Computers in A Networked Society U4

WUC 118/03
Computers in a
Networked Society
Unit 4 Legal and
Professional
Issues in
Computing
Contents
Unit overview 1
Unit objectives 1
4.1 Cybercrime 2
Objectives 2
Introduction 2
What is cybercrime? 2
Types of cybercrime 5
Various cybercrimes 7
Famous cybercrime attacks in Malaysia 11
Malaysian cybercrime statistics 12
How to avoid becoming a victim of cybercrime 13
Suggested answers to activities 17
4.2 Cyberlaws 19
Objectives 19
Introduction 19
What are cyberlaws? 19
The need for cyberlaws 21
Cyberlaw Acts in Malaysia 21
Suggested answer to activity 26
4.3 Intellectual property 28
Objectives 28
Introduction 28
What is intellectual property? 28
Types of IP rights 29
Patents and trademarks in Malaysia 30
Suggested answers to activity 36
4.4 Professional ethics in computing 37
Objectives 37
Introduction 37
What is moral responsibility in computing? 38
The responsibilities of computing professionals 39
Additional responsibilities of computing professionals 42
Code of ethics 45
Suggested answer to activity 52
4.5 Computers and the environment 53
Objectives 53
Introduction 53
Understanding and managing the impact of computing on the 54

environment
How to manage and dispose of computer waste 57
The positive impact of technology on the environment 60
Suggested answers to activity 63
Summary of Unit 4 64
Suggested answers to self-tests 65
References 69
Glossary 70
Unit Overview
This unit is divided into five sections. The first section explores the various
types of cybercrimes and the precautions to be taken against them.
The second section provides an overview of cyberlaws and discusses
the need for these laws. Intellectual property rights and professional
ethics are covered in section three. The fourth section discusses moral
responsibility and codes of ethics in computing. Finally, the impacts of
computers on the environment and how to manage them are explored
in section five.
Unit Objectives
By the end of this unit, you should be able to:
1. Discuss the various types of cybercrime.
2. Explain the need for cyberlaws.
3. Identify the various types of intellectual property rights.
4. Describe the codes of ethics for computing.
5. Explain how to manage and dispose of computer waste.
1 WUC 118/03 Computers in a Networked Society

4.1 Cybercrime
Objectives
By the end of this section, you should be able to:
1. Define cybercrime.
2. Explain the different categories and types of cybercrime.
3. Describe how to avoid falling victim to cybercrime.
Introduction
Symantec (a cybersecurity company based in the United States) defines a
cybercrime as “any crime that is committed using a computer network or
hardware device”. It is vital for computer professionals, law enforcement
officials and even ordinary users to understand the different types and
categories of cybercrimes that exist. Once we understand the unique
threats posed by cybercrimes and their effects, we can implement
relevant security policies and procedures to ensure our safety.
What is cybercrime?
Computer crime or cybercrime consists of a large number of offences that
are related to the use of computers and online networks. They involve
criminal activities that have computer- or cyber-based aspects.
UNIT 4 Legal and professional issues in computing 2

Cybercrimes often involve high-tech fraud and theft. However, evolving
trends show that cybercriminals now have motives other than financial
motives. These objectives include, but are not limited to, the infringement
of copyright (e.g., illegal movie sharing and downloading), pornography,
the promotion of dangerous beliefs, and other criminal activity. In
view of this, certain countries have increased legal safeguards against
cybercrimes.
Cybercrimes pose a larger risk now than ever before, because of the
enormous number of people and devices that are connected online
globally. In fact, according to Norton (2016), in terms of being a
moneymaking source, cybercrimes have already surpassed the drug
trafficking trade in terms of revenue generated annually.
To put the severity of cybercrimes in context, a person’s online identity

is now stolen on an average of every three seconds. In fact, without a
computer security system installed, it may only take four minutes for an
unprotected personal computer (PC) to become infected upon going
online.
The following are common cybercrimes:
1. Online theft and fraud
2. Pornography
3. Personal data theft
4. Copyright infringement
5. Cyberstalking and cyberbullying
Certain cybercrimes are larger in scale and are known as “cyberattacks”.

These attacks aim to totally disrupt or bring down computer networks.
Internet security experts claim that the total worldwide cost of cybercrime
approaches US$1 trillion annually and this figure is growing.

Theft and fraud offences
A major part of cybercrime consists of intrusions into business and

personal networks by criminals. These include intrusions into PCs,
servers and even mobile devices. These attacks are carried out via
hacking or through malicious code inserted into emails or hidden in
certain websites. The data obtained from devices can be used to commit
identity theft, to carry out bank or credit card fraud, and to facilitate many
other fraudulent schemes.
One of the very largest cybersecurity attacks ever was carried out in 2013
when cybercriminals stole the data of millions of individuals from a retail
company called Target. The authorities believe that the cybercriminals
accessed Target’s network by hacking a different company that was in
charge of Target’s ventilation, heating and air conditioning system. This
is a clear example of how determined and resourceful cybercriminals
have become today.
Other acts of cybercrime
Cybercrimes also involve the use of computers and networks to send or

receive illegal content such as pornography, or to obtain unlawful items
such as drugs or weapons. Such acts can result in criminal prosecution,
such as in the case of an online file-storage company called Megaupload.
Megaupload was sued for copyright infringement because it allowed

illegal audio-video data to be posted and downloaded worldwide. At
its peak, transactions on its file-sharing website comprised over four
percent of worldwide Internet traffic. Today, the role of Megaupload has
been taken over by numerous file-sharing websites.

Cyberattacks
In many cases of cybercrime today, computers or computer networks

become the focus of attacks rather than just being used as tools to carry
out attacks. Malicious code such as computer viruses may be used in
focused attacks. Such code may also be released into the Internet to
cause problems on a global scale.
A common type of attack is the Distributed Denial-of-Service (DDoS)

attack. The main objective is to attack computer servers and make
them unavailable or inaccessible to users. Their mode of attack involves
overloading servers with an overwhelming number of access requests.
This results in network access to these servers being denied (i.e., “server
down”).
Types of cybercrime
Cybercrimes involve a wide range of attacks. These attacks require
their own unique and focused solutions so as to improve online safety
and protect computer users. This is because affected computers or
other devices may be the victims of a crime, agents of cybercriminals
or conduits to facilitate cybercrimes.
The various types of cybercrime can be better studied and understood

by dividing them into two major groups: Type I and Type II cybercrimes.
Type 1 cybercrimes
Type 1 cybercrimes involve the theft and/or manipulation of information

or services through viruses, hacking, personal identity theft, and bank
or online financial fraud.

These attacks usually consist of a single event in the eyes of the victim.
An attack can occur when a victim has unknowingly downloaded a virus
(e.g., in the form of a Trojan horse). The Trojan horse installs a keystroke
logger on the victim’s system which enables cybercriminals to obtain
private information such as passwords and online banking data.
Another Type 1 cybercrime is “phishing”. This happens when unsuspecting

users receive an apparently genuine email (e.g., from a bank). This email
provides a link to a hostile website. When the link is clicked, the victim’s
computer will be infected by a virus.
Hackers may carry out Type 1 cybercrimes by making use of inherent

weaknesses in web browsers. This enables them to insert a Trojan horse
virus into an unprotected device or computer.
Type 2 cybercrimes
Type 2 cybercrimes are of a higher level of severity and encompass

activities such as child pornography, cyberstalking or cyberbullying,
online blackmail, the manipulation of financial markets, international or
corporate spying, and planning or carrying out terrorist activities.
Type 2 cybercrimes consist of a continuous series of events that involve

many interactions with the victim. For instance, cybercriminals may try
to establish a relationship with the victim through social media. After a
while, the cybercriminals make use of this newly formed relationship to
carry out criminal activities.
There are instances where cybercriminals use hidden messages to

communicate in a public setting in order to plan their criminal activities
(e.g., money laundering). It is important to note that cybercrimes can
often be facilitated by computer programs that are not illegal. Good
examples of this are the abuse of social media applications and/or the
unauthorised transfer of files using FTP.

Various cybercrimes
The two main types of cybercrimes can be further divided into various
kinds of cybercrime.
Bot attacks
The term “bot" is actually a shortened version of the word “robot”.

However, bots are not the robots commonly found in movies or installed
in factories. They are usually used legally by companies to automatically
obtain data or to do some task on the Internet (e.g., Google’s Googlebot).
However, bots are also among the most advanced types of crimeware
today. They are similar to worms and Trojans.
Bots carry out a variety of illegal automated steps or tasks on behalf

of cybercriminals. These automated steps or tasks include forwarding
spam and carrying out combined denial-of-service attacks on a large
scale (with other bots). As a bot follows the instructions of cybercriminals,
bot-infected computers are often referred to as “zombies” since they
are not truly independent.
Bots used by cybercriminals spread globally by targeting computer

systems that are weakly protected or unprotected. Once they discover
such systems, they then rapidly infect the exposed systems and send
a report back to their creators. They then remain hidden until signalled
by their creators to carry out a task. Bots are so silent that victims often
discover them only when informed by their Internet service provider (ISP)
that their systems have been sending spam to other Internet users.
Certain bots will even clean up infected systems to ensure that they do
not get removed from their host computer by another bot. Other methods
by which bots spread include being downloaded by Trojans, installed by
certain websites or via emails from an infected system.

It is important to note that bots do not operate individually but are part of
a network of infected systems collectively defined as a “botnet”. Botnets
are designed by cybercriminals to repeatedly infect other systems via
some of the methods explained earlier. Every zombie machine is under
the control of a computer called the “command and control server”.
Via the command and control server, attackers are able to control their
botnets and give instructions to their entire army of zombie systems to
carry out tasks on their behalf. A typical botnet comprises a large number
of machines worldwide. In some cases, botnets may have hundreds or
thousands of computers globally.
Trojan horse attacks
Trojan horse attacks are similar to an attack that is described in ancient

Greek mythology. In this story, Greek warriors presented a large wooden
horse to the defending Trojans as a peace symbol when they pretended to
halt their attack on the walled city of Troy. The unsuspecting Trojans pulled
the “gift” into their city. However, the hollow wooden horse contained
several Greek soldiers who crept out of it at night and opened the city
gates to allow their army to enter and capture Troy. In the same way, a
Trojan horse attack pretends to be a harmless computer program, but
when downloaded it can cause severe damage.
Currently, Trojan horse attacks are the first part of a cyberattack and
their main aim is to remain hidden while enabling stronger threats such
as bots to be downloaded into a computer system. However, unlike
worms and viruses, Trojan horse programs cannot spread themselves.
To ensure replication, they are usually sent to a victim via an innocent-
looking email. After installation, Trojan horses continue to exist quietly
in infected systems and download spyware, bots and other malicious
programs to their host computers.

Figure 4.1 Number of Trojan horse attacks by year
Source: Symantec Corporation
As an example, the number of Bancos Trojan horse attacks in the years

2000 to 2005 is shown in Figure 4.1. The Bancos Trojan horse focuses
on stealing information from compromised computers. It is clear that
Bancos Trojan horse attacks have increased exponentially over the years.
Trojans and spyware are classified as crimeware. Today, they are the
main methods used by cybercriminals worldwide to secure unauthorised
access to and illegally obtain data from computers. In fact, Symantec
estimates that these attacks comprise over 37% of all threats processed
by their company annually.
Spyware
Spyware is defined as programs that quietly monitor users’ activity on

their PC, collecting personal data including passwords, user IDs, account
details, files and even banking details. Certain types of spyware even
monitor a person’s behaviour on the Internet.

Spyware programs often keep track of the websites visited by users and
the things that they do online, such as sending emails and social media
activity. Once the data is gathered, the spyware programs quietly send it
to other systems. This data is often misused for advertisement-targeting
purposes or to precipitate a hacking attack.
Spyware has similarities to Trojan horses in that PC owners may end up

installing it while installing something else.
Phishing attacks
Phishing attacks are online con-games. Phishers (the people who practise
phishing) use spam, fake websites, crimeware and other methods
to trick other people into revealing their sensitive data, such as their
banking information. Once they have collected enough information,
these cybercriminals may defraud their victims (e.g., by creating new
bank accounts by using the victim’s information) or sell the information
on the online black market (online identity theft).
Phishers often forward a large quantity of spam email. Every email carries
a message that looks like it originated from a trusted organisation (e.g.,
a bank). The messages may even include the organisation’s name and
logo. Written in an urgent professional style, these emails often request
that recipients provide their sensitive or personal data. The emails may
also direct recipients to fake websites. These fake websites look authentic
and their actual URL is masked so that they appear real to unsuspecting
visitors. They may ask visitors to provide confidential data (e.g., banking
data, passwords, etc.) As the emails and fake websites seem authentic,
the hope of the phishers is that at least a small number of recipients are
tricked into divulging their data. It is believed that about 1% – 10% of
email recipients are tricked by phishers, with a “successful” phishing
campaign having a response rate of around 5%.

Activity 4.1
Which of the following is the correct definition of a Trojan horse?
A. A Trojan horse requires no user intervention in order to

replicate.
B. A Trojan horse is always based on open-source code, and
can only carry out attacks against open-source software.
C. A Trojan horse embeds itself into a computer system and
spreads to another computer system only after the user
executes the software in which the Trojan horse is embedded.
D. A Trojan horse operates by forwarding messages to systems
indicating that it originates from a safe source.
Famous cybercrime attacks in Malaysia

Code Red
From June to November 2001, the global online community faced

the largest infrastructure-based attack in the history of the Internet. A
computer worm called Code Red launched a denial-of-service attack
that managed to fully disrupt a significant part of global Internet activity.
Unfortunately, Malaysia was also caught in the ensuing chaos.
There was also a variant of Code Red called Code Red II that installed
a “backdoor” into the computers that it had infected. Criminals could
then remotely run programs or carry out commands on infected systems,
leading to further compromises of these systems. Statistics from the
Malaysia Computer Emergency Response Team (MyCERT) indicate that
in 2001, these worms infected 40652 computers in August, 27705 in
September and 195 in October.

Nimda
Nimda was the first worm-based attack that modified Web documents
and various executable files located on systems that it infected. Nimda
attacked computers that had been contaminated by the Code Red worm.
MyCERT statistics indicate that in 2001, the Nimda worm infected 9713
computers in September, 7654 in October and 462 in November. Total
damages were estimated at RM22 million, which did not take into account
lost business opportunities.
Blaster
The Blaster (or Lovsan or Posa) worm was discovered on August 11,
2003. It took advantage of a weakness in Windows NT, 2000 and XP.
At its peak, over 1.4 million computers were affected according to the
CERT Coordination Centre at Carnegie Mellon University. According to
MyCERT, about 500 systems were infected by this worm in Malaysia.
Malaysian cybercrime statistics

Symantec has carried out extensive R & D pertaining to crimeware
programs to better understand the issues, methods and motivations
behind them. Analysis indicates that crimeware is rarely developed on
a part-time basis or by those without a job. In fact, crimeware is now
mostly created by professional coders. This elevates the severity of the
threats and potential damage from crimeware.
The Malaysian cybercrime statistics compiled by MyCERT show that

over 8000 attacks were recorded in 2016 alone. This clearly indicates
the severity of the problem and the urgent need for countermeasures.

Web Reference
1. Malaysian cybercrime statistics for 2016:
https://www.mycert.org.my/statistics/2016.php
2. Cyberthreats in Malaysia:
https://www.mycert.org.my/en/
How to avoid becoming a victim of cybercrime

In view of the very real threat of cybercrimes, how do you avoid becoming
a victim? In reality, although the nature and complexity of cybercrimes
keep evolving, cybercrime can be avoided by combining technical
capability and common sense.
Cybercriminals usually aim to make money easily and quickly. Similar

to protecting your vehicle from theft (i.e., by installing an alarm system,
immobiliser, etc.), the more difficult you make their task the more likely
criminals will leave you alone and choose a relatively easier target. The
following are the steps you can take to avoid becoming a victim of
cybercrime:
1. Ensure that your computer is securely configured
A newly obtained computer may not necessarily possess the

level of security that you need. Therefore, when you install a
computer for the first time, focus not just on ensuring that your
new system functions well, but also on whether it is secure.

You must ensure that the configuration of your web browser
and email software is secure. For example, your web browser
settings will determine what occurs when you open a website.
The highest security settings will provide you with the highest
level of control over what happens in an online setting. However,
this may also frustrate some users due to the large number of
questions the browser will ask (e.g., “This website may not be
safe, do you still want to proceed?”) or the restrictions imposed
on their online activities. Picking a suitable level of security and
privacy depends on a user’s preferences and needs.
2. Pick a strong and secure password
It is crucial to pick strong passwords as they are used for

everything from ordering food to online banking. The following
guidelines should be followed:
a. Choose passwords that are not easily guessed. Use

eight characters or more and combine letters, numbers
and symbols (e.g., c, 1, $, %, !) whenever possible. Do not
use elements of easily obtainable personal information
(e.g., your birth date) in passwords.
b. Do not repeat passwords over multiple accounts.
c. Ensure that passwords are changed regularly, at least

once every 3 to 4 months. This will reduce the damage
done by someone who guesses your password after
repeated attempts.

3. Install the latest security software/patches/updates
You should always immediately apply the latest updates,

patches and software fixes when they become available. By
regularly doing this, you will block potential attackers from
taking advantage of software flaws and vulnerabilities.
It is important to note that doing this alone will not protect your
system from every attack out there. Nevertheless, it will make
it much more difficult for attackers to break into your system
as it will block many standard and automated attacks, and
can discourage less determined attackers from attempting an
attack.
4. Do not divulge your personal information online
Be careful when opting to share personal data online. This

includes information such as your name, address and email
address. However, users are often required to provide personal
data to enable billing and delivery of goods purchased online.
Totally not divulging any personal data may be impossible, but
following safety tips can provide a certain level of safety.
5. Beware of fake email messages
Signs that indicate a fake message include basic misspelling,

weird phrasing and bad grammar. In addition, website
addresses with strange extensions or those that consist entirely
of numbers are a warning sign. Phishing messages will often
demand that you immediately provide certain data otherwise
something bad will happen to you or your family. Do not fall
for such tricks.

6. Do not reply to email messages that solicit personal information
Authentic companies will not use email messages to request

for your personal data. If a message seems suspicious, contact
the company directly. Do not, under any circumstance, provide
suspicious parties with the data they request. In addition, do
not click on Web links in these messages as they make take
you to fraudulent websites.
7. Avoid fraudulent websites used to obtain personal information

illegally
When you want to visit a website, type in its URL directly into your
web browser instead of clicking on a link in an email or instant
message. Cybercriminals often make fake links look real. The
URLs of online banking and shopping portals or any other website
where secure information is used should contain the letter “s”
after the letters “http” (e.g., https://www.agcbank.com and not
just http://www.agcbank.com). The “s” signifies “secure”.
8. Do not easily trust online “offers” that are too good to be true
There is an old saying that “there is no such thing as a free

lunch”. This is also true in the cyberworld. Be wary of offers or
contests that require you to give personal data and/or banking
information in order to obtain lucrative prizes.
Activity 4.2
Describe the basic steps that you can take to secure your system
against cybercrime.

Summary
In this section, you learned the definition of cybercrime and

the different categories of cybercrime (i.e., Type 1 and Type 2
cybercrime). Trojan horse attacks, spyware and phishing were
described. You were also made aware of the severity of cybercrime
in Malaysia and the guidelines on how to avoid falling victim to
cybercrime.
Self-test 4.1
You have been appointed as a security analyst in a major bank

with thousands of customers in Malaysia. The bank is planning
to set up an online banking service that is accessible to all its
customers. Prepare a basic risk assessment report, focusing on
the subject of phishing, for your superiors.
Suggested answers to activities
Feedback
Activity 4.1

Activity 4.2
Always run an antivirus program and keep its virus definitions

updated. Be careful of suspicious attachments in emails, especially
those requesting sensitive data. Install the latest security software,
patches and updates. Create passwords that are not easily
guessed and change them on a regular basis.

4.2 Cyberlaws
Objectives
1. Define cyberlaws.
2. Explain the need for cyberlaws.
3. State the various cyberlaw Acts in Malaysia and how they

are relevant to you.
Introduction
Cyberlaws are laws that are specifically related to the Internet and various
computer offences. These laws encompass areas such as online fraud,
patent or copyright infringement, and online contracts. Cyberlaws are
growing in importance because our lives are becoming increasingly
intertwined with the Internet and the computer devices that we use.
What are cyberlaws?

Before we can understand cyberlaws, the basic concepts behind the
laws must be understood. Key legal concepts include:
1. Statutes — Laws that explicitly state that certain actions are

wrong. Statutes are an output of the legislative process and may
be in force after a designated period of time. A violation of a statute
may result in a criminal trial.

2. Contract law — A law that governs agreements between parties,
involving three things: an offer, an acceptance and a consideration.
There are many conditions that can be specified for each
contract. A court will normally decide on which claims are valid
and set a reasonable amount of compensation based on the
evidence presented.
3. Tort law — Special legal language that describes the wrongs

which are recompensed through civil cases. Anti-fraud law is a
common example of tort law.
Cyberlaws are part of the overall legal system in a country and specifically
deal with the Internet and cyberspace and their legal matters. Cyberlaws
encompass a broad area, including and not limited to freedom of
expression, access to and usage of online resources, and online privacy.
Cyberlaws have been collectively defined as the Law of the Internet.
Activity 4.3
An online retailer in Malaysia has entered into an agreement with

a local shoe manufacturer (“Great Shoes”) to sell its shoes online.
The agreement involves the online retailer taking a 1% cut from
customer payments for the shoes. The remaining 99% will be
returned to Great Shoes at the end of each month. The reception
to the products of Great Shoes is highly positive and thousands
of shoes are sold online. However, the online retailer then refuses
to return the remaining 99% of payments to Great Shoes. What
can Great Shoes do?

The need for cyberlaws
Cyberlaws are vital as they concern almost every transaction and
behaviour pertaining to the Internet and the cyberworld. Every activity
and reaction in the cyberworld has some legal connection or perspective
to it.
Cyberlaws are highly essential today as cybercrimes pose a risk to

a nation’s security, social stability and finances. Cybercrimes have
become very high-profile, mostly consisting of hacking and copyright
infringement. There are also issues related to privacy (when private data
is lost or intercepted whether legally or otherwise).
Cybercrimes consist of criminal acts that are traditional in nature,

including fraud, forgery, theft, mischief and/or defamation but occur in
cyberspace. In Malaysia and countries like India, all such acts would
be subject to the Penal Code. In India, abuses in the cyberworld have
given rise to the Information Technology Act, 2000.
Malaysia has also been at the forefront of the development of cyberlaws

over the last three decades and it has enacted the laws that are described
in the following subsection.
Cyberlaw Acts in Malaysia

The Digital Signature Act 1997
The Digital Signature Act 1997 was implemented on 1 October, 1998:
1. It enables the development of, amongst other areas,

e-commerce activities by creating secure online transactions
via the utilisation of digital signatures.

2. It creates a framework that enables the regulation and
licensing of Certification Authorities, and provides legal
recognition of digital-based signatures.
3. The Controller of the Certification Authority, who has the

powers to regulate and license Certification Authorities, was
appointed on 1 October, 1998.
The Communications and Multimedia Act 1998
The Communications and Multimedia Act 1998 was implemented on 1

April, 1999:
1. It provides a regulatory background to enable the

convergence of the broadcasting, telecommunications and
computer sectors, with the goal of, among others, to make
Malaysia a major global IT hub and content services centre.
2. The Malaysian Communications and Multimedia Commission

(MCMC) was appointed on 1 November,1998, as the only
regulator of the new regulatory system.
3. Although regulation in the area of licensing was provided for,

one of the pillars of the new regulatory system was the
self-regulation mechanism by the various industries under
this Act.
The Copyright (Amendment) Act 1997
The Copyright (Amendment) Act 1997, which made amendments to the

Copyright Act 1987, was implemented on 1 April, 1999:
1. It made the unauthorised online transmission of copyrighted

material an infringement of copyright.

2. It also made bypassing of any effective technological steps
aimed at protecting copyrighted material an infringement of
copyright laws. These laws provide adequate protection of
intellectual property rights.
The Computer Crimes Act 1997
The Computer Crimes Act 1997, which was implemented on 1 June,

2000, describes several offences relating to the misuse of computers.
It covers, among other offences, unauthorised access to computers,
unauthorised access with the intention of carrying out other offences
and unauthorised modification of computer-based contents.
The Telemedicine Act 1997
The Telemedicine Act 1997 is aimed at providing a framework to allow

licensed medical practitioners to practice medicine via audio, visual and
data communications.
Personal Data Protection Act 2010
The Personal Data Protection Act 2010 was passed by Parliament in

June 2010 and enforced on 15 November, 2013:
The main objectives of the law are:
1. To regulate the processing of personal data in the realm of

commercial transactions by data users.
2. To protect the interests of data subjects.

Personal data is defined as any information related to a commercial
transaction which is processed or recorded as part of a relevant filing
system. The relevant elements under the Personal Data Protection Act
2010 are shown in Figure 4.2. They include:
1. The General Principle: Any processing of a person’s personal

data must involve prior consent from the person in question.
2. The Disclosure Principle: A user of data cannot disclose

personal data to another user (a third party) without the prior
consent from the subject.
3. The Security Principle: A user of data must take all required

steps to ensure the protection of personal data from any
misuse and/or unauthorised access by any other party.
4. The Retention Principle: A subject’s personal data cannot be

stored longer than is absolutely necessary.
5. The Notice and Choice Principle: A user of data must first

notify the subject regarding the purpose behind the collection
of data. The subject has the right to refuse to provide the data.
6. The Data Integrity Principle: A data user needs to take all

necessary steps to ensure the accuracy of the data.
7. The Access Principle: A subject should be provided with

access to his or her personal data and be allowed to make
corrections if necessary.

General
principle
Access Disclosure
principle principle
PDPA
Data
integrity Security
principle principle
Notice
and choice Retention
principle principle
Figure 4.2 The elements of the Personal Data Protection Act 2010
Web Reference
Read the following article to learn more about the Personal Data
Protection Act 2010:
http://www.pdp.gov.my/images/LAWS_OF_MALAYSIA_PDPA.pdf

Summary
In this section, you learned about cyberlaws and why they are
vital in our modern world. You also learned about the cyberlaws
enacted in Malaysia including the Digital Signature Act 1997, the
Computer Crimes Act 1997 and the Personal Data Protection Act
2010.
Self-test 4.2
You are working in a private hospital that is planning to digitise all

its patient records from 2018 onwards. Prepare a plan of action in
compliance with the Personal Data Protection Act 2010.
Suggested answer to activity
Feedback
Activity 4.3
Great Shoes should view this as a breach of contract law, which

covers the agreement that they entered into with the online retailer.
Based on the facts, there is offer and acceptance between the
parties and a consideration (in terms of the shoes that were
supplied by Great Shoes to the online retailer).

Hence, Great Shoes can file a civil action in a Court. The Court
will then decide on the compensation and damages to be paid
based on the evidence presented by Great Shoes and the online
retailer (if the retailer chooses to defend the civil action).

4.3 Intellectual Property
Objectives
1. Identify the differences between patents, copyrights and

trademarks.
2. Describe what is considered to be a computer crime.
3. Explain ethics and law from a computer security

perspective.
Introduction
Intellectual property involves the ownership of ideas. Hence, intellectual
property differs from physical assets such as computers or vehicles.
Intellectual property may be protected through the use of patents,
copyrights or trademarks.
What is Intellectual Property?

Intellectual Property (IP) refers to creations of the mind, such as
inventions, literary and artistic works, designs, symbols, names, and
images used in commerce.

IP is protected in law by patents, copyrights and trademarks, which enable
people to earn recognition or financial benefit from what they invent or
create. By striking the right balance between the interests of innovators
and public interest, the IP system aims to foster an environment in which
creativity and innovation can flourish.
Types of IP rights
Individuals are given rights to keep private certain information that they
deem important. Laws are enacted to regulate the use, development,
and ownership of data and programs. This is normally done via patent
laws and trade secret laws. Actions can be pursued via legal channels
to protect the secrecy, integrity and availability of information.
Key concepts include:
1. Trade secret — protects the secret information of an

organisation which gives it a competitive edge over others.
2. Copyright — protects the expression of ideas and provides

the author with exclusive rights to make copies and sell them
to the public.
3. Patent — protects innovations in the fields of science,

technology and engineering and is granted to the first
inventor. Patentable inventions need to be truly novel, unique
and non-obvious.
4. Trademark — a sign that is capable of differentiating the

products or services of an economic entity from those of
other entities. A trademark includes the brand name or
corporate logo of an economic entity.

Figure 4.3 provides a general comparison of copyrights, patents and
trademarks. However, note that the period of protection varies from
country to country.
Figure 4.3 Comparison of copyright, patent and trademark

Source: The Regents of the University of Michigan
Patents and trademarks in Malaysia

Patents and trademarks in Malaysia come under the purview of the
Intellectual Property Corporation of Malaysia (MyIPO).

What is a patent?
A patent is an exclusive right which is granted for an invention. The

invention can be a product or a process that provides a new way of doing
something or offers a new technical solution to a problem.
What is a utility innovation?
A utility innovation is an exclusive right granted for a “minor” invention. It

does not require the satisfaction of the test of inventiveness as required
of a patent.
Who may apply for a patent or utility innovation?
Any individual may make an application for a patent or a utility innovation.

It can be done either alone or jointly with another person. Please note that
the word “person” in this context is not limited to people and includes,
for example, a company.
How can a patent or utility innovation be protected?
To ensure protection, an applicant must file a patent or utility innovation

application with the Intellectual Property Corporation of Malaysia.
This organisation will then assess whether the application meets the
requirements of the Patents Act 1983.
Why protect an invention?
By going for patent or utility innovation protection, the owner of the

patent or utility innovation is given the exclusive right to stop others from
manufacturing, using and/or selling the owner’s invention in Malaysia
without the owner’s consent or permission.

Terms of protection
A patent is protected for 20 years from the date of filing and a utility
innovation is protected for a period of 10 + 5 + 5 years from the date of
filing, subject to use.
Where to apply?
An applicant must file a patent or utility innovation application with the

Intellectual Property Corporation of Malaysia in Kuala Lumpur or at one
of its branch offices located in Sabah and Sarawak.
National security (Section 23A and 62A)
It is important to note that for reasons of national interest and security, any
Malaysian resident wishing to apply for a patent or certificate protection
outside Malaysia must first seek written authority from the Registrar.
However, this written authority is not required if a corresponding

Malaysian patent or certificate has been applied for, and a period of at
least two months has elapsed since the filing.
Section 62A states that a contravention of Section 23A is an offence,

and is punishable (upon conviction) by a fine not exceeding RM15000
or imprisonment for a term not exceeding two years, or both.

Non-patentable inventions
Certain inventions fall under the non-patentable category, such as:
1. Discoveries, scientific theories and mathematical methods.
2. Plant or animal varieties or biological processes for the

production of plants or animals, other than man-made living
micro-organisms, micro-biological processes and the
products of micro-organism processes.
3. Schemes, rules or methods for doing business, performing

purely mental acts, or playing games.
4. Methods for the treatment of a human or an animal body by

surgery or therapy, and diagnostic methods practised on the
human or animal body.
Patentable inventions
For a patent to be granted, an invention must have the following

characteristics:
1. It must be new, which means that the invention has not been
publicly disclosed in any form, anywhere in the world.
2. It involves an inventive step, which is to say that the invention

must not be obvious to someone with knowledge and
experience in the technological field of the invention.
3. Industrially applicable, meaning it can be mass produced.

Web Reference
Read the following articles to learn more about patent, trademark

and copyright protection.
1. http://www.myipo.gov.my/en/1814-2/?lang=en%2F#
patentable_inventions
2. http://www.myipo.gov.my/en/trademark-basic/?lang=en%
2F#type-trademark
3. http://www.myipo.gov.my/en/copyright-basic/?lang=en%
2F#works-eligible-for-copyright
Activity 4.4
1. If Ahmad invented a new process for recording songs, he

would likely apply for a
A. logo
B. copyright
C. trademark
D. patent
2. If Ahmad wrote a new song, he would likely apply for a
A. patent
B. copyright
C. trademark
D. licence

Rights of employees and employers in respect of IP
When an employee designs a product or writes a software program as

part of the work assignments given by the company that he or she works
for, the rights to the product or program belong to the company.
In addition, a part of the rights still belongs to the company if the employee
writes code that relates to his or her job in the company, even in his or
her free time. However, if someone writes code that has nothing to do
with a current work assignment or falls within a different area from a
work assignment, then the rights to the code belong to the programmer.
If an employer enables an employee to file for a patent, the employer

is deemed to own the patent and therefore the rights to the invention.
Owning a copyright is similar to owning a patent. Thus, the author of
a work is assumed to be the owner of the work and possesses all the
rights to the work.
Companies have the right to protect their trade secrets and may require
that their employees sign an NDA (non-disclosure agreement).
With all this in mind, employment contracts should clearly state who has
the rights of ownership to the output of an employee’s effort.
Summary
In this section, you learned the definition of IP and how it

differs from physical assets such as computers or vehicles. You
also learned to differentiate between patents, copyrights and
trademarks. The rights of employees in respect of IP were also
discussed in this section.

Self-test 4.3
Lucas has designed a unique, first of its kind battery-powered

walker for little children. His device can be collapsed by parents
via a special button and can be converted into a chair for toddlers
via another special button. His device is currently in commercial
production under the brand name “Tiny Tot Walker Stroller”. He
has also designed a unique, brightly coloured corporate logo
for “Tiny Tot Walker Stroller”. What are the types of intellectual
property protection that Lucas can apply for?
Suggested answers to activity
Feedback
Activity 4.5
1. D
2. B

4.4 Professional Ethics in
Computing
Objectives
1. Explain moral responsibility in computing.
2. Elaborate on the ethical responsibilities of computing

professionals.
3. Describe the code of ethics in computing.
Introduction
Computing professionals have many different duties. They may code new
applications, design computer processors, and perform software testing
and validation. However, in carrying out their duties professionally, it is
important that they appreciate and understand the moral responsibility
and the code of ethics in computing. This is very important as their work
and actions affect the lives of millions, if not billions, of people worldwide.

What is moral responsibility in computing?
Computing professionals are responsible for carrying out their tasks
in a morally responsible manner as their decisions may impact the
performance and functions of computer-based systems, which may
ultimately affect the users of these systems either in a direct or indirect
manner.
As computer technology grows in importance, the responsibilities of

computing professionals have grown to be on par with those of other
technical professionals (e.g., civil and structural engineers). For example,
the software installed in a car should reduce fuel consumption but it
must also protect the safety of the occupants and other road users. This
responsibility falls mainly on the computing professionals who develop
the software.
An example of moral responsibility in computing was seen during the

1980s in the case involving Atomic Energy of Canada Limited (AECL).
This company created and distributed a radiation-based cancer treatment
device named Therac-25.
This device relied on computer software to carry out its functions and
treat cancer patients using radiation. Unfortunately, from 1985 to 1987
the device caused several fatal accidents. Investigations were carried
out by the relevant authorities to determine the cause of these accidents.
Questions were asked as to who should be held responsible for the
deaths:
1. Was it the operators who caused the patients to be exposed

to an overdose of radiation from the device, which then resulted
in serious burns?
2. Was it the fault of the software engineers who wrote the code
and carried out software testing and failed to notice several
serious coding mistakes?

3. Was it the fault of the engineers who failed to install adequate
hardware safety backup mechanisms to control the levels of
radiation?
We can use the Therac-25 case to identify the different types of

responsibilities in computing, of which moral responsibility is the most
important.
The responsibilities of computing professionals

Causal responsibility
The issue of responsibility can be linked to causes. An example would

be to say, ’’the storm was responsible for the damage to the farmhouse.”
In the Therac-25 case, the direct cause (causal responsibility) of the
fatal accidents was the operators who administered the radiation-based
treatment.
However, just as the storm cannot be blamed for moral failures, those
directly operating the Therac-25 device cannot be held morally responsible
since they adhered to the standard operating procedure (SOP) and the
information displayed on their machines regarding radiation levels was
actually misleading. The SOP only went so far as to ask the operators
to ensure that the equipment was working properly based on the data
displayed by their machines.
Role responsibility
Any person who is given a particular duty (based on their job/tasks)

is viewed as being the person responsible for that particular role (role
responsibility). Similarly, a technician may be responsible for disposing
of toxic waste material in his factory, even if a forklift driver is the person
who actually moves the toxic material from the factory to a lorry.

Using the Therac-25 example, the software engineers and system
engineers have the role responsibility to design the software and hardware
for the device and to ensure that the device is safe for patients.
Legal responsibility
Any person or organisation can be held legally responsible or made

liable for problems that occur due to their actions or neglect to act
properly. Basically, an individual could be charged in a criminal court for
committing a crime and an organisation may be sued via a civil lawsuit
for damages. Similarly, a doctor can be sued in court for professional
negligence. Regarding the Therac-25 case, AECL could have been sued
for the deaths that occurred due to their device.
A particularly important legal responsibility is called strict liability. Under

strict liability, if a device injures a person, then the device maker can
automatically be held liable for damages. This would apply even if the
device adhered to all relevant safety protocols. This principle ensures
that manufacturers are careful, and it enables victims or their dependents
to be compensated if unfortunate events occur.
Moral responsibility
Usually, causal, role and legal responsibilities are exclusive in nature;

this means that if a particular individual is held responsible under
these categories, then another individual would not be judged as being
responsible.
However, moral responsibility is different; it is usually shared among

different groups of people. For example, several engineers may be held
jointly responsible for the product safety of the device or machinery that
they designed. This responsibility is not limited to the safety engineers.
In addition, rather than allocating blame for failures, moral responsibility

is more concerned with what individuals should do in future (as opposed
to pointing fingers). From a moral perspective, it upholds responsibility
as a virtue.
Under moral responsibility, ’’a responsible person’’ is deemed as being

careful, considerate and honest. At the same time, an ’’irresponsible
person’’ is held to be reckless, inconsiderate and dishonest. A sharing
of responsibility is assumed whenever a few individuals collaborate in a
group, for example, in a software engineering team.
In a situation where moral responsibility is shared among different

individuals, it does not mean that no one in the group is to be held
responsible at all. It simply means that each member of the group is
responsible to fellow group members and also to outsiders whom the
group’s work might have an effect upon, both by the individual’s own
work and also by the team’s collective effort.
Let us take the example of a multi-individual team carrying out IT network

monitoring tasks. Say that the team has wrongly analysed network traffic,
resulting in an incorrect interpretation of the network data. If the members
fail to carry out a re-analysis of the traffic information on their own (after
knowing of their error), they have the responsibility to obtain the help of
an external network expert who can analyse the data correctly. Various
team members might co-operate with the expert via different methods.
However, they should all be held accountable on an individual basis for
correcting their mistakes.
In addition, the team is ethically responsible in a collective manner to

inform readers of the team’s original (flawed) report about the mistakes
and to inform them of the corrections that have been made. Remember
that moral responsibility due to reckless and negligent behaviour is not
reduced by good intentions or just because nothing bad has happened.

The following are further examples of moral responsibility:
1. A software developer fails to properly test a module for a

telephone-based switching system, and as a result the
module fails.
2. A cybercriminal installs a keystroke logger on a computer

to steal passwords. Even if the logger fails to correctly record
keystrokes, the cybercriminal is still responsible from a moral
perspective for trying to invade another person’s privacy.
3. An engineer comes across a design mistake that could cause

anyone who tries to replace a memory chip on a motherboard
to suffer an electric shock. In this case, even if the engineer
was only given the specific task of checking the electrical-
based safety of the memory chip and not the motherboard,
the engineer still has a moral responsibility to immediately
alert his superiors and colleagues to the design flaw. It is
important to note that the engineer can be held responsible
for failing to act.
Additional responsibilities of computing

professionals
Responsibilities to clients and users
Whether a computing professional works under an individual (e.g., in a

start-up) or is part of a large company, he or she is responsible for carrying
out the tasks assigned in a competent manner and as per professional
standards.
Professional standards are not limited to excellence in technical matters

but also involve care pertaining to the social effects of computer systems
on users and other members of the public. In assessing the features
and risks of computer systems, computing professionals must exercise
honesty and competence.

It is important for computing professionals to report all their findings
in an honest and accurate manner. In the process of designing a new
computer system, computing professionals must take into account not
only the requirements of the client but also how the system might affect
the quality of life of users and other members of the public. For instance,
a developer who designs a hospital information system should enable
rapid access to doctors and medical professionals while at the same time
ensure that the medical data of patients is given adequate protection
from unauthorised access.
An example of risk management in a professional responsibility setting is

seen in Figure 4.4. On a scale of 1 – 25, a 1 would mean minimal impact
on the software (and would accordingly need minimal action), while a
25 rating would indicate highly critical impact necessitating immediate
follow-up action.
Figure 4.4 Risk management in a professional responsibility setting

Source: https://michaellant.com/2010/06/04/five-simple-steps-to-agile-risk-
management/

Computing professionals have extensive freedom in choosing how to
adhere to software and hardware requirements. As long as they reach
the basic performance standards pertaining to speed, functionality and
reliability and stay within the stipulated budget, they generally have no
issues with upper management or users. For example, a search engine
developer creating software for an online retail company might opt to
display the higher-priced items first.
Responsibilities to employers
The majority of computing professionals are not self-employed. Hence,

their employment relationship is based on an employment contract,
whereby they promise to work for and on behalf of their employer and
in return they receive payment and/or benefits.
In the course of their work, computing professionals may gain access

to their employer’s sensitive information including patents, copyrights
and trade secrets. Hence, it is absolutely essential for computing
professionals to keep this information confidential. Under an employment
contract, computing professionals cannot obtain profit directly from the
usage or sale of IP including patents, copyrights and trade secrets that
were developed under their employer.
All employees are expected to work for and on behalf of their employers
in a loyal fashion. Most importantly, computing professionals must be
alert to various possible conflicts of interest. These are situations where
they may owe their loyalty to third parties.
A conflict of interest may result when a computing professional is asked

to pass judgment or perform a task but the computing professional has
financial or personal interests that may affect his or her judgment or the
proper performance of the task. For instance, a computer professional
named Johan may be asked to purchase certain equipment for his
company through a bidding process. However, one of the bidding vendors
has familial ties to him. In such a scenario, the familial relationship may

result in Johan displaying bias during the bidding process. Thus, Johan
should recuse himself; that is, he should remove himself from the bidding
process and request that another qualified individual take over.
Responsibilities to other professionals
Everyone is entitled to respect from others. Similarly, when professionals

have dealings with each other, they should show a type of respect defined
as collegiality. As an example, when one computing professional uses
the ideas of another professional, the former should immediately give
credit to the latter. This is similar to writing a research paper, in which the
author must properly give credit to sources by adequately citing them.
Unless this is done in a correct manner, a professional can be accused

of plagiarism. Professionals consider plagiarism as highly unethical as it
indicates that their ideas were stolen from someone else. As computing
professionals commonly work in teams, it is important for them to follow
professional standards of behaviour.
Such standards of practice are created by members of the computing

industry. As an example, a standard for variable naming in code is
implemented in the software development industry. By adhering to this
standard in coding, a computing professional can simplify the work of
other computing professionals who may need to maintain, modify and
fix the code later.
Code of ethics
It is important to be able to differentiate between laws and ethics. Laws
are different from ethics in that laws are set out in written form, passed
by a legislature elected by voters (e.g., Parliament) and are subsequently
interpreted by judges in the courts. Laws apply to all individuals and are
enforced by the relevant authorities.

Ethics are defined principles which are not (usually) written down, and
are interpreted by philosophers, religious authorities and professional
bodies. Ethics are followed as a personal choice and cannot really be
enforced (except by professional bodies). From a computer industry
perspective, ethics act as a method of ensuring proper and fit behaviour
within the industry.
The differences between ethics and laws are outlined in Figure 4.5.
Ethics Laws
Acts as guidelines to computer users. Acts as rules that control computer

users.
Computer users are free to follow or Computer users must follow the
ignore the code of ethics. laws.
They are universal and can be applied They depend on the country and
all over the world. state in which they are enacted.
They are meant to produce ethical They are meant to prevent the misuse
computer users. of computers.
It is immoral not to follow ethics. It is a crime not to obey laws.
Figure 4.5 Differences between ethics and laws
Computer laws and ethics
Various laws are passed to control and regulate the usage of computers
and online resources. Even so, legal matters in the technology industry
are not often as straightforward as they may seem. This is because
technology and the Internet are developing constantly and this results in
various complex legal and ethical issues. These legal and ethical issues
have an effect on various areas of computing technology and the Internet,
including privacy issues, data sharing, hacking and environmental issues.

Privacy issues
What is the data or information that we can classify as private and how
is the ownership of such data or information established? For instance,
personal pictures that are uploaded by people on social networks may
become the legal property of a social network company. Therefore, it is
important to identify the level at which such private data can be used
and the purpose of use. For general users, uploading highly personal
information is discouraged, as it may end up in the hands of various third
parties and remain on the Internet for a long time.
Data sharing
There are various anti-piracy laws concerning the distribution of movies

and other types of media (including music). It is unlawful to rip a DVD or
CD that is still under copyright and to share its content online. However,
it is not easy to enforce such laws, as peer-to-peer (P2P) file-sharing
technology and various websites enable file sharing.
Hacking
The term “hacking” has both positive and negative connotations. Hacking
may be activities that involve an irregular use of or an attempt to infiltrate
a computer system. From a negative perspective, hacking can be used
to discover weaknesses in computer systems in order to locate and steal
sensitive data. Hacking can also be positive, in that it can be used to:
1. Carry out vulnerability testing on the security of a system.
2. Find innovative or new methods of using a system or program.

3. Discover and expose security risks contained in programs
and websites.
4. Fix or work around system bugs.
Hackers who hope to achieve positive goals are called “white hats” while
those engaging in criminal activity are called “black hats”.
Code of ethics in computing
A code of ethics lays out ideals which professionals can strive to meet.
It can inform new members of their professional obligations and educate
members of the public on how they can expect professionals to behave.
A computing code of ethics establishes a standard of conduct for

computing professionals and lays out the grounds upon which computing
professionals who contravene this standard may be removed.
Most importantly, a code of ethics may assist individuals in making the

right choices in difficult situations. For example, as all engineering or
computing codes of ethics focus on the safety and well-being of people,
an engineer or computing professional may raise objections regarding
unsafe practices, not just as a matter of conscience but also because
such objections are fully backed by their profession.

Foundations of computer ethics
The foundations of computer ethics were laid down during World War
Two and have subsequently been developed into what we have today.
A Massachusetts Institute of Technology (MIT) professor named Norbert
Wiener planted the seeds of ethics in the computing industry in his book
Cybernetics (1948: 27 – 28). He wrote:
“It has long been clear to me that the modern ultra-rapid computing
machine was in principle an ideal central nervous system to an
apparatus for automatic control; and that its input and output need
not be in the form of numbers or diagrams but might very well
be, respectively, the readings of artificial sense organs, such as
photoelectric cells or thermometers, and the performance of motors
or solenoids...
We are already in a position to construct artificial machines of almost

any degree of elaborateness of performance. Long before Nagasaki
and the public awareness of the atomic bomb, it had occurred to
me that we were here in the presence of another social potentiality
of unheard-of importance for good and for evil.”
In 1976, a new branch of applied ethics was developed by Walter

Maner, who was at that time teaching a medical ethics programme. He
defined the term “computer ethics” based on the Wiener-Maner-Gorniak
hypothesis:
“Computer ethics will become a new universal, global ethics, and

so will become the ’ordinary’ ethics.”

In addition, various professional organisations in the USA, including the
Association for Computing Machinery (ACM) and the Institute of Electrical
and Electronic Engineers (IEEE), have developed codes of ethics, new
curriculum guidelines and accreditation standards to assist computer
professionals to better appreciate and manage ethical requirements.
Both the IEEE and ACM have followed codes of ethics for the benefit
of their respective members. The ACM code that was instituted in 1992
encompasses “general moral imperatives”, including “avoid harm to
others” and “be honest and trustworthy”. This code also contains more
specific professional responsibilities such as “acquire and maintain
professional competence” and “know and respect existing laws pertaining
to professional work.”
For the IEEE, their code of ethics (1990) encompasses principles including
“avoid real or perceived conflicts of interest whenever possible” and “be
honest and realistic in stating claims or estimates based on available
data.”
The Accreditation Board for Engineering Technologies (ABET) has long

stipulated that an ethics component is to be included in taught computer
engineering programmes. In 1991, the Computer Sciences Accreditation
Commission/Computer Sciences Accreditation Board (CSAC/CSAB)
mandated that a significant part of computer ethics be part of any
computer sciences degree programme.
Hence, it is clear that professional organisations in the computer field

recognise and mandate standards of professional responsibility to be
followed by their members. For example, the following computing code of
ethics was created by the Computer Ethics Institute (written humorously
with a bit of archaic language; just replace the “thou” with “you” and the
“shalt” with “shall”):
1. Thou shalt not use a computer to harm other people.
2. Thou shalt not interfere with other peoples’ computer work.

3. Thou shalt not snoop around in other peoples’ computer files.
4. Thou shalt not use a computer to steal.
5. Thou shalt not use a computer to bear false witness.
6. Thou shalt not copy or use proprietary software for which

thou have not paid.
7. Thou shalt not use other peoples’ computer resources without

authorisation or proper compensation.
8. Thou shalt not appropriate other peoples’ intellectual output.
9. Thou shalt think about the social consequences of the

program thou are writing or the system thou are designing.
10. Thou shalt always use a computer in ways that ensure

consideration and respect for your fellow humans.
Activity 4.6
What is the code of ethics created by the Association of Computing

Machinery?

Summary
In this section, you learned about moral responsibility in computing

and the ethical responsibilities of computing professionals. You
also examined the elements of the computing code of ethics
created by the Computer Ethics Institute.
Self-test 4.4
Differentiate between the concepts of moral responsibility and

legal responsibility by using real-world examples.
Suggested answer to activity
Feedback
Activity 4.6
For the code of ethics created by the Association of Computing

Machinery, please refer to: https://www.acm.org/about-acm/acm-
code-of-ethics-and-professional-conduct

4.5 Computers and the
Environment
Objectives
1. Explain the impact of computing on the environment.
2. Suggest methods to manage and dispose of computer

waste in ways that minimise the impact on the
environment.
Introduction
Computers and gadgets such as mobile devices have become inseparable
parts of modern life. These devices have undeniably made our lives
easier in many different ways. However, it is also important to consider
the impact of computing on the environment, particularly the results of
the production, use and ultimate disposal of these devices.
Manufacturing these devices requires massive amounts of chemicals,

fuels and water. Hence, the important question facing us today is: How
should we manage the environmental impact of computing?

Understanding and managing the impact of
computing on the environment
In the excitement and enthusiasm of developing, launching and using new
computing technologies, we sometimes fail or neglect to fully understand
and analyse the effects and impacts of computing on the natural world.
Thus, we must first learn how technology can harm the environment.
How technology can harm the environment
A large part of the computing technologies that we use today consumes

a disproportionately large amount of power and resources. Therefore,
manufacturing and using these technologies can adversely affect the
environment. The following are ways in which computing technology
can affect the environment:
1. The generation of waste — Manufacturing produces a huge

quantity of waste and used electronics components and
computers are disposed of when they malfunction or become
outdated. This category of waste is defined as “techno-trash”, as
the components and computers consist of various types of
dangerous materials that are detrimental to the environment
(Figure 4.6). Hence, this type of waste needs to be properly
disposed of using special techniques to avoid polluting the
environment.
2. The over-consumption of resources — Non-renewable

resources, such as rare metals like cadmium and gold, are
used to produce devices like computer chips. Other raw
materials like coal are used to generate the electrical power
that is needed to use technological devices. Renewable
resources, including water, are increasingly becoming
contaminated or are being consumed faster by human beings
than they can self-renew.

3. Air pollution — Air pollution is a nasty side effect resulting from
the uncontrolled production and use of technology. Factories
and power stations spew smoke into the atmosphere.
4. Hazards to health — Electronic devices contain toxic materials

that are detrimental to our health and may cause cancer, while
addiction to technology (and the accompanying sedentary
lifestyle) can cause various health problems including obesity
and heart problems.
5. Disrupting the ecological balance — Due to rapid

industrialisation, the land where plants and animals live (natural
habitats) is often cleared to construct factories to manufacture
computing devices. Furthermore, the computing industry
produces pollution that can contaminate our food chain and
negatively affect the natural cycles of the environment.
Figure 4.6 Electronic waste or techno-trash

We can encourage computing hardware manufacturers to be
environmentally friendly by choosing to purchase only energy-efficient
and less hazardous devices from vendors. We can also support “green”
companies that focus on protecting the environment. In fact, we can
also contribute to mitigating the environmental impact of computing
devices by reducing waste and by disposing of our devices and electronic
components in a safe and proper manner.
Toxic techno-trash
Techno-trash, which is also called electronics-based waste or e-waste,

consists of malfunctioning, non-functioning or unwanted electrical and
electronic components or devices. It is currently the most rapidly-growing
type of waste.
Disposing of techno-trash together with ordinary rubbish means that it

ends up in a waste dump. This is serious because almost all electronic
components have non-biodegradable materials, and most of these
components contain heavy metals and/or toxic materials such as lead,
cadmium and mercury.
These toxic materials may ultimately seep into the ground and
contaminate our drinking water and edible plants, and affect the fauna
in the surrounding areas. Thus, many developed countries have banned
techno-trash from waste dumps.
From a human perspective, these toxic materials can cause various

adverse effects including vomiting and diarrhoea, and may be
carcinogenic in the long run (if humans keep accumulating toxins by
eating and drinking contaminated water and food).
To protect the environment, it is important to avoid dumping techno-trash

with the rest of our household’s rubbish. Proper separation of our waste
material is crucial, and this is something that we can all do.

Carbon emissions
Carbon emissions consist predominantly of carbon dioxide and carbon

monoxide, which are called greenhouse gases. These gases are produced
by human actions. Greenhouse gases in the atmosphere trap and
subsequently reflect heat and radiation back to the surface of the planet.
Scientists believe that over the last 100 years, the quantity of greenhouse
gases in our atmosphere has shot up tremendously as a result of carbon
emissions. Carbon emissions come from industrial plants, vehicles and
power plants. Carbon emissions also come from human beings and
current livestock farming methods. All of these contribute to serious
global warming.
From a computing perspective, the computer or mobile device that we

are using to read this unit itself uses electricity. In short, everyone is guilty
to some extent of contributing to carbon emissions. However, if we use
technology in a more “green” manner, we can reduce our impact on the
environment.
How to manage and dispose of computer waste

The following are guidelines on how to manage and dispose of computer
waste.
Guideline 1: Ensure the sanitisation of your computer hard drives first
Before recycling your computer, you must remove all sensitive data
contained on the hard disk. Usually, most people will simply try to erase
their data. However, doing this only partially erases the data.
Cybercriminals can discover this “deleted” data (in the “Recycle Bin”
for instance), and use the data for their illegal purposes. Therefore, to
ensure full protection against this, you need to install and run software
that can “sanitise” your hard disk before disposing of it.

Such sanitisation software can be downloaded online. They work by
replacing all data with random characters and numbers.
Guideline 2: Think of donating your mobile devices
Another great option is to donate rather than dispose of your old mobile
devices. Old but functional mobile devices can be useful to the poor.
Guideline 3: Understand the possible financial returns from recycling

techno-trash
It is important to note that electronic components contain various

precious metals such as cadmium, gold and silver. Hence, techno-trash
can actually be valuable. Hence, recycling and recovering these precious
metals may be a possible way to earn money and help the environment
at the same time.
In Figure 4.7, we can see that computers and electronic devices are
constructed from metals, plastics and glass among other things. Once
these devices are earmarked for recycling, the first step involves manual
disassembly, which means deconstructing the devices into their smallest
components.
The components are then put through a shredding and granulating

machine. Finally, via magnetic and eddying methods, the recycled
materials are separated into base metals, plastic pellets and processed
glass among other things. All the recycled materials can then be used
to manufacture new computers and electronic devices.

Figure 4.7 Recycling computers and electronic devices
Source: Green Star of Interior Alaska (http://www.iagreenstar.org)
Web Reference
It was reported that 20 million tonnes of e-waste are thrown

away annually around the world (The New Ecologist 2010). To
get a better perspective of recycling in general, please go to the
following web page:
http://www.thenewecologist.com/2010/04/recycling-statistics/

Guideline 4: Reuse ink cartridges
Many businesses that sell brand new ink cartridges for printers can fill
up our old ink cartridges for a tiny fraction of the original cost. From an
environmental perspective, every ink cartridge that we dispose of may
require 400 to 1000 years to fully decompose.
However, not all ink cartridges allow for refills, and even cartridges that
have been filled up before will eventually break down after repeated use.
Once this occurs, we can recycle them.
Activity 4.7
Find and describe two hard disk sanitation methods available on

the market today.
The positive impact of technology on the

environment
While a large part of the impact of computers and technology has
unfortunately been negative to the environment, there are still several
positive elements to be noted here. The following are several ways in
which technology is contributing positively to the environment:
1. Technology assists us in creating “smarter” devices that can

learn from how we live and use them, and then adjust
themselves to reduce their environmental impact. For example,
smart lighting systems know when no one is in a room and
automatically turn off the lights.

2. Technology assists us in developing and producing new
materials and technologies that are sustainable and do not
result in adverse effects on the environment.
3. Technology can be used to effectively monitor and analyse

the environment in order for us to better understand the
impact of our actions (from an environmental perspective) on
the world.
4. Technology allows us to build a worldwide virtual laboratory,

which enables experts from different fields to share ideas
and collaborate on research to create more environmentally
friendly technologies.
5. Technology enables paperless communication via email and

online banking, which can reduce the number of trees that are
cut down annually.
6. Technology allows companies to reduce their shipping and

manufacturing impact on the environment by improving
logistics and creating online global marketplaces (e.g.,
Amazon).
Web Reference
Read the following article to learn more about managing and

disposing of computer waste:
https://pubs.usgs.gov/fs/fs060-01/fs060-01.pdf

Summary
In this section, you learned that computers and gadgets such as

mobile devices have a strong impact on the environment as a
result of their production, use and ultimate disposal. Accordingly,
it is important to manage and dispose of techno-trash through
recycling. By doing this, we can minimise the impact of techno-
trash on the environment.
Self-test 4.5
Assume that you are running a major IT company. Your company

is in the midst of replacing 100 computers currently used by your
engineers. What is the most environmentally positive way to
dispose of the old computers in your organisation?

Suggested answers to activity
Feedback
Activity 4.7
The hard disk sanitisation options available include:
1. Drive eRazer Ultra
(https://www.cru-inc.com/products/wiebetech/wiebetech_
drive_erazer_ultra/)
This is a stand-alone device that completely cleans hard

drives.
2. DBAN hard drive eraser
(https://dban.org/)
This is software that cleans hard drives.
The Drive eRazer Ultra is a hardware-based solution whereas the

DBAN hard drive eraser is a software-based solution.

Summary of Unit 4
Summary
The first section of this unit explored the various types of

cybercrimes and the precautions to be taken against them. The
second section outlined cyberlaws and discussed the need for
such laws. Intellectual property rights and professional ethics were
covered in the third section. The fourth section examined moral
responsibility and codes of ethics in computing. The negative
impacts that computers and other electronic devices have on
the environment and how to mitigate them were discussed in the
final section.

Suggested Answers to Self-tests
Feedback
Self-test 4.1
Phishing attacks are the biggest threat to online banking. Phishing

uses spam, fake websites, crimeware and other methods to
mislead the bank’s online customers into divulging their sensitive
banking data.
Cybercriminals carry out phishing attacks on online banking users

in order to defraud users of their savings. Alternatively, they may
sell the information on the online black market (online identity
theft).
Phishers can start their attack by forwarding messages to the

bank’s online customers. Such messages or emails may appear
to have originated from the bank. These messages can even have
the bank’s name and logo. Written in an urgent professional style,
these emails can request that the bank’s customers provide their
banking data. Alternatively, the emails may direct our customers
to a fake bank website. This fake website may look real and
the URL may be masked to appear authentic to unsuspecting
customers. The fake website may ask our customers to provide
their confidential data (e.g., banking data, passwords, etc.).

To prevent such attacks, the bank should regularly update online
customers on the latest phishing scams. The bank should also
inform customers that they will never be asked to communicate
their confidential information via email. Most crucially, customers
should be asked to refer to the bank when they are in doubt about
anything, and not rely on external sources which are likely to be
dubious.
Self-test 4.2
You can prepare a plan of action that adheres to the Personal

Data Protection Act 2010 by taking into account the following
principles:
1. The General Principle: Any processing of a person’s personal

data must involve prior consent from the person in question.
2. The Disclosure Principle: A user of data cannot disclose

personal data to another user (a third party) without the prior
consent from the subject.
3. The Security Principle: A user of data must take all required

steps to ensure the protection of personal data from any
misuse and/or unauthorised access by any other party.
4. The Retention Principle: A subject’s personal data cannot

be stored longer than is absolutely necessary.
5. The Notice and Choice Principle: A user of data must first

notify the subject regarding the purpose behind the collection
of data. The subject has the right to refuse to provide the
data.

6. The Data Integrity Principle: A data user needs to take all
necessary steps to ensure the accuracy of the data.
7. The Access Principle: A subject should be provided with

access to his or her personal data and be allowed to make
corrections if necessary.
Self-test 4.3
Lucas can:
1. Apply for a patent as his device is a unique, first of its kind

battery-powered walker for little children. His invention is
truly novel, unique and non-obvious.
2. Apply for trademark protection for the uniquely named and

designed “Tiny Tot Walker Stroller” brand name and corporate
logo. The unique brand name and corporate logo will enable
his product to be differentiated from the products of other
companies.
Self-test 4.4
An antenna engineer at a smartphone company could be held

legally responsible if he has knowingly designed a transmission
antenna that emits dangerous amounts of radiation.

Moral responsibility would occur in a scenario where a software
engineer in the same smartphone company discovers the
dangerous levels of radiation emitted by the transmission antenna
designed by the antenna engineer. It is her moral responsibility
to alert the antenna engineer and the company to the radiation
issue. The company then has a moral responsibility to recall the
smartphone with the dangerous transmission antenna.
Self-test 4.5
If the computers are still usable, they should be donated to the

poor, students and any one else who needs them but cannot
afford them. This would be a responsible move that enables the
underprivileged sections of society to use the computers in a
productive manner.
If the computers are not usable, recycle the techno-trash. The

electronic components within these computers contain various
precious metals such as cadmium, gold and silver. Hence, techno-
trash can actually be lucrative. Recycling involves:
1. The manual disassembly or the deconstruction of the

computers to their smallest components or parts.
2. The separate components or parts would subsequently be

put through a shredding and granulating machine.
3. Using magnetic and eddying methods, the recycled materials

are separated into base metals, plastic pellets and processed
glass among others.
4. All these materials can then be used to manufacture new

computers and electronic devices.

References
Computer Ethics Institute (2017) Ten Commandments of Computer Ethics,
http://computerethicsinstitute.org/publications/tencommandments.html
(Accessed 3 Oct 2017).
Norton (2016) What is Cybercrime? https://us.norton.com/cybercrime-

definition (Accessed 29 Sept 2017).
The New Ecologist (2010) Recycling Statistics: Only Paper or Burning

Issues In Our Public Conscience, http://www.thenewecologist.
com/2010/04/recycling-statistics/ (Accessed 3 Oct 2017).

Glossary
Bot A computer application that performs
an automated task.
Copyright A form of intellectual property protection

provided by the laws of a country.
Cyber A prefix that is used to describe

something that is made possible
because of the spread of computers and
related technology (e.g., cybercrime).
Ethics A system of moral principles.
Laws Rules, usually made by a government,

that are used to control behaviour in a
society.
Patent A set of exclusive rights granted by

a country to an inventor for a limited
period of time.
Phishing The illegal process of sending out

emails or messages that attempt
to deceive people into revealing
their personal information such as
passwords and bank account details.
Recycle The process of converting waste

material into usable material.

Trademark A recognisable sign, design or
expression that identifies a product or
service of a particular company and
differentiates it from those of other
companies.
Trojan (computer) A type of computer malware that

is disguised as legitimate software;
usually used by cybercriminals to gain
access to computer systems.
Worm (computer) A standalone computer malware

program that replicates itself to spread
to other computers, usually through
computer networks.

COURSE TEAM
Course Team Coordinator: Ms. Azrina P. Jamal Mydin
Content Writer: Mr. Saravanesh Supramaniam
Instructional Designer: Mr. Yeap Hock Aun
Academic Members: Dr. Ooi Chia Yi, Prof. Phalachandran Bhandigadi and Ms. Deehbanjli
Lakshmayya
COURSE COORDINATOR
Ms. Tan Cheng Peng
EXTERNAL COURSE ASSESSOR

Associate Professor Dr. Norhaziah Md. Salleh, Universiti Teknikal Malaysia Melaka
PRODUCTION
In-house Editor: Mr. Yeap Hock Aun
Graphic Designer: Ms. Audrey Yeong
Wawasan Open University is Malaysia’s first private not-for-profit tertiary institution dedicated to
adult learners. It is funded by the Wawasan Education Foundation, a tax-exempt entity established
by the Malaysian People’s Movement Party (Gerakan) and supported by the Yeap Chor Ee Charitable
and Endowment Trusts, other charities, corporations, members of the public and occasional grants
from the Government of Malaysia.
The course material development of the university is funded by Yeap Chor Ee Charitable and
Endowment Trusts.
© 2017 Wawasan Open University
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or
transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or
otherwise, without prior written permission from WOU.
Wawasan Open University [DU013(P)]

Wholly owned by Wawasan Open University Sdn. Bhd. (700364-W)
54, Jalan Sultan Ahmad Shah, 10050 Penang.
Tel: (604) 2180333 Fax: (604) 2279214
Email: enquiry@wou.edu.my
Website: www.wou.edu.my

Computers in A Networked Society U4

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Computers in A Networked Society U4

Uploaded by

Copyright:

Available Formats

WUC 118/03

Famous cybercrime attacks in Malaysia 11

Malaysian cybercrime statistics 12

How to avoid becoming a victim of cybercrime 13

Suggested answers to activities 17

What are cyberlaws? 19

The need for cyberlaws 21

Cyberlaw Acts in Malaysia 21

Suggested answer to activity 26

4.3 Intellectual property 28

Patents and trademarks in Malaysia 30

Suggested answers to activity 36

4.4 Professional ethics in computing 37

What is moral responsibility in computing? 38

The responsibilities of computing professionals 39

Additional responsibilities of computing professionals 42

Suggested answer to activity 52

4.5 Computers and the environment 53

Understanding and managing the impact of computing on the 54

How to manage and dispose of computer waste 57

The positive impact of technology on the environment 60

Suggested answers to activity 63

Suggested answers to self-tests 65

1. Discuss the various types of cybercrime.

2. Explain the need for cyberlaws.

3. Identify the various types of intellectual property rights.

4. Describe the codes of ethics for computing.

5. Explain how to manage and dispose of computer waste.

1 WUC 118/03 Computers in a Networked Society

By the end of this section, you should be able to:

2. Explain the different categories and types of cybercrime.

3. Describe how to avoid falling victim to cybercrime.

UNIT 4 Legal and professional issues in computing 2

To put the severity of cybercrimes in context, a person’s online identity

The following are common cybercrimes:

1. Online theft and fraud

3. Personal data theft

5. Cyberstalking and cyberbullying

Certain cybercrimes are larger in scale and are known as “cyberattacks”.

3 WUC 118/03 Computers in a Networked Society

A major part of cybercrime consists of intrusions into business and

Other acts of cybercrime

Cybercrimes also involve the use of computers and networks to send or

Megaupload was sued for copyright infringement because it allowed

UNIT 4 Legal and professional issues in computing 4

In many cases of cybercrime today, computers or computer networks

A common type of attack is the Distributed Denial-of-Service (DDoS)

The various types of cybercrime can be better studied and understood

Type 1 cybercrimes involve the theft and/or manipulation of information

5 WUC 118/03 Computers in a Networked Society

Another Type 1 cybercrime is “phishing”. This happens when unsuspecting

Hackers may carry out Type 1 cybercrimes by making use of inherent

Type 2 cybercrimes are of a higher level of severity and encompass

Type 2 cybercrimes consist of a continuous series of events that involve

There are instances where cybercriminals use hidden messages to

UNIT 4 Legal and professional issues in computing 6

The term “bot" is actually a shortened version of the word “robot”.

Bots carry out a variety of illegal automated steps or tasks on behalf

Bots used by cybercriminals spread globally by targeting computer

7 WUC 118/03 Computers in a Networked Society

Trojan horse attacks

Trojan horse attacks are similar to an attack that is described in ancient

UNIT 4 Legal and professional issues in computing 8