Information Technology Ethical Issues And Practices

Published Date: 02 Nov 2017

Keywords: information technology (IT), ethics, privacy, business management, cyber security Information Technology Ethical Issues and Practices in Business Management

Quite simply stated, ethics is a set of moral principles that govern a persons or group's behavior. What isn’t so simple is how these ethics are governed and managed through the broad and ever-changing world of information technology. There are recognized consequences for actions that are deemed inappropriate by society. For instance, if you steal your neighbor’s car, it is widely known and accepted that you will be punished in some form. We as citizens, accept the punishment as "just" for the safety and well-being of the greater good.

When businesses, management, or others do not maintain standards of ethical behavior costs can be exorbitant. An example of this occurred in 2010 when a data breach report was investigated and the results showed a loss of $7.2 million (Mooney, 2012b). Although most businesses have self-imposed standards of ethics in place, without a universal set of rules, companies remain at a higher risk of financial loss. Pryor (as cited in Mooney, 2012c) states:

As more and more of our personal information is collected and stored online and on computers, we need to ensure that the businesses storing this information are keeping it safe and giving us quick warning if it falls into the wrong hands.

Another study by Ponemon Institute concluded that cybercrime costs American corporations billions of dollars annually. In addition, the study found that hackers were regularly penetrating corporate network defenses. Over a four-week period, 45 companies participating in the study experienced 50 successful attacks per week or more than one successful attack per company each week (Mooney, 2012d).

Because of attacks like this and the financial burden to thwart such as attacks, companies are scrambling to fortify online security. Many people believe that some companies, in an attempt to heighten security, have unethically invaded the privacy and safety of consumers. In 2011, a lawsuit was filed against Aaron’s Inc., an office supply rental chain, alleging that the company secretly spied on customers. Aaron’s is alleged to have loaded spyware onto computers that it rented to customers. The spyware could then track the customers’ keystrokes, take screenshots, and even take a webcam image of customers using the computers in their homes or offices (Mandak, 2013).

According to Lipka, consumers were outraged when Sears Holdings was accused by the Federal Trade Commission (FTC) for using inappropriate measures to track online shopping of their customers. People were outraged that the penalty Sears received was a mere tap on the wrist. Sears failed to disclose that the software application consumers were purchasing, when installed, would monitor nearly all of internet behavior that occurs on consumer’s computers including miscellaneous dialect exchanged between shoppers and other entities that had no affiliation with Sears whatsoever. Certain information about customer’s shopping habits and sessions, that were supposed to be secure, were tracked and sent to remote computers at Sears. Some of this information was not even related to internet use (Lipka, 2009).

Some people fear that even the government is spying and collecting information on its citizens. The Utah Data Center, also known as Intelligence Community Comprehensive National Cybersecurity Initiative Data Center, is a data storage facility for the United States Intelligence Community that is meant to be the main storage location which has the ability to retain data on a scale of yottabytes (10008 bytes). As with most government annitiatives, the primary reason for its existence and use is classified information, but, its purpose – as its title specifies – is to support the Comprehensive National Cybersecurity Initiative (CNCI). The NSA or National Security Agency is the executive agency for the Director of National Intelligence. Critics contend that in an attempt to store and protect the public’s information, the government is violating personal liberty, security, and privacy. Some have serious concerns about the collection and storage of so much data in one location.

Thomas Drake, a former NSA employee states, "It raises the most serious questions about the vast amount of data that could be kept in one place for many, many different sources," (Fox News, 2013). Drake goes on to say that Americans should be concerned about letting the governments go too far in order to ensure secure environments.

"It's in secret so you don't really know," Drake explained. "It's benign, right. If I haven't -- and if I haven't done anything wrong it doesn't matter. The only way you can have perfect security is have a perfect surveillance state. That's George Orwell. That's 1984. That's what that would look like (Fox News, 2013)."

Credit card fraud is another concern when it comes to the ethical handling of personal information. Although it is not as damaging to the public as a whole, it can be devastating at the individual level. In the old days – that is, prior to the late 1980’s and advent of Internet e-commerce – credit card swindlers were required to steal cards themselves, or buy stolen cards from a motley collection of pickpockets, muggers, purse-snatchers, and burglars. Next, in order to use a stolen card, the thief or an accomplice would have to physically take the card for purchases, putting him at risk. Today, technology has minimized those risks and made the process simpler for prospective thieves. Cyber thieves no longer need to see credit cards, much less steal them, before they spend the victim’s money.

Credit and debit card fraud is huge business in modern America. Visa Corporation reported a $490 million loss from these types of crimes in 1997, while reporting that the rate of fraud had dropped from previous years. Unlike the criminals of the past, where proximity was a must, these new cybercriminals are able to execute their crimes from a safe distance – sometimes from as far away as the other side of the globe.

Managing IT crime is an endeavor we must take on and manage as a society at every level. Too many opportunities for fraud, crime and misuse are available to criminals. One such offense is hacking. Hacking, whether performed by teenagers or sophisticated gangs akin to crime, is considered a significant national and global threat on communication infrastructures. Idealistic hackers refute a pertinent interest in making a profit off of their activities and cite their doing it for freedom of information. Crackers, however, dedicate themselves to large sums of cash, as well as personal and confidential information for the purpose of monetary gain (Newton, 2004a).

Limitation of Findings

In the world of information technology, there are businesses across the globe that are struggling to work together to come up with a common ethical system that is fluid and effective in our vast information society. Management is being held accountable more now than ever before and stricter laws are being executed pertaining to Information Technology as the society broadens. Without such rules, chaos would reign and security would most certainly be compromised. The Computer Crime and Intellectual Property Section (CCIPS) is responsible for implementing a plan and strategies to fight computer and intellectual property crimes worldwide.

Because of Agencies such as CCIPS, the United States is able to investigate and prevent worldwide crimes by working with other government agencies, private sectors, academic institutions, and foreign counterparts. The Section’s enforcement responsibilities against Intellectual Property (IP) crimes are similarly multi-faceted. IP has become a major player in the United States economy, therefore the country is targeted frequently by predators that are seeking this intellectual property such as trade secret designs or copyrighted material. Complex investigations are routinely run and unique investigative issues are being solved daily.

Global Limitations

Information is unique in that it is intangible and, as such, extremely susceptible to theft. Advances in Information Technology (IT) have allowed dishonest marketing techniques to be utilized and opened a communication bridge to potential victims in foreign countries. Fraudulent transfer of assets from the United States to foreign countries has been a gripping problem to tackle. International policies are non-existent that would allow the Federal Trade Commission to retrieve certain asset information from fraudulent marketers in foreign countries. It has become clear that the international markets have become highly susceptible to unethical practices.

A massive marketing and advertising scheme uncovered by the United States Justice Department revealed that over four million personal computers were maliciously infected with malware that sent internet users to unwanted websites that, in turn, resulted in over fourteen million dollars in advertising profits that were entirely the result of fraud. The malicious software that was credited for the fraudulent activity changed settings in user’s machines in more than one hundred countries worldwide. Over five hundred thousand of the infected computers were in the United States (Chabrow, 2011).

Crimes such as these are on the increase as internet use and large capacity data centers become more commonplace. New laws, such as The Cyber Intelligence Sharing and Protection Act (CISPA) are being passed to protect users globally from possible threats. These new laws however, are not without controversy. Criticism of this bill, and others like it, is beginning to mount as several free speech and civil liberties groups are lining up against CISPA. The main reason for criticism is the possibility of internet freedom and privacy being lost with the implementation of the bill; basically the Fourth Amendment of the United States Constitution will be null and void. Many believe the unpredictable wording of CISPA could possibly lead to companies releasing information not pertaining to cyber attack issues. There is also a concern about the bill because it would give military agencies, like the National Security Agency, the ability to access the private and personal information (Sasso, 2010). The fear is that much if not all the information collected by the government could be shared in part or in whole by those institutions it was deemed to protect. These bits of data which contain private information could be stored in facilities much like the Utah Data Center and used for purposes other than their intended use.

Ones such worry is a global spy system whereby even your resemblance would be considered data and as such, placed in your information file for future use. Biometrics, the use of automated technology to identify individuals via specific physiological or behavioral characteristics, is feared to be a possible target. Although its intention is to prevent crime, some feel it could be compromised and used to violate human rights. Verification devices such as fingerprint scanners, retina scanners, facial recognition scanners, and hand scanners are all ways corporations and other entities could use biometrics to ensure the security of their physical or intellectual property. An example of ways biometrics might be used is by tracking attendance at the workplace or gaining entrance into a secure location. Places such as banks, hospitals, incarceration facilities, or government agencies all have areas in which the general public would not be granted access. It is critical that these locations remain secure in order to protect the entity’s assets, intellectual property, or protect the public from harm. Biometric devices being utilized today include vaults, safes, custom vehicles, home security systems, personal computers, access to jails or prison cells, and various weapons such as smart guns that have been built to work only if held in a particular hand.

After the tragedy that occurred on September 11th, 2001 in New York City, demand for the implementation of biometric scanners and devices increased exponentially. Soon, however, problems were noted with the technology. The most serious of these problems and a major concern for activists, is that biometric scanners do not use pure images to calculate their decisions, but use a form of template instead. The templates are tiny files that derive its information from meniscal personal traits or characteristics. But, like any computer system, database, or file, the templates were very susceptible to harm and security breaches. Nothing is perfect and no one person will place their hand, finger, or another part of their body on a scanner the exact same way. The difference is sometimes microscopic, so ensuring one hundred percent accuracy during each biometric scan is almost impossible to achieve (Newton, 2004b).

Chalmers states:

Critical losses would occur if biometric failures were to be targeted by any number of internet savvy persons or groups. Jails could be opened, bank accounts drained, businesses could be brought to their knees with the implementation of a virus or the right coding. All it takes is someone with a message to have a bad day (Chalmers, 2013).

Local Limitations

Much like the foreign market is being compromised, so too are the local and regional markets, perhaps even to a greater extent. The willful dissemination of personal information makes it tempting even at the lowest levels. Because credit cards, debit cards, internet transactions, and online banking sources require the transfer of sensitive information, the everyday consumer has become an easy target for IT fraud.

At the local level, it is not required to be an IT expert or even understand the processes contained within the IT world to commit a fraudulent act or commit theft. The willingness of the general public to hand credit cards and debit cards to perfect strangers has become commonplace in today’s economic world. In the past it took a great deal of effort by those with the proper training to obtain someone’s identity for the purpose of misuse. Today, we hand strangers willingly that very information we so preciously guard.

Gone are the days of the good old-fashioned purse snatcher. With little brute and more skill, thieves only need a minute, sometimes a second, to pilfer your credit card data.

Back in the beginning, they got the imprint of credit cards from the carbon copies they dug out of the trash. On the rare occasion a dishonest cashier would steal the information on the carbon copy when the customer wasn’t looking. Technology has changed things.

Criminals have hacked, phished or skimmed their way into the systems of stores, marketing firms, banks and even security expert facilities. In some cases, they only obtained names and emails. In the worst cases, they got credit card numbers.

The schemes are simpler than you think. Victims of credit card skimming are completely blindsided by the theft. They notice fraudulent charges on their accounts or money withdrawn from their accounts, but their credit and debit cards never left their possession. In credit card skimming schemes, thieves use a device to steal credit card information in an otherwise legitimate credit or debit card transaction. For example, credit card skimming devices are often placed on ATMs or even held in the hands of waiters and store employees. When a credit card is run through a skimmer, the device stores the credit card information. Thieves use the stolen data to make fraudulent charges either online or with a counterfeit credit card. In the case of ATM and debit cards, thieves withdraw cash from the linked checking account. Credit card skimmers are even popping up on Redbox movie rental kiosks. Victims of credit card skimming are often unaware of the theft until they receive a billing statement or overdraft notices in the mail.

Systems are in place and are being monitored at every level to protect society. Extreme efforts are made to halt these unethical practices and to prosecute criminals. Still, diligence and knowledge are important in preventing these things from happening to society. IT management has implemented several security measures. Awareness is one of the most important of them all.

Widespread knowledge is easily dispersed in today’s society through the internet. Credit card skimming incidents can be difficult to detect since the credit cards are never lost or stolen. The best way to detect a skimmed credit card is to watch your accounts frequently. Monitor your checking and credit card accounts online daily and immediately report any suspicious activity.

Studies show restaurants, bars, and gas stations are places where credit card incidents happen most frequently. That's because cardholders are comfortable letting their cards leave their sight in these places. But, if you can't see your credit card, it could be getting skimmed.

Public should be aware that before using an ATM, make sure there aren't any devices attached to it. At ATMs, skimmers often place a camera within view of the keypad to steal your PIN. Or, they place a fake keypad on top of the real one to record your keystrokes. When you're using an ATM, cover your hand as you type your PIN to keep a camera from catching a view of what you're typing. If the keys seem hard to push, eject your card and use another ATM.

Skimming is a crime and there are places to report it besides your financial institution. Fraud alerts should be placed on your credit report as well. This forces businesses to confirm your identity before approving applications in your name. The Federal Trade Commission should be made aware as well. They often work to break up large credit card skimming rings. Complaints such as this will help catch the thieves.

Other types of IT devices are being compromised as well. IT plays a major part in our daily lives. Communication is essential and most people use mobile devices are their source of communication in today’s world. The Wireless Telephone Protection Act of 1998 expanded the prior law to criminalize the use, possession, manufacture or sale of cloning hardware or software. Currently, the primary type of cell fraud is subscriber fraud. The cellular industry estimates that carriers lose more than $150 million per year due to subscriber fraud (FCC, 2013).

Subscriber fraud occurs when someone signs up for service with fraudulently-obtained customer information or false identification. Lawbreakers obtain personal information and use it to set up a cell phone account in that person’s name. Resolving subscriber fraud could develop into a long and difficult process for victims. It may take time to discover that subscriber fraud has occurred and an even longer time to prove that you did not incur the debts.

Every cell phone is supposed to have a unique factory-set electronic serial number (ESN) and telephone number (MIN). A cloned cell phone is one that has been reprogrammed to transmit the ESN and MIN belonging to another legitimate cell phone. Unscrupulous people can obtain valid ESN/MIN combinations by illegally monitoring the radio wave transmissions from the cell phones of legitimate subscribers. After cloning, both the legitimate and the fraudulent cell phones have the same ESN/MIN combination and cellular systems cannot distinguish the cloned cell phone from the legitimate one. The legitimate phone user then gets billed for the cloned phone’s calls. This is on the downslide because of systems in place governed by the FCC.

Another way IT is playing a role in managing theft and deceit is through a means the criminals themselves use. Recently two men were charged in connection with a scam that police believe cost a cellphone company $1 million. Police believe the men had acquired $1 million in high-end cellphones from a mobile phone provider at outlets across Alberta and British Columbia using a fake corporate account. The suspects were selling the phones online to unwary customers. Police along with state, national and global security teams use the internet to nab these types of crimes and catch criminals. The amount of money lost in these types of crimes is billions of dollars annually.

Phone hacking creates a variety of problems in addition to the exorbitant amount of money lost. This crime opens up many other avenues of criminal transportation. We want to believe we use our cellular devices for communication and protection, but unfortunately loopholes in IT have created another criminal opportunity at the victim’s expense. Having a smartphone equipped with GPS may create a safety issue in society

Security weakness related to GPS could potentially be used by hackers to hijack most modern smartphones. The loophole specifically affects phones that use assisted GPS (A-GPS).

Many modern smartphones now come with a GPS receiver to allow navigation features and other location based services. GPS receivers can consume a large amount of battery power if used constantly however; so many phones will employ a system known as assisted GPS to provide an approximate location.

A-GPS uses data transmitted from cell phone towers to triangulate a phone’s position, and while it is not quite as accurate as true GPS it can provide better battery performance when used in conjunction. It is also much quicker at determining a location than GPS which can take anywhere up to 12 minutes to calculate co-ordinates.

The security flaws are highlighted specifically to the use of A-GPS in phones. When a phone sends A-GPS data to cell phone mast to calculate its location, it does so over an insecure connection that could easily be intercepted by hackers.

A hacker could switch the A-GPS data being sent from a phone network with its own data, allowing the hacker to determine the location of the phone. The phone could be configured to send this data every time that it requests A-GPS support, so the attacker would no longer need to be in range of the compromised phone to obtain location data. Along with the theft of location data the security flaw could allow for some more serious crimes involving these phones. The A-GPS system is processed on the phone’s main processor rather than the GPS chip, and messages sent by the hacker on the compromised connection could cause system crashes that would allow the hacker to gain remote access to the device.

Turning the phone on one time and connecting to that one network, you can be tracked any time you try to do a GPS lock. Some found this alarming. While the security loophole could potentially result in some rather insidious data theft, the problem is pretty easy to solve, but that many manufacturers simply don’t bother to implement the technology to prevent such attacks. These measures being made mandatory could save money and create another safety measure in the world of IT. This should raise serious concerns over the security of modern smartphones.

Social Limitations

With over a billion users on one social networking site alone, it’s easy to see why crimes on these sites are rapidly and consistently growing in many ways. Complaints to police about alleged crimes linked to the use of Facebook and Twitter increased by 780% in four years, resulting in about 997 people being charged. The phenomenon of social networking crime was comparatively minor back in 2008 with 556 reports made to police, according to the statistics released by 29 police forces outside the United States. These numbers are reflecting only 2 of several social networking sites available.

Social networking allows multiple people to share information with one another. Users on a site, like Facebook, first must establish a profile containing personal data, such as their name, interests, employment, and the geographic area. Other information, such as pictures, video, and texts, also can be shared. Users can form online relationships with other people, sharing the information they have uploaded. As a security precaution, most social networking sites have settings enabling users to control what information is shared and who can see it.

Social media has crafted its own language with common words and unique definitions. Year after year social media sites continue to grow exponentially. For example, Twitter grew from 75 million registered users in 2010 to 175 million in 2011. Facebook experienced similar growth, skyrocketing from approximately 350 million active users worldwide in 2010 to near 640 million a year later. Additionally, the rate at which people access these sites is significant. For example, YouTube, the popular video-sharing site, receives more than 24 hours of video every minute. Similarly, photo-sharing site Flickr receives more than 3,000 image uploads every minute (FBI, 2012).

A 2012 survey conducted by the Institute for Criminal Justice Education (ICJE) found that over 78 percent of law enforcement respondents had a social media account. Of those, over 38 percent identified themselves on their profile as policing professionals. This finding illustrates the interest law enforcement officers have in social media, in addition to how they choose to identify themselves to others through social media (Business Weekly, 2013).

Although police are making themselves visible in the social networking world, it is vast, and hard to reach every user because of security measures. These measures are to deter criminals, but some say they aren’t working.

A classic example of exploitation on social networking sites involves the perpetrator perusing users’ profiles and looking for potential victims in the vicinity who won’t be home. For instance, social media users can post that they will be out for the evening, which gives potential thieves a large time window to burglarize the property. Stories of this nature are appearing in the media and serve as a reminder that users are not as cautious as they should be with their personal information.

Some high tech security measures have been implemented to catch criminals who use social media as breeding grounds for illegal acts. Unfortunately, acts such as the above mentioned hard to catch unless caught in the act.

Not surprisingly, the majority of crimes on social networking sites are cyber based, and many of them use a technique called social engineering. In a classical sense, social engineering refers to the social manipulation of large groups of people to meet political or economic ends. Today, it’s taken on an additional meaning in the cyber security world. For our purposes, social engineering refers to gaining access to information by exploiting human psychology. This form of social engineering is surprisingly easy to achieve, and because of it, one computer security firm revealed a minefield of scams. All that is needed by the scammer is the username and password of one member of a network and a little practice in writing letters that sound urgent to inspire friends to aid you. All the while the scammer is vague enough not to reveal the impersonation. Even if only a few friends on the list are duped, the return on investment for the scammer is quite high.

The term phishing is a play on fishing, in which perpetrators send out many emails with the hopes of getting a response in return. The victimization rate that results is usually somewhere in the 0.5% to 1% range (FBI, 2012). Despite the low success rate, criminals continue to send out emails that look like legitimate concerns over account security or sale reminders from your favorite retailer. Studies show phishing attacks are on the rise.

The most recent development in social media technologies is called geotagging, which embeds geographical data (longitude and latitude) into media such as photos, videos, and text messages. Geotagging media allows users’ locations to be posted along with their media. The location of users can be found quickly and with frightening precision by combining the geotagging of media-friendly sites.

A recent study from the International Computer Science Institute tested the potential to use all publicly available resources to determine the locations of a variety people on the Internet. In a process called cybercasing, online tools are used to check out details, make inferences from related data, and speculate about real-world locations for questionable purposes. In other words, cybercasing uses the Internet to determine the location of the desired victim using any available resource.

Some argue the prevalence of criminal activity on social media sites is difficult to determine. They argue, there are currently no comprehensive statistics on social media crimes. This can be due to a number of factors, especially considering the broad nature of social media, anonymity afforded to criminals, and relative unawareness of Internet users, which can create a ripe environment for victimization. However, we can look into related crimes that can involve social media to estimate how often these crimes occur.

The 2010 Internet Crime Report from the Internet Crime Complaint Center (IC3) reported that identity theft was the third highest complaint at 9.8% for 2010. In addition, identity theft was the second most referred crime to law enforcement at 16.6%.

The Consumer Sentinel, a database maintained by the Federal Trade Commission (FTC) that collects information about consumer fraud from the FTC and other reporting agencies, reported that the number one complaint category was identity heft with 247,000 complaints

(19%of all complaints) received by the Consumer Sentinel in 2010.

The identity theft survey released in early 2010 by Javelin Strategy and Research revealed that approximately 3.5% of the U.S. population fell victim to identity theft within the previous year (the survey was conducted in 2010), suggesting that 8.1 million Americans were ID theft victims in 2010. The mean costs to resolve the crime was $631, which was the highest average dollar amount since 2007.

A federal study of offline stalking indicated that one out of every 12 women (8.2 million) and one of every 45 men (2 million) claims to have been stalked at some point. This study also found that 1% of all women and 0.4% of all men were stalked during the 12 months preceding the study. It reported that women are far more likely to be victims of stalking than men, as nearly four out of five stalking victims are women, while men are much more likely to be stalkers–87% of the stalkers identified by victims in the study. Finally, during their lifetimes, women are twice as likely as men to be victims of stalking by strangers and eight times as likely to be victims of stalking by intimates.

In 2003, the FBI published a descriptive study of NYPD’s Computer Investigation and Technology Unit (CITU). The CITU investigates cases in which the offender uses a computer as the primary instrument to commit a crime. Examining 192 closed cases from 1996 to 2000, cyberstalking was the most reported crime to the CITU, comprising 42.8% of the cases investigated by the CITU. The study revealed similar findings to traditional stalking in that 80% of cyberstalkers were male. However, cyberstalkers appear to be younger than offline stalkers. CITU reported an average male age of 24. In addition, 26% of offenders were juveniles, under the age of 16, according to New York State law. Victims were most commonly women (52%), with men being targets in 35% of the cases; other victims included educational institutions and private corporations (CITU,2013).

The statistics reviewed suggest that identity theft and stalking/cyberstalking are prevalent and costly crimes. In addition, social media offers an avenue of contact for potential perpetrators. Currently, there is no way to determine the overall occurrence of crimes on social media, but the prevention measures taken at every level can help protect society.

Conclusion and Future Study

The effect of ethics in the computer world can be seen all around us, every day. Unethical behavior continues to permeate industry in all facets, and is especially rampant in the new cyberworld of today. It is clear that professional organizations as well as governments are recognizing the need for, and insisting upon standards of professional responsibility for their members and citizens. Until there are global standards that dictate what is accepted and what is not, there will be gaps between what is right and wrong related to location.

It may be acceptable to jay-walk in Pattaya, Thailand but doing so doesn’t directly affect a person in Cairo, Egypt. However, if that same person in Pattaya decides to take a walk in the cyberworld, it could potentially be devastating for the person in Cairo. There is a definite need for global agreement, enforcement, and assistance when it comes to the ever-reaching heights of the IT world of today.

To ensure high ethical behavior, every level of management and non-management must fully understand the ethical implications of their decisions as it relates to their personal and professional values. Corporations and Governments need to implement a standardized and accepted Code of Ethics.