10/24/2023

Case Study 1

PROFESSIONAL ETHICS IN
COMPUTING

Case Study 1 The Ethical Dilemma

◻ Oti works as a data scientist at SocialSpace, a social This scenario poses an ethical dilemma for
media company.
Oti.
◻ He has access to a large amount of confidential user data
that includes personal information like names, locations, Sharing user data without permission
ages, interests, and browsing history. violates the users' privacy and
◻ One day, Oti’s BFF Kevo, who works for an advertising
agency, asks him to share some user data with him so he the confidentiality agreement Oti has with
(Kevo) can improve his ad targeting algorithms. SocialSpace.
◻ Kevo promises he won't misuse the data. However, he feels loyalty to his friend and
◻ Oti is tempted because he wants to help his friend. thinks the data could remain anonymous.

1
 10/24/2023

The Ethically Correct Decision The Ethically Correct Decision

◻ Whichever school of thought you ◻ SocialSpace trusts him with the data, and he
has a duty to honour that trust.
subscribe to in terms of moral
◻ While the benefits to his friend or the ad
philosophies/ethical theories ... agency may seem worthwhile, the risks of
. . . O t i s h o u l d n o t s h a r e t h e harming users and violating ethics codes
confidential data. outweigh them.
◻ Even if Oti anonymises the data, sharing it for
◻ Protecting user privacy should take
unautho rise d purpose s goe s against h is
priority over helping a friend ... professional principles.

The Ethically Correct Decision Professional Ethics

◻ Instead of sharing the data, Oti should explain to ◻ The moral principles and values that
Kevo that doing so would be unethical and offer to
help in some other appropriate way. guide the work and behaviour of
◻ Adhering to ethical principles may sometimes mean professionals in their occupational
d isa p p ointi ng f ri end s or f oreg oin g p otentia l fields.
advantages.
◻ However, following professional ethics ensures Oti acts ◻ Involves reflecting on the moral issues
legally and morally. that arise in one's professional life
◻ It maintains his integrity and fulfills his obligations as a

computing professional.
and determining the right way to act.

2
 10/24/2023

Professional Ethics Key Ethical Principles

These ethical considerations are essential for

promoting responsible and accountable conduct
in the tech industry.
In computing, professional ethics is crucial as we
have special responsibilities given the impact of
computing on society.
Unethical actions can result in harm.
Following ethics leads to fair, safe and moral
outcomes.

Key Ethical Principles Key Ethical Principles

Honesty and Integrity Confidentiality
Being truthful, sincere, and straightforward in all Protecting sensitive company or client information.
professional dealings Not disclosing confidential data.
e.g. transparency in communication and Competence
reporting. Maintaining expertise and performing duties
Not lying, cheating, or stealing. diligently, reliably, and safely.
Objectivity Keeping skills up-to-date.
Basing professional decisions on objective Professional Development: commiting to ongoing
criteria. learning and professional development to stay
current in a rapidly evolving field.
Not emotions, personal values, or biases.

3
 10/24/2023

Key Ethical Principles Key Issues in Computing Ethics

Accountability Privacy and Security/Data Protection
Taking responsibility for one's actions and decisions. Respecting individuals' privacy rights
especially in cases of technological failures or ethical Secure handling of (esp sensitive) personal user data .
dilemmas. Securing computer systems, networks, and data against
Admitting mistakes and failures. unauthorised access.
Respect for Others protect against cyber threats and breaches.
Treating colleagues, clients, and all people with Intellectual Property
respect. Respecting intellectual property rights, including
Not discriminating. copyrights, patents and trade marks.
Ensuring fair treatment in technology development, use, Not plagiarising or pirating software.
and access.

Key Issues in Computing Ethics Key Issues in Computing Ethics

Free Speech Social Responsibility

Allowing free speech while preventing harm. considering the broader societal impacts of
Filtering certain prohibited content. technology
Automation and Bias striving to contribute positively to society.
Ensuring AI systems are transparent, fair and Environmental Responsibility
unbiased. Minimising the environmental impact of
Digital Divide technology
Promoting equal access to technology across e.g., energy consumption and electronic
economic and social divides. waste.

4
 10/24/2023

Key Issues in Computing Ethics Key Issues in Computing Ethics

Ethical Decision Making Rights-based ethics

Employing ethical decision-making frameworks based on the idea of individual rights
to navigate complex ethical dilemmas and asserts that individuals possess certain
conflicts of interest. fundamental rights that must be respected.
Popular Frameworks:
When facing an ethical dilemma, this
Utilitarianism framework requires considering the rights of
Deontological Ethics all parties involved and making choices that
Virtue Ethics do not infringe upon those rights.
Rights-Based Ethics ...

Practical Strategies
Risk-benefit analysis
Weighing the risks and benefits of actions.
Codes Of Ethics
Whistleblowing policy
Reporting unethical conduct through proper channels.
Ethics training
Taking courses on ethics and human values.
Discuss dilemmas
Consulting others when facing an ethical predicament.
Applying codes of ethics
Following industry codes of conduct ...

5
 10/24/2023

Professsional Bodies Professional Body Purpose (cont…)

347 348

A professional body is a formal group ◻ To define standards of conduct

that oversees an area of an industry. ◻ To advise the government and represent

Its purpose is: the profession

To promote study and practice of the ◻ To debate important topics

nominated area and to advance ◻ To set standards for education and

knowledge for the public benefit training
To accredit individuals for their ◻ To provide the opportunity for networking
knowledge, learning and experience… amongst its members

Professional Body Advantages Professional Codes of Ethics

349 350

◻ Ability to share expertise ◻Many professions have

◻P r o v i d e s a c c e s s t o u p t o d a t e established professional societies.
information ◻These have in turn adopted codes
◻ Legal protection for members
of ethics/conduct.
◻ Standardisation of qualifications
◻These codes define and motivate
◻ Provision of periodicals/publications
professional and ethical behaviour
◻ Holding of conferences and training
by its members.

6
 10/24/2023

Professional Codes of Ethics Professional Codes of Ethics

351 352

The computing profession also has Internationally we have several, with the two
largest ones being:
professional societies. The Association for Computing Machinery (ACM);
Locally we have the Computer The Institute for Electrical and Electronics Engineers –
Computer Society (IEEE-CS).
Society of Kenya.
We also have CompTIA IT Pro and Student
Its members are expected to Membership (formerly known as AITP).
operate within the CSK Professional These US based organisations (with
Code of Ethics and practice. inte rnatio nal re ac h) have also adopt ed
professional codes of ethics.

IEEE-CS/ACM Software Engineering Code IEEE-CS/ACM Software Engineering Code

of Ethics and Professional Practice of Ethics and Professional Practice
Established by the IEEE (Institute of Electrical Emphasise the importance of
and Electronics Engineers) NOT ONLY technical excellence but
A set of professional guidelines and codes of ALSO ethical responsibility and consideration
ethics for computer professionals. for the broader societal impact of technology.
Provide ethical standards and principles for When we adhere to these guidelines
individuals and organisations in the field of we build trust
computer science and software engineering.
ensure the responsible development of
they give us a framework for responsible and technology, and
ethical behaviour and professional conduct.
contribute positively to society.

7
 10/24/2023

Historical Context and Development Historical Context and Development

◻ Its development can be traced back to the This started with the formation of various
early years of the software engineering professional organisations and associations.
profession. In 1999, the IEEE Computer Society (IEEE-CS) and
◻I n t h e 1 9 6 0 s a n d 1 9 7 0 s , s o f t w a r e
the Association for Computing Machinery (ACM)
collaborated to create a unified code of ethics.
engineering began to emerge as a distinct
It was spe cifically tailore d to so ftware
profession.
engineering.
◻ With the growing importance of software in
resulted in the "IEEE-C S/A CM So ft ware
various industries, there was a need to Engineering Code of Ethics and Professional
establish ethical standards for practitioners. Practice."

The Principles The Principles

1. Public Interest Public Interest (Principle 1): "Software engineers shall

2. Client and Employer act in the best interests of the public."
3. Product Computer professionals are encouraged to act in
4. Judgment ways that serve the public interest.
5. Management Includes ensuring societal safety and well-being.
6. Professional Development Ensure your work benefits society and does not
7. Colleagues harm individuals or communities.
8. Society Example: you discovers a critical safety flaw in
9. Self autonomous vehicle software.
You must report it to protect public safety, even if it
means revealing proprietary information.

8
 10/24/2023

The Principles The Principles

◻ Client and Employer (Principle 2): ◻ E.g., a software engineer working for a
"Software engineers shall act in a manner tech company must balance the interests
that is in the best interests of their client and of the customer with those of the company
employer." when handling a software defect that
◻ Professionals should be loyal to their
affects customers.
◻ Strive for accurate and honest reporting
clients and employers, but
◻ they should also maintain integrity and
of software development progress and
avoid conflicts of interest ... costs.
◻ Avoid misleading clients or employers.

The Principles The Principles

Product (Principle 3): "Software engineers shall Judgment (Principle 4): "Software engineers
ensure that their products and related shall maintain integrity and independence in their
modifications meet the highest professional professional judgment."
standards possible." Make informed and impartial judgments based on
Ensure the products and systems you develop are available data, without bias or prejudice.
reliable and of high quality. E.g.: you may be asked to manipulate data to
Prioritise the best interests of the end-users. favour a particular outcome in a financial analysis
E.g.: A software development team responsible for tool you are building.
creating a medical records system must adhere to strict Upholding professional integrity and say NO.
quality and security standards to protect patient data.

9
 10/24/2023

The Principles The Principles

◻ Management (Principle 5): "Software Professional Development (Principle 6): "Software

engineers shall advance the integrity and reputation of
engineers shall be fair to and supportive of
the profession consistent with the public interest."
their colleagues."
Continuous learning and development.
◻ Foster a positive and collaborative work
Continuously update skills and knowledge to stay
environment. current in the field.
◻ Treat colleagues with respect and support their E.g.: participate in industry conferences and share
professional development. research findings to contribute to the
E.g.: a senior software engineer helps a junior advancement of the profession.
colleague improve their coding skills Support the professional growth of colleagues and
subordinates.

The Principles The Principles

◻ Colleagues (Principle 7): "Software engineers ◻ Society (Principle 8): "Software engineers shall
shall moderate the interests of the software consider issues of privacy and the security of data."
engineer, the employer, the client, and the users Act to minimise the harmful impacts of software on
society
with the public interest."
■ e.g., address issues of discrimination, security,
◻ Prioritise fairness and ethical considerations. and privacy.
E.g., a software engineer faces a conflict of ■ E.g.: A software development team working
interest between fulfilling the demands of on a m o bi le a p p fo r he a lthca re m ust
prioritise data privacy and security to
their employer and addressing the concerns protect patient information.
of end-users to ensure a safe product.

10
 10/24/2023

The Principles Professional Ethics

Self (Principle 9): "Software engineers shall be Professional ethics in computing
committed to making the analysis, specification, design,
development, testing, and maintenance of software a guides ethical behaviour in areas
beneficial and respected profession."
such as
Hold yourself accountable for ethical behaviour and
decisions. software development,
Adhere to the highest standards of honesty and
integrity.
data handling,
E.g.: actively seek professional development opportunities, cybersecurity, and
such as certifications, to enhance your skills and contribute
to the profession's respectability. the responsible use of AI.

Why Ethical Behaviour Is Crucial in the Tech Industry

Professional Ethics

Adhering to ethical principles is ◻ Our codes of ethics guide ethical decision-

making and behaviour in our rapidly evolving
crucial for: and influential field.
building trust ◻ Ethical behaviour is foundational to the tech

industry's responsible development and use of

fostering responsible innovation technology.
ensuring the positive impact of it helps shape the industry's impact on
technology on society. individuals, society, and the world at large ...

11
 10/24/2023

Why Ethical Behaviour Is Crucial in the Tech Industry Why Ethical Behaviour Is Crucial in the Tech Industry

Protection of User Rights ◻ Legal Compliance

Ethical behaviour safeguards users' rights, including privacy, Ethical behaviour aligns with legal requirements and
security, and freedom from discrimination. regulations.
Users trust technology companies and professionals to Helps organisations avoid legal pitfalls, regulatory fines,
safeguard their data and respect their digital rights. and damage to their business due to unethical practices.
Trust and Reputation cf recently discussed case study on Kenya’s ODPC actions.
Trust is a foundational element of successful technology ◻ Innovation with Responsibility
adoption. Ethical tech professionals are more likely to innovate
Ethical behaviour is essential for maintaining a positive responsibly.
reputation. We consider the potential societal impacts of technology
It builds trust with customers, clients, and the public. and take steps to mitigate harm and maximise benefits.

Why Ethical Behaviour Is Crucial in the Tech Industry Why Ethical Behaviour Is Crucial in the Tech Industry

◻ Consumer Confidence ◻ Social and Environmental Responsibility

Consumer confidence in technology products and services is Ethical tech practices consider the broader social
enhanced.
and environmental impacts of technology.
■ When users believe that their data and interests are
including reducing environmental footprints, promoting
protected, they are more likely to engage with and adopt
diversity and inclusion, and addressing societal challenges.
new technologies.
◻ Global Impact ◻ Ethical Leadership
Technology has a global reach, and its ethical implications Ethical behaviour by tech leaders sets a positive
transcend borders. example for the entire industry.
Ethical behaviour in the tech industry contributes to global Encourages a culture of ethics and integrity throughout
stability and cooperation in addressing cross-border issues organisations and the broader tech community.
such as cybersecurity and data privacy.

12
 10/24/2023

Why Ethical Behaviour Is Crucial in the Tech Industry

◻ Protection Against Misuse Application of Ethical Codes in Real-

Ethical guidelines help prevent the misuse of World Scenarios
technology for harmful purposes
Case Study 2: Equifax
cyberattacks, surveillance, or the spread of disinformation.
◻ Long-Term Sustainability
Ethical behaviour contributes to the long-term
sustainability of the tech industry.
Companies and professionals that prioritise ethics are
more likely to endure and adapt to changing societal
expectations.

Equifax Data Breach (2017) vs the IEEE-CS/ACM

Equifax Data Breach (2017) Code of Ethics Principles

◻ One of the largest and most notable cybersecurity incidents in Protecting Privacy
recent history.
◻ Occurred in 2017 when Equifax, one of the major credit reporting The breach of personal information at Equifax
agencies in the United States, suffered a massive data breach that was a direct violation of the IEEE-CS/ACM
exposed sensitive personal information of approximately 147 Code of Ethics’ principle of respecting and
million consumers.
◻ The breach included names, Social Security numbers, birth dates,
protecting individuals’ privacy.
addresses, and in some cases, even drivers’ license numbers. The company failed to adequately
◻ The breach was attributed to a vulnerability in Equifax's website safeguard sensitive data, leading to a
software, which the company failed to patch in a timely manner.
massive privacy breach affecting millions of
◻ Cybercriminals exploited this vulnerability to gain unauthorised
access to Equifax's systems, where they were able to extract and individuals.
steal vast amounts of personal data.

13
 10/24/2023

Equifax Data Breach (2017) vs the Equifax Data Breach (2017) vs the
IEEE-CS/ACM Code of Ethics Principles IEEE-CS/ACM Code of Ethics Principles
Avoiding Harm Professional Competence:
Equifax's failure to secure its systems It is our responsibility to maintain our competence
and knowledge in our respective fields.
resulted in substantial harm to consumers.
The Equifax breach raises questions about the
The breach resulted in significant harm professional competence of the company's IT and
to individuals whose data was exposed. security teams.
potential for identity theft, financial The failure to promptly patch a known
fraud, and other negative consequences. vulnerability suggests a lack of professional
competence in cybersecurity practices.

Equifax Data Breach (2017) vs the Equifax Data Breach (2017) vs the
IEEE-CS/ACM Code of Ethics Principles IEEE-CS/ACM Code of Ethics Principles
Honesty and Integrity Responsible Computing
Equifax faced criticism for its handling of the
Equifax failed to patch a known
breach, including delays in disclosing the
incident to the public. vulnerability in a timely manner.
Timely and honest communication is crucial when This demonstrates a lack of
a data breach occurs. responsibility in ensuring the security
Any attempts to downplay or hide the severity of their systems and the protection of
of the breach can be seen as a breach of
honesty and integrity.
customer data.

14
 10/24/2023

Equifax Data Breach (2017) vs the

IEEE-CS/ACM Code of Ethics Principles
◻ An excellent example of how violating the IEEE-
CS/ACM Code of Ethics principles can lead to Case Study 3
significant harm, privacy breaches, and reputational
Ethical Hacking and Responsible Disclosure
damage.
◻ Underscores the importance of

ethical considerations in technology

the responsibilities of organisations to protect
se nsi tive d a ta an d a ct tra n sp a re n tly a nd
responsibly in the face of cybersecurity incidents.

Ethical Hacking, Responsible Disclosure,

Example
and Bug Bounty Programs
Ethical hacking, aka penetration testing or white-hat
◻

hacking, involves authorised individuals or cybersecurity A large technology company

experts intentionally attempting to compromise computer
systems, networks, or applications to identify vulnerabilities
with a global presence runs a
before malicious hackers can exploit them. bug bounty program to identify
◻ Responsible disclosure programs provide a structured
approach for reporting and addressing these and address security
vulnerabilities.
◻ Bug bounty programs offer financial rewards as
vulnerabilities in its software
in ce n tiv e s f o r e t hica l ha cke r s t o fin d an d r e po r t
vulnerabilities.
and services.
◻ All 3 are integral to modern cybersecurity practices.

15
 10/24/2023

Example Example

Ethical Hacking Responsible Disclosure

Ethical hackers from around the world participate in
the bug bounty program. When ethical hackers discover
They actively probe the company's software and vulnerabilities, they follow a
systems, searching for vulnerabilities that could
potentially be exploited by malicious actors. responsible disclosure process
These ethical hackers use their expertise to test the out li n ed by th e b u g b ou nt y
company's security measures, identify weaknesses,
and report their findings. program ...

Example Example
This process typically involves: Bug Bounty Rewards
Reporting the vulnerability to the company's In return for their efforts and responsible
designated security team through a secure channel.
disclosure, the company offers monetary
Providing detailed information about the
vulnerability, including how it was discovered and rewards to ethical hackers who discover
potential risks. and report valid vulnerabilities.
Allowing the company a reasonable amount of time The amount of the reward varies
to verify and address the vulnerability before depending on the severity of the
disclosing it publicly.
vulnerability and its potential impact on
Coordinating with the company to ensure that the
the company and its users.
issue is patched and resolved.

16
 10/24/2023

Ethical Hacking, Responsible Disclosure, and Bug Bounty The 3 vs the IEEE-CS/ACM Code of
Programs vs the IEEE-CS/ACM Code of Ethics Principles Ethics Principles
Protecting Privacy Avoiding Harm
Ethical hacking, responsible disclosure, and Ethical hackers work to identify and mitigate
bug bounty programs align with the principle potential harm by identifying vulnerabilities
of protecting privacy. before malicious actors can exploit them.
They aim to identify and mitigate Responsible disclosure ensures that
vulnerabilities and weaknesses to prevent vulnerabilities are promptly reported to
unauthorised access and data breaches. organisations
Ultimately safeguarding individuals' This minimises the risk of harm to users.
privacy.

The 3 vs the IEEE-CS/ACM Code of The 3 vs the IEEE-CS/ACM Code of

Ethics Principles Ethics Principles
Professional Competence Honesty and Integrity
Ethical hackers must possess a high level of Ethical hackers are bound by principles of
professional competence and expertise. honesty and integrity.
Their work directly impacts the security and They are granted permission to test systems, but
integrity of systems and data. they must do so with transparency and honesty.
They are thus expected to stay current with the They must follow a strict code of conduct and not
latest security trends, tools, and techniques engage in any malicious activities.
in order to stay ahead of emerging threats and they report vulnerabilities to organisations
vulnerabilities. without malicious intent.

17
 10/24/2023

The 3 vs the IEEE-CS/ACM Code of The 3 vs the IEEE-CS/ACM Code of

Ethics Principles Ethics Principles
Responsible Computing Legal and Regulatory Compliance
is promoted by ethical hacking, responsible
disclosure, and bug bounty programs. Th e 3 m us t o p er a t e wi t h i n th e
They proactively identify and address security bounds of legal and regulatory
vulnerabilities, contributing to safer and more secure frameworks.
digital environments.
Responsible disclosure emphasises responsible They must ensure that their
communication and cooperation between security activities comply with applicable
researchers and organisations to patch
vulnerabilities without causing harm or disruption. laws, contracts, and agreements.

The 3 vs the IEEE-CS/ACM Code of Bug Bounty Programs: Additional

Ethics Principles Considerations
Social Responsibility These provide incentives for ethical
The 3 contribute to a safer and hacking and responsible disclosure.
more secure digital environment. ethical hackers contribute to improved
cybersecurity while adhering to ethical
by identifying vulnerabilities, which, if
and legal guidelines.
l e f t u n a d d re sse d , c o u l d l e a d t o
breaches affecting individuals and While they align with ethical principles,
organisations. bug bounty programs introduce additional
considerations ...

18
 10/24/2023

Bug Bounty Programs: Additional Bug Bounty Programs: Additional

Considerations Considerations
Fair Compensation Transparency
They must offer fair and reasonable They should operate transparently,
compensation for discovered with clear guidelines for ethical
vulnerabilities. hackers regarding:
Ethical hackers should be rewarded in what is in scope
a way that reflects the severity and the rules of engagement
impact of the reported issue. the process for reporting vulnerabilities.

19