User:Ltivenan

An Overview of Ethics Ethics Moral code is a set of rules that is about behaviour that is accepted by many. Many different rules often have contradictions. Morality is about right and wrong with social acceptable that is widely shared. Morality has a lot to do with age, cultural group, ethnic background, religion, life experiences. education, and gender. Ethics which is a set of beliefs about right and wrong behavior. When virtues the habits that incline people to do what is acceptable. Vices ones that are social unacceptable behavior. Ethics in the Business World Risk is the product of multiplying the likelihood of an event by the impact of its occurrence. Risks associated with inappropriate behavior have increased. The reason being creating a complex work environments, challenging with revenue and profit. Shareholders, different agencies, and the actual workers are the elements that heightened vigilance. Examples are WorldCom, Qwest Communications International Inc., Adelphia Communications Corp., Computer Associates (CA), and Hewlett-Packard. Code of ethics Creates ethical issues for organizations which identifies overarching values and important principles such as employees on areas of ethical risk. Cannot gain company-wide acceptance because of employee participation and organization’s leadership. Sarbanes-Oxley Act of 2002 which is enacted in response to public outrage over several major accounting scandals. Section 404 requires that the CEO and CFO sign any SEC filing to attest to its accuracy. Section 406 requires public companies to disclose whether or not they have a code of ethics Virtue Ethics Approach Which is a community that focuses on different things. People guided by virtues to reach “right” decision, and more effective than following set of principles/rules Utilitarian approach Chooses action that has best overall consequences, and finds the greatest good by balancing all interests Fairness approach Which focuses on fair distribution of benefits/burdens, and the principles that treat all people the same. Common Good Approach By working together for common set of values and goals. And implement systems that benefit all people Implement the Decision and Evaluate the Results •	Implement the decision –	Efficient, effective, timely implementation –	Communication is key for people to accept change –	Transition plan made easy and pain-free •	Evaluate the results –	Monitor results for desired effect –	Observe impact on organization and stakeholders –	Further refinements may be needed Ethics for IT Professionals •	IT Professionals •	Profession is a calling that requires: –	Specialized knowledge –	Long and intensive academic preparation •	Professionals: –	Require advanced training and experience –	Must exercise discretion and judgment in their work –	Cannot standardize their work –	Carry special rights and responsibilities –	Are IT Workers Professionals? •	Partial list of IT specialists –	Programmers –	Systems analysts –	Software engineers –	Database administrators –	Local area network (LAN) administrators –	Chief information officers (CIOs) •	Are IT Workers Professionals? (cont’d.) •	Legal perspective –	IT workers are not recognized as professionals –	Not licensed by state or federal government –	IT workers are not liable for malpractice •	Professional Codes of Ethics •	State the principles and core values that are essential to the work of an occupational group •	Most codes of ethics include: –	What the organization aspires to become –	Rules and principles by which members of the organization are expected to abide •	Many codes also include commitment to continuing education for those who practice the profession •	Professional Codes of Ethics (cont’d.) •	Benefits individual, profession, and society as a whole –	Ethical decision making –	High standards of practice and ethical behavior –	Trust and respect from general public –	Evaluation benchmark for self-assessment •	Professional Organizations •	No universal code of ethics for IT professionals •	No single, formal organization of IT professionals has emerged as preeminent •	Five of the most prominent organizations include: –	Association for Computing Machinery (ACM) –	Association of IT Professionals (AITP) –	Institute of Electrical and Electronics Engineers Computer Society (IEEE-CS) –	Project Management Institute (PMI) –	SysAdmin, Audit, Network, Security (SANS) Institute •	Certification •	Indicates that a professional possesses a particular set of skills, knowledge, or abilities in the opinion of a certifying organization •	Can also apply to products •	Generally voluntary •	Carries no requirement to adhere to a code of ethics •	Employers view as benchmark of knowledge •	Opinions are divided on value of certification •	Certification (cont’d.) •	Vendor certifications –	Some certifications substantially improve IT workers’ salaries and career prospects –	Relevant for narrowly defined roles or certain aspects of broader roles –	Require passing a written exam –	Can take years to obtain experience –	Training can be expensive –	Workers are commonly recertified as newer technologies become available •	Certification (cont’d.) •	Industry association certifications –	Require a higher level of experience and a broader perspective than vendor certifications –	Lag in developing tests that cover new technologies –	Are moving from purely technical content to a broader mix of technical, business, and behavioral competencies –	Government Licensing •	Generally administered at the state level in the United States •	Requires that recipient pass a test •	Case for licensing IT workers –	Encourages following highest standards of profession –	Encourages practicing a code of ethics –	Violators would be punished •	Without licensing, no requirements for heightened care and no concept of professional malpractice •	Government Licensing (cont’d.) •	Issues with government licensing of IT workers –	No universally accepted core body of knowledge –	Unclear who should manage content and administration of licensing exams –	No administrative body to accredit professional education programs –	No administrative body to assess and ensure competence of individual workers •	IT Professional Malpractice •	Negligence: not doing something that a reasonable person would do, or doing something that a reasonable person would not do •	Duty of care: obligation to protect people against any unreasonable harm or risk –	Reasonable person standard –	Reasonable professional standard •	Professional malpractice: professionals who breach the duty of care are liable for injuries that their Supporting the Ethical Practices of IT Users •	Policies that protect against abuses: •	Set forth general rights and responsibilities of users •	Create boundaries of acceptable behavior •	Enable management to punish violators •	Policy components include: •	Establishing guidelines for use of company software •	Defining and limiting appropriate use of IT resources •	Structuring information systems to protect data and information •	Installing and maintaining a corporate firewall

Computer and Internet Crime •	IT Security Incidents: A Major Concern •	Security of information technology is of utmost importance –	Safeguard: •	Confidential business data •	Private customer and employee data –	Protect against malicious acts of theft or disruption –	Balance against other business needs and issues •	Number of IT-related security incidents is increasing around the world •	Why Computer Incidents Are So Prevalent •	Increasing complexity increases vulnerability –	Computing environment is enormously complex •	Continues to increase in complexity •	Number of entry points expands continuously •	Higher computer user expectations –	Computer help desks under intense pressure •	Forget to verify users’ IDs or check authorizations •	Computer users share login IDs and passwords –	Why Computer Incidents Are So Prevalent (cont’d.) •	Expanding/changing systems equal new risks –	Network era •	Personal computers connect to networks with millions of other computers •	All capable of sharing information –	Information technology •	Ubiquitous •	Necessary tool for organizations to achieve goals •	Increasingly difficult to match pace of technological change •	Why Computer Incidents Are So Prevalent (cont’d.) •	Increased reliance on commercial software with known vulnerabilities –	Exploit •	Attack on information system •	Takes advantage of system vulnerability •	Due to poor system design or implementation –	Patch •	“Fix” to eliminate the problem •	Users are responsible for obtaining and installing •	Delays expose users to security breaches •	Why Computer Incidents Are So Prevalent (cont’d.) •	Zero-day attack –	Before a vulnerability is discovered or fixed •	U.S. companies rely on commercial software with known vulnerabilities •	Types of Exploits •	Most frequent attack is on a networked computer from an outside source –	Can also attack smartphones •	Types of attacks –	Virus –	Worm –	Trojan horse –	Botnet –	Distributed denial of service •	Types of Exploits (cont’d.) •	Types of attacks (cont’d.) –	Rootkit –	Spam –	Phishing •	Viruses •	Pieces of programming code •	Usually disguised as something else •	Cause unexpected and undesirable behavior •	Often attached to files •	Deliver a “payload” •	Viruses (cont’d.) •	Do not spread from computer to computer –	Must be passed on to other users through: •	Infected e-mail document attachments •	Downloads of infected programs •	Visits to infected Web sites •	Macro viruses –	Most common and easily created viruses –	Created in an application macro language –	Infect documents and templates –	Worms •	Harmful programs –	Reside in active memory of a computer •	Duplicate themselves –	Can propagate without human intervention •	Negative impact of worm attack –	Lost data and programs –	Lost productivity –	Effort for IT workers •	Trojan Horses •	Malicious code hidden inside seemingly harmless programs •	Users are tricked into installing them •	Logic bomb –	Executes when triggered by certain event •	Botnets •	Large group of computers –	Controlled from remote locations by hackers –	Without the knowledge or consent of their owners •	Collective processing capacity exceeds that of the world’s most powerful supercomputers •	Estimated that about one in four personal computers in the United States is part of a botnet •	Dealing with “bot” computers within an organization’s network can be expensive •	Distributed Denial-of-Service (DDoS) Attacks •	Malicious hacker takes over computers on the Internet and causes them to flood a target site with demands for data and other small tasks –	The computers that are taken over are called zombies •	Does not involve a break-in at the target computer –	Target machine is busy responding to a stream of automated requests –	Legitimate users cannot get in •	Rootkits •	Set of programs that enables its user to gain administrator level access to a computer without the end user’s consent or knowledge •	Attacker can gain full control of the system and even obscure the presence of the rootkit •	Fundamental problem in detecting a rootkit is that the operating system currently running cannot be trusted to provide valid test results •	Spam •	Abuse of e-mail systems to send unsolicited e-mail to large numbers of people –	Low-cost commercial advertising for questionable products –	Method of marketing also used by many legitimate organizations •	Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act –	Legal to spam if basic requirements are met •	Spam (cont’d.) •	Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) –	Software generates tests that humans can pass but computer programs cannot •	Phishing •	Act of using e-mail fraudulently to try to get the recipient to reveal personal data •	Legitimate-looking e-mails lead users to counterfeit Web sites •	Spear-phishing –	Fraudulent e-mails to an organization’s employees •	Cybercriminals •	Hack into corporate computers and steal •	Engage in all forms of computer fraud •	Chargebacks are disputed transactions •	Loss of customer trust has more impact than fraud •	To reduce potential for online credit card fraud: –	Use encryption technology –	Verify the address submitted online against the issuing bank –	Request a card verification value (CVV) –	Use transaction-risk scoring software •	Cybercriminals (cont’d.) •	Smart cards –	Contain a memory chip –	Updated with encrypted data each time card is used –	Used widely in Europe –	Not widely used in the U.S. –	Hacktivists and Cyberterrorists •	Hacktivism –	Hacking to achieve a political or social goal •	Cyberterrorist –	Attacks computers or networks in an attempt to intimidate or coerce a government in order to advance certain political or social objectives –	Seeks to cause harm rather than gather information –	Uses techniques that destroy or disrupt services •	Establishing a Security Policy •	A security policy defines: –	Organization’s security requirements –	Controls and sanctions needed to meet the requirements •	Delineates responsibilities and expected behavior •	Outlines what needs to be done –	Not how to do it •	Automated system policies should mirror written policies •	Establishing a Security Policy (cont’d.) •	Trade-off between: –	Ease of use –	Increased security •	Areas of concern –	E-mail attachments –	Wireless devices •	VPN uses the Internet to relay communications but maintains privacy through security features •	Additional security includes encrypting originating and receiving network addresses •	Prevention •	Implement a layered security solution –	Make computer break-ins harder •	Installing a corporate firewall –	Limits network access •	Intrusion prevention systems –	Block viruses, malformed packets, and other threats •	Antivirus software –	Scans for sequence of bytes or virus signature •	United States Computer Emergency Readiness Team (US-CERT) serves as clearinghouse •	Prevention (cont’d.) •	Prevention (cont’d.) •	Prevention (cont’d.) •	Safeguards against attacks by malicious insiders •	Departing employees and contractors –	Promptly delete computer accounts, login IDs, and passwords •	Carefully define employee roles and separate key responsibilities •	Create roles and user accounts to limit authority •	Prevention (cont’d.) •	Address most critical Internet security threats –	Keep track of well-known vulnerabilities •	SANS (System Administration, Networking, and Security) Institute •	US-CERT •	Conduct periodic IT security audits –	Evaluate policies and whether they are followed –	Review access and levels of authority –	Test system safeguards –	Detection •	Detection systems –	Catch intruders in the act •	Intrusion detection system –	Monitors system/network resources and activities –	Notifies the proper authority when it identifies: •	Possible intrusions from outside the organization •	Misuse from within the organization –	Knowledge-based approach –	Behavior-based approach •	Response •	Response plan –	Develop well in advance of any incident –	Approved by: •	Legal department •	Senior management •	Primary goals –	Regain control and limit damage –	Not to monitor or catch an intruder •	Response (cont’d.) •	Incident notification defines: –	Who to notify –	Who not to notify •	Security experts recommend against releasing specific information about a security compromise in public forums •	Document all details of a security incident –	All system events –	Specific actions taken –	All external conversations •	Response (cont’d.) •	Act quickly to contain an attack •	Eradication effort –	Collect and log all possible criminal evidence –	Verify necessary backups are current and complete –	Create new backups •	Follow-up –	Determine how security was compromised •	Prevent it from happening again •	Response (cont’d.) •	Review –	Determine exactly what happened –	Evaluate how the organization responded •	Capture the perpetrator •	Consider the potential for negative publicity •	Legal precedent –	Hold organizations accountable for their own IT security weaknesses Privacy •	Privacy Laws, Applications, and Court Rulings •	Legislative acts passed over the past 40 years –	Most address invasion of privacy by the government –	No protection of data privacy abuses by corporations –	No single, overarching national data privacy policy •	Financial data –	Fair Credit Reporting Act of 1970 •	Regulates operations of credit-reporting bureaus –	Gramm-Leach-Bliley Act (GLBA) •	Bank deregulation that allowed banks to merge •	Three key rules affecting personal privacy •	Privacy Laws, Applications, and Court Rulings (cont’d.) •	Opt-out policy –	Assumes that consumers approve of companies collecting and storing their personal information –	Requires consumers to actively opt out –	Favored by data collectors •	Opt-in policy –	Must obtain specific permission from consumers before collecting any data –	Favored by consumers •	Privacy Laws, Applications, and Court Rulings (cont’d.) •	Health Information –	Health Insurance Portability and Accountability Act of 1996 (HIPAA) •	Improves the portability and continuity of health insurance coverage •	Reduces fraud, waste, and abuse •	Simplifies the administration of health insurance •	Children’s Personal Data –	Children’s Online Privacy Protection Act (1998) •	Must notify parents or guardians about its data-collection practices and receive parental consent •	Privacy Laws, Applications, and Court Rulings (cont’d.) •	Electronic Surveillance –	Communications Act of 1934 •	Established the Federal Communications Commission •	Regulates all non-federal-government use of radio and television –	Title III of the Omnibus Crime Control and Safe Streets Act (Wiretap Act) •	Regulates the interception of wire (telephone) and oral communications –	Foreign Intelligence Surveillance Act (FISA) of 1978 •	Monitors communications between foreign powers •	Privacy Laws, Applications, and Court Rulings (cont’d.) •	Foreign Intelligence Surveillance Amendments Act –	Implemented legal protections for electronic communications service providers •	Electronic Communications Privacy Act of 1986 (ECPA) –	Protects communications in transfer from sender to receiver –	Protects communications held in electronic storage –	Prohibits recording dialing, routing, addressing, and signaling information without a search warrant •	Privacy Laws, Applications, and Court Rulings (cont’d.) •	Communications Assistance for Law Enforcement Act (CALEA) 1994 –	Amended both the Wiretap Act and ECPA –	Required the telecommunications industry to build tools into its products so federal investigators could: •	Eavesdrop and intercept electronic communications –	Covered emerging technologies, such as: •	Wireless modems •	Radio-based electronic mail •	Cellular data networks •	Privacy Laws, Applications, and Court Rulings (cont’d.) •	USA PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) 2001 –	Increased ability of law enforcement agencies to search telephone, e-mail, medical, financial, and other records –	Eased restrictions on foreign intelligence gathering in the United States –	Relaxed requirements for National Security Letters (NSLs) –	“Sunset” provisions designated by Congress •	Privacy Laws, Applications, and Court Rulings (cont’d.) •	Export of personal data –	Organisation for Economic Co-operation and Development Fair Information Practices (1980) •	Fair Information Practices –	Set of eight principles –	Model of ethical treatment of consumer data –	European Union Data Protection Directive •	Requires implementing set of privacy directives on the fair and appropriate use of information –	Set of seven principles for data privacy •	Privacy Laws, Applications, and Court Rulings (cont’d.) •	BBBOnLine and TRUSTe –	Independent initiatives that favor an industry-regulated approach to data privacy –	Provide BBBOnLine reliability seal or a TRUSTe data privacy seal –	Seals •	Increase consumer confidence in site •	Help users make more informed decisions about whether to release personal information •	Privacy Laws, Applications, and Court Rulings (cont’d.) •	Access to Government Records –	Freedom of Information Act (FOIA) (1966 amended 1974) •	Grants citizens the right to access certain information and records of the federal government upon request •	Exemptions bar disclosure of information that could: –	Compromise national security –	Interfere with active law enforcement investigation –	The Privacy Act of 1974 •	Prohibits government agencies from concealing the existence of personal data Identity Theft •	Theft of key pieces of personal information to impersonate a person •	Information includes: •	Name •	Address •	Date of birth •	Social Security number •	Passport number •	Driver’s license number •	Mother’s maiden name •	Identity Theft (cont’d.) •	Fastest growing form of fraud in the United States •	Consumers and organizations are becoming more vigilant and proactive in fighting identity theft •	Four approaches used by identity thieves •	Create a data breach •	Purchase personal data from criminals •	Use phishing to entice users to give up data •	Install spyware to capture keystrokes of victims •	Identity Theft (cont’d.) •	Data breaches of large databases •	To gain personal identity information •	May be caused by: •	Hackers •	Failure to follow proper security procedures •	Purchase of personal data •	Black market for: •	Credit card numbers in bulk—$.40 each •	Logon name and PIN for bank account—$10 •	Identity information—including DOB, address, SSN, and telephone number—$15 •	Identity Theft (cont’d.) •	Phishing •	Stealing personal identity data by tricking users into entering information on a counterfeit Web site •	Spyware •	Keystroke-logging software •	Enables the capture of: •	Account usernames •	Passwords •	Credit card numbers •	Other sensitive information •	Operates even if infected computer is not online •	Identity Theft (cont’d.) •	Identity Theft and Assumption Deterrence Act of 1998 was passed to fight fraud •	Identity Theft Monitoring Services •	Monitor the three major credit reporting agencies (TransUnion, Equifax, and Experian) •	Monitor additional databases (financial institutions, utilities, and DMV) •	Advanced Surveillance Technology •	Camera surveillance –	U.S. cities plan to expand surveillance systems –	“Smart surveillance system” •	Facial recognition software –	Identifies criminal suspects and other undesirable characters –	Yields mixed results •	Global positioning system (GPS) chips –	Placed in many devices –	Precisely locate users

Freedom of Expression •	First Amendment Rights •	Right to freedom of expression –	Important right for free people everywhere –	Guaranteed by the First Amendment •	Definition of free speech includes: –	Nonverbal, visual, and symbolic forms of expression –	Right to speak anonymously •	First Amendment Rights (cont’d.) •	Not protected by the First Amendment: –	Perjury –	Fraud –	Defamation –	Obscene speech –	Incitement of panic –	Incitement to crime –	“Fighting words” –	Sedition •	Obscene Speech •	Speech is considered obscene when: –	Average person finds the work appeals to the prurient interest –	Work depicts or describes sexual conduct in an offensive way –	Lacks serious literary, artistic, political, or scientific value –	Defamation •	Publication of a statement of alleged fact that is: –	False –	Harms another person •	Harm is often of a financial nature •	Slander –	Oral defamatory statement •	Libel –	Written defamatory statement •	Legal Overview: Children’s Internet Protection Act (CIPA) •	Federally financed schools and libraries must block computer access to: –	Obscene material –	Pornography –	Anything considered harmful to minors •	Schools and libraries subject to CIPA do not receive Internet access discounts unless they certify that Internet safety measures are in place –	Required to adopt a policy to monitor the online activities of minors •	Legal Overview: Children’s Internet Protection Act (CIPA) (cont’d.) •	CIPA does not require the tracking of Internet use by minors or adults •	Acceptable use policy agreement is an essential element of a successful program in schools –	Signed by: •	Students •	Parents •	Employees •	Legal Overview: Children’s Internet Protection Act (CIPA) (cont’d.) •	Difficulty implementing CIPA in libraries because their services are open to people of all ages –	Including adults with First Amendment rights •	Anonymity on the Internet •	Principle of anonymous expression –	People can state opinions without revealing their identity –	In the wrong hands, it can be a tool to commit illegal or unethical activities •	Anonymous remailer service –	Computer program that strips the originating address from the e-mail message –	Forwards the message to the intended recipient –	Ensures no header information can identify the author •	Anonymity on the Internet (cont’d.) •	John Doe lawsuit –	Identity of the defendant is temporarily unknown –	Common in Internet libel cases –	Defendant communicates using a pseudonym or anonymously –	ISPs subpoenaed to provide the identity –	By filing a lawsuit, the company gains immediate subpoena power –	Defamation and Hate Speech •	Actions that can be prosecuted include: –	Sending threatening private messages over the Internet to a person –	Displaying public messages on a Web site describing intent to commit acts of hate-motivated violence –	Libel directed at a particular person •	Defamation and Hate Speech (cont’d.) •	Some ISPs voluntarily agree to prohibit subscribers from sending hate messages –	Does not violate subscribers’ First Amendment rights because these prohibitions are in the terms of service –	ISPs must monitor the use of their service –	Take action when terms are violated •	Corporate Blogging •	Some organizations allow employees to create their own personal blogs to: –	 Reach out to partners, customers, and employees –	 Improve their corporate image •	Blogs can provide uncensored commentary and interaction –	Criticism of corporate policies and decisions •	Could involve risk that employees might: –	 Reveal company secrets –	 Breach federal security disclosure laws •	Pornography •	The Internet has been a boon to the pornography industry –	More than 4.2 million porn Web sites are accessible –	The sites generate an estimated $4.9 billion a year in revenue –	72 million estimated visitors to porn Web sites monthly •	CAN-SPAM Act –	Deterrent in fighting the dissemination of pornography •	Pornography (cont’d.) •	Reasonable steps to stop access in the workplace –	Establishing a computer usage policy that prohibits access to pornography sites –	Identifying those who violate the policy –	Taking action against those users •	Numerous federal laws address child pornography –	Federal offense to produce or distribute –	Most states outlaw possession as well •	At least 7 states require computer technicians to report child pornography on clients’ computers

Intellectual Property •	What Is Intellectual Property? •	Term used to describe works of the mind –	Distinct and “owned” or created by a person or group •	Copyright law –	Protects authored works •	Patent law –	Protects inventions •	Trade secret law –	Helps safeguard information critical to an organization’s success •	Copyrights •	Established in the U.S. Constitution –	Article I, Section 8, Clause 8 •	Grants creators of original works the exclusive right to: –	Distribute –	Display –	Perform –	Reproduce work –	Prepare derivative works based upon the work •	Author may grant exclusive right to others •	Copyrights (cont’d.) •	Copyright term –	Copyright law guarantees developers the rights to their works for a certain amount of time •	Sonny Bono Copyright Term Extension Act –	Created after 1/1/78, life of the author plus 70 years –	Created but not published or registered before 1/1/78, life of the author plus 70 years; no expiration before 12/31/2004 –	Created before 1978 still in original or renewable term of copyright, 95 years from the date the copyright was originally secured •	Copyrights (cont’d.) •	Types of work that can be copyrighted –	Architecture –	Art –	Audiovisual works –	Choreography –	Drama –	Graphics –	Literature –	Motion pictures •	Copyrights (cont’d.) •	Types of work that can be copyrighted (cont’d.) –	Music –	Pantomimes –	Pictures –	Sculptures –	Sound recordings –	Other intellectual works: •	As described in Title 17 of U.S. Code •	Copyrights (cont’d.) •	Must fall within one of the preceding categories •	Must be original –	Evaluating originality can cause problems •	Fair use doctrine –	Allows portions of copyrighted materials to be used without permission under certain circumstances –	Maintains balance between protecting an author’s rights and enabling public access to copyrighted works –	Factors to consider when evaluating the use of copyrighted material •	Copyrights (cont’d.) •	Fair use doctrine factors include: –	Purpose and character of the use –	Nature of the copyrighted work –	Portion of the copyrighted work used –	Effect of the use upon the value of the copyrighted work •	Copyright infringement –	Copy substantial and material part of another’s copyrighted work –	Without permission •	Copyrights (cont’d.) •	Software copyright protection –	Raises many complicated issues of interpretation –	Copyright law should not be used to inhibit interoperability between the products of rival vendors •	The Prioritizing Resources and Organization for Intellectual Property (PRO-IP) Act of 2008 –	Increased enforcement and substantially increased penalties for infringement •	Copyrights (cont’d.) •	General Agreement on Tariffs and Trade (GATT) –	Trade agreement between 117 countries –	Created World Trade Organization (WTO) to enforce •	The WTO and the WTO TRIPS Agreement (1994) –	Many nations recognize that intellectual property has become increasingly important in world trade –	Established minimum levels of protection that each government must provide to the intellectual property of members –	Copyrights (cont’d.) •	World Intellectual Property Organization (WIPO) –	Agency of the United Nations –	Advocates for the interests of intellectual property owners –	WIPO Copyright Treaty provides additional copyright protections for electronic media •	Digital Millennium Copyright Act (DMCA) –	Civil and criminal penalties included –	Governs distribution of tools and software that can be used for copyright infringement –	Opponents say it restricts the free flow of information •	Copyrights (cont’d.) •	Patents •	Grant of property right to inventors •	Issued by the U.S. Patent and Trademark Office (USPTO) •	Permits an owner to exclude the public from making, using, or selling the protected invention •	Allows legal action against violators •	Prevents independent creation as well as copying •	Extends only to the United States and its territories and possessions •	Patents (cont’d.) •	Applicant must file with the USPTO –	USPTO searches prior art –	Takes an average of 25 months •	Prior art –	Existing body of knowledge –	Available to a person of ordinary skill in the art •	Patents (cont’d.) •	An invention must pass four tests –	Must be in one of the five statutory classes of items –	Must be useful –	Must be novel –	Must not be obvious to a person having ordinary skill in the same field •	Items cannot be patented if they are: –	Abstract ideas –	Laws of nature –	Natural phenomena •	Patents (cont’d.) •	Patent infringement –	Making unauthorized use of another’s patent –	No specified limit to the monetary penalty •	Software patent –	Protects feature, function, or process embodied in instructions executed on a computer •	20,000 software-related patents per year have been issued since the early 1980s –	Patents (cont’d.) •	Before obtaining a software patent, do a patent search •	Software Patent Institute is building a database of information •	Software cross-licensing agreements –	Large software companies agree not to sue each other over patent infringements –	Small businesses have no choice but to license patents •	Patents (cont’d.) •	Defensive publishing –	Alternative to filing for patents –	Company publishes a description of the innovation –	Establishes the idea’s legal existence as prior art –	Costs mere hundreds of dollars –	No lawyers –	Fast •	Patent troll firm –	Acquires patents with no intention of manufacturing anything; instead, licensing the patents to others •	Patents (cont’d.) •	Standard is a definition or format –	Approved by recognized standards organization or accepted as a de facto standard by the industry –	Enables hardware and software from different manufacturers to work together •	Submarine patent –	Patented process/invention hidden within a standard –	Does not surface until standard is broadly adopted •	Patents (cont’d.) •	Patent farming involves: –	Influencing a standards organization to make use of a patented item without revealing the existence of the patent –	Demanding royalties from all parties that use the standard •	Plagiarism •	Stealing someone’s ideas or words and passing them off as one’s own •	Many students: –	Do not understand what constitutes plagiarism –	Believe that all electronic content is in the public domain •	Plagiarism also common outside academia •	Plagiarism detection systems –	Check submitted material against databases of electronic content –	Plagiarism (cont’d.) •	Plagiarism (cont’d.) •	Steps to combat student plagiarism –	Help students understand what constitutes plagiarism and why they need to cite sources –	Show students how to document Web pages –	Schedule major writing assignments in portions due over the course of the term –	Tell students that instructors are aware of Internet paper mills and plagiarism detection services –	Incorporate detection into an antiplagiarism program •	Reverse Engineering •	Process of taking something apart in order to: –	Understand it –	Build a copy of it –	Improve it •	Applied to computer: –	Hardware –	Software •	Convert a program code to a higher-level design •	Convert an application that ran on one vendor’s database to run on another’s •	Reverse Engineering (cont’d.) •	Compiler –	Language translator –	Converts computer program statements expressed in a source language to machine language •	Software manufacturer –	Provides software in machine language form •	Decompiler –	Reads machine language –	Produces source code –	Reverse Engineering (cont’d.) •	Courts have ruled in favor of reverse engineering: –	To enable interoperability •	Software license agreements forbid reverse engineering •	Ethics of using reverse engineering are debated –	Fair use if provides useful function/interoperability –	Can uncover designs that someone else has developed at great cost and taken care to protect •	Cybersquatting •	Trademark is anything that enables a consumer to differentiate one company’s products from another’s –	May be a: •	Logo •	Package design •	Phrase •	Sound •	Word –	Cybersquatting (cont’d.) •	Trademark law –	Trademark’s owner has the right to prevent others from using same mark or confusingly similar mark •	Cybersquatters –	Registered domain names for famous trademarks or company names –	Hope the trademark’s owner would buy the domain name for a large sum of money •	Cybersquatting (cont’d.) •	To curb cybersquatting, register all possible domain names –	.org, .com, .info •	Internet Corporation for Assigned Names and Numbers (ICANN) –	ICANN is adding seven new top-level domains (.aero, .biz, .coop, .info, .museum, .name, and .pro) –	Current trademark holders are given time to assert their rights in the new top-level domains before registrations are opened to the general public Software Development

•	Strategies for Engineering Quality Software •	High-quality software systems: –	Perform quickly and efficiently –	Operate safely and reliably –	Meet their users’ needs –	Required to support the fields of: •	Air traffic control •	Nuclear power •	Automobile safety •	Health care •	Military and defense •	Space exploration •	Strategies for Engineering Quality Software (cont’d.) •	Increased demand for high-quality software •	Software defect –	Could cause a system to fail to meet users’ needs –	Impact may be trivial or very serious –	Subtle and undetectable or glaringly obvious •	Software quality –	Degree to which software meets the needs of users •	Strategies for Engineering Quality Software (cont’d.) •	Quality management –	Defines, measures, and refines the quality of the development process and products developed –	Objective •	Help developers deliver high-quality systems that meet the needs of users •	Deliverables are products such as: –	Statements of requirements –	Flowcharts –	User documentation •	Strategies for Engineering Quality Software (cont’d.) •	Primary cause for poor software quality: –	Many developers do not know how to design quality into software from the start –	Or do not take the time to do so •	Developers must: –	Define and follow rigorous engineering principles –	Learn from past mistakes –	Understand systems’ operating environment –	Design systems relatively immune to human error •	Strategies for Engineering Quality Software (cont’d.) •	Programmers make mistakes in turning design specifications into code –	About one defect for every 7-10 lines of code •	Extreme pressure to reduce time to market •	First release of software –	Organizations avoid buying the first release –	Or prohibit its use in critical systems –	Usually has many defects •	Established software products can also falter: –	When operating conditions change –	The Importance of Software Quality •	Business information systems –	Set of interrelated components including: •	Hardware •	Software •	Databases •	Networks •	People •	Procedures –	Collect and process data and disseminate the output •	The Importance of Software Quality (cont’d.) •	Business information system examples –	Manufacturer’s order-processing system –	Bank’s electronic-funds transfer system –	Airline’s online ticket reservation system •	Decision support system (DSS) –	Used to improve decision making •	Software is used to control industrial processes •	Software controls the operation of many industrial and consumer products •	The Importance of Software Quality (cont’d.) •	Mismanaged software can be fatal to a business •	Ethical questions –	How much effort and money to invest to ensure high-quality software –	Whether products could cause damage and what the legal exposure would be if they did –	Software Product Liability •	Product liability –	Liability of manufacturers, sellers, lessors, and others for injuries caused by defective products –	There is no federal product liability law •	Mainly state law •	Article 2 of the Uniform Commercial Code •	Strict liability –	Defendant held responsible for the injury –	Regardless of negligence or intent •	Software Product Liability (cont’d.) •	Strict liability –	Plaintiff must prove only that the software product is defective or unreasonably dangerous and that the defect caused the injury –	No requirement to prove that the manufacturer was careless or negligent or to prove who caused the defect –	All parties in the chain of distribution are liable •	Manufacturer •	Subcontractors •	Distributors –	Software Product Liability (cont’d.) •	Legal defenses used against strict liability –	Doctrine of supervening event –	Government contractor defense –	Expired statute of limitations •	Negligence –	A supplier is not held responsible for every product defect that causes a customer or third-party loss –	Responsibility is limited to defects that could have been detected and corrected through “reasonable” software development practices •	Software Product Liability (cont’d.) •	Negligence –	Area of great risk for software manufacturers –	Defense of negligence may include: •	Legal justification for the alleged misconduct •	Demonstration that the plaintiffs’ own actions contributed to injuries (contributory negligence) •	Software Product Liability (cont’d.) •	Warranty –	Assures buyers or lessees that a product meets certain standards of quality –	May be expressly stated or implied by law •	Breach of warranty claim –	When the product fails to meet the terms of its warranty –	Plaintiff must have a valid contract that the supplier did not fulfill –	Can be extremely difficult to prove because the software supplier writes the warranty to limit liability •	Software Product Liability (cont’d.) •	Intentional misrepresentation –	Seller or lessor either misrepresents the quality of a product or conceals a defect in it –	Forms of representation •	Advertising •	Salespersons’ comments •	Invoices •	Software Development Process •	Large software project roles •	System analysts •	Programmers •	Architects •	Database specialists •	Project managers •	Documentation specialists •	Trainers •	Testers •	Software Development Process (cont’d.) •	Software development methodology •	Standard, proven work process •	Controlled and orderly progress •	Defines activities in software development process •	Defines individual and group responsibilities •	Recommends specific techniques for activities •	Offers guidelines for managing the quality of software during various stages of development •	Software Development Process (cont’d.) •	Easier and cheaper to avoid software problems at the beginning than to attempt to fix damages after the fact •	Cost to identify and remove a defect in an early stage can be up to 100 times less than removing a defect in distributed software •	Identify and remove errors early in the development process •	Cost-saving measure •	Most efficient way to improve software quality •	Software Development Process (cont’d.) •	Effective methodology protects from legal liability •	Reduces the number of software errors •	If an organization follows widely accepted development methods, negligence on its part is harder to prove •	Software quality assurance (QA) refers to methods within the development cycle •	Guarantee reliable operation of product •	Are applied at each stage in the development cycle •	Include testing before the product ships •	Software Development Process (cont’d.) •	Dynamic testing •	Black-box testing •	Tester has no knowledge of code •	White-box testing •	Testing all possible logic paths in the software unit, with thorough knowledge of the logic •	Makes each program statement execute at least once •	Software Development Process (cont’d.) •	Static testing •	Static analyzers are run against the new code •	Looks for suspicious patterns in programs that might indicate a defect •	Integration testing •	Occurs after successful unit testing •	Software units are combined into an integrated subsystem •	Ensures that all linkages among various subsystems work successfully •	Software Development Process (cont’d.) •	System testing •	Occurs after successful integration testing •	Various subsystems are combined •	Tests the entire system as a complete entity •	User acceptance testing •	Independent testing performed by trained end users •	Ensures that the system operates as they expect •	Quality Management Standards •	ISO 9000 standard –	Guide to quality products, services, and management –	Organization must submit to an examination by an external assessor –	Requirements •	Written procedures for everything it does •	Follow those procedures •	Prove to the auditor the organization fulfilled the first two requirements •	Quality Management Standards (cont’d.) •	Failure mode and effects analysis (FMEA) –	Technique used to evaluate reliability and determine the effect of system and equipment failures –	Failures are classified by: •	Impact on a project’s success •	Personnel safety •	Equipment safety •	Customer satisfaction and safety –	Goal •	Identify potential design and process failures early in a project

The Impact of Information Technology on the Quality of Life •	The Impact of IT on the Standard of Living and Worker Productivity •	Gross domestic product (GDP) –	Measurement of the material standard of living –	Equals total annual output of a nation’s economy •	Standard of living in U.S. and Western countries –	Has improved for a long time –	Rate of change varies as a result of business cycles •	Productivity –	Amount of output produced per unit of input –	Measured in many different ways •	The Impact of IT on the Standard of Living and Worker Productivity (cont’d.) •	United States –	Labor productivity growth 2% annually –	Living standards have doubled about every 36 years –	Modern management techniques and automated technology increase productivity •	Innovation –	Key factor in productivity improvement –	IT has an important role •	IT Investment and Productivity •	Relationship between IT investment and productivity growth is complex –	Rate of productivity from 1995 to 2005 is only slightly higher than the long-term U.S. rate –	Possible lag time between: •	Application of innovative IT solutions •	Capture of significant productivity gains •	Other factors besides IT influence worker productivity rates •	Difficult to quantify how much the use of IT has contributed to worker productivity –	IT Investment and Productivity (cont’d.) •	Factors that affect national productivity rates –	Business cycles of expansion and contraction –	Outsourcing to contractor can skew productivity –	Regulations make it easier to hire and fire workers –	More competitive markets for goods and services –	Difficult to measure output of some services –	IT investments don’t always yield tangible results •	IT Investment and Productivity (cont’d.) •	IT Investment and Productivity (cont’d.) •	Telework/Telecommuting –	Employee works away from the office –	Advances in technology enable communications –	Highly skilled workers demand more flexibility –	Laws passed to encourage telework –	Organizations must prepare guidelines and policies –	Some positions are not suited to telework –	Some individuals are not suited to be teleworkers •	The Digital Divide •	Standard of living –	Level of material comfort measured by the goods, services, and luxuries available •	Digital divide –	Gulf between those who do/don’t have access to: •	Cell phones •	Personal computers •	The Internet –	Gulf among age groups, economic classes, and cities/rural areas •	The Digital Divide (cont’d.) •	Digital divide must be bridged to improve: –	Health –	Crime –	Other emergencies •	Access to IT and communications technology –	Enhances learning –	Provides educational and economic opportunities –	Gives a competitive advantage –	The Digital Divide (cont’d.) •	Education Rate (E-Rate) program –	Created by the Telecommunications Act of 1996 –	Goal to help schools and libraries obtain: •	Access to state-of-the-art services and technologies •	Discounted rates –	Supported with up to $2.25 billion per year from fees charged to telephone customers –	Administered by the Universal Service Administrative Company (USAC) –	Has not gone well but continues today •	The Digital Divide (cont’d.) •	Enhancing Education Through Technology (Ed-Tech) program –	Required by No Child Left Behind Act (NCLB) –	Goals •	Improve academic achievement through the use of technology in schools •	Ensure that every student is technologically literate by the end of eighth grade •	Encourage the effective integration of technology with teacher training and curriculum development •	The Digital Divide (cont’d.) •	Low-cost computers for developing countries –	One Laptop per Child (OLPC) •	Provides low-cost laptop computers for education –	Classmate PC from Intel –	Eee notebook from Asus •	Mobile phone –	Tool to bridge the digital divide –	Many advantages over personal computer •	The Impact of IT on Healthcare Costs •	Rapidly rising cost of healthcare is major challenge •	16.6% of U.S. GNP in 2008 •	Increase due to new medical technology –	Diagnostic procedures and treatments –	Patients sometimes overuse medical resources •	Patient awareness must be raised •	Technology costs must be managed •	Improved use of IT can lead to cost reductions

Social Networking •	What Is a Social Networking Web Site? •	Creates an online community of Internet users that eliminates barriers created by time, distance, and cultural differences •	Allows people to interact with others online by sharing opinions, insights, information, interests, and experiences •	Members may use the site to interact with friends, family members, and colleagues they already know •	Members may also wish to develop new personal and professional relationships •	What Is a Social Networking Web Site? (cont’d.) •	Endless range of interests and a wide range of social networking Web sites catering to interests •	35 percent of U.S. adult Internet users have a profile on an online social networking Web site •	65 percent of teenagers use social networking sites •	Business Applications of Online Social Networking •	Social network advertising –	Uses social networks to inform, promote, and communicate the benefits of products and services •	Social network advertising strategies –	Direct advertising •	Banner ads on social networking Web site –	Advertising using an individual’s network of friends •	People frequently make decisions based on input from their close group of friends •	Ethical issues with exploiting an individual’s personal relationships for the financial benefit of a company •	Business Applications of Online Social Networking (cont’d.) •	Social network advertising strategies –	Indirect advertising through groups •	Interested users can join by becoming “fans” –	Company-owned social networking Web site •	Users can talk about what new products, services, or improvements they would like to see –	Viral marketing •	Users pass along marketing message to others, creating the potential for exponential growth •	The Use of Social Networks in the Hiring Process •	Employers can and do look at the social networking profiles of job candidates when hiring •	Companies may reject candidates who post: –	Information about their drinking or drug use –	Provocative or inappropriate photos –	Discriminatory remarks relating to race, gender, or religion –	Confidential information •	The Use of Social Networks in the Hiring Process (cont’d.) •	Employer cannot legally screen applicants based on race or ethnicity, but: –	Members of social networking Web sites frequently provide sex, age, marital status, sexual orientation, religion, and political affiliation data –	Personal photos may reveal a disability or user’s race or ethnicity –	Individuals may reveal data that are protected by civil rights legislation •	Social Shopping Web Sites •	Combine two highly popular online activities—shopping and social networking •	Shoppers and sellers can share information and make recommendations while shopping online •	Revenue is generated through retailer advertising •	Retailers can design product improvements based on input and get ideas for new product lines •	Great way for small businesses to boost sales •	Social Networking Ethical Issues •	Ethical issues for social networking Web sites are: –	Cyberbullying –	Cyberstalking –	Sexual predators –	Uploading inappropriate material •	Cyberbullying –	Harassment, torment, humiliation, or threatening of one minor by another minor or group of minors via the Internet or cell phone –	43% of teens have experienced cyberbullying •	Social Networking Ethical Issues (cont’d.) •	Numerous forms of cyberbullying –	Sending mean-spirited or threatening messages –	Sending thousands of text messages to victim’s cell phone and running up a huge cell phone bill –	Impersonating victim and sending inappropriate messages to others –	Stealing victim’s password and modifying his or her profile to include racist, homophobic, sexual, or other inappropriate data that offends others or attracts the attention of undesirable people •	Social Networking Ethical Issues (cont’d.) •	Numerous forms of cyberbullying (cont’d.) –	Posting mean, personal, or false information about the victim in the cyberbully’s blog –	Creating a Web site whose purpose is to humiliate or threaten the victim –	Taking inappropriate photos of the victim and either posting online or sending to others via cell phone –	Setting up an Internet poll to elicit responses to embarrassing questions regarding victim –	Sending inappropriate messages while playing interactive games •	Social Networking Ethical Issues (cont’d.) •	Cyberstalking –	Threatening behavior or unwanted advances using the Internet or online and electronic communications –	Adult version of cyberbullying –	Can escalate into: •	Abusive or excessive phone calls •	Threatening or obscene mail •	Trespassing •	Vandalism •	Physical stalking •	Physical assault •	Social Networking Ethical Issues (cont’d.) •	Encounters with sexual predators –	Some social networking Web sites criticized for not protecting minors from sexual predators –	Legislators pushing social networking Web sites to adopt stronger safety measures •	Uploading of inappropriate material –	Social networking Web sites have policies against uploading videos depicting violence or obscenity –	Most Web sites do not have sufficient resources to review all material posted •	Online Virtual Worlds •	Computer-simulated world in which visitor can: –	Move in three-dimensional space –	Communicate and interact with other visitors –	Manipulate elements of the simulated world •	Alternative worlds where visitors go to entertain themselves and interact with others •	Visitor represents self through an avatar –	Character usually in the form of a human but sometimes in some other form •	Online Virtual Worlds (cont’d.) •	Avatars can do everything one can do in real life –	Shop, hold jobs, run for political office –	Develop relationships with other avatars –	Start up new businesses –	Engage in criminal activities •	Virtual worlds have rules against offensive behavior in public, such as using racial slurs or performing overtly sexual actions, but: –	Consenting adults can travel to private areas and engage in socially unacceptable behavior •	Crime in Virtual Worlds •	Criminal acts in a virtual world can be: –	Clearly illegal, such as trafficking in actual drugs or stolen credit cards –	Online muggings and sex crimes that can cause real life anguish but may not be real life crime •	Should law enforcement—real or virtual—get involved in acts that occur in virtual worlds? •	Bad deeds done online can often be mediated by game administrators •	When harm reaches the real world, victims should look to criminal law for protection •	Educational and Business Uses of Virtual Worlds •	New Media Consortium (NMC) –	International consortium of almost 300 organizations –	Explore new media and technologies to improve teaching, learning, and creative expression •	Media Grid’s Immersive Education Initiative –	International collaboration of universities, research institutes, and companies –	Define and develop open standards, best practices, platforms, and game-based learning and training systems Ethics of IT Organizations •	Key Ethical Issues for Organizations •	Ethical topics are pertinent to organizations in the IT industry and organizations that make use of IT –	Use of nontraditional workers –	Whistle-blowing –	Green computing –	ICT code of ethics •	The Need for Nontraditional Workers •	Bureau of Labor Statistics (BLS) forecast –	Employment in IT will grow by 38.3% –	Driven by increasing reliance of business on IT –	Continuing importance of maintaining systems and network security •	Period from 2006 to 2014 –	Highest forecasted growth rate of 50% •	Networking and data communications positions –	Concern about a shortfall in the number of U.S. workers to fill these positions •	The Need for Nontraditional Workers (cont’d.) •	Long-term shortage of IT workers –	Employers turning to nontraditional sources •	Sources include: –	Contingent workers –	H-1B workers –	Outsourced offshore workers •	Ethical decisions about whether to: –	Recruit new/more workers from these sources –	Develop their own staff to meet their needs •	Contingent Workers •	Contingent work is a job situation in which an individual does not have an explicit or implicit contract for long-term employment •	Contingent workers include: –	Independent contractors –	Temporary workers through employment agencies –	On-call or day laborers –	On-site workers provided by contract firms •	Needed for pronounced IT staffing fluctuations •	Workers hired for the life of the project only •	Contingent Workers (cont’d.) •	Sources –	Temporary agencies –	Employee leasing –	Consulting organizations •	Firms that provide temporary help: –	Recruit, train, and test their employees in a wide range of job categories and skill levels –	Assign them to clients •	Contingent Workers (cont’d.) •	Employee leasing –	Business outsources all or part of its workforce to a professional employer organization –	Subject to special regulations regarding workers’ compensation and unemployment insurance •	Coemployment relationship –	Two employers have actual or potential legal rights and duties with respect to the same employee or group of employees •	Contingent Workers (cont’d.) •	Advantages of using contingent workers –	Business does not pay for benefits –	Can continually adjust the number of contingent workers to stay consistent with its business needs –	Does not customarily incur training costs •	Contingent Workers (cont’d.) •	Disadvantages of using contingent workers –	May lack a strong relationship with the firm •	Low commitment to the company and its projects •	High turnover rate –	Workers gain valuable practical experience working within a company’s structure and culture •	Lost when workers depart at the project’s completion •	Contingent Workers (cont’d.) •	When deciding to use contingent workers: –	Recognize the trade-off between: •	Completing a single project quickly and cheaply •	Developing people in the organization –	When staffing is truly temporary: •	Use of contingent workers is a good approach –	Think twice about using contingent workers: •	When they are likely to learn corporate processes and strategies that are key to the company’s success •	Contingent Workers (cont’d.) •	Deciding when to use contingent workers –	Can raise ethical and legal issues –	Potential liability for: •	Withholding payroll taxes •	Payment of employee retirement benefits •	Payment of health insurance premiums •	Administration of workers’ compensation •	Contingent Workers (cont’d.) •	Deciding when to use contingent workers (cont’d) –	Can be viewed as permanent employees by: •	Internal Revenue Service •	Labor Department •	State workers’ compensation agency •	State unemployment agencies –	Vizcaino v. Microsoft lawsuit •	Deciding factor is degree of control company exercises over employees •	Employers must exercise care in the treatment of contingent workers •	H-1B Workers •	Temporary work visa –	U.S. Citizenship and Immigration Services (USCIS) –	For people who work in specialty occupations •	H-1B workers –	Meet critical business needs –	Have essential technical skills and knowledge not readily found in the U.S. –	Employers must pay H-1B workers the prevailing wage for the work being performed •	H-1B Workers (cont’d.) •	Maximum continuous period of six years –	After six years, the foreign worker must remain outside the United States for one year before another H-1B petition can be approved •	Make up less than 0.1% of the U.S. workforce –	Nearly 40% employed as computer programmers •	Continued use of H-1B workers –	Symptom of a larger, more fundamental problem –	U.S. not developing sufficient IT employees •	H-1B Workers (cont’d.) •	Top five outsourcing countries –	India –	China –	Canada –	United Kingdom –	Philippines •	Federal cap set on the number of H-1B visas –	Applies only to certain IT professionals –	Large number of workers are exempt from cap •	H-1B Workers (cont’d.) •	English as a second language –	Workers who are not fluent in English: •	May find it difficult and uncomfortable to participate •	May create their own cliques •	May stop trying to acclimate •	Can hurt a project team’s morale and lead to division •	Managers and coworkers should: –	Strive to help improve H-1B workers’ English skills and cultural understanding –	Be sensitive to workers’ heritage and needs •	H-1B Workers (cont’d.) •	H-1B application process –	Job offer employer must also offer sponsorship –	Application has two stages •	Labor Condition Attestation (LCA) •	H-1B visa application –	If H-1B are more than 15% percent of workforce: •	Must prove that it first tried to find U.S. workers •	Must prove not hiring H-1B after laying off similar U.S. worker •	H-1B Workers (cont’d.) •	American Competitiveness in the Twenty-First Century Act (2000) –	Allows current H-1B holders to start working for employers as soon as their petitions are filed •	Using H-1B workers instead of U.S. workers –	Good for short-term hiring –	Long-term hiring •	Lessens incentive to educate and develop U.S. workforces •	Does nothing to develop strong core of permanent U.S. IT workers needed in future •	H-1B Workers (cont’d.) •	Potential exploitation of H-1B workers –	Salary abuse by unethical companies –	H1-B workers are paid $10,000 to $30,000 less than U.S. workers in the same job –	Visa Reform Act (2004) •	Defined a modified wage-rate system –	At end of the six-year visa term •	If no green card, firm loses worker •	Suddenly unemployed worker must return home •	Outsourcing •	Outsourcing –	Approach to meeting staffing needs –	Long-term business arrangement •	Company contracts with an outside organization that has expertise in providing a specific function •	Rationale –	Lower costs –	Obtain strategic flexibility –	Keep staff focused on core competencies •	Offshore Outsourcing •	Variation of outsourcing –	Services provided by an organization whose employees are in a foreign country •	Companies reduce labor costs •	Increasing in IT industry •	As key processes move offshore, U.S. IT providers are forced to lower prices •	Common to use offshore outsourcing for major programming projects •	Offshore Outsourcing (cont’d.) •	Offshore Outsourcing (cont’d.) •	Offshore Outsourcing (cont’d.) •	Pros and cons of offshore outsourcing –	Low wages •	Increasing due to demand –	Dramatically speeds up development efforts •	Make progress on a project around the clock –	Can also result in new expenses •	Additional time to select an offshore vendor •	Additional costs for travel and communications –	Same ethical issues as H1-B and contingent workers –	Difficulty of communications over long distances •	Offshore Outsourcing (cont’d.) •	Strategies for successful offshore outsourcing –	Expertise in technologies involved in the project –	Project manager speaks native language of employer –	Large staff available –	State-of-the-art telecommunications setup –	High-quality on-site managers and supervisors •	Whistle-Blowing •	Effort to attract public attention to a negligent, illegal, unethical, abusive, or dangerous act by a company •	Whistle-blower –	Usually has personal or special knowledge –	Risks own career –	Might even affect lives of friends and family –	Must choose between protecting society and remaining silent •	Whistle-Blowing (cont’d.) •	Protection laws allow employees to alert authorities to employer actions that are unethical, illegal, or unsafe, or that violate specific public policies •	No comprehensive federal law •	Each law has different: –	Filing provisions –	Administrative and judicial remedies –	Statutes of limitations •	Whistle-Blowing (cont’d.) •	False Claims Act (“Lincoln Law”) –	Enacted during the Civil War –	Enticed whistle-blowers to come forward –	Offered a share of the money recovered •	Qui tam provision allows private citizen to file in name of government •	Violators are liable for three times the dollar amount the government is defrauded •	Provides strong whistle-blower protection •	Complexity requires advice of an attorney •	Whistle-Blowing (cont’d.) •	Whistle-blower protection for private-sector workers –	Laws prevent workers from being fired because of an employee’s participation in “protected” activities •	Whistle-blowers can file claims against their employers for retaliatory termination •	Whistle-blowers are entitled to jury trials •	If successful at trial, can receive punitive damage awards •	Whistle-Blowing (cont’d.) •	Dealing with a whistle-blowing situation –	Assess the seriousness of the situation –	Begin documentation –	Attempt to address the situation internally –	Consider escalating the situation within the company –	Assess implications of becoming a whistle-blower –	Use experienced resources to develop action plan –	Execute the action plan –	Live with the consequences •	Green Computing •	To manufacture truly “green” products, companies must: –	Reduce the amount of hazardous materials used –	Increase amount of reusable or recyclable materials –	Help consumers dispose of their products in an environmentally safe manner at the end of the product’s useful life •	Devices contain thousands of components –	Some harmful to humans and environment –	Entire supply chain at risk •	Green Computing (cont’d.) •	EPEAT (Electronic Product Environmental Assessment Tool) –	Enables purchasers to evaluate, compare, and select electronic products •	Based on a total of 51 environmental criteria •	Products are ranked in three tiers of environmental performance •	European Restriction of Hazardous Substances Directive –	Restricts use of many hazardous materials in computer manufacturing •	Green Computing (cont’d.) •	How to safely dispose of obsolete computers –	Many states have recycling programs –	Some manufacturers have developed programs •	Greenpeace environmental activist organization –	Issues quarterly ratings of manufacturers according to the manufacturers’ policies on: •	Toxic chemicals, recycling, and climate change •	ICT Industry Code of Conduct •	Electronic Industry Citizenship Coalition (EICC) –	Promotes common code of conduct for ICT industry –	Focuses on the areas of: •	Worker safety and fairness •	Environmental responsibility •	Business efficiency –	Coalition membership is voluntary •	Code of conduct defines performance, compliance, auditing, and reporting guidelines across five areas of social responsibility •	ICT Industry Code of Conduct (cont’d.) •	Guiding principles of social responsibility –	Labor •	Must uphold the human rights of workers –	Health and safety •	Must provide safe and healthy work environment –	Environment •	Adverse effects minimized –	Management system •	Ensures compliance with code –	Ethics •	Must uphold the highest standards of ethics