Security, Privacy, and Ethics

Overview

Political systems vary in their views on the ways that individual privacy and ways of behavior are defined and supported. These views are important because they correlate with the manner in which data, information, and knowledge systems are designed and evaluated. The prevalence of threat to national security increases the attention applied to data, information, and knowledge systems and their role in safeguarding individual and collective liberties.

Thus, a number of issues are important to the information scientist. If information is valuable, then what are the factors that make it secure? Are the methods used to obtain, employ, manage, preserve, and distribute information from numerous individual and collective sources in the application of financial and medical status ethical? Do the methods conform to acceptable standards? This chapter directs its attention to these security issues.

Security

Information technology is varied. It includes tools such as sensors (radar, sonar, satellites, MRI, PET) and other devices that can acquire data as small as the smallest needle in a haystack. Information technology includes cell phones, computers, and techniques such as artificial intelligence; storage devices such as radio frequency identification (RFID) tags; and even robots that help us handle dangerous substances and vacuum our floors.

These tools can do much good as well as harm. They enable us to obtain and process data, information, and knowledge in amounts that we could not begin to imagine just a decade ago.

One of the major impacts of information technology is that it makes large amounts of data accessible to others about almost every detail of our lives. Each time we buy an item at a store with a credit card, that transaction is recorded and assembled by someone or some agency who has an interest, private or general (commercial), to serve a purpose. The interest of the information scientist is to learn how such technologies can best be used to improve our lives.

While information technologies can help humans in many ways, this technology can also be used to harm people. While the computer can process large amounts of data to help our understanding of many aspects of our lives, the computer can be used to hurt people.

The computer is an interesting tool because it can be the means of a crime as well as the object of a crime. By making data about a person’s credit line on a credit card available, persons could use the credit card (or Social Security) number obtained from the computer to make purchases against another individual’s credit line. The owner of the credit card usually discovers the fraudulent act long after the transaction has occurred.

Computers can be used to harm the capacities of other computers to provide important data. Understanding how computers work inside and out, criminal hackers can disrupt what computers do by creating what is called a virus. A virus is a computer program that attaches itself to another program, thereby providing false data or no data at all.

There are many kinds of viruses (application, system, etc.). Computer scientists continuously study how these viruses can be identified and dealt with. Computer and information scientists are working together to establish ways to deal with such computer crimes (for example, the CERT Coordination Center at Carnegie Mellon University).

Privacy

Supreme Court Justice Louis Brandeis recognized in 1890 that “the right to be left alone is the most valued right of civilized man” (Warren and Brandeis 1890, 643). Information technology raises important social issues about privacy.

Cameras and sensors located in stores, libraries, office buildings, schools, and even on individuals can continuously monitor the presence and behavior of all things (human and material) within their scope of view. These sensors can serve as tools to ensure our safety. They can be used as surveillance of all human and other activities. This surveillance can be used to follow the moment-to-moment activity of the individual for whatever purpose, legal and/or illegal.

Information systems consisting of sensors, transmission links, and computers enable the government to collect data on all aspects of an individual’s life, workplace, and community. Computers account for what individuals do at work—for example, how many breaks an employee takes during a given shift or how often the Internet/World Wide Web is accessed for personal communication rather than for work. As a matter of fact, the government authorizes these checks. This monitoring of privacy can be substantial and significant.

The government has come to realize the impact of information technology and has established laws to protect the right to privacy of the individual. The Privacy Act of 1974 gives the individual the right to control what records can be collected, held, used, or given to others. The records cannot be used without the individual’s consent. The individual has the right to have a copy of the records and to make changes to them as warranted.

When used, the records should be used for lawful purposes, kept up to date, and their use safeguarded. The records could be used if there is a public need for them and when the individual’s rights are not violated. In another act (1992), the transmission of unsolicited information (advertisements) through fax (written material transmitted electronically) is prohibited.

Yet many of us still experience unsolicited telephone calls asking for donations, subscriptions to magazines, or other endeavors. There is a requirement for laws restricting this abuse of an individual’s privacy.

Ethics

Webster’s New World Dictionary defines ethical as “conforming to the standards of conduct of a given profession” (1966, 499). Basically, ethics deals with matters of right or wrong behavior (moral issues) that a person engages in during the conduct of their profession.

The medical profession, for example, guides its ethical behavior by the Hippocratic Oath, in which doctors pledge to hold morality as the highest standard in their work. In information science, the behavior of information professionals (information scientists, computer scientists, and others) is guided by codes established by professional societies.

There are numerous societies interested in safeguarding the rights of individuals in the use and misuse of information and knowledge. People in these societies include professionals in specific parts of their field (computer scientists, librarians, information managers, archivists, and others).

Four Core Issues in the Information Age

Four issues have been identified as representing ethical conduct in the information age:

1. Accuracy: responsibility for the authenticity, fidelity, and accuracy of information; accountability for errors.
2. Property: ownership of information. This includes the price paid for the exchange, identification and ownership of the transmission mediums, and how a scarce source of information is to be allocated.
3. Accessibility: What information does a person or organization have a right or a privilege to obtain? Is public information provided equitably to everyone?
4. Privacy: divulging information about oneself to others. What information should one be able to keep strictly to oneself?

One of the chief functions of the information professional is the analysis, design, and evaluation of data, information, and knowledge systems that augment human capacities. The following are some of the ethical issues identified for the analyst, designer, and evaluator of augmented data, information, and knowledge systems:

1. ADIK systems can play an important role in society. How can we learn about the impact of these systems on society and the individual?
2. The influence of education and training on the practitioner’s perceptions regarding the work engaged in and issues pertaining to appropriate standards of behavior.
3. The need to acknowledge and define the human and institutional dimensions that are part of the events and to which these systems must respond.

Ethics and the Augmented Data, Information, and Knowledge System

ADIK systems in the hands of individuals, organizations, and institutions are important tools for governing people while also enabling these entities to meet the demands of the broader environment. These systems, in their entirety and in part, are complex and often embedded in many functions that are part of the data, information, and knowledge environment.

For example, hardware sensors can be installed at different locations in the environment, thus avoiding the physical presence of human agents who would serve the same purpose. A wide variety of transmission devices (flags, sirens, telephones, radios, etc.) can transport data from one location to another.

Individuals likewise have the capacity to distribute data, information, and knowledge to others at different places and at different times. Individuals have the ability to process data with or without technological assistance. In the course of each of these transactions that are often part of an ADIK system, there is the possibility of error (capricious and/or intended).

This can influence directly the solution of problems, the making of decisions, and the distribution of knowledge that could significantly affect the well-being of both individuals and organizations. The following are some of the analysis and design factors of the essential components of an ADIK system that can materially impact individuals and institutions.

Event

The system captures only those aspects of an event based on the analyst’s or designer’s point of view and/or preference. This can include ignoring certain aspects of events by pretending they are transitory or unimportant without documenting the rationale, which can distort data and/or information.

Failure to account for the details of an event because of the likely consequences that would ensue if reported also can create distortions. Adding aspects (variables) to an event beyond those that are captured by sensors can do the same. Not documenting an aspect of an event to ensure that it does not interfere with the analyst’s desired perceptions is another source for errors.

Acquisition Subsystem

By focusing a sensor on a specific aspect of an event, for a specific purpose not in line with system needs and requirements, a misperception is created. Obtaining more data than needed to achieve personal or institutional objectives, or gathering personally identifiable information (not in public space) without permission of the individuals, is ethically questionable.

Transmission Subsystem

Obtaining and forwarding data not relevant to the system and directed to personal ends, creating noise to disrupt data flow, and using someone’s name or PIN to access computers are unethical uses of an ADIK system.

Processing Subsystem

Processing problems include providing more data than needed and required to support a decision; failure to check the assumptions that support the organization and presentation of data to the user (decision maker, problem solver); and failure to document changes in coding or database structure.

Utilization Subsystem

Problems in utilizing data include applying personal values that go beyond the available data for decision making and problem solving, and avoiding data that would indicate errors in judgment in the decision-making/problem-solving process.

Transfer (Communication) Subsystem

Communication problems include creating unnecessary complexity in the data received on which the decision was based (obfuscating); informing others of matters in an order of importance not consistent with the available data or their interests (ordering); and highlighting data that is not consistent with the importance of content but consistent with individual, selfish purposes (centering).

Purposefully delaying an action for a benefit (the “float”) or preserving, removing, or excluding information from the system or services (such as a website) because it conflicts with an individual’s personal views, religion, and so on, also create problems in communicating data.