A-level Computing/AQA/Paper 2/Consequences of uses of computing

Moral and ethical issues
An ethical issue is one that concerns our own individual behaviour and our own personal concept of right and wrong. We learn our moral values from other people such as our parents, teachers and peers, and we learn them for ourselves from experience. Ethics vary slightly from morals in that they are a way of trying to define a set of moral values or principles that people within society live by. Ethical issues are sometimes referred to therefore as social issues.

Topics that aren't examined but you might be interested in:
 * Natural law
 * Utilitarianism
 * Kantian ethics

The use and misuse of personal data
Data misuse- the inappropriate use of data as defined when the data was initially collected.

Most organisations collect data on an ongoing basis and much of this data is personal. At a basic level this might be name and address information, but may also include data about individuals' finances, health, relationship status, family, employment history and even their personal views.

This presents a number of issues:
 * personal privacy
 * data security
 * misuse of data
 * 'big brother'
 * online profile
 * profiling.

prevent data and information misuse-
 * Block Out-of-Policy User Activity- More often than not, your users have the keys to the kingdom. They can access vital files, data, and systems in order to perform their day-to-day tasks
 * Improve Cybersecurity- 64% of all insider threat incidents are caused by negligent users*, not users with malicious intent

Other moral and social issues
There are a number of other moral and ethical issues relating to Computer Science:
 * unauthorised access
 * unauthorised use of software
 * inappropriate behaviour
 * inappropriate content
 * freedom of speech
 * unemployment
 * access to the Internet.

Topics that aren't much examined but you might be interested in:


 * Dark Web documentary
 * The History of Computer Hacking documentary
 * Anonymous group

As is clear from the topics discussed above, ethical and moral issues become a matter of debate. When you are using your own computer at home, you make your own moral decisions about these issues. When you are using a computer in a school, college or any other organisation, you normally have to agree to a code of conduct.

The main principles of the British Computer Society (BCS) code of conduct are that members should:
 * always operate in the public interest
 * have a duty to the organisation that they work for, or the college they attend
 * have a duty to the profession
 * maintain professional competence and integrity.

Legal issues
Legal issues relate to those issues where a law has been passed by the Government. There are very few Acts of Parliament that are specific to the world of computing. The two main ones are the Data Protection Act and the Computer Misuse Act.

In addition, the Freedom of Information Act, the Regulation of Investigatory Powers Act and the Copyright, Designs and Patents Act are of particular relevance to computing.

Also, using a computer does not exempt you from all the other laws of the Kingdom. For example, someone who carries out an act of fraud on the Internet can be prosecuted under the Fraud Act. Someone who steals computer data can be prosecuted under the Theft Act. Someone who makes false allegations about someone else in an email can be prosecuted for libel under the Defamation Act.

The freedom of information act - The Freedom of Information Act (FOIA) generally provides that any person has the right to request access to federal agency records or information except to the extent the records are protected from disclosure by any of nine exemptions contained in the law or by one of three special law enforcement record exclusions.

Purpose
The Data Protection Act places controls on organisations and individuals that store personal data electronically. The Act's definition of "personal data" covers any data that can be used to identify a living individual.

The DPA determines what organisations can do with personal data that they have collected.

The DPA also defines the rights of the individual over the data that is stored about them.

In 2018, the DPA was strengthened by the introduction of a new act called General Data Protection Regulation (GDPR).

There are eight main principles behind the Data Protection Act. Anyone processing personal data must comply with the eight enforceable principles of good practice. They say that data must be:
 * fairly and lawfully processed
 * only used for the stated purpose
 * adequate, relevant and not excessive for the specified use
 * accurate and kept up-to-date
 * not kept longer than necessary
 * processed in accordance with the data subject's rights
 * kept safe and secure
 * not transferred to countries without adequate data protection

Another feature of the Act is that data subjects have the right to know what data are stored about them by any particular individual or organisation. These are known as subject access rights.

History
The Act implements what was a manifesto commitment of the Labour Party in the 1997 general election. Before its introduction, there had been no right of access to government by the general public, merely a limited voluntary framework for sharing information.

The Act went through Royal Assent in 2000 and came fully into force in 2001. It is important to note due to devolution, Scotland has its own version of the Act named the Freedom of Information (Scotland) Act, which was passed in 2002 and was full enforced at 2005.

Purpose
The Freedom of Information Act extends the subject access rights of the Data Protection Act and gives general rights of access to information held by public authorities such as hospitals, doctors, dentists, the police, schools and colleges.

The Act gives individuals access to both personal and non-personal data held by public authorities. The idea behind the Act was to provide more openness between the public and government agencies. Therefore, to respond to individual requests for information. Much of this is done through websites and email communications.

History
The Computer Misuse Act 1990 is an Act of the Parliament of the United Kingdom, introduced partly in response to the decision in R v Gold & Schifreen case of 1988. Critics of the bill complained that it was introduced hastily and was poorly thought out. Intention, they said, was often difficult to prove, and that the bill inadequately differentiated "joyriding" hackers like Gold and Schifreen from serious computer criminals.

The Act has nonetheless become a model from which several other countries, including Canada and the Republic of Ireland, have drawn inspiration when subsequently drafting their own information security laws, as it is seen "as a robust and flexible piece of legislation in terms of dealing with cyber crime”. Several amendments have been passed to keep the Act up to date.

Purpose
The Computer Misuse Act was introduced primarily to prevent hacking (data misuse) and contains three specific offences relating to computer usage:
 * unauthorised access to computer programs or data
 * unauthorised access with further criminal intent - For example, this makes creating, obtaining or deploying malware a criminal offence.
 * unauthorised modification of computer material.

The Act was introduced before the widespread use of the Internet, which has led to problems with enforcement. Prior to the Internet, hacking did take place, but not on the scale that it does today. There are now millions of computers and networks connected to the Internet and the opportunities for hackers have increased enormously.

History
The Regulation of Investigatory Powers (RIP) Bill was introduced in the House of Commons on 9 February 2000 and completed its Parliamentary passage on 26 July. A number of offences have been prosecuted involving the abuse of investigatory powers. Widely reported cases include the Stanford/Liddell case, the Goodman/Mulcaire Royal voicemail interception, and Operation Barbatus.

The Act has numerous critics, many of whom regard the RIP as excessive and a threat to civil liberties in the UK. Campaign group Big Brother Watch published a report in 2010 investigating the improper use of RIP by local councils. Some even argue that the Act contravens the Human Rights Act, the European Charter on Fundamental Rights (which was introduced by the Lisbon Treaty) and the European Convention on Human Rights.

Purpose
The RIP Act was introduced to clarify the powers that government agencies have when investigating crime or suspected crime. It is not specific to the world of computing but was introduced partly to take account of changes in communication technology and the widespread use of the Internet.

There are five main parts of the Act. The most relevant to computing are Part 1 which related to the interception of communications, including electronic data, and Part 3 which covers the investigation of electronic data protected by encryption. In simple terms, it gives the police and other law enforcement agencies the right to intercept communications where there is suspicion of criminal activity. They also have the right to decipher these data if they are encrypted, even if this means that the user must tell the police how to decrypt the data.

It also allows employers to monitor the computer activity of their employees; for example, by monitoring their email traffic or tracking which websites they visit during the work time. This raises a number of issues relating to civil liberties.

History
The Copyright, Designs and Patents Act 1988 (c 48), also known as the CDPA, is an Act of the Parliament of the United Kingdom that received Royal Assent on 15 November 1988. The Act was passed following a number of cases, such as:

The Copyright, Designs and Patents Act 1988 (c 48), also known as the CDPA, is an Act of the Parliament of the United Kingdom that received Royal Assent on 15 November 1988. The Act was passed following a number of cases, such as:
 * A&M Records v Video Collection International [1995]
 * Gramophone Company v Stephen Cawardine [1934]
 * Godfrey v Lees [1995]
 * Levy v Rutley [1871]
 * Stuart v Barret [1994]
 * University of London Press v University Tutorial Press [1916]

The Act creates a specific regime of moral rights for the first time in the United Kingdom: previously, an author's moral right had to be enforced through other torts, e.g. defamation, passing off, malicious falsehood.

The Act was also passed to implement European Union directives into UK law.

Purpose
The Act gives rights to the creators of certain kinds of material, allowing them control over the way in which the material is used. The law covers the copying, adapting and renting of materials.

The law covers all types of material but of particular relevance to computing are:
 * original works including instruction manuals, computer programs and some types of databases
 * web content
 * original musical works
 * sound recordings
 * films and videos.

Copyright applies to all works regardless of format. Consequently, work produced on the Internet is covered by copyright. It is illegal to produce pirate copies of software or more versions on a network than have been paid for. It is an offence to adapt existing versions of software without permission. It is also an offence to download music or films without the permission of the copyright holder.

It is possible to request permission from the copyright owner to use their material, by writing to them and telling them what you intend to use their work for. However, the copyright owner does not have to grant permission. Furthermore, if they do grant permission, they may request a fee.

In computing, two techniques are used to protect copyright:
 * Digital Rights Management (DRM)
 * licensing.

Patents

 * Patents are legal protections over inventions. They cover ideas and concepts rather than intellectual property.
 * Patents can apply to both hardware and software and must be registered.

Issues related to the act
One of the ongoing criticisms of the CDPA 1988 in the recent years has been the need for modernisation. Since the act was introduced before popularisation of the internet it can be argued that it does not adequately cover online intellectual property.

The Internet makes file sharing very easy, especially using peer-to-peer services.

Digital representation of text, images, audio and video allow for perfect copies to be made.

There is uncertainty over whether or not website hosts are responsible for the illegal content uploaded by their users.

Creative commons licensing
Creative commons licensing (CC) is a common licensing framework. The six main CC licenses are comprised of various combinations of its four conditions:


 * 1) Attribution (BY): The work can be copied, modified, distributed, displayed, and performed, as long as the content creator/copyright owner is credited.
 * 2) Non-commercial (NC): The work can be copied, modified, distributed, displayed, and performed, but no profit can be made from it.
 * 3) No derivative works (ND): The work can be copied, distributed, displayed, and performed, but cannot be modified.
 * 4) Share-alike (SA): The work can be modified and distributed, but derivative works must be covered by an identical licence to the original.

Other acts
Other acts that are particularly relevant to computing are:

Cultural issues
Cultural issues are all factors that influence the beliefs, attitudes and actions of people within society. Common cultural influences are family, the media, politics, economics and religion. These are cultural differences between different groups of people. For example, people from difference countries often have a different culture.

There are elements of computer use that have a cultural impact in that they can change our attitudes, beliefs and actions:
 * over-use of data
 * invasive technologies
 * over-reliance on computers
 * over-reliance on technology companies
 * 'big brother' culture
 * globalisation.

Summary

 * We are living through a technological revolution and as computer scientists we must consider the consequences of computing on individuals and society as a whole
 * Computing can bring about massive benefits but can also have a negative effect on individuals and society
 * There are a number of laws relating specifically to computing and other common laws also apply to actions that are undertaken on a computer
 * The Internet and World Wide Web have had a massive influence on our culture and will continue to do so

One of the following laws:
 * Copyright, Designs and Patents Act
 * Digital Economy Act

The Data Protection Act and the Computer Misuse Act

Legislation: Affect:
 * Health and Safety (Regulations)
 * Display Screen Equipment Regulations
 * Monitors should be movable/adjustable to alter height/ reduce glare / minimise flicker;
 * A top of screen at eye level;
 * Chairs should be movable/adjustable;
 * Position of mouse/keyboard assessed // keyboard should be separate from screen;
 * Consideration of lighting;
 * Space under desk for legs;
 * Supply a foot-rest / wrist-supports;
 * A feet should be touching flat surface;
 * Set up software to use readable fonts // select colours that are easy on the eye;
 * Cables should not be left loose;
 * Sufficient work-space around computer.

Copyright, Designs and Patents (Act)

Any of the following:
 * Number of licenses the library has;
 * If the software needs a license;
 * Type of license the library has;
 * Library has a site-wide license;
 * Check that software can (legally) be used on more than one machine.

Definition:
 * Contract/rules/regulations that an employee must follow;
 * A member of an organisation is bound by;
 * Contents of a code (may) not be legal requirement;
 * Breaking rules could result in disciplinary action/possibility of losing job.

a) Copyright, Designs and Patents (Act)

b) Computer Misuse (Act)

c) Health and Safety at Work (Act)

Any of the following:
 * To set out points of good practice for employees//set out rules that are not legal requirements;
 * To ensure employees are aware of legal requirements//as employees may not know what the law is;
 * To relate legal requirements to the work that the employee does;
 * To make clear consequences of breaking the rules.

Data that relate to a living person//individual who can be identified from that data

Any of the following:
 * password-protect files/database;
 * force regular changes of passwords;
 * force strong passwords; or including an example
 * firewall to guard against hackers;
 * run anti-spyware software;
 * backup regularly;
 * keep backups securely stored away from computer system;
 * ensure data can be restored from backups;
 * only allow authorised software to be used on the system;
 * staff training to make them data-aware;
 * appropriate operational procedures;
 * (set up work groups and) give access rights relevant to (groups’) needs;
 * Do not allow unencrypted data to be stored (on portable media)//encrypt data;
 * run anti-virus software.