UNIVERSITY OF DAR ES SALAAM

COMPUTER SCIENCE AND ENGINEERING

IS 063: Professional Issues in Information Systems Practice
TUTORIAL
Instructor: Ms. Diana Rwegasira

1. Briefly explain the following terms:

 Information rights and obligation
 Property rights and obligations
 Accountability and control
 System Quality
 Quality of life
2. What ethical, social and political issues are raised by information system?
 Explain how ethical, social and political issues are connected and give some
examples
 List and describe the key technological trends that heighten ethical concerns
 Differentiate between responsibility, accountability and liability
3. What specific principles for conduct can be used to guide ethical decisions?
 List and describe the steps in and ethical analysis
4. Privacy and Information system
 Define privacy and its real practical examples
 Explain how internet challenges the protection of individual privacy and
intellectual property.
 Explain how informed consent, legislation, industry self-regulation, and
technology tools help protect the individual privacy of internet users
5. How have information systems affected everyday life?
 Explain why it is so difficult to hold software services liable for failure or injury?
 List and describe the principal causes of system quality problems
  Name and describe 4 quality of life impacts of computers and information
systems
6. Discuss how technology impacts our quality of life and describe some of the negative
social consequences of systems.
7. Explain the concept of privacy and what the Tanzania government is doing to help
protect individual online privacy.
8. Discuss how technology impacts our quality of life and describe some of the negative
social consequences of systems.
9. Discuss the importance aspects of security when developing the management information
system of health, water sector and agriculture. Reflect your discussion in Tanzania
community.

Scenario Questions

1. Your supervisor is very busy and asks you to log into the HR Server using her user-ID and
password to retrieve some reports. What should you do?

a) It’s your boss, so it’s okay to do this.

b) Ignore the request and hope she forgets.

c) Decline the request and remind your supervisor that it is against UC policy.

2. You receive the following email from the Help Desk:

Dear UCSC Email User,

Beginning next week, we will be deleting all inactive email accounts in order to create
space for more users. You are required to send the following information in order to
continue using your email account. If we do not receive this information from you by the
end of the week, your email account will be closed.
*Name (first and last):
*Email Login:
*Password:
*Date of birth:
*Alternate email:
 Please contact the Webmail Team with any questions. Thank you for your immediate
attention. What should you do?

3. A friend sends an electronic Hallmark greeting card (e-card) to your work email. You need
to click on the attachment to see the card. What should you do?

4. One of the staff members in ITS subscribes to a number of free IT magazines. Among the
questions she was asked in order to activate her subscriptions, one magazine asked for her
month of birth, a second asked for her year of birth, and a third asked for her mother's
Maiden name. What do you think might be going on here?

5. We saw a case a while back where someone used their yahoo account at a computer lab on
campus. She made sure her yahoo account was no longer open in the browser window
before leaving the lab. Someone came in behind her and used the same browser to re-access
her account. They started sending emails from it and caused all sorts of mayhem. What do
you think might be going on here?

6. You receive an email from your bank telling you there is a problem with your account. The
email provides instructions and a link so you can log in to your account and fix the problem.

Cases

1. Security or Privacy: Which Takes Precedence?

Concerns are being raised that the confidential medical data of British Columbians could wind
up in the hands of U.S. authorities if the provincial government proceeds with plans to outsource
the administration of the province’s Medical Services Plan to an American company. The B.C.
government has short-listed two companies, IBM Canada and Virginia-based Maximus, to take
over administration services of the Medical Services Plan (MSP) and the PharmaCare program.
A legal opinion obtained by the B.C. Government and Service Employees’ Union (BCGEU) says
Canadian subsidiaries of U.S. companies are subject to the Patriot Act. Passed in the U.S. after
the September 11, 2001, terrorist attacks, the act requires a company with access to documents
sought by the FBI to turn them over, without informing the owner of the information of the
release. BCGEU President George Heyman said the union has filed a judicial review seeking to
stop the privatization from proceeding, arguing that it is unacceptable to let a private company
have access to sensitive medical information. “In addition to worries about how this will affect
our health-care system, there are serious issues of personal privacy,” said Heyman. “Putting an
American company or even an affiliate in charge of our health-care system will give it access to
private information about every British Columbian.”

The outsourcing is being handled by the Ministry of Management Services, which also has
responsibility for privacy. Minister Joyce Murray said the government is taking the concerns
raised by the BCGEU seriously. After contacting the B.C. Privacy Commissioner and other
privacy offices across Canada, Murray said it became clear the Patriot Act wasn’t on the radar
screen and they decided to seek an expert legal opinion. Two potential experts have been short-
listed, and Murray said they expect to have an opinion within one month. “We’ve been very clear
from the beginning that the protection of individuals’ information is a high priority for this
government,” said Murray, noting BC already had strong privacy legislation in place. “We’ll
make sure that any concerns we receive with respect to this opinion about the Patriot Act are
incorporated within the structure of the final contract.” Murray said any concerns raised in the
legal opinion will be worked into the structure of the contract to ensure Canadian information
stays inside Canada. “It’s a fundamental issue that the information of Canadians on Canadian
soil is not accessible to other organizations from other countries,” said Murray. “We’re going to
ensure that contracts are structured such that we have that protection in place.”

John Beardwood, treasurer of the Canadian IT law association, doubts that the answer will be so
simple. Beardwood said believing privacy concerns raised by the Patriot Act could be overcome
in the contract would be “misstated and misthought,” and such a solution likely wouldn’t be
accepted by the vendor. “If I’m the vendor, I’m going to say to the customer there’s nothing I
can do about this,

I have to follow the law,” said Beardwood. “It’s a bit of a hard sell to expect a vendor to
indemnify the customer for any problems that might arise under Canadian law, given the fact
they’re following American law.” The issue for a U.S.–based

IT Company operating in Canada is the potential conflict between the U.S. Patriot Act, which
requires it to hand over the data without consent, and Canada’s Personal Information Protection
and Electronic Documents Act (PIPEDA), which requires consent. Beardwood said there are
exceptions to PIPEDA’s consent provisions. For example, if a government institution can show
reasonable grounds the information relates to a contravention of the laws of Canada or a foreign
jurisdiction, then consent may be waived. But that requires the FBI to work through Canadian
authorities, and Beardwood said, in his view, the vendor would still have to inform the customer.

With outsourcing becoming a major business for IT companies, the Information Technology
Association of Canada is following the case closely, and policy director Bill Munson said they’re
eagerly awaiting the legal opinion being sought by B.C. government. Munson said companies
doing business across borders with conflicting legislation is part of global business, but this case
appears to be different. Usually, he said, the laws of country A may be tight but there may be
some laxness in country B’s laws, creating some wiggle room. That may not be the case here.

Discussion Questions

 Which do you think should be accorded the highest priority: security or privacy? Is it
possible for both to coexist?
 Should firms operating in Canada be subject to foreign legislation? Why or why not?

2. Electronic Mail and Employee Monitoring

As time passes, more and more companies are providing Internet-based e-mail capabilities to
their employees. Companies typically provide Internet and e-mail access to employees with the
intention that it will be used for business only, or at least that non-business usage will be kept to
a minimum. In fact, more than 40 million employees in the United States now have e-mail
access, allowing them to send e-mail to anyone in the world who has an Internet connection. It
makes good business sense, for a variety of reasons, to provide these kinds of communication
capabilities to employees. However, it also poses a risk for companies who fear that employees
may spend valuable work time goofing off, illegally sharing important company information, or
infecting the corporation with a computer virus.

As a result, many companies, such as AFLAC of Columbus, Georgia, provide e-mail and
Internet access to employees, but also monitor their use and the messages that employees send
(DiSabatino, 2001). Monitoring employee behaviour is nothing new, and it was to many
businesses a natural extension to monitor e-mail messages. However, monitoring of employee e-
mail has become quite controversial.

Messages sent and received in the workplace via e-mail often contain personal information. Most
companies accept this type of interaction as healthy and necessary. However, many companies
feel that because they own the systems and network that carry the e-mail, and because the e-mail
is there for business purposes, they can monitor the e-mail messages of employees using the
system. In fact, several recent court case judgments have upheld corporations’ rights to monitor
their employees’ e-mail messages (Rosencrance, 2001), although the laws surrounding these
practices are somewhat “nebulous” (Rosencrance, 2004).

Surprisingly, there is little legal recourse for those who support e-mail privacy. In 1986,
Congress passed the Electronic Communications Privacy Act (ECPA), which offers far stronger
support for voice mail privacy than it does for e-mail communications. This act made it much
more difficult for anyone (including the government) to eavesdrop on phone conversations. E-
mail privacy is, thus, much harder to protect. In addition, no other laws at the federal or state
levels protect e-mail privacy. As a result, a recent study reports that companies monitor the e-
mail and Internet usage of more than one third of the Internet-connected workforce in the United
States (more than 14 million people). Worldwide, the number grows to more than 27 million
employees being monitored. It is likely that these numbers will continue to grow with the advent of
very sophisticated but inexpensive monitoring tools; it is projected that the average cost of
monitoring an employee for a year is $5.25, and this price is rapidly dropping (Rosencrance, 2001).
In fact, new tools have been developed that allow employers not only to examine traffic, but also to
remotely look through e-mail boxes, search for common words, and even delete or redirect messages
without notification or detection (Costello, 2001).

The monitoring of employee e-mail appears to be here to stay. However, as the technology makes it
easier for companies to examine the contents of both personal and work-related messages, the debate
over whether this is ethical will continue.

Discussion Questions

 Do you believe that it is ethical to transmit personal e-mail messages over company lines?
 Do you feel that e-mail should be protected by privacy laws such as the ECPA? Or are e-mail
messages company property?
 Now that you know that e-mail is not necessarily a private communication system, will this
change your use of e-mail in any way?
 If you were in charge of a large corporation, what would be your Internet and e-mail usage
policy for your employees?