The Role Ethics Has to Play in the Information Technology Industry - Literature review Example

THE ACS CODE OF ETHICS Insert Name Course Institution Instructor Date of Submission Communication for IT Professionals Abstract With the developing information technologies, the information rights issue has emerged as a controversial topic within the IT field. These technologies aim at enabling individuals to access information from any location provided that they are linked to a specified network. However, despite the unlimited accessibility, information access requires control whereby only authorised personnel are allowed to view the information. On the other hand, the information owner has a right to protect the provided information by restricting access to the particular information. The bone of contention arises on whether the author or system managers have the responsibility of ensuring information privacy is enforced. Introduction In the modern age, individual privacy is synonymous to the respect of basic human rights. Human freedoms, entitlements and rights have been central in the modern world and this has had an impact on individual privacy. Privacy refers to the basic right accorded to individuals to protect information or certain aspects such that no one else gets knowledge of its existence. The concept of privacy is diverse as it can be regarded in varying dimensions that include personal, informational, physical or organizational all of which aims to achieve diverse objectives. In the modern world, information technology has taken centre stage and this has served to threaten privacy both in individual and organizational terms. Information access and retrieval has been eased and this has made it almost difficult to fully protect information. Although technologies have been made available towards limiting access to information, some individuals have still managed to access this information and thus overcome privacy. Unauthorised individuals can access information and use it to achieve their own selfish goals. This essay therefore aims at enhancing the understanding of online security and establishes the role that ethics has to play in the information technology industry. The first article ‘Privacy and Security: An Ethical Analysis’ by Gregory Walters aims at enhancing individual understanding of the privacy concept. It summarises the Canadian laws that aim at ensuring privacy in information technology. Thereafter, the author highlights the various arguments that have been put forward by various scholars while trying to define privacy. Walters also analyses the factors that determine an individual’s privacy once information can be accessed online. He puts forward suggestions that can increase information privacy and its social impacts. The second essay titled, ‘ Usable Security and Privacy: A Case Study of Developing Privacy Management Tools’ by Brodie and Feng aims at identifying technological tools that can foster privacy. According to the authors, information especially intellectual information is a source of wealth and thus must be protected. The authors begin by defining privacy and highlighting its socio-economic value whereby they equate information to monetary wealth. Brodie and Feng (2005, p1) argue that privacy protection and control must be understood by the enforcers and followers for it to be effective. They also propose a framework that should be used by organizations and individuals in formulating privacy policies. This report aims at discussing the relevance of information privacy in the wake of developing information technologies, its ethical implications and its impact on the society. Article One Walters begins by identifying the lack of understanding in the extent to which individual privacy goes when it comes to formulating public policies. Efforts to justify the importance of privacy in the world or information were limited to human respect and independence. Policies in information technology fail to accord social value to privacy and as a result these policies have negatively impacted on social cohesion. However, governments have called for the cooperation of all stakeholders in IT to identify privacy measures and analyse their implications on ethics and the society at large. Flaherty (1991, p831) states that the unquantifiable nature of privacy renders it difficult to measure and its value is recognised once it is infringed (Walters, 2004). Despite the enormous debates on privacy, several developments have been undertaken towards protecting information and hence individual rights. These measures include establishment of information principles and autonomous information agencies that strive towards enhancing privacy. However, these measures are not adequate to enhance privacy protection in both the present and future modern worlds. Future demands of privacy will require the recognition of privacy as a good business practice by analysing all its negative consequences when left unprotected (Walters 2001, p8). A number of privacy solutions are bound to be established and it is therefore necessary to acknowledge their relevance and enhance strategic privacy protection for both the individuals and organizations. Critics of privacy term privacy as a concept that impedes social cohesion as personal privacy is equated to private ownership. This only serves to promote selfish behaviour within the society as individuals seek to gain from information they bear. Intellectual information may result into increased wealth among the bearers and this serves to widen the social gap between the wealthy and poor. Members of a society will not be able to fully socialise and barriers will be drawn within the society. Critics realise that societies exist as units whereby individual’s interact and assist one another in their own development as well as that of the society. Walters (2001, p9) notes that with personal privacy, cohesiveness within the society will eventually lack as the society further disintegrates into smaller social groups. Critics also realise that interpretations accorded to privacy involves balancing several elements that include; personal rights and responsibilities and social rights and responsibilities. This balance seems almost impossible especially with the present digital age. Towards defining privacy, no single definition can be provided and it all depends on the grounds upon which the definition is based. These definitions can emerge from legal, social science and philosophical spheres all of which have different views on privacy. Legally, privacy is acknowledged as a personal freedom whereas among social scientist, privacy is more of a social value. Marx (1999) notes that the ambiguous definition of privacy denies the legal enforcement of privacy laws. On the philosophical front, privacy is defined based on its entitlement as an individual right, their control over knowledge on the information and lastly on underlying relationships between individuals and organizations. All these different perspectives render it difficult to define privacy and develop relevant policies to address privacy protection. From these perspectives, Walters argues that in defining privacy, it all about a matter of identifying the values or interests underlying a matter and its various impacts on individuals and the society (2004, p10). Privacy as a basic human entitlement is not absolute and its extent is limited and in some cases can be applied to various degrees by different individuals. This is attributed to the different meanings and applications of privacy by individuals and organizations. According to the principle of human rights, individuals are bound to act in such a way that they do not interfere with the freedoms of others (Walters 2004, p12). However, this principle sets limits to individual freedoms and rights especially to protect members of the public from harm. Walters suggests that in formulating policies, it is important to identify policies that require generalised actions and those that require special actions (2001, p13). Privacy enhancing technologies require transparency to ensure the protection of individual rights and securities. However, these technologies fail to recognise the imbalance that exists between parties to a trade or individual and organizational informational needs (Walters 2001, p17). Privacy in information technology should be enhanced by emancipating the society on the need of information protection in the digital age. Its negative impacts on the society as put forward by the critics should be addressed by encouraging the members of the society to get consent from the owners which if achieved will boost social ties. Ethically, privacy will enable individuals to earn from their hard work and avoid instances where other individuals use information for their selfish gains hence effecting property rights. Article Two Brodie and Feng’s article states that in the 1980’s and 90’s, privacy was less of an issue as individuals and organizations focussed on enhancing information accessibility (2005, p35). However, in modern times as noted by the authors, privacy is more central in information technology towards ensuring that accessed information is used only for purposes that it is only allowed to serve. In order to integrate privacy policies and regulate information access and use, it is important to understand the basic policies that regulate the use of information (Brodie & Feng 2005, p35). This however requires the development of technologies that will eventually enhance the implementation of these policies. This article therefore seeks to develop a framework that encloses privacy policy formulation, implementation and evaluation within an organizational context. In the present environment, organizations base their decision making processes on information systems that gather, analyse, store and retrieve information. However, these systems have been subjected security breaches thus compromising on the integrity of information present within these systems. As a result, researchers have embarked on addressing these security breaches by developing useable security and privacy technologies. Despite the development of such technologies, they are not fully applicable in the modern environment. Whitten and Tygar (35) note that security mechanisms are effective when applied correctly (Brodie & Feng 2005, p35). Organizations need to develop information policies that are applicable and flexible with the internal operations adjustments of the organization. This will enhance the internal business processes and hence increasing its productivity. In developing information policies within the organization, the developers should not only ensure authorised access but also consider unauthorised informational purposes. Privacy has been found to have an ambiguous definition such that it has different meanings within different entities. Brodie and Feng (2005, p36) define privacy as an individual’s sole right to regulate the flow of information as opposed to isolation. Brodie and Feng analyse previous investigations pertaining to personal information and privacy preserving technologies. The authors focussed on previous researches that dealt with analysing the perceptions of various individuals on the safety of their information held within organizations that directly affects their willingness to share personal information (Brodie & Feng 2005, p36). They also looked at the technological advancements aimed at implementing the privacy policies and measures taken by organizations to protect the high amounts of personal information they have been provided with. The safety of consumer information should be ensured by the organization and held responsible whenever the information gets out. Most consumers feel threatened by the misuse of personal information provided to organizations. This has negatively affected organizations that mainly conduct their operations through e-commerce business structures. Respondents in a number of surveys indicated that they feel that organizations need to apply more measures in order to guarantee the safety of personal information provided by the consumers. Due to the validity of these consumer concerns, researchers embarked on developing machine readable privacy policies that enable end-users to understand the developed policies and organizations to enforce the policies. Among the developed privacy policy languages include the P3P and W3C (Hochheiser 2002, p277). These languages range from standardised to custom languages depending on the organization’s preference. Researchers have also proposed other privacy schemas for example APPEL that enhances an individual’s ability to assessing a site’s policies and its match with their privacy policy preferences. However, a major hindrance is the lack of a guarantee on the applicability of the policies by the organization. Although these languages can be used to identify the presence of privacy policies, researchers have embarked on developing enforcement mechanisms. These mechanisms aim at ensuring that end-users can enlighten themselves on sites that have enforced the privacy policies. Organizations on the other hand, are able to enforce their privacy policies to ensure the integrity of the provided consumer information. Proposed enforcement mechanisms have been based upon individuals and organizations. Where the mechanisms are based upon the individual, the individual specifies the purposes which the information can be put into use. Langheinrich suggests that organizations can adopt enforcement mechanisms to enforce privacy policies developed by the organization (2008, p418). Brodie and Feng suggest a privacy policy framework whereby a privacy policy authority utility is established to formulate the required private policies (2005, p38). These policies are stored in a machine in a readable format to enable the machine to execute the instructions. The machine readable policies are then utilised by the privacy enforcement mechanism that lies between the data storage centres and the application machines. This framework requires that the enforcement mechanism should be able to record the data access events and present them for evaluation. This aspect facilitates the evaluation of the individual or organization’s adherence to the formulated privacy policies (Brodie & Feng 2005, p.38). From the study conducted by Brodie and Feng, they identified various technologies that satisfied three fifth’s of the pre-determined privacy design concepts (2004, p38). The other two concepts are yet to be satisfied and this has negatively impacted on the organization’s or individual’s ability to enhance personal privacy. To address this issue, the authors suggested the SPARCLE prototype that enables organizations to develop, link, implement and evaluate their privacy policies (Brodie & Feng 2004, p39). Investigations on the applicability of the prototype revealed that users of privacy policies hardly understand the policies and thus inhibit their effectiveness. In relation to the privacy issue, this article lays the foundation upon which organizations can develop, enforce and review privacy policies. These policies should be enforced and should encompass the various aspects of the organization’s operations. As a result, this will increase the consumer’s confidentiality and enhance their willingness to provide personal information. Evaluation of Both Articles Brodie and Feng in their article aim at discussing privacy within an organizational context. They provide the importance of securing information and ensuring that only authorised persons access it and utilise it for the stipulated purposes. Both authors channel their efforts towards developing innovative organizational frameworks, tools and policies that will eventually enhance privacy within the organization. This is attributed to the vital role information plays within the organization and thus the necessity to secure it. In identifying the applicability of their pre-identified tools, the authors develop five key concepts that should be present within any organization that wishes to fully adopt the privacy enhancing technologies (Brodie & Feng 2004, p37). Both authors seek to make some recommendations as organizations respond to the changing public views on the safety of organizational information. They also enlighten the management on how the privacy technologies work and areas that the management needs to consider when formulating and implementing these technologies. Unlike Brodie and Feng, Walters discusses privacy in its social, philosophical and legal definition. In going about this discussion, Walters utilises to a great extent academic works of other scholars. This enables him to discuss the ambiguous definition of privacy and be able to evaluate his arguments fully. Wahlstrom and Quirchmayr (2007, p179) suggest that the law ought to provide a minimum level of disclosure above which the information owner has the authority to restrict its access. Walters discusses privacy at an individual level and implies it as a basic human right. A violation to an individual’s right to limit access to information is considered as a violation to the basic human rights. At this stage, the author aims at distinguishing between individual freedoms that require general action and those that require specific actions (Walters 2001, p19). According to the author, privacy among individuals should be balanced such that information can be accessed without posing any harm to the individual. Conclusion Informational privacy has social, philosophical, legal and organizational implications that are all interdependent. In enforcing privacy rights, all these perspectives should be considered in order to ensure cohesiveness within the environment. However, it would be almost impossible to enforce privacy policies addressing the various perspectives. As a result, IT professionals should design privacy enhancing technologies that address the various perspectives and allow individuals or organizations to choose the suitable technologies. All in all, information privacy should be upheld to ensure integrity within the IT profession and also encourage people to share credible information. References . Claire-Marie, CB & Feng, J 2005, Usable Security & Privacy: A Case Study of Developing Privacy Mgmt Tools, Pittsburg: SOUPS. Chatam, B 2004, Online Privacy Concerns: More than Hype, The Forrester Rprt. Hochheiser, H 2002, The Platform for Privacy Pref. as a Social Protocol: An Exam Within the US Policy Context, ACM Transactions on Internet Techn., Vol. 2, No. 4, pp 276- 306. Langheinrich, M 2008, A Survey of RFID Privacy Approaches, London: Springer-Verlag. Marx G (1999), Ethics for New Surveillance, Visions of Privacy: Privacy Choice For a Digital Wrld, Toronto, Univ. of Toronto Press. Wahlstrom, K & Quirchmayr, G 2007, The Motivation & Proposition of a Privacy- enhancing Architecture for Operational Databases, South Austr.: Univ. of South Aus. Walters, GJ 2001, Privacy & Security: An Ethical Analysis, Computer and Society, pp8-23 Read More