What is your opinion of the recent controversy over government monitoring of citizens' phone and email communications? Consider: Should a line be drawn on further invasions of privacy?
please read the attach material.
Module 3: Information Systems Ethics: Privacy, Accuracy, Intellectual Property, and Accessibility
Topics
Introduction Privacy Issues in Information Systems Accuracy and Accountability Issues in Information Systems Intellectual Property Issues in Information Systems Access in Information Systems
As you have read in previous modules, the rapid growth of information technology has provided tremendous opportunities as well as ethical challenges. In this module, we will discuss some of the specific issues related to the areas of privacy, accuracy, intellectual property, and accessibility. How we think about these issues, how we value these concepts in our society, and why we might value them specifically in a democratic society are important issues that we should consider in this course.
Privacy Issues in Information Systems
What is privacy? Webster gives the following definition: "the quality or state of being apart from company or observation" (Merriam-Webster Inc. 2003, 988). On a more political level, the U.S. government began to address the issue of privacy, at least in part, in the Bill of Rights, which is the first ten amendments of the U.S. Constitution. Take a look at how the First Amendment addresses the protection of free speech and expression by clicking on First Amendment. Click on the Fourth Amendment to see how it relates to privacy by addressing the issue of unreasonable search and seizure.
The forms of protection granted to citizens in the Bill of Rights are individual protections. As a society, we in the United States value the way our rights are formulated, often without thinking about specific rights and why they are important in a free society. Certainly, we are all familiar with popular visions of societies where there is a lack of individual privacy, from George Orwell's 1984 (1948) or Ray Bradbury's Fahrenheit 451 (1953) to popular modern movies such as Enemy of the State (1998), Gattaca (1997), and The Net (1995). As information technology professionals, managers, and citizens in an information society, we have a need to deepen our understanding beyond these fictional examples, as compelling and imaginative as they may be.
Quoting from An Anatomy of Values: Problems of Personal and Social Choice by Charles Fried (Fried, 1970, p. 141), Manuel Velasquez, in Business Ethics: Concepts and Cases (Velasquez, 1992, p. 396), describes privacy as "the right of persons to determine the type and extent of disclosure of information about themselves." Velasquez makes the point that physical and psychological privacy are separate subsets, but that physical privacy tends to protect psychological privacy, e.g., security of our person and property tends to protect the privacy of our thoughts, feelings, plans, personal beliefs, and desires. Velasquez suggests three aspects that should be considered when collecting information (about employees) (Velasquez, 1992, pp. 399–400):
1. relevance
2. consent
3. methods
Velasquez provides a useful perspective on the vast impact the Internet and modern computing environments have made on the traditional realm of privacy and privacy rights. First, the virtual world of information and networks is in some ways closer to our "psychological space" than to our physical space. Anonymity, for example, is easily achieved in cyberspace, but far more difficult in a face-to-face context. Second, the three aspects of relevance, consent, and methods have been radically altered by information technology. The most irrelevant data may be collected, at low or no cost to the collector, as we surf the Internet or input information into our computers, and this data can then be turned into something potentially valuable by inexpensive, high-capacity computing capabilities. Consent is often optional, or unsolicited, as evidenced by the extensive use of cookies.
Companies, agencies, and organizations using the Web to attract and service customers are now being asked hard questions about just what they are collecting with these cookies, and what they intend to do with the information they collect. Methods of data-gathering, extraction, interpretation, and sharing in larger sets have become subtle and sophisticated, diverse, and low-cost. The Web is today's work and recreation place, and pervasive information technology—bringing so many benefits—also brings challenges to the ethics of business and management, particularly in the privacy arena.
In her book Legislating Privacy (1995), Priscilla Regan identifies three subtypes of privacy: information, communications, and psychological. Dr. Regan suggests that when we approach privacy as an individual right, we make less effective arguments in the development of public policy—and are at risk legally as lawmakers struggle to deal with the infosphere.
She recommends that we focus on privacy's social importance, and its role in a democracy of citizens who govern themselves. Many privacy advocacy groups share this objective. When we look at privacy issues as common public interests, we can see the relationship between privacy issues and the teleological theories studied earlier, such as the common good approach.
Reviewing the legal definitions of privacy (including status and types of bills currently before Congress on this subject) will help define the issue. Laws in the United States and other countries appear to trail technological change. Good sources for information and breaking news include the Electronic Frontier Foundation and Privacy.org. Excellent reference materials are provided by the Federal Trade Commission – Privacy Initiatives site, including testimony before Congress and a number of reports to Congress on Internet privacy issues. Also, the Department of Justice Criminal Division maintains a Web site specifically related to CyberCrime. These resources are provided so that you can search out particular areas of interest and become familiar with current issues and pending legislation.
Key privacy issues to keep in mind include both governmental and commercial "surveillance" and "collection." Much of this surveillance and collection is participatory. We often voluntarily provide requested information because we expect a good in return, such as discounts on grocery items or targeted mailings about services we like or need, or because we want to gain personal access to information, credit, or a favorite interest group. These data-collection and consolidation systems can range from frequent shopper cards to credit card and frequent flyer applications to cell phone monitoring conducted by your wacky neighbor or the government.
An evaluation of the issue of the sharing of personal data by third parties must include the cost and benefit to individuals, groups, and society, as well as the rightness and wrongness of the particular act of sharing. Although most of the laws and standards we have relate to non-electronic data (note that the Privacy Act of 1974 preceded widespread use of the Internet and computing), our ethical code is challenged by the immediacy, ease, and convenience of data-sharing via modern computing systems.
One of the extremely useful capabilities of information systems is the ability to manage information in new ways by linking and bringing together data previously contained in independent, discrete systems. Although this practice, frequently referred to as computer matching, may be a powerful management tool for organizations, this same capability can produce unintended results with detrimental consequences. For example, I may provide various pieces of personal information on an as-needed basis. My doctor has certain medical information, my financial institutions have different data, my employer has specific data relating to employment, and my new mortgage broker has yet another set of data. However, were this information combined, it would now present a consolidated set of information that I may not want any individual or organization to possess. Numerous cases have appeared in the press where data from individual systems have been matched and combined to provide much larger sets of information.
Consider the following: Each citizen has an average of seventeen files in various federal agencies and administrations. This creates a scenario where "Social Security data has been matched with Selective Service data to reveal draft resisters. IRS data has been matched with other administrative records to tease out possible tax evaders. Federal employment records have been matched with delinquent student loan records to identify some 46,860 federal and military employees and retirees whose pay checks might be garnished" (Mason, 1986, p. 7).
The power of this information consolidation allows businesses and agencies to provide better service and to manage operations more effectively. This consolidation can also help uncover criminals. Often, demands for individual privacy are really demands for anonymity, and these demands may be made to protect people from prosecution for a crime. Again, the Fourth Amendment prevents unreasonable search and seizure, and the First Amendment protects freedom of expression—and yet these same rules are used to hide crimes. The earliest popular use of Internet encryption schemes—specifically, one-time encryption and complex, extremely difficult-to-crack, privately developed encryption—were in demand by Internet users who were committing crimes in some jurisdictions. Pornography peddlers and drug dealers were among the earliest customers, and they pushed the production envelope of better and better encryption schemes for voice and data.
Now, as more information about us is "out there," we want to be able to control that information and to ensure that it is accurate and not misused by second or third parties. An additional concern is how much information should be available to law enforcement and other regulatory agencies for legitimate identification and enforcement activities. In fact, it may be that the real issue about Internet privacy is as much about accuracy and accountability as it is about a real desire or need for privacy in its various forms.
Accuracy and Accountability Issues in Information Systems
Horror stories abound regarding database inaccuracies and lack of accountability. A survey conducted in 2004 by the National Association of State PIRGS (public interest research groups) found that 79 percent of the credit reports received contained inaccuracies, with 25 percent of the reports containing errors that could result in an individual being denied credit (Cassaday, 2004). The Federal Trade Commission (FTC) has sponsored an annual National Consumer Protection Week for the last seven years, and the focus of the 2005 event was Identify Theft. The FTC reports identity theft losses to businesses that run $50 billion dollars annually, to say nothing of the losses to individuals, including the time and legal fees to clear their good name (Federal Trade Commission, 2003).
Many of the organizations and resources that focus on privacy are, by implication, also concerned with accountability and accuracy. However, although privacy often is discussed in terms of the individual, when we discuss accountability and accuracy in data, we are much more likely to be talking about commercial entities, organizations, and the government—those that create, maintain, sell, and use large databases. Court dockets are full of cases trying to determine who is at fault, who is accountable, and how data integrity will be restored if it has been violated.
A quick review of FTC news releases will indicate the range of concerns, from groups making false claims of client-privacy protection to organizations providing few or no means to correct inaccurate data in their databases to those that illegally or unethically sell or use their data for non-prescribed purposes. False advertising and a "buyer beware" attitude have been around forever, but the Internet and modern computing capabilities compound the issues, and the damage done may be far more pervasive to individuals, to groups, and even to society than ever before.
Privacy and accountability are linked, especially when information technology has challenged traditional ideas of privacy. Think about this: Lending or trading information bits about myself (my profile, preferences, likes, dislikes, or habits) can make it easier and cheaper for me to shop at my favorite stores, so how do I know when there is a problem? Usually, it is when trust between me and the other contractual partner is damaged or broken. Sometimes, this occurs when my assumptions about the ethical use of my data do not match the legal allowances for the use of my data. It could be that I am harmed or inconvenienced because my privacy has not been fully secured. For example, if the sale of my personal data to a third party vendor results in frequent marketing emails and solicitations, I may feel that the possible value of new retail opportunities is overshadowed by the volume and inconvenience of unsolicited advertisements. Where does the accountability lie? Who owns what? And if it's a matter of contract violation, is that contract explicit or implicit?
The federal government has recognized another area where protecting the privacy of information is vital: the transmission of medical data within our health care system. The Health Insurance Portability and Accountability Act (HIPAA), which became public law in 1996, requires Health and Human Services (HHS) to adopt national standards for electronic transactions to improve the efficiency of the health care system. Congress acknowledged that current information technology puts the privacy of health information at risk, and it incorporated provisions requiring the adoption of federal privacy protections for any health information that could be identified to an individual. HHS then published national standards for the protection of such information in its Privacy Rule, which was finalized in 2002.
Under the Privacy Rule, covered entities, including health plans, clearinghouses, and health care providers who conduct transactions electronically are required to take certain precautions to ensure that individually identifiable health care information is appropriately protected. Anyone working in a doctor's office, in a medical insurance company, or for certain third-party administrators will be very aware of the need to comply with the rule and protect individual information. This legislation goes a long way toward protecting data related to an individual's medical information as it relates to health plans; however, there still exist significant medical data not protected under HIPAA.
Many of the examples you will see in this module concern employer accountability and employee privacy assumptions and realities. Some cases involve commercial or possibly governmental violation of an individual's privacy, and other cases focus on an individual violating the privacy of another person using the Internet. Electronic criminal harassment and stalking, caller ID technology, and criminal or other mischief conducted through the Internet should all be explored as you think of privacy, accuracy, and accountability as individual and social goods.
The explosion of the Internet and business conducted over the Internet leads us back to a consideration of the free market and its nature. The free market—indeed, any marketplace—exists because people wish to trade various goods and values. Your personal information has value—and you may knowingly and sometimes unknowingly trade it. One interesting phenomenon of the Information Age is how we are now thinking about and understanding more clearly the concept of information property ownership and, relatedly, the idea that information has measurable (and marketable) value.
You can see the role of contractarian ethics in the marketplace: If you cheat me, I will be unlikely to trade with you in the future. Or, if I am rewarded for sharing my information (value) with you, I'll be likely to continue to trade with you and will recommend you to my friends and neighbors. Companies are rapidly learning that marketplace consumers increasingly value their data points, their privacy, and the level of accuracy and trust in the accountability of the database keepers. This is the caveat vendidor warning mentioned in module 1.
Intellectual Property Issues in Information Systems
As we examine property issues in information systems, it is helpful to know a little background. Our ideas about individual property and property rights, like our ideas about privacy, are somewhat new. The Scottish Enlightenment of the 1700s provided the basis for many of our current views about property ownership and property rights. The economic theories of Adam Smith, author of The Wealth of Nations (1776), were extremely influential during the Enlightenment. Along with Smith, Edmund Burke and Samuel Johnson contributed to the intellectual environment of the Enlightenment, along with John Stuart Mill, Immanuel Kant, and Jeremy Bentham, key thinkers about ethics with whom we became familiar in module 1. Interestingly, the drafters of the U.S. Constitution were guided by ideas that came about during the Enlightenment, particularly those of John Locke.
Locke, whose writings were published in the late 1600s, was one of the initiators of the Scottish Enlightenment and our modern ideas of capitalism. The following reflects his influential views on property and property claims:
The Labour of his Body, and the Work of his Hands, we may say, are properly his. Whatsoever then he removes out of the State that Nature hath provided, and left it in, he hath mixed his Labour with, and joyned to it something that is his own, and thereby makes it his Property. (Locke, 1988, p. 239)
Locke believed that mixing one's labor with nature, making or creating something by hard work, talent, and effort, conferred undeniable property rights to the person—even if the person did not purchase the basic "nature" that he improved or whether or not he had a title.
Fast forward to the present … property rights, claims, ownership, and contractual exchange of property all create a complex environment, at least in the West, where legal agreements and common understanding of property laws is widespread, and where many lawyers are employed in managing, interpreting, and modifying property law every day. The current notion of what property is, new as it may be, is challenged further by the nature of information technology—both of the information itself and of the distribution and accessibility of that information. Velasquez notes that "property consists of a bundle of rights that attach to some identifiable asset" (Velasquez, 1992, p. 380), and in IT, we are still identifying and defining this "bundle of rights."
Property Rights and Law
Many of us in the United States have never really thought about the evolution of property law in this country and may take property rights for granted. Just as a foundation in traditional ethical theories supports our current ethical decision-making, an understanding of the evolution of property rights can support us as we encounter current and developing issues of property and its ownership in the information technology arena. In fact, our current collective views toward, and definitions of, property rights have been influenced both by eighteenth-century philosophers and by the cumulative experiences of millions of people. Hernando de Soto, in his The Mystery of Capital (2000), describes the evolution of Western thinking about property rights and the legal documentation of rights over time.
Consider the following history. In the 1600s, titles to large swathes of land in America were granted to those favored by the King of England, and for parts of the New World colonized by other European countries, similar bequests were made. Yet, over time, hundreds of thousands of settlers from all parts of Europe also laid claim to the same land. Often, four or five separate claims to the same piece of property existed in the courts, and resolution was not always peaceful. In some cases, government soldiers or community-raised militias battled neighbors and citizens and left brutality, death, and destruction in their wake.
De Soto describes how, over time, various kinds of existent property law were rationalized, and ideas of justice evolved into a legal set of definitions that provided predictability, reliability, and confidence in the property system. This reliability and confidence allowed simple soil and rocks to become tradable capital, something worth more than it might otherwise have been because it could be used as collateral for loans and be bought and sold with confidence. De Soto and others have noted that the evolution of the concept of property has developed differently around the world than in the United States.
The settlement of the United States brought with it numerous issues and struggles related to the concept of property ownership. The Common Laws by which England ruled did not address the property issues that the colonists faced in the New World. Individual land grants that often overlapped, squatters and homesteading were new concepts. Before and after the American Revolution, various attempts to codify property rights were made. The struggle over property rights continued throughout the eighteenth and nineteenth centuries, fueled by events such as the California Gold Rush and the 1862 Homestead Act. Locke's philosophy of creating value by using one's labor to develop raw land supports the practice of homesteaders' working the land for five years in return for ownership (de Soto, 2001).
However, the world of information technology is less about physical property and more about intellectual property, a fact that introduces new ethical dilemmas. There is a delicate balance between using the Internet and new technologies to distribute information to an ever-widening audience in constructive ways and, at the same time, protecting the rights of the innovators and creators of such information.
|
Try This 3.1: WIPO Tutorial on Property Rights - Please go to My Tools -> Self Assessments-> to complete this self assessment. |
As noted in the WIPO tutorial, the protection of intellectual property provides value to the creator and fosters innovation among others. As more and more organizations establish their competitive advantage and acknowledge the value of knowledge and information, the need to protect intellectual property becomes extremely critical. In modules 4 and 5, we will discuss specific areas of technology and how they can be protected. Additionally, we will look at the fine balance between protection and the sharing of advancements and information for the greater good of all. Information property rights are preserved in patents and copyrights; yet, as in the 1800s, we need to examine the rights of all parties involved and look at the benefit of both individuals and society at large.
We've discussed the Scottish Enlightenment and the three aspects of property protection mentioned above with the intent of creating a better understanding of the past so that you can consider how information technology has changed our world. It is up to us to decide how to manage and maximize the positive effects of that change.
Capital
To understand property generally and in an information era specifically, we must understand the idea of capital. Capital is anything with perceived value—hence, intellectual capital that you can't see, touch, smell, or hear nevertheless satisfies the definition. Capital assets include both tangible and intangible goods. Capitalism is an economic system that relies on the private and/or corporate ownership of capital goods. Information, as a capital good, must be perceived by at least one other individual as having value, or being useful. Keep in mind that in previous eras of economic growth and technological expansion, some natural resources, inventions, or scientific discoveries were not perceived as useful until later, after the means to utilize the resources, inventions, or scientific information were found.
A commonly shared perception of usefulness or desirability might be thought of as a market. Once there is a market (created by information and demand), the capital (often intangible or incidental) is of increased interest to the current or potential owner because it is now "valuable." If I own something that you will pay for, then ensuring my property rights becomes a concern, whereas it may not have been otherwise. Property rights, as they relate to capital, or value, are societal rights—they are described, ensured, granted, and preserved through communities, states, or governments. Therefore, ethics do apply and should be considered in discussions of capital, capitalism, and property rights.
|
Try This 3.2: Napster Ethics - Please go to My Tools -> Self Assessments-> to complete this self assessment. |
From a privacy perspective, unauthorized or unnecessary access to information by persons or organizations is a problematic ethical issue. Unauthorized or unethical access or use of the intellectual property, personal information, or information products of others can be an ethical societal problem that denigrates overall intellectual productivity and other forms of producing value. In both cases, we are discussing the preservation of access. On the other hand, in a society where the economy and democracy are based on access to information technology, then denial of access within the population can be an ethical issue. Further, access to information technology is related to literacy, and through literacy, democracy and economic productivity. This raises the question of what is in the best interest of the common good. How do we maximize the benefit for the greatest number?
An example from history with modern parallel of the impact of access is Gutenberg's printing apparatus. This rapid printing system made it possible for people outside of the Roman Catholic Church hierarchy to own and read the Bible, as well as other books and treatises. This expanded access to information was the result