Can the police search your computer at work without

a warrant but have the blessing of the company?

Do companies have the right to spy on their
employees at work?
Can companies claim copyright on the look and feel
of their web sites?
Is it legal to collect and sell customer data?
Can Facebook keep your posted images/videos/texts
even after you close your account?
Who has the ownership of the customer data stored
by Futureshop on IBMs server?
If the data is stolen and customer suffers lost, who is
responsible?
1

Can the police search your private computer

without a warrant?
How about your office computer, if they have
your companys consent?
How about the companys IT technician? Do
companies have the right to search your
computer at work without a warrant?
Source:
http://www.canada.com/story_print.html?id=503e559c1e0c-4baa-9111-298785e1bc62&sponsor=
2

Michael Liu
University of Waterloo

There are two major sources for these slides:

From the textbook written by Laudon, Laudon and
Brabston (2009). Management Information Systems:
Managing the Digital Firm, Fourth Canadian Edition,
Toronto, Pearson Prentice Hall, 2009 Pearson
Education Canada
From the lectures developed by Dr. Anne Pidduck

Textbook Chapter 04

Responsibility

Accepting the potential costs, duties, and obligations for

decisions

Accountability

Mechanisms for identifying responsible parties; who is

responsible?

Liability

Permits individuals to recover damages done to them

Due process

Laws are well known and understood, can appeal to

higher authority

Implications to the use of IS

It is not about technology, but how it is used

6

Ethical: Principles of right and wrong that

individuals use to make choices to guide their
behaviors
Social: affecting people or communication
Legal/Political: knowing the law and working
within its limits

Picture source: http://www.bunker8.pwp.blueyonder.co.uk/images/justice2.gif

Ethical and Social Issues

1.
2.
3.
4.

5.

Personal information rights and

obligations
Digital property rights and
obligations
System quality
Accountability, liability and control
Quality of life
Examples of each?
Picture source: http://themoderatevoice.com/wordpress-engine/files/2009-april/LeftRightWrong.jpg

Technology Trends

What does a friend of a friend of a friend know about you?

- By The Office of Privacy Commissioner of Canada

Video source: http://www.youtube.com/privacycomm#p/u/1/X7gWEgHeXcA

Picture source: http://deonbinneman.files.wordpress.com/2009/12/j0426621.jpg

10

Relationship Awareness

Google and
Privacy
Online
Surveillance
Video source: YouTube

11

Article Title: A Cartoon Fan Won a Nobel Price

During the interview, the professor admits that
Yes, I do watch cartoons like Pocoyo I try to do
that every chance I get
Editors comments:
What would happen to this wonderful world if its
future is led by professors interested in childish
cartoons?

12

Article Title: Jean Chretien Praised Steve Harper as a

Great leader
Quote from former prime minister John Chretien
Yes, I think prime minister Harper is a
great leader

Name
Gender
Age
Your
Name:
Birthplace
(aaway
famous
Get
from
School
attended
my daughter,
Hobby/Interest
your freak!
Photo

Su Shiyou
Chinese
general)
Hug?

Hollywood
actress Gwyneth
Paltrow named
her daughter
Apple.
Image Source: http://globelogger.com/2009/11/uncovering-steve-jobs-presentation-secrets.html
http://photos.ibibo.com/photo/4731301/funny-baby-pictures-kissing-a

How an innocent picture got out of control

http://news.6park.com/newspark/index.php?app=
news&act=view&nid=124575

15

Source:
http://www.escapistmagazine.com/forums/r
ead/7.79407-Student-Teacher-Fired-LosesCollege-Degree-for-Drunken-MySpace-Pic

16

For information posted on the net, you have

no control of
How it is used
In part or in whole
Prank, ridicule, spam, identify theft

How it is interpreted
Misunderstood, embarrassed, intentional or accidental

17

What is personal information (PI)?

Personally identifiable

Rights about PI?

Obligations about PI?

Image Source: http://www.abine.com/blog/2012/when-delete-means-delete-the-inside-story-of-our-ftc-complaintagainst-beenverified-com/personal-information-collection/

18

Personal information defined in Section 2 of ATIPPA. It

reads:
the individual's name, address or telephone number,
the individual's race, national or ethnic origin, colour, or
religious or political beliefs or associations,
the individual's age, sex, sexual orientation, marital status or
family status,
an identifying number, symbol or other particular assigned to
the individual,
the individual's fingerprints, blood type or inheritable
characteristics,
information about the individual's health care status or history,
including a physical or mental disability,
information about the individual's educational, financial,
criminal or employment status or history,
the opinions of a person about the individual, and
19
the individual's personal views or opinions

Privacy: Claim of individuals to be left alone, free

from surveillance or interference from other
individuals, organizations, or the state.
Personal Information Protection and Electronic
Documents Act (PIPEDA) establishes principles
for collection, use, and disclosure of personal
information
Needs informed consent to collect and use customer
data
Similar rules exist in European Directive on Data
Protection
It is much stricter than US legislation

Provinces have parallel legislation

20

When online, what information is PI?

Dual

Dual ownership

Too easy for web sites to collect online data

Web bugs and spyware can be installed

Bug
surreptitiously
Cookies are used to collect information from Web
site visits Cookie
Wearable and portal technology like Google Glass,
smartphone, iWatch etc.

The evil of data broker Broker

The rumor of the US Prism Project
The Point: Online Privacy is Dead

Glass

21

You make a purchase on Futureshop.ca. who

owns the following data?

The fact that you visited Futureshop.ca

Who visited my site (Futureshop.ca)
What pages you visit
What pages being visited
How long you stay on the home page
How long the home page is being viewed
What you buy
What is sold

Image Source:
http://www.someecards.com/usercards/viewcard/MjAxMi
1jNjFkOTEyMjE4NDQ4YzQ2

22

Web sites can store and use your data for

whatever they want and forever they want
Video: Facebook changes its Terms of Service
The latest one is even worst!
http://asmp.org/fb-tos#.UnplOjXNjfI

Challenges
Image Source: http://www.theadminzone.com/forums/showthread.php?p=672116

23

Cookies identify Web Visitors

What does it mean:
4c812db292272995e5416a323e79bd37?
The users favorite movies include "The Princess
Bride," "50 First Dates" and "10 Things I Hate About
You." It knows she enjoys the "Sex and the City"
series. It knows the user browses entertainment
news and likes to take quizzes.
http://www.macloo.com/examples/javascripts/cookiepage.htm
http://www.barelyfitz.com/projects/tabber/example-cookies.html
http://support.free-conversant.com/examples/cookies/index

Figure 4-4

24

The first time a site is visited, it installs a

tracking file, which assigns the computer a
unique ID number. Later, when the user visits
another site affiliated with the same tracking
company, it can take note of where that user was
before, and where he is now.

A tracking file on MSN.com: It had a prediction of a

surfer's age, ZIP Code and gender, plus a code
containing estimates of income, marital status, presence
of children and home ownership,
Microsoft said that they didnt know how the file got
there and added that it contained no personally
identifiable information.

25

What does it mean: 4c812db292272995e5416a323e79bd37?

The users favorite movies include "The Princess Bride," "50 First
Dates" and "10 Things I Hate About You." It knows she enjoys the "Sex
and the City" series. It knows the user browses entertainment news
and likes to take quizzes.

The study found that the nation's 50 top websites on average

installed 64 pieces of tracking technology onto the computers of
visitors, usually with no warning. Two third are by companies in
the business of tracking users
Winner: dictionary.com with 234 cookies, 223 of which were from
data brokers!

Source:
http://online.wsj.com/article/SB1000142405274870394090457
5395073512989404.html
A study done by AT&T in fall 2009 found tracking technologies
on 80% of the top 1000 popular sites
Challenges
26

http://www.usadata.com/
http://www.charitybase.net/
Selling and buying data is a multibillion dollar
business, largely unregulated
Choicepoint is one of the largest data broker in
the world
IRS signed a five-year $200M contract to access its
data
Data source: public filing, financial records, loan
applications provided by police department, school
district, department of motor vehicles, local courts.

27

What are the problems caused by the

proliferation of data brokers?
What do they collect?
If your name and other personal information
were in this database, what limitations on
access would you want?

(a) government agencies

(b) your employer
(c) other business firms
(d) other individuals
Challenges
28

Writing on CreativeGood.com, Mark Hurst is

trying to alert people to just how frightening
Google Glass might be. As he puts it: "From
now on, starting today, anywhere you go
within range of a Google Glass device,
everything you do could be recorded and
uploaded to Google's cloud, and stored there
for the rest of your life. You won't know if
you're being recorded or not; and even if you
do, you'll have no way to stop it."
Source: http://www.techradar.com/news/mobile-computing/google-glass-say-goodbye-toyour-privacy-1134796

29

Every time we talk about a new social media network or

online marketing move, privacy is an issue. But according to a
new survey conducted by the USC Annenberg Center for the
Digital Future and Bovitz Inc., its going to be less of a
concern in the near future. Why? Not because were working
on ways to make the internet more secure, but because
Millennials arent as concerned as their elders.

Source: http://www.marketingpilgrim.com/2013/04/online-privacy-is-dead-says-study-and-millennials-are-okay-with-that.html

30

Better product
and service

Invasion of
privacy

31

Information is the new sugar. Big data, Big sugar. Get candy, get candy, get
candy.
Because big data is like big sugar. The more ubiquitous, abundant, pleasurable,
efficient, and profitable it is, the more we want it. And, sometimes, the more we want it,
the more blinded we are by its consequences.

The first concerns privacys default settings. In his appearance, Professor

Geist generously referred to my work titled, The Devil is in the Defaults.

In short, the architecture of every technology includes a number of design choices. Some
design choices create default positions. For example, a cars default position is stop.
When we enter a car and turn it on, the car is in park. For safetys sake, its design
requires that we consciously put it in gear in order to go. Although it would be possible to
design things the other way around, we recognize the danger of a car that defaults to go
rather than stop. And we have regulated against it.

The biggest threat to privacy is not social networks, or surveillance cameras,

or wireless mobile, or databases, or GPS tracking devices. It is the standard
form contract.

Under current law, almost all of the privacy safeguards built into privacy legislation can be
easily circumvented by anyone who provides goods or services by way of standard form
agreements. By requiring users click I agree to their terms on a take-it-or-leave-it basis,
companies can use contract law to sidestep privacy obligations. In short, this is based on a
mistaken approach to the issue of consent.

Source: http://iankerr.ca/content/2012/06/18/my-appearance-beforeethi/#more-1541

32

Intellectual property (IP) is intangible property

created by individuals or corporations
Protected by:
Trade secret
Copyright
Patent

33

Trade Secret
Intellectual work or product belonging to
business, provided it is not in the public
domain
Supreme Court test for breach of confidence:
1. Information conveyed must be confidential
2. Information must have been
communicated in confidence
3. Information must have been misused by
the party to whom it was communicated

34

Statutory grant protecting intellectual property

from being copied for at least 50 years
Canadian copyright law protects original literary,
musical, artistic, and dramatic works. It also
includes software, and prohibits copying of entire
programs or their parts.
Issues
Look and feel

Unsettled issue
Apple vs. Microsoft
Apple vs. Samsung

Reverse engineering

35

A grant to the creator of an invention, granting

the owner an exclusive monopoly on the ideas
behind an invention for between 17 and 20 years
Patents are intended to promote innovation by
encouraging the timely disclosure of how to make and
use inventions and by protecting investments made to
commercialize inventions.

Originality, novelty, and invention are key

concepts

Canadian Patent Office does not accept applications for

software patent. It is protected under copyright law.
Possible as a conjunction of a system that is traditionally
patentable

US is a bit more relaxed

36

Perfect digital copies cost almost nothing

Sharing of digital content over the Internet
costs almost nothing
A web page may present data from many
sources and incorporate framing
Sites, software, and services for file trading
are not easily regulated
Question: should software be protected by
which law?

37

The
Center for Copyright Information employs the services of
http://readwrite.com/2013/03/12/isp-sixMarkMonitor (often doing business as DtecNet) to detect and monitor
strikes-anti-piracy-systemsuspected
copyright infringement activity. The system of alerts is as
follows:
infographic#awesm=~o8EpVsljnJ0UCJ
The first and second alerts will notify ISP subscribers that their
account has allegedly been used for copyright infringement
Internet
http://en.wikipedia.org/wiki/Copyright_Alert
via the use of bittorrent and provide an explanation of how to avoid
_System
future offenses, as well as direct users to lawful media content
site.[14]
If the users behavior persists, a third and fourth alert will be sent.
These alerts will ask the subscriber to acknowledge receipt of the
messages by clicking a notice.
After a fifth alert, ISPs will be allowed to take "mitigation measures"
to prevent future infringement.
If the ISP did not institute a mitigation measure following the fifth
alert, it must enact one after the sixth alert.

38

No software program is perfect, errors will be

made, even with a low probability
Software manufacturers knowingly ship
buggy products
Cost to delay or not ship software

At what point should software be shipped?

39

Intel is temporarily halting shipments of its new

Sandy Bridge chip platform due to a design flaw
that may cause 5% of chips to fail over the next
three to five years. It's estimated the move will
cost the company $1 billion, which includes
having to fix nearly half a million Sandy Bridgetoting desktop and laptops already out there.
(New York Times)
http://tech.fortune.cnn.com/2011/02/01/today
-in-tech-facebooks-new-comment-system/

40

Nasdaq failed on Friday, May 18, 2011 (first day

of Facebooks IPO) to return order confirmations
to some investors for hours and delayed the start
of trading by 30 minutes because of problems
with its systems.
Nasdaq's liabilities for customer losses are
capped at $3 million per month because of legal
and regulatory protections.
Source:
http://www.reuters.com/article/2012/05/22/usnasdaq-idUSBRE84L06J20120522
41

Accountability: Mechanisms for identifying

responsible parties
Liability: Permits individuals to recover
damages done to them
Computer-related liability problems
Difficult to pinpoint who is at fault.
Programs as machine controllers, as books
(information provider), as a service provider

42

Decentralized control structure

Empower the employees
Flatten the organization

Rapidity of change: Reduced response time to

competition means some jobs lost and
companies out of business
A just-in-time society

Maintaining boundaries: Family, work, and

leisure

Video Source: http://www.youtube.com/watch?v=yrRn7rSif2Q&feature=related

43

Job loss due to new technologies or revised

business processes
Creative destruction
Outsourcing

Health risks: RSI, CVS, radiation, and

Technostress
Ergonomic design

Equity and access: Increasing racial and social

class cleavages
Digital divide

Computer crime/cyber-vandalism: illegal

(stealing data)
Computer abuse: unethical (spam)

44

The Spam Problem (FYI)

Figure 4-8
45

Spam Filtering Software (FYI)

Figure 4-7
46

Identify and clearly describe the facts

Define the conflict or dilemma, and identify
the higher-order values involved
Identify the stakeholders
Identify the options that you can reasonably
take
Identify the consequences of your options

47

Golden Rule: Do unto others as you would

have them do unto you
Immanuel Kants Categorical Imperative: If an
action is not right for everyone to take, then
it is not right for anyone
Descartes rule of change: If an action cannot
be taken repeatedly, then it is not right to be
taken at any time

Picture source: http://4uc.org/secure/496/7550088/download/images/be3.jpg

48

Ethical no free lunch rule: Assume that all

tangible and intangible objects are owned by
someone else, unless there is a specific
declaration otherwise
Utilitarian Principle: Take the action that
achieves the greatest value for all concerned
Risk Aversion Principle: Take the action that
produces the least harm or incurs the least
cost to all concerned

Picture source: http://4uc.org/secure/496/7550088/download/images/be3.jpg

49

Promises by professionals to regulate

themselves in the general interest of society
Promulgated by associations such as the
Canadian Medical Association (CMA), the
Canadian Bar Association (CBA), and the
Canadian Information Processing Society
(CIPS) etc.

Picture source:
http://www.canadiandesignresource.ca/officialgallery/wp-content/uploads/2010/07/logo.jpg
http://www.cba.org/nb/Images/logo_main.gif
http://www.cips.ca/

50

http://www.thestar.com/business/article/10
54396--playing-angry-birds-at-work-costsemployers-1-5-billion

51

Case Study: Ethnical Analysis

-Employee Monitoring Software
SurfControl Monitoring Software

Figure 4-3

52

a worker's right to privacy is technically protected under

state law, but there's a catch.
"All states have a right to privacy based on a 'reasonable
expectation of privacy,'" Overly said. "But the courts have said
that if there is a written policy notifying employees of
monitoring, there is no expectation of privacy."
"By constantly monitoring, what kind of an environment are you
creating there? Companies need to weigh that in their equation,"
she said. "It boils down to human dignity. People just don't want
to be watched all the time, and happy workers are productive
workers," she said.
Corporations are really in a bind, Atkins said. They can be sued
either for violating an employee's privacy by exercising too much
control over electronic communication or Internet use, but also
for not exercising enough control and allowing workers to be
subjected to harassment.
Source:
http://www.wired.com/techbiz/media/news/2001/03/42029

53

Opt-in versus opt-out models of informed

consent
Opt-in: a company can collect customer data only
when the customer explicitly says yes.
Opt-out: a company can collect customer data
unless the customer explicitly says no.
What if a customer says nothing about his/her
preference?

US allows Opt-out
But PIPEDA (Canada) requires opt-in, same
for European countries
54

Industrial Solution
- Privacy Seal

IBM

MS
AC

FB
55

Encryption, enable/disable cookies

Private browsing, manually delete history, temp
files and cookies.
Platform for Privacy Preferences (P3P)
Enables automatic communication of privacy
policies between an e-commerce site and its
visitors (browsers)
Partially supported by IE and Firefox
Privacy policy can become part of the pages
software

56

57

P3P Standard

Figure 4-6
58

Can the police search your computer at work without

a warrant but have the blessing from the company?
Do companies have the right to spy on their
employees at work?
Can companies claim copyright on the look and feel
of their web sites?
Is it legal to collect and sell customer data?
Who has the ownership of the customer data stored
by Futureshop on IBMs server?
If the data is stolen and customer suffers lost, who is
responsible?
Can Facebook keep your posted images/videos/texts
even after you close your account?
59