison downloads and track activity
Targeted ISPs and universities to get user information
Sued Verizon to get real user information (success in June 2003)
Started suing users who downloaded > 1000 files
But, appeals court later ruled in Dec. 2003 that RIAA has no right to user information from Verizon
Sued individual universities to get student information
Universities either started to ban P2P (PSU) or subscribe to legitimate services (Napster) Second generation P2P Networks for exchanging files and resources between computers
Napster (1999)
Facilitated the exchange of music files (mp3s)
Hosted a central directory of peers and the files they had
Peers connected directly to each other to download
Sued in 1999 by RIAA
Injunction granted in February 2001
Napster forced in June 2001 to block 100 percent of all copyrighted material transfers or disable all transfers
Went offline in July 2001 and shut down in Sept. 2002
Re-emerged as a subscription music service later
Ethical analysis
Act utilitarianism
Rule utilitarianism
Social contract theory Peer-to-peer networks HD-DVDs encrypted with AACS
Rather than post code, the encryption key was posted in January 2007 on digg.com
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
AACS threatened to sue…digg took post down
Virally spread anyway
Key revoked eventually which forced HD-DVD and Blu-Ray player owners to update to work with new key
Lesson: Technological fixes have a history of failure
Eventually on-line music stores dropped DRM (even iTunes)
Amazon mp3 DMCA cases DeCSS
DVDs encrypted with Content Scrambling System (CSS)
DVD players/computers built with hardware to unscramble DVDs
DeCSS allowed DVDs to be played on a Linux box
Written by 16 year old Norwegian
MPAA sued 2600 Magazine for publishing DeCSS
Successfully sued under DMCA
Appeals court ruled that computer code is “speech” but limited because it’s functional rather than expressive
Right to free speech outweighed by potential harm of increasing illegal copying
What ethical framework?
DeCSS is illegal in the U.S. today
Author was acquitted in Norway eventually
DeCSS has both legal and illegal purposes DMCA cases Illegal for consumers to circumvent encryption schemes placed on digital media
Effectively makes copies of any digitally recorded work for any purpose illegal
Covers music broadcast over Internet
Illegal to sell or discuss software that circumvents copy controls
Brought US in compliance with international copyright statutes
Strategy was for everyone to adopt Secure Digital Music Initiative
Copy-protected CDs and secure digital downloads
mp3 vendors began to exert pressure against it
Scheme was cracked by researchers in Princeton in 2000 Digital Millennium Copyright Act of 1998 YouTube
HD captures of copyrighted material
Low fidelity copies
Derivative works
GuitarHero/RockBand performances, Just Dance recordings
Fair use?
Deeplinking of content
Bypasses advertising of content provider
Google News excerpting and fast flip?
Especially for paid sites such as WSJ and NYT? Other cases Professor posting a journal article on a password-protected web site for his class to access
Market impact
Professor takes photographs of paintings shown in a book. Uses it for lectures
Market impact Other cases Sued in 2005 by Authors Guild for massive infringement
Google violating the law by scanning copyrighted books
Eventually settled (e.g. paid off) the suit
Some believe this was an intentional strategy
$125 million settlement
Registry to allow authors to “opt-out” of agreement
Still controversial
Settlement overturned in March 2011
“(settlement) would give significant advantage to Google over its competitors, rewarding it for engaging in wholesale copying of copyrighted works without permission” Google books (2004) Google scanning and digitizing entire libraries
Michigan, Harvard (initially), New York Public Library, etc.
If book is in public domain, then entire book can be accessed via PDF
If book is still copyrighted, then only excerpts are made available
Fair use?
Market impact Google books (2004) Kelly
Photographer with a web site full of copyrighted works
Arriba Soft
Image search engine that created thumbnails of Kelly’s photos upon crawling the site
Fair use?
Market impact
Fair use upheld Kelly vs. Arriba Soft Corporation Mid-90s saw advent of mp3 encoders and decoders
Rio mp3 player developed
RIAA asked for injunction preventing Rio sales since it did not include SCMS
Rio was not a recording device so it did not fall under Audio Home Recording act of 1992
Software encoder on computer!
Judgment approved “space-shifting”
Copying in order to make portable
Fair use and consistent with copyright law RIAA v. Diamond Multimedia Systems (1998) Exact copies are a bad thing… particularly digital!
Technology radically increased the impact of copying
A single copy *could* be easily distributed and affect the commercial market of work
Audio Home Recording act of 1992
Copies for personal and non-commercial use OK
Limited copying through SCMS (prevents someone from copying a copy of a piece of work
Royalty paid on the sale of recording devices and divided amongst players New restrictions to fair use Sony v. Universal Studios
Time shifting via VCR (betamax)
Market impact
Supreme court decision?
5-4 that time-shifting in a private, non-commercial way is fair-use Copyright cases Kinkos (1991)
“Professor publishing” practice
Photocopying copyrighted materials for students
Not fair-use even though the purpose was educational
Full copy that impacts market of original significantly
MIT student making commercial software available free
Charges dropped because student didn't profit, rendering current law inapplicable
No Electronic Theft Act (1997)
Closed this loophole
Criminal offense to reproduce or distribute more the $1000 worth of copyrighted material in a 6 month period. Copyright cases Fair use – legal to reproduce copyrighted work without permission of holder
Citing short excerpts for teaching, scholarship, research, criticism, commentary, and news reporting Fair use Sonny Bono Copyright Term Extension Act (1998)
Works created before 1978 protected for 95 years
After 1978, protected for author’s lifetime plus 70 years after his/her death
11th extension in 40 years
Timed to save Mickey Mouse from the public domain?
“Happy Birthday to You” owned by TimeWarner now protected until 2030!
Copyrighted in 1935
$2 million per year in royalties for public performances
Copyright creep
Protection applied to musical scores (piano rolls, records)
Protection continually being extended Copyright Public document providing a description of a piece of intellectual property
U.S. government provides inventor with exclusive right to piece of IP
Prevents making, using or selling the invention for patent life 20 years
Companies sue other companies for infringement
Instant photography
Polaroid v. Kodak (1970s)
May be beneficial for patent owner to license his/her IP
Sun’s SPARC architecture transferred to SPARC International who licensed it to many hardware manufacturers Patents Word, symbol, picture, sound, or color used by a business to identify goods
Government grants the right to both use it to prevent other companies from using it
Allows a company to establish a “brand name”
Band-aid™, Xerox™, Intel™
Can become “commonized” resulting in loss of trademark right
Aspirin, yo-yo, escalator, thermos
Must always use as an adjective to describe the brand rather than a noun or a verb
Adobe cracking down on the use of “Photoshopping”
“I am stuck on Band-Aid brand”
Kleenex brand facial tissue Trademark Idea or invention kept confidential
Formula, processes, proprietary designs, customer lists, strategic plans
Does not expire as long as steps are taken to keep private
Example: Coke formula
Locked in a bank vault in Atlanta
Merchandise 7X a secret for 100 years
Problems with trade secrets:
Someone needs to work with the “secret”
Reverse engineering
Employees leaving the company with the secret
Can’t use it for things like movies (or even software) where public display is necessary in order to obtain any benefit Trade secret Trade secrets



Copyright Four ways to protect IP “promote the Progress of Science and useful Arts by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries”
Allows person to control distribution and use of IP
Encourages hard work and creativity by allowing inventor to reap benefits from work
Rights are limited to a fixed period of time before entering public domain
Mousetrap example
Inventor must be rewarded so that innovation is encouraged
Society must eventually benefit from the innovation Constitution of the U.S. Kantian analysis
What would keep the inventor from becoming a means to an end by others?
Utilitarian analysis
What would provide the greatest overall benefit to society?
Consider a better mousetrap design where a company purchases the IP of the design and then shelves it because it's making too much money on its inferior one. Intellectual Property and Ethics Bowling for Soup concert in 2008
Improvised song during performance
Singer Jaret Reddick: “That thing was on YouTube before I even got back home from the show”
40% of all software installed illegally (80% in China)
Pirated music
Tenenbaum ordered to pay $675,000 for downloading and sharing 30 songs Intellectual Property issues Google it? Xerox… er, Copy anyone? John Locke - 2nd Treatise of Government (1632-1704)
Right to property in their own possession (nobody can own another person)
Right to their own labor and that the labor should be to their own benefit
Right to anything removed from nature through their own labor
Physical property
A person labors to cut down a tree and chops it into pieces
That person has exclusive rights to the wood he chopped Analogies to physical property rights Unique product of the human intellect that has commercial value
Books, songs, movies, paintings, inventions, formulas, computer programs What is Intellectual Property? Copyright cases Lack of notice to users
Lack of consent from users
Unauthorized transfers of personal information
Opt-out as opposed to opt-in (active by default)
Program found to be active despite user opt-outs
Program active despite users being signed out
Data always sent and stored regardless of user authorization
Violated numerous state and federal laws
Electronic Communications Privacy Act
Computer Fraud and Abuse Act
California Computer Crime Law
California Consumer Legal Remedies Act Privacy Issues with Facebook Beacon Microtargeting
2012 US Election
Demographics of likely voters in get out the vote operation (the ground game)
Geographic data, consumer data, voter registration records, voter frequency, etc. to target e-mail, personal solicitations, and mailings
Example: Fundraising
West-coast donors response to George Clooney dinner
East-coast donors response to Sarah Jessica Parker dinner Data mining examples Credit reports
Credit bureaus track individual’s assets, debts, and history of paying bills and repaying loans to determine creditworthiness
Allows us to get credit from a bank that we have no prior history with
Lowers overall interest rates since overall trust can be increased
What if credit reports are used as a hiring criteria for a job?
Ethical? In-class exercise Opt-in versus opt-out
Opt-in policy requires the customer to explicitly give permission for the organization to share information with another.
Preferred by privacy advocates
Should be treated similarly to patient-doctor relationship
Hippocratic databases that have explicit rules on how long records are stored and who is allowed to obtain records.
Opt-out policy requires the customer to explicitly forbid an organization from sharing information with another
Preferred by direct marketing associations
Preferred by Facebook Privacy of transactions Cookies
Allows an organization to do things like “shopping carts” that are stateless on the server
Allows tracking of users visit to the web site
Problems with cookies
Ads and cookies
Many sites have linkages to 3rd party advertisers that coordinate your visits to multiple sites
Allows directed advertising
ISPs tracking of all web sites visited in order to “provide better service”
AOL database made available
Flash cookies regenerating browser cookies for tracking
Web bugs / beacons
Usually invisible object that allows checking if the user has viewed a page / email
More on Facebook later… Tracking users on the Internet Facebook tags
Automatically recognizing faces
Exposing geographic information of caller to third parties
Rewards or loyalty programs
Collecting purchasing information to better target advertisements
Body scanners
TSA scans of famous people
RFID tags
Not turned off after product purchased. Your boss might not mind.
In dogs, how about in children? Examples U.S.
Warren and Brandeis definition not appropriate
No need to define “privacy” rights as violations of privacy are violations of other rights (such as property or selfhood)
Rosenberg: “privacy is a prudential right”
Rational agents agree to recognize some privacy rights because granting the rights benefits society
What ethical framework?
Example: Telemarketing Right to privacy Grew out of property rights
English common law: "A man's home is his castle"
Not even the king could enter without probable cause of criminal activity
Reaction to Quartering Act of 1765 allowing soldiers to reside in homes of citizens
Third Amendment to the US Constitution
No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law” Right to privacy Allows people to plan illegal / immoral activities
Drug trafficking
Domestic violence
Allows for abuse of power
Hide information to someone’s net harm
Allows for cover-ups and other problems
Can encourage social and economic inequalities by creating cliques of information
Private club with business dealings discriminating against others Harms of privacy Violating personal privacy easier now than at any other time
On-line public records, Zillow
Google Street View
GPS tags in photos
Scott McNealy
“You have zero privacy anyway. Get over it”
Basic conflict:
Rights of privacy vs. access to information Privacy Critics of grocery club cards give examples of card-member prices being equal to the regular product price at stores without customer loyalty programs. In other words, customers who want to get food at the regular price must use the card. Customers pay extra if they don’t want to use the card.
Is it fair for a store to charge us more if we don’t want to use its loyalty card?
Is it ethical to give bogus information or to switch cards with others to confuse loyalty programs? In class exercise Most modern cars have a “black box” that records important vehicle data such as speed, engine RPM, braking, throttle, (sometimes GPS), etc. Argue whether or not such data should be private.
Two points to consider:
What happens in case of an accident? (e.g. Toyota)
Should the person have the right to “remove” the information before a warrant is issued for the data? In class exercise MoveOn.org started a Facebook group/petition regarding Beacon’s privacy problems
Cited the lack of user authorization as the most pressing issue
Gained 50,000 members within 10 days
Forced Facebook to switch to an opt-in policy
Class-action law suit
Settlement agreement:
Shut down Beacon program in September 2009
Pay $9.5 million into a settlement fund (most went to the lawyers)
Facebook to start a foundation for increasing online privacy and security
Replaced by? Resolution of Facebook Beacon Facebook Beacon Process EZ Pass
Useful for car insurance companies, credit card companies
In 2006, $1 million prize for collaborative filtering algorithm that performed 10% better than Netflix’s algorithm for recommending movies to customers based on their prior ratings
Information included <subscriber, movie, date of grade, and grade>
UT Austin researchers found that with a little information on individual, it is easy to pick them out of the anonymized dataset
Netflix canceled a subsequent sequel
Anonymous genomic data has similar issues
Social networks
Police using it to find large parties in order to deploy officers
Banks using it for lending criteria Data mining examples Google’s Personalized Search
Tracks search queries and the pages you have visited
Via search results
Via +1 retrievals on unrelated pages
Done using a long-lived cookie
Information from prior 180 days kept
Uses this collected information to personalize your subsequent search results
Uses this collected information to improve ad delivery for its partners
Google fined for circumventing Safari’s restrictive third-party cookie settings Data mining examples Who owns the data of a transaction?
The buyer or the seller?
What are your rights to keeping this information private? (e.g. your address, your purchase history, your age, etc.)
Getting my computer fixed by the GeekSquad
Anything goes!
Organizations like TRUSTe help to provide users some guidance
Privacy seal that is only given if a site adheres to certain policies
What happens when the organization goes out of business? Privacy of transactions OnStar
Locating cars and remote control of its door locks and gas pedal
Medical records
Push for electronic medical records and the potential for discrimination
TiVo monitoring viewing behavior Examples Public
Birth certificates, marriage licenses, motor vehicle records, criminal records, deeds to property, salaries of state employees.
Privately collected
Credit-card transactions, DVD rentals, cell phone records, e-mails, Amazon recommendations Information disclosures Parents covertly installing a security camera to monitor a nanny babysitting a child
Act utilitarian evaluation
Rule utilitarian evaluation
Social contract theory
Kantian evaluation Case study U.S.
Derived right
1890’s Warren and Brandeis argued for “rights of privacy” in influential Harvard Law Review article
In response to wedding photos that were published in tabloid
Combat the abuses of newspapers
Equates privacy as the “right to be left alone”
Rights already granted in France
Eventually, numerous court cases have helped to define the limitations and rights of privacy for individuals Right to privacy Recognizes each person's true individuality and freedom
Can have public / private life separated.
Allows someone to be himself/herself
Allows for the creation / discussion of new ideas
Can protect IP
Allows for secret plans (good ones)
Allows people to be at peace to be creative and to develop spiritually
Allows for separation of data into spheres of access
Grades. Benefits of privacy Two basic concepts
Physical zone of inaccessibility near person
Discussion at dinner in a restaurant
Going to the toilet
Public phone privacy

Information about person that ought not to be known
Exposure treats person as a means to an end
Patient data
Phone records
Social security number Defining privacy Facebook data-mining application launched on November 6, 2007
Partner Sites:
Blockbuster, Fandango, eBay, Hotwire, Overstock.com, Gamefly, Zappos, and more.
User’s internet activity monitored, stored, and published on Facebook
Triggered controversy over user privacy
Resulted in a class-action law suit Facebook’s Beacon Privacy on the Internet Employee Polygraph Protection Act (1988)
Prohibits most private employers from using lie detector test

Children’s Online Privacy Protection Act (2000)
Limit amount of public information gathered from children using the Internet

Fair Credit Reporting Act (1970, 1995)
Ensures privacy and accuracy of your bill paying record, credit cards, etc.

Family Educational Rights and Privacy Act (1974)
Ensures privacy of students > 18 yrs old to review educational records and change errors

Video Privacy Protection Act (1988)
Ensures rental companies can’t disclose rental records without consent

Health Insurance Portability and Accountability Act (1996)
Provides guidelines for protecting privacy of patients and their records

Genetic Information Nondiscrimination Act (2008)
Prevent discrimination in medical benefits/insurance, hiring, promotion, etc. based on genetic information US legislation Information Privacy Privacy and the Government Pseudoephedrine
Key ingredient to methamphetamine found in over-the-counter drugs
Combat Methamphetamine Epidemic Act 2005
Control amount a person can buy in a month
Some states require ID to buy and force stores to keep a sales log with name, address, signature
Replaced by phenylephrine in most products
Advanced imaging technology scanners
Deployed in 2007
Reveal all anatomical features
ACLU lawyers refer to it as “virtual strip search”
Sued in 2010 by Electronic Privacy Information Center for violating Privacy Act and 4th ammendment of Constitution
Newer systems eliminate passenger-specific images
Show the area of concern on a generic body model. Invasive government actions Telemarketing
FTC’s Do Not Call registry (2003)
Eliminates unsolicited phone calls
Exemptions include political organizations, charities, and surveys
Prudential right
Benefit of shielding people from telemarketers judged to be greater than the harm caused by putting limits on telephone advertising
Which ethical framework?
Loud commercials
Commercial Advertisement Loudness Mitigation Act 2010 (CALM)
Keeping commercials at the same loudness as the programs Restricting invasion Invasion Family Education Rights and Privacy Act (1974), Video Privacy Protection Act (1988), Driver's Privacy Protection Act (1994), Health Insurance Portability and Accountability Act (1996)
Limit access to individual’s information Restricting information access Information dissemination Debate the proposition that every citizen of the US ought to carry a national ID card.

Debate President Bush's actions in authorizing warrentless surveillance by the NSA. In-class exercise Push for a national ID system after Sept. 11, 2001
SSN’s are poor IDs
Stop illegal aliens from working or entering in U.S.
Reduce crime by making it hard to mask one’s identity since police have a way to positively identify people
No guarantee of fraud prevention or accuracy
No evidence that it would lead to reduced crime
Government can do data mining easier National ID Information processing Codified the principles into U.S. law
Only applies to government databases
Only covers records indexed by personal id
No one in government is in charge of enforcing the provisions
Allows information to be shared between agencies as long as it is “routine use” Privacy Act 1974 Charges brought against 361 individuals
191 convicted and/or pled guilty
Shoe bomber Richard Reid
Portland 7
Failure: Brandon Mayfield and the phantom fingerprint
Bombing in Madrid, Spain 3/11/2004
Partial fingerprint from bag of detonators that matched Mayfield, an attorney in Portland
FBI warrantless search and seizure and eventual arrest as a material witness in May 2004
Formal apology and $2 million awarded in November 2006 Patriot Act successes and failures Internet pen registers without probable cause (URLs and web sites)
Warrants can be issued if police can show that the information to be gained “relevant” to an ongoing criminal investigation
Roving surveillance loosened so police do not have to
Show that a target uses a particular device being tapped
Report the devices that were monitored or the results of monitoring
Automatically applied across entire country (not a specific jurisdiction)
Under certain circumstances,allowed to search homes and seize evidence without first serving a search warrant
If there is reasonable cause that notification will have an adverse effect
FBI can obtain warrants authorizing the seizure of business, medical, educational, Internet, and library records of suspects if related to an ongoing investigation
National Security Letter stating it is part of an investigation is all that is required (~50,000+ letters a year issued)
No need for probable cause US Patriot Act of 2001 Communications Assistance for Law Enforcement Act (CALEA) (1994)
Increasing use of data networks to carry on illegal activity with no means to wiretap
Act requires networking equipment vendors to support wiretapping on digital calls (i.e. VoIP)
Extends (warranted) wiretapping to digital domain, but details on how/what to wiretap missing
Battle over distributed VoIP systems such as Skype US Wiretapping laws Warrantless wiretapping after 9/11/2001
9/11 loosened many wiretapping and surveillance precedents
CIA intercepts cell phone numbers being used by top al-Qaeda members and wanted to wiretap them
Bush signed order to allow warrantless wiretapping as long as one end point was international
NSA monitoring expands to ~500 people in US and another 5000-7000 worldwide at a time
Potentially stopped two attacks (Brooklyn bridge, UK pubs and train stations)
Led to the USA Patriot act
Ruled illegal in 2010, but under appeal as of July 2011 Covert government surveillance Operation Shamrock
Initially started during WWII to intercept all telegram traffic going to/from US by Signal Security Agency (now the National Security Agency)
Computerized with software looking for “keywords”
Monitor organized crime and activity to/from Cuba in the 60s
Monitor protestors of Vietnam war and drug traffickers in the 70s
Disbanded in 1975 under scrutiny from press and Congress
FBI system from late 1990s that monitored Internet traffic
Tried to force ISPs to install it (Earthlink)
Earthlink filed legal challenge, but lost
Replaced by commercial equivalents in 2001 Covert government surveillance Charles Katz vs. U.S. (1967)
Bug – hidden microphone
U.S. “bugged” the outside of public phone booth
Convicted Katz of illegal gambling
Supreme court ruled in favor of Katz
“the 4th amendment protects people, not places” Covert government surveillance Olmstead vs. U.S. (1928)
Olmstead had bootlegging (alcohol) business
U.S. wiretapped
Used evidence to convict
Supreme court said it was neither search nor seizure since only tangible items covered under the 4th ammendment Covert government surveillance OneDOJ database
Ties together FBI, DEA, Bureau of Alcohol, Tobacco, Firearms, and Explosives, US Marshals Service, and Bureau of Prisons
1 million records at end of 2006
Accused by ACLU as having unverified and erroneous information
Deployed in Olean, NY in 1968 to reduce crime
NYC deploys 3000 in 2010 in lower Manhattan for $201 million (coupled with sophisticated image scanning software to detect when packages left unattended)
UK has 4.2 million surveillance cameras installed with people showing up on average 300 times a day on camera
Essential in identifying Boston Marathon bombers Public records Information about an incident or action reported to a government agency for the purpose of informing the public
Birth certificates, marriage licenses, motor vehicle records, criminal records, deeds to property
Census records
Ethnicity, language spoken, # of times married, fuel use
Kept confidential except in national emergencies
But, used to round up Japanese after Pearl Harbor
Internal Revenue Service records
Income, assets, charities you support, medical expenses, etc..
IRS information has been misused / lost / stolen over time
FBI National Crime Information Center (NCIC)
Collection of databases with 39 million records
80,000+ law enforcement agencies, 5 million requests per day
Used in MLK investigation, OK City capture of McVeigh
But, abuses and errors have occurred Public records Information collection Information collection
Activities that gather personal information
Surveillance cameras
Information processing
Activities that store, manipulate, and use personal information
Mining call records to identify terrorists
Information dissemination
Activities that spread personal information
On-line public records
Activities that intrude upon a person’s life
Body scanning by TSA Solove’s taxonomy Need more?
Dartmouth student studying communism in 2005 asks for Mao Tse-Tung’s “Little Red Book” and gets a visit from DHS
Rebecca Schaeffer murdered in 1989 by fan who obtained address from CA DMV
Need less?
7 year old raped and murdered by neighbor who was a pedophile.
Acts of terrorism OK city, 9/11, Boston and video surveillance Privacy Passed in 2005
Make driver’s licenses more reliable form of ID and to share ID information between states
Crossing a border to get a new driver’s license will no longer get you a new identity
Requires all states to issue new licenses by end of 2008.
Needed to open bank account, fly on plane, receive government service, etc…
Could include a biometric (e.g. fingerprint)
Some issues
Could bring tracking to new level, is basically a national ID card
Stalled in most states
16 states have prohibited its implementation REAL ID Act Secondary use of data similar to collaborative filtering algorithms to determine “recommendations” (Netflix, Amazon)
Identifying taxpayers who need to pay more to the IRS
Discriminant Function (DIF)
Syndromic Surveillance System
NYC system for detecting epidemics and/or environmental problems
Telecommunications Records Database
Put in place after 9/11/2001 to monitor call patterns
Telecom providers turn over call records to NSA
Revealed in May 2006
Lawsuits dismissed in 2007 since plaintiffs could not prove they were victims
Total Information Awareness program
DARPA project to identify personal behavior patterns
Financial, medical, communication, travel, and other records in one uber-database Data mining by the government Regulation of Public and Private databases Code of Fair Information Practices in 1970s from US Dept. of Health, Education and Welfare
There must be no personal data record-keeping systems whose very existence is secret
There must be a way for an individual to find out what information is in his or her file and how the information is being used
There must be a way for an individual to prevent personal information obtained for one purpose from being used for another purpose without his or her consent.
There must be a way for an individual to correct information in his or her records
Any organization creating, maintaining, using, or disseminating records of personally identifiable information must assure the reliability of the data for its intended use and must take precautions to prevent misuse Congress reauthorized Act in 2006 with some civil liberty protections
Some provisions made permanent
4 year sunset clause on roving wiretaps associated with people (not phone numbers) and on seizing records without probable cause
Extended another 4 years in May 2011
Unclear what the impact is. See:
http://en.wikipedia.org/wiki/USA_PATRIOT_Act Patriot Act renewal Enacted after Sept. 11th, 2001 bombing of the World Trade Center with two passenger planes
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism
Amended more than 15 existing laws
Provisions fell into 4 primary categories
Providing federal law enforcement and intelligence officials with greater authority to monitor communications
Giving the Secretary of the Treasury greater powers to regulate banks, preventing them from being used to launder foreign money
Making it more difficult for terrorists to enter the U.S.
Defining new crimes and penalties for terrorist activity USA Patriot Act of 2001 Electronic Communications Privacy Act (1986)
Allows police to attach pen register (displays number dialed) for outgoing and trap and trace device (displays callers number) for incoming
Court order needed, but not probable cause
Allows roving wiretaps (moving phone to phone) if target actively attempts to evade a wiretap
Stored Communications Act within ECPA
No search warrant needed to obtain e-mails from ISPs that are more than 180 days old
Challenged by Yahoo!, Google, EFF in 2010 which led to the withdrawal of request from government
Being denied by Google (see Google’s transparency report)
Move towards cloud-based computing and storage problematic
Digital Due Process coalition US Wiretapping laws Title III - Omnibus Crime Control and Safe Streets Act (1968)
Allows policy agency through court order to tap a phone for 30 days
Government still argued for warrantless wiretapping for national security purposes
Supreme court rejected this in 1972, ruling that 4th amendment forbids warrantless wiretapping US Wiretapping laws Federal Communications Act of 1934 made it illegal to intercept and reveal wire communications
Privacy advocates happy
However, during WWII, FBI wanted to reinstate wiretapping
J. Edgar Hoover - “Intercept but do not reveal” loophole
Two files: those admissible under act and those that were not
Led to decades of covert wiretapping
Wiretaps used to discredit congressmen trying to limit FBI power
Hoover directed FBI for 48 years Covert government surveillance Wiretapping – interception of a telephone conversation
Does the 4th ammendment apply?
“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized”
Tension between government and privacy advocates Covert government surveillance Freedom of Information Act (1966)
Ensures the public has access to US government records
Applies only to the executive branch
If an agency refuses to release the information, it must explain why
Nine exemptions
Classified information for national defense or foreign policy reasons
Trade secrets or confidential commerical/financial information
On-going law enforcement investigations
DOT monitoring data
Available via court order
EZPass toll information used in civil/criminal court cases Enabling information access Oberlin College in Ohio requires that every computer brought to campus by a student be inspected for viruses. System administrators remove all of the viruses from the students’ computers. Students whose computers subsequently pick up and spread a virus may be fined $25, whether they knew about the virus or not. Is this a morally justifiable policy? In class exercise Used in many states and countries to make elections cheaper and more easily accessible
Local elections in the UK (since 2001)
U.S. primary votes in Alaska and Arizona (2000)
Used in Estonia On-line voting On-line voting Targeted Natanz nuclear facility in Iran 2009
Originated from US
Some traces of code date back to 2005
Causes centrifuges to spin themselves out-of-control
Siemens programmable logic controller rootkit
Led to Flame and MiniFlame Stuxnet Surveillance effort uncovered in 2009
Targeting the Dalai Lama and the exiled Tibetan government
Backdoor trojans penetrating ~1300 machines in 103 countries creating a spying network named “GhostNet”
Malware accessed microphone Tibet Conflict with Russia over South Ossetia in 2008
DDoS attack preceded Russian forces invading South Ossetia
Evidence that Russian Business Network involvement, but not the Russian military Georgia Cyber-warfare Ethical disclosure of vulnerabilities
Publishing zero-day exploits
Zero-Day worms especially dangerous as they target brand new exploits.
No patch available!
Is it ethical to disclose such vulnerabilities?
How long should one wait to disclose them?
Publishing better ways to design worms
Staniford, Paxson, Weaver, “How to 0wn the Internet in your own spare time”, in Usenix Secuirty 02
Warhol Worms/Flash Worms
Infect the entire Internet in 15 minutes/30 seconds. (!)
Is it ethical to disclose such techniques? In-class exercise Heartland Payment Systems
Albert Gonzalez with Russian co-conspirators, obtained 130 million credit/debit card numbers via SQL injection
Sentenced in 2010 to 20 years of prison
Successful prosecutions few and far between due to stealth measures that are easy to implement SQL injection example Estonia
Independence from Russia in 1991
Moved a controversial Russian statue in 2007
DDoS attack from nearly 1 million computers targeting Estonian government systems, banks, telecommunications companies, and media outlets.
Internet service to most of Estonia suspended temporarily DDoS attack example Firesheep
Plug-in for Firefox that allows one to sidejack an open, unencrypted web session of another by capturing its cookie
Many vulnerable sites not using https
Many open WiFi hotspots
Ethical to release?
Utilitarian view
Kantina view Web exploit example Ancheta (2005)
Created botnet of 400,000 machines
Some within the DoD
Used to spam
Arrested and convicted under Computer Fraud Abuse act and CAN-SPAM act in May 2005
57 months in prison, $15,000 in restitution to US government
Forfeiture of illegal proceeds and computer equipment Botnet example Suppose you create a worm that…
Exploits the vulnerability
Patches the system
Removes itself
Should you release it?
What if it spreads out of control?
What if it doesn’t work?
Patching could bring about problems
Eg. Critical application depends on vulnerability to work correctly
Eg. Application depends on a certain interpretation of the specification
Patches have to be tested thoroughly!
Are ethical worms an oxymoron?
Perhaps not worth the trouble?
How would one analyze this using ethical frameworks? Ethical worms Ethics?
Kantian evaluation
Stated motivation was to see how many computers he could infect, not to crash the Internet or destroy data (selfish?)
But, did he use others as a means to an end?
Social contract
Property rights analysis
Utilitarian evaluation
25+ years later Internet worm Robert Morris (student at Cornell) discovers multiple security holes in Unix (ftp, sendmail, and fingerd)
Wanted to research whether one could create an automated means for exploiting them
Goal was to infect quickly, but do no other damage (i.e. files left alone)
In the middle of the design, a patch was released for one vulnerability
Morris quickly launched worm before it was completed
Released November 2, 1988
Brought down the Internet
Morris suspended from Cornell and convicted of felony under U.S. Computer Fraud and Abuse act. (Given probation)
Went back to school at Princeton, now a professor at MIT Internet worm Case studies Social engineering attack that tricks users into giving up credentials
Phishing = create a “fake” web site that looks legitimate
Spear phishing = create a “fake” email that looks legitimate Phishing and spear phishing Cyber-attacks Web-based software or content that provide an attacker unauthorized access to information or functions
Drive-by downloads, Adware Web exploits A bot is a software program that responds to commands sent by a command-and-control program located on an external computer

Botnets are coordinated collections of bots under a single central control
Launch denial-of-service attacks
Send spam
Host phishing sites Botnets A backdoor is a program that allows attackers to bypass normal security controls on a system, gaining access on the attacker’s own terms. Backdoors A worm is a self-replicating piece of code that spreads via networks and usually doesn’t require human interaction to propagate.
Warhead (exploit)
Propagation engine (how code is transferred)
Target selection algorithm (who to infect next)
Scanning engine (how to perform scan)
Payload (what it does) Worms Self-replicating piece of code that attaches itself to other programs and usually requires human interaction to propagate
Propagation mechanism
Spread locally in filesystem
Spread across network
Spread via removable storage
Payload Virus Viruses
Web exploits Types of malware Computer Fraud and Abuse Act (1984)
Transmitting code that causes damage to a computer system
Accessing without authorization any computer connected to the Internet
Transmitting classified government information
Trafficking in computer passwords
Computer fraud
Computer extortion
Maximum penalty – 20 years and $250k fine
Electronic Communications Privacy Act (1986)
Makes interception of transmissions illegal
Wire Fraud Act (1952) and National Stolen Property Act (1948)
Penalties for committing fraud and/or transmitting illicit funds
Applied to the Internet
Identity Theft and Assumption Deterrence Act (1998)
Penalizes fraudulent adoption of other’s identity U.S. laws on hacking PDP-11
Programmable minicomputer shared by many students at MIT
Students forbidden to modify hardware
Stewart Nelson (1960s)
Added a new hardware instruction in the middle of the night to “improve” performance
Also did it to demonstrate his skills
Ethical evaluation
Does it depend on the outcome?
What good is an ethical framework if you can only tell afterwards if an action is right or wrong? Early hacking Benefits
Voters unable to get to polls can vote at home
Quick counting
No ambiguity in mark-up
No tampering of physical ballots
Sanity-check ballots for overvoting
Unfair advantage to financially better off
Authentication and voting on same device (privacy risk)
Vote trading/selling much easier
DDoS attack
Security issues with client computers On-line voting Motivation
Controversial 2000 US Presidential election
“Butterfly” ballot in contested state of Florida
Many states explored DRE (direct recording electronic) voting machines On-line voting DDoS on July 4th, 2009
White House, Treasury Department, Secret Service, NYSE, Nasdaq
South Korea
Blue House, Defense Ministry, National Assembly
Small botnet of around 50-60k machines
South Korea blamed North Korean government
Timed after UN sanctions against North Korea South Korea and US Blue Security vs. Pharmamaster
Fighting bots with bots
Users sign up for Blue Security service
Whenever they mark a message as spam, inform BlueSecurity service
Blue Security bot automatically sends opt-out message to spammer
Pharmamaster spammer attacks Blue Security, its customers, and its ISP with even more spam and a DDoS attack
Causes service to be discontinued Botnet example Attacks PHP Bulletin Board (phpBB) website software.
URL descrambling error in PHP on input allows arbitrary PHP script to execute.
Novel target selection algorithm
How do you find vulnerable phpBB2 software to attack?
The same way you do. It Googles for it.
40000 phpBB2 servers hit
Google eventually started blocking/censoring searches to slow the worm down.
Result: New variant of Santy used AOL and Yahoo search engines.
“Ethical” worm developed 1 week later
Anti-Santy worm used same method Google method
Defaced webpage: “viewtopic.php secured by Anti-Santy-Worm V4. Your site is a bit safer, but upgrade to >= 2.0.11.” Santy worm (2004) People don’t patch
IIS vulnerability was fixed months before Code Red launched
Infected machines observed years later Code Red worm (2001) Targeted indexing service used in Windows IIS web server
Spreads as a bad HTTP request (buffer overflow)
Infected server creates 99 threads to attack random IP addresses
windowsupdate.microsoft.com was infected too
Infection rate
Over 20,000 infections in less than 10 minutes
Over 250,000 infections in less than 9 hours
Over 975,000 total infections
DDoS attack against whitehouse.gov’s IP Code Red worm (2001) First worms were “ethical” – worms that tried to perform a useful service.
First worm developed for the assistance of air traffic controllers by Bob Thomas in 1971
Notified air traffic controllers when the controls of a plane moved from one computer to another
Traveled from one computer screen to the other on the network showing the message, "I'm creeper! Catch me if you can!"
Did not reproduce itself. Creeper worm Intentionally flood victim machine with useless traffic to disrupt normal service Distributed denial-of-service http://xkcd.com/327/ Web-based attack that takes advantage of poorly written web pages to query back-end database SQL injection Rootkits are trojan backdoor tools that modify existing operating system software so that an attacker can keep access to and hide on a machine. Rootkits A trojan horse is a program which appears to have some useful or benign capability, but conceals some hidden, malicious functionality

Origin of term: The ancient greeks laying siege to Troy… Trojan horse Malware – set of instructions that run on your computer and make your system do something that an attacker wants it to do
Delete files to render your computer inoperable
Infect other systems (worms, viruses)
Monitor activity (webcams, keystroke loggers)
Gather information on you, your habits, web sites you visit
Provide unauthorized access (trojans, backdoors)
Steal files, store illicit files
Send spam or attack other systems
Stepping stone to launder activity (frame you for a crime)
Hide activity (rootkits) Malware Hackers – two definitions: good and bad
Someone highly skilled in programming and other computer systems (sign of respect in our circles)
Someone that breaks into computer systems (sign of bad behavior in public circles) Hackers SATAN hacker toolkit
Security Administrator Tool for Analyzing Networks
Probe computers for security weaknesses
Could be used for good and evil
Morality of publishing SATAN using ethical frameworks? In class exercise Heroes or traitors?
Does motivation matter?
End wrong-doing versus win money?
Revenge against former employer or altruism?
Do other circumstances come into play?
Reveal cover-up that is about to be uncovered Morality of Whistleblowing Ariene 5, 1996
Rocket system
Ariene 5 reused software from Ariene 4, but was much faster
Assumptions made in software on maximum speed no longer held
Conversion between 64-bit float and 16-bit signed int overflowed
Exception raised, but not handled by software
Primary and backup computers crashed
Rocket destroyed 40 seconds into launch
Payload of $500 million in uninsured satellites Famous computer glitches Globalization
Allows jobs to be sent overseas inexpensively
Call centers in India
Arguments for and against? Social impacts of technology X hires Y to implement dating service
Engineer hired by Y to help implement service
Engineer, not charged with implementing security, finds that usernames and passwords are sent in plain text
Engineer brings concerns to Y, but Y ignores them and will deliver software to X anyway
Company Y reminds engineer of confidentiality agreement that forbids her from talking about software to anyone
Should Engineer do anything? In class exercise Someone who breaks ranks with an organization to make an unauthorized disclosure of information about a harmful situation after attempts to report it through organizational channels
Sometimes valuable, but doesn’t necessarily agree with code of ethics
US legislation
False Claims Act (1863)
Combat fraud during civil war
Allows citizens to sue (on behalf of the government) a person or company submitting falsified claims to the government
If found guilty, the citizen received half of settlement
Whistleblower Protection Act (1989)
Safegaurds for whistleblowers against retribution from their companies
Appeal to U.S. Merit Systems Protection Board Whistleblowing ACME corporation charges for software
Gold level is 20k per year and comes with support
Other levels much cheaper but come without support
An employee of ACME in support secretly takes an outside job running training classes on ACME software at a customer site
Analyze the act according to code of ethics. Which ones are supportive and which ones are not?
Be impartial
Disclose information others ought to know
Respect the rights of others
Treat others justly
Take responsibility for your actions and inactions
Take responsibility for actions of those you supervise
Maintain your integrity
Continually improve your abilities
Share your knowledge, expertise and values In class exercise Be impartial
Disclose information others ought to know
Respect the rights of others
Treat others justly
Take responsibility for your actions and inactions
Take responsibility for actions of those you supervise
Maintain your integrity
Continually improve your abilities
Share your knowledge, expertise and values Generalized code of ethics based on virtues Strengths
No need to be impartial (unlike other ethical frameworks)
Loyalty and kindness to your children lets you spend money on a trip to Disneyland versus feeding starving children in Africa (contrast to act utilitarianism)
Reject that every action must produce maximum benefit for people overall
Difficult to determine what to do
Sometimes need to be used in conjunction with other ethical frameworks
Relative importance of virtues determines which framework
Example: Multiple fires, but only one fire crew
Prudence: send crew to minimize property damage (utilitarian)
Justice: send crew to fire within your district Virtue ethics An ethical framework based on imitation of morally superior role models
Acquire a moral virtue by repetition of appropriate acts (e.g. virtue of honesty attained by habitually telling the truth)
Benevolence, civility, compassion, conscientiousness, cooperativeness, courage, courteousness, dependability, fairness, friendliness, generosity, honesty, industriousness, justice, loyalty, moderation, patience, prudence, reasonableness, self-discipline, self-reliance, tactfulness, thoughtfulness, and tolerance
A person who possesses many moral virtues has strong moral character
Actions taken should be consistent with their character
What would an agent with a virtuous character do in these circumstances? Virtue ethics Eight main principles
Act consistently with the public interest
Act in best interests of client and employer, consistent with the public interest
Ensure products and modifications meet the highest professional standards possible
Maintain integrity and independence in professional judgment
Subscribe to and promote an ethical approach to management of software development and maintenance
Advance the integrity and reputation of profession consistent with the public interest
Be fair and supportive of colleagues
Participate in lifelong learning regarding profession and promote an ethical approach to the practice of the profession Software Engineering Code of Ethics May 1999
ACM is opposed to the licensing of software engineers
ACM believes that it is premature and would not be effective in addressing the problems of software quality and reliability
No formal certification and licensing, but a code of ethics and professional practice instead
Do you agree?
Is their ability to harm the public on par with other professions? ACM stance Certified Public Accountants
Similar to Computer Science in that it does not require a graduate degree to practice (unlike law or medicine)
150 semester credits of study
Practical training of at least 2 years
CPA exam
To retain certification, must fulfill continuing education requirements and abide by code of ethics
Equivalent Computer Science certification?
Why? Example: CPAs Many professions have special obligations practitioners must abide by
Must be certified and/or accredited to obtain a license to practice
Hair stylists
Must agree to a code of ethics to practice
Doctors Professional ethics Should companies be mandated to release a list of known bugs in their software? All bugs? Some bugs?
Should companies be allowed to not fix bugs but just create new versions that the user needs to buy? In class discussion Customers should be allowed to purchase, not just license
If you don’t need software, you can’t even give it away to anyone to use
“As-is” removes software companies out of the Magnuson-Moss Act in the UCC
UCITA was highly controversial. American Legal Institute walked out of proceedings Arguments against UCITA Article 2 of UCC not appropriate in a digital world

UCITA recognizes no perfect piece of software Arguments for UCITA UCITA Features (1999)
Manufacturers can license software to customers
Prevent transfer of software between people/orgs
Can disclaim all liability; customer accepts “as-is”
Allows manufacturer to remotely disable licensed software in case of license dispute
Allows manufacturers to collect information about how licensees use their computers
Applies to software in computers, not embedded Uniform Computer Information Transaction Act You have created a new software package that is destined to become the next great city systems control (e.g. bridges / signal lights / etc) program.

What are you going to supply as part of your “warranty”?
Length of time for warranty
Safety to society
Liability (if your program does something wrong) In class exercise What makes software warranties different than other industries?
Does the cost of having software warranties outweigh the benefits to society?
Do software companies need liability insurance? In class exercise Story
Program produced errors “Abort: Cannot find alternate” 19 times on day it was needed to generate a bid
Mortenson used software and generated a bid for that was $1.95 million too low
Got the contract
Mortenson sued Timberline
Aside: Timberline had fix available and sent it to a few customers in response to problem
Ruled in favor of Timberline Mortenson V. Timberline Software (2000) Timberline had construction bidding package called Precision Bid
$10,000,000 invested to construct database
Had 3000 directories worth of information
License for consumer version prohibited use of database and program for commercial use (displayed on invocation)
Zeindenberg bought it for $150
Sold to other commercial entities for much less
Got sued… argued that license agreement was not on the outside of the box that the license could not be held
Ruled in favor of ProCD
Established validity of clickwrapped agreements ProCD V. Zeindenberg Court held contract to:
P.O and invoice
Oral statements made by TSL representatives
Written license had different terms that Step-Saver never agreed to
President of SS had objected to terms of licensing agreement and refused to sign a document formalizing agreement
TSL continued to sell Step-Saver Multilink even without the signed written agreement
Meaning they agreed to the terms of the oral statements
Victory for Step-Saver Step-Saver Data VS. WYSE & TSL Step-Saver, a timesharing computer systems provider
TSL, software company that developed Multilink OS
Step-Saver bought & resold 142 copies of TSL's Multilink OS
TSL said the OS was compatible with most DOS applications
Software came with licensing agreement disclaiming all express and implied warranties
Step-Saver software didn’t work on Multilink
Was sued by 12 of its customers
Step-Saver sued TSL Step-Saver Data VS. WYSE & TSL Should software fall under Article 2 of Uniform Commercial Code
Governs sale of products in U.S.
Requirements for prompt fulfillment and returns of non-conforming goods
Magnuson-Moss Warranty Act
Prevents unfair warranties being placed on products > $25 or on products sold to more than 100 people
Defines standards for full versus limited warranties
Can software companies get away with murder? 90-day replacement or money back guarantee
Warrants that you can install the software
Software is “As-is”
No warrant and/or liability assumed for
Special, incidental, indirect, or consequential damages whatsoever
Updates may or may not be issued

Are all software warranties enforceable? Typical software warranty terms Perfect software in large systems is nearly impossible

What warranties, if any, should be provided by the creator of the software?

What do other industries do?
Home So software has bugs… Is quality code a moral obligation for software developers?
If so, then how does one achieve this?
Four main steps to ensure proper software creation
How many of you go through these steps? Software engineering Should developers and managers of manufacturer be held responsible?
Causal condition
Were the actions caused by them?
Actions and inactions
Mental condition
Did they intend or will the action to happen?
Carelessness, recklessness, negligence? Therac-25 moral responsibility Flaws abound
Was not “fail safe”
Need to remove single point-of-failure that causes catastrophe
Lack of software/hardware to detect overdoses
Software lessons
Debugging concurrent tasks difficult
Complex, undocumented code is dangerous
Reuse of code was bad Therac-25 post mortem Therac-25 radiation machine (1985)
Used to treat cancer
Electron beams to treat surface tumors
x-rays to treat deep tumors
Therac-25 started giving dosages 75-100 times to large to patients
Many burned, Six killed
Atomic Energy of Canada Limited – reused code from Therac-6 and Therac-20
Two problems (both race conditions)
Fast operators could change type of beam, while the magnets were being placed into position. A race condition missed this, causing x-rays to be used instead of electron beams
Variable used to determine when gun ready to fire. 8-bit variable that was 0 when ready. Task incremented the variable when gun out of position. Could be 0 at times! Software system failures AT&T network (1990)
Single faulty line of code in error-recovery procedure causes tens of millions of dollars in damage
Sending an OK message to a busy switch caused an error condition, causing it to fail, reboot, and broadcast OK
Rebooting caused traffic to go to other switches, making them busy
Broadcast “OK” sent to those switches leftover caused them to fail
Cascade of failures caused half of the switches to fail in 10 minutes
70 million long-distance calls failed
60,000 lost phone service completely Famous computer glitches Software may malfunction, do unintended actions, damage the computer system, and/or produce bad data
System failures
London 1992: Ambulatory dispatch system failed. 20 people died waiting
1998 – Chicago Board of Trade suspended trading on two days for an hour due to software failures
2003 – Thailand’s finance minister trapped in limo for 10 hours
2003 – Japan's air traffic control system and backup crashed at the same time Software reliability Software may malfunction, do unintended actions, damage the computer system, and/or produce bad data
System malfunctions
1996 – USPS returns 50k letters to USPTO back to sender
2001 – Qwest sends bills that charge $600/minute for calls
2008 – Those in public housing in NYC overcharged (then taken to court for not paying)
2010 – 450 high-risk inmates mistakenly released in CA
2003 – Amazon misprices iPaQ.
Refuses to deliver them at reduced price (275 -> 7)
Ethical? Software reliability Information within a computer system may be incorrect
Data entry errors
Disenfranchised voters
Florida voters wrongly classified as “felons” in the 2000 general election had only misdemeanor violations
False arrests
NCIC database incorrectly links people with similar names
Who should be responsible for ensuring accuracy?
What level of integrity should be supported?
Trade-off between false arrests and keeping a lot less records Data reliability See schedule
If you want to use my laptop, send me slides ahead of time so I can check Talks start next week Moving the workplace home
IT allows companies to give “homework”
Pagers, cell phones, laptops make all time “work-time”
Forced overtime?
Privacy violations
Large-scale monitoring of employee and citizen activities
Democratization and flattening of workplace
IT allows free communication across all employees Social impacts of technology Auto manufacturing
Postal service
Stock trading Automation and unemployment
Goal of economic system is to maximize workforce utilization
Automation presents significant challenges in maintaining employment

Automation and job creation
Reduces prices
Increases demand for product
Increases “real” income of consumers which increases demand for other products
Automating stock trading leads to creation of financial sector jobs up the chain (e.g. mathematicians and computer scientists to build systems) Social impacts of technology Against
Corporations condemn it
Betrayal causes short-term and long-term damage to company
Public already has recourse through legal system to go after company
Everyone suffers (company, managers, employee, employee’s family)
(Assuming you have tried to handle it internally first)
Moral responsibility should never be given to others (e.g. managers or executives) otherwise greater harm is done
Ford Pinto’s gas tank placement
If non-action might result in serious and considerable harm to the public, you have a moral duty to report it Pros and Cons of whistleblowing “Ethical worm” analysis
Tim releases an anti-worm anonymously to fix a security vulnerability
Analyze the act according to generalized code of ethics. Which ones are supportive and which ones are not?
Be impartial
Disclose information others ought to know
Respect the rights of others
Treat others justly
Take responsibility for your actions and inactions
Take responsibility for actions of those you supervise
Maintain your integrity
Continually improve your abilities
Share your knowledge, expertise and values In class exercise Not exhaustive
Parts not meant to be used in isolation
Not an algorithm to determine right from wrong
Not a mechanical process that leads to a single definitive conclusion for every situation
Based on interpretation and an individual’s values (like Utilitarianism)
Contains pieces from several ethical frameworks
Benefits to customer, employer, and public
Treating people as ends
Decisions that hold up to public scrutiny (cultural relativism)
Acting in the “Public interest”
“Virtue” ethics Software Engineering Code of Ethics x = 4195835;
y = 3145727;
z = x - (x/y)*y; Intel floating point problem

What is z?
a) 256
b) 0
Intel replaced chips that were shown to be defective
Lost a great amount of $$$
Not all defective chips replaced by users Famous computer glitches Patriot missile system (1991)
Failure to fire against a Scud that hit a US Army barracks
Truncation error in system clock accumulated
Difference in system time and real-time of 0.34 seconds after 100 hours in operation
System was only designed to operate several hours at a time before needing to be rebooted! Famous computer glitches
Full transcript