Course Manual on: Social and Professional Issues in IT (SPIT)

Unit 1
History of Computing
What is computing?
Computing is any goal-oriented activity requiring, benefiting from, or creating computers.
Computing includes designing, developing and building hardware and software systems;
designing a mathematical sequence of steps known as an algorithm; processing, structuring,
and managing various kinds of information; doing scientific research on and with computers;
making computer systems behave intelligently; and creating and using communications and
entertainment media. The field of computing includes computer engineering, software
engineering, computer science, information systems, and information technology.
What is Computation?
Computation is any type of calculation that includes both arithmetical and non-arithmetical
steps and follows a well-defined model, for example an algorithm.
1.1 Prehistory of computing
Before 1935, a computer was a person who performed arithmetic calculations. Between 1935
and 1945 the definition referred to a machine, rather than a person. The modern machine
definition is based on von Neumann's concepts: a device that accepts input, processes data,
stores data, and produces output. We have gone from the vacuum tube to the transistor, to the
microchip. Then the microchip started talking to the modem. Now we exchange text, sound,
photos and movies in a digital environment.

14th century - Abacus - an instrument for performing calculations by sliding counters along
rods or in grooves.
17th century - Slide rule - a manual device used for calculation that consists in its simple
form of a ruler and a movable middle piece which are graduated with similar logarithmic
scales.
1642 -Pascaline- a mechanical calculator built by Blaise Pascal, a 17th century
mathematician, for whom the Pascal computer programming language was named .
1804 - Jacquard loom - a loom programmed with punched cards invented by Joseph Marie
Jacquard.
1937 Atanasoff–Berry computer design was the first digital electronic computer (though not
programmable).
And Now!!
1.2 History of computer hardware
It covers the developments from early simple devices to aid calculation to modern day
computers
Computing hardware
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
1 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Computing hardware is a platform for information processing.

Before the 20th century, most calculations were done by humans. Early mechanical tools to
help humans with digital calculations, such as the abacus, were called "calculating
machines", called by proprietary names, or referred to as calculators. The machine operator
was called the computer.
Early devices
1. Ancient Era
Devices have been used to aid computation for thousands of years, mostly using one-to-one
correspondence with fingers. The earliest counting device was probably a form of tally stick.
Later record keeping aids throughout the Fertile Crescent included calculi (clay spheres,
cones, etc.) which represented counts of items, probably livestock or grains, sealed in hollow
unbaked clay containers. The use of counting rods is one example. The abacus was early used
for arithmetic tasks. What we now call the Roman abacus was used in Babylonia as early as
c. 2700–2300 BC. Since then, many other forms of reckoning boards or tables have been
invented. In a medieval European counting house, a cloth would be placed on a table, and
markers moved around on it according to certain rules, as an aid to calculating sums of
money.
Several analog computers were constructed in ancient and medieval times to perform
astronomical calculations. These included the south-pointing chariot (c. 1050–771 BC) from
ancient China, and the astrolabe and Antikythera mechanism from the Hellenistic world (c.
150–100 BC). In Roman Egypt, Hero of Alexandria (c. 10–70 AD) made mechanical devices
including automata and a programmable cart. Other early mechanical devices used to perform
one or another type of calculations include the plan sphere and other mechanical computing
devices invented by Abu Rayhan al-Biruni (c. AD 1000); the equatorium and universal
latitude-independent astrolabe by Abū Ishāq Ibrāhīm al-Zarqālī (c. AD 1015); the
astronomical analog computers of other medieval Muslim astronomers and engineers; and the
astronomical clock tower of Su Song (1094) during the Song dynasty. The castle clock, a
hydro-powered mechanical astronomical clock invented by Ismail al-Jazari in 1206, was the
first programmable analog computer. Ramon Llull invented the Lullian Circle: a notional
machine for calculating answers to philosophical questions (in this case, to do with
Christianity) via logical combinatorics. This idea was taken up by Leibniz centuries later, and
is thus one of the founding elements in computing and information science.
2. Renaissance calculating tools
Scottish mathematician and physicist John Napier discovered that the multiplication and
division of numbers could be performed by the addition and subtraction, respectively, of the
logarithms of those numbers. While producing the first logarithmic tables, Napier needed to

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
2 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

perform many tedious multiplications. It was at this point that he designed his 'Napier's
bones', an abacus-like device that greatly simplified calculations that involved multiplication
and division.
Since real numbers can be represented as distances or intervals on a line, the slide rule was
invented in the 1620s, shortly after Napier's work, to allow multiplication and division
operations to be carried out significantly faster than was previously possible. Edmund Gunter
built a calculating device with a single logarithmic scale at the University of Oxford. His
device greatly simplified arithmetic calculations, including multiplication and division.
William Oughtred greatly improved this in 1630 with his circular slide rule. He followed this
up with the modern slide rule in 1632, essentially a combination of two Gunter rules, held
together with the hands. Slide rules were used by generations of engineers and other
mathematically involved professional workers, until the invention of the pocket calculator.
3. Mechanical calculators
Wilhelm Schickard, a German polymath, designed a calculating machine in 1623 which
combined a mechanised form of Napier's rods with the world's first mechanical adding
machine built into the base. Because it made use of a single-tooth gear there were
circumstances in which its carry mechanism would jam. A fire destroyed at least one of the
machines in 1624 and it is believed Schickard was too disheartened to build another.

(Fig. View through the back of Pascal's calculator. Pascal invented his machine in 1642)
In 1642, while still a teenager, Blaise Pascal started some pioneering work on calculating
machines and after three years of effort and 50 prototypes he invented a mechanical
calculator. He built twenty of these machines (called Pascal's calculator or Pascaline) in the
following ten years. Nine Pascalines have survived, most of which are on display in European
museums. A continuing debate exists over whether Schickard or Pascal should be regarded as
the "inventor of the mechanical calculator" and the range of issues to be considered is
discussed elsewhere.
Gottfried Wilhelm von Leibniz invented the stepped reckoner and his famous stepped drum
mechanism around 1672. He attempted to create a machine that could be used not only for
addition and subtraction but would utilise a moveable carriage to enable long multiplication
and division. Leibniz once said "It is unworthy of excellent men to lose hours like slaves in
the labour of calculation which could safely be relegated to anyone else if machines were
used." However, Leibniz did not incorporate a fully successful carry mechanism. Leibniz also
described the binary numeral system, a central ingredient of all modern computers. However,
up to the 1940s, many subsequent designs (including Charles Babbage's machines of the
1822 and even ENIAC of 1945) were based on the decimal system.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
3 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Around 1820, Charles Xavier Thomas de Colmar created what would over the rest of the
century become the first successful, mass-produced mechanical calculator, the Thomas
Arithmometer. It could be used to add and subtract, and with a moveable carriage the
operator could also multiply, and divide by a process of long multiplication and long division.
It utilised a stepped drum similar in conception to that invented by Leibniz. Mechanical
calculators remained in use until the 1970s.
4. Punched card data processing
In 1804, Joseph-Marie Jacquard developed a loom in which the pattern being woven was
controlled by a paper tape constructed from punched cards. The paper tape could be changed
without changing the mechanical design of the loom. This was a landmark achievement in
programmability. His machine was an improvement over similar weaving looms. Punched
cards were preceded by punch bands, as in the machine proposed by Basile Bouchon. These
bands would inspire information recording for automatic pianos and more recently numerical
control machine tools.
In the late 1880s, the American Herman Hollerith invented data storage on punched cards
that could then be read by a machine. To process these punched cards he invented the
tabulator, and the keypunch machine. His machines used electromechanical relays and
counters. Hollerith's method was used in the 1890 United States Census. That census was
processed two years faster than the prior census had been. Hollerith's company eventually
became the core of IBM.
By 1920, electromechanical tabulating machines could add, subtract and print accumulated
totals. Machine functions were directed by inserting dozens of wire jumpers into removable
control panels. When the United States instituted Social Security in 1935, IBM punched card
systems were used to process records of 26 million workers. Punched cards became
ubiquitous in industry and government for accounting and administration.
Leslie Comrie's articles on punched card methods and W.J. Eckert's publication of Punched
Card Methods in Scientific Computation in 1940, described punched card techniques
sufficiently advanced to solve some differential equations or perform multiplication and
division using floating point representations, all on punched cards and unit record machines.
Such machines were used during World War II for cryptographic statistical processing, as
well as a vast number of administrative uses. The Astronomical Computing Bureau,
Columbia University, performed astronomical calculations representing the state of the art in
computing.
The book IBM and the Holocaust by Edwin Black outlines the ways in which IBM's
technology helped facilitate Nazi genocide through generation and tabulation of punch cards
based upon national census data.
5. Calculators
By the 20th century, earlier mechanical calculators, cash registers, accounting machines, and
so on were redesigned to use electric motors, with gear position as the representation for the
state of a variable. The word "computer" was a job title assigned to primarily women who
used these calculators to perform mathematical calculations. By the 1920s, British scientist
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
4 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Lewis Fry Richardson's interest in weather prediction led him to propose human computers
and numerical analysis to model the weather; to this day, the most powerful computers on
Earth are needed to adequately model its weather using the Navier–Stokes equations.
Companies like Friden, Marchant Calculator and Monroe made desktop mechanical
calculators from the 1930s that could add, subtract, multiply and divide.[34] In 1948, the Curta
was introduced by Austrian inventor Curt Herzstark. It was a small, hand-cranked mechanical
calculator and as such, a descendant of Gottfried Leibniz's Stepped Reckoner and Thomas's
Arithmometer.
The world's first all-electronic desktop calculator was the British Bell Punch ANITA,
released in 1961. It used vacuum tubes, cold-cathode tubes and Dekatrons in its circuits, with
12 cold-cathode "Nixie" tubes for its display. The ANITA sold well since it was the only
electronic desktop calculator available, and was silent and quick. The tube technology was
superseded in June 1963 by the U.S. manufactured Friden EC-130, which had an all-
transistor design, a stack of four 13-digit numbers displayed on a 5-inch (13 cm) CRT, and
introduced reverse Polish notation (RPN).
First general-purpose computing device
Charles Babbage, an English mechanical engineer and polymath, originated the concept of a
programmable computer. Considered the "father of the computer", he conceptualized and
invented the first mechanical computer in the early 19th century. After working on his
revolutionary difference engine, designed to aid in navigational calculations, in 1833 he
realized that a much more general design, an Analytical Engine, was possible. The input of
programs and data was to be provided to the machine via punched cards, a method being used
at the time to direct mechanical looms such as the Jacquard loom. For output, the machine
would have a printer, a curve plotter and a bell. The machine would also be able to punch
numbers onto cards to be read in later. It employed ordinary base-10 fixed-point arithmetic.
The Engine incorporated an arithmetic logic unit, control flow in the form of conditional
branching and loops, and integrated memory, making it the first design for a general-purpose
computer that could be described in modern terms as Turing-complete.
Analog computers
In the first half of the 20th century, analog computers were considered by many to be the
future of computing. These devices used the continuously changeable aspects of physical
phenomena such as electrical, mechanical, or hydraulic quantities to model the problem being
solved, in contrast to digital computers that represented varying quantities symbolically, as
their numerical values change. As an analog computer does not use discrete values, but rather
continuous values, processes cannot be reliably repeated with exact equivalence, as they can
with Turing machines.
The first modern analog computer was a tide-predicting machine, invented by Sir William
Thomson, later Lord Kelvin, in 1872. It used a system of pulleys and wires to automatically
calculate predicted tide levels for a set period at a particular location and was of great utility
to navigation in shallow waters. His device was the foundation for further developments in
analog computing.
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
5 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

The differential analyser, a mechanical analog computer designed to solve differential

equations by integration using wheel-and-disc mechanisms, was conceptualized in 1876 by
James Thomson, the brother of the more famous Lord Kelvin. He explored the possible
construction of such calculators, but was stymied by the limited output torque of the ball-and-
disk integrators. In a differential analyzer, the output of one integrator drove the input of the
next integrator, or a graphing output.
Digital computers
1 Electromechanical computer
2 Digital computation
3 Electronic data processing
4 Electronic programmable computers
-------- and so on

1.3 History of Software: Programming Languages and Operating Systems

Software
Software is a general term for the various kinds of programs used to operate computers and
related devices.
The two key technologies in computing, hardware and software, exist side by side.
Improvements in one drive improvements in the other. Both are full of major advances and
technological dead ends, and both are replete with colourful characters and dynamic start-up
companies.
But there are key differences between the hardware and the software industries. Hardware
design and manufacture is a comparatively costly exercise, with a consequently high cost of
entry. Nowadays only large, or largish, companies can do hardware. But many of the major
software advances have been the results of individual effort. Anybody can start a software
company, and many of the largest and most successful of them have come from nowhere, the
result of one or a few individual‘s genius and determination.
There are many different types of software. There is applications software, such as financial
programs, word processors and spreadsheets, that let us do the sort of work we buy
computers for. There is systems software, such as operating systems and utilities that sit
behind the scenes and make computers work. There are applications development tools, such
as programming languages and query tools that help as develop applications. Some types of
software are mixtures of these – database management systems (DBMSs), for example, are a
combination of applications, systems, and applications development software.
The software industry has made thousands of millionaires and not a few billionaires. Its
glamour, its rate of change, its low cost of entry, and the speed at which a good idea can
breed commercial success have attracted many of the brightest technical minds and sharpest

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
6 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

business brains of two generations. Hardware is important, but in a very real sense the history
of information technology is the history of software.

Programming Languages and Operating Systems

The term ―software‖ did not come into use until 1958. It is probable that it was coined by
Princeton University professor John W. Tukey in an article in The American Mathematical
Monthly in January of that year (Peterson, 2000).
The word ―computer‖ was originally applied to humans who worked out mathematical
problems. ENIAC was designed to take over the work of hundreds of human ―computers‖
who were working on ballistics tables. Most of them were women, recruited from the best
and brightest college graduates when the men went off to war. Thus, the first computer
programmers were, like Ada Lovelace, women.

1.4 History of networking

A computer network, or data network, is a digital telecommunications network which allows

nodes to share resources.

How did we get to where we are now?

Communication before computer networks
o 2400 BCE: carrier system
o July 26, 1775: United States Postal Service was established by the Second Continental
Congress with Benjamin Franklin as the first Postmaster General
o 1838: First commercial telegraph allowed messages to be exchanged between two points
in the city of London 13 miles apart
o Samuel Morse simultaneously sent the first telegraph in the United States; Alfred Vail,
his assistant, developed Morse code
o 1876: First telephone conversation between Alexander Graham Bell and his assistant,
Thomas A. Watson
o 1895: First commercial radio capable of transmitting 1.5 miles was invented by Italian
inventor Guglielmo Marconi
o 1927: First working television with electronic scanning of both the pickup (i.e., video
camera) and display devices was invented by Philo Farnsworth

Computer Networks
Motivation was to enable remote use of computers

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
7 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

o Based on 1960s telephone network, which performs circuit switching

 A circuit is a dedicated communication channel, composed of a sequence of
dedicated physical wires
 Telephone switchboard originally circuits were established by manually
connecting wires
 Circuit switching is inefficient because only two endpoints at a time can
communicate over the channel
o Late 1950s and early 1960s: ideas for packet switching
 Packet switching breaks a message into pieces (packets) and multiplexes packets
from several endpoints over the same communication channel
o 1961: Leonard Kleinrock published a paper that showed packet switching was
effective for bursty traffic when two endpoints were not using the communication
channel, other pairs of endpoints could send packets
o 1967: Paul Baran had been developing packet switching as Rand Institute and
published his work; US Department of Defense wanted a robust communication
system
o 1967-69: Team lead by Vint Cerf and Bob Kahn developed the ARPAnet (Advanced
Research Projects Agency Network)
 First network switches built by BBN using the Internet Message Processor (IMP)
 First 4node packet switched was built switches were deployed at Utah, UCLA,
UCSB, and Stanford
o 1972: ARPAnet had grown to 15 nodes
 Network control protocol was the first end to end communication protocol
defined by RFC0001; allowed endpoints to send a message and let the network
worry about what path to take to get it there
o 1972: Ray Tomlinson invented email; first network application; used the end to end
communication protocol
o 1973: Bob Metcalf invented Ethernet a standard for wiring and signalling that is still
used today (with some updates)
o 1974: Vint Cerf and Bob Kahn developed an open architecture for the Internet
 Internet Protocol (IP) and Transmission Control Protocol (TCP)
o 1979: Internet (formerly the ARPAnet) had 200 nodes
o 1989: Internet had 100K nodes
 Much growth was fuelled by connecting universities Larry Landweber from
UW-Madison was an important part of this
 Need for improvements
o TCP improvements by Van Jacobson to address congestion
o Domain Name System (DNS) developed to provide an easier way to
identify nodes
o 1991: Tim BernesLee invented the Web by creating the Hypertext Transfer Protocol
(HTTP)
o 1993: Mark Andreesen invented MOSAIC, the first graphical browser
o 1998: Google was incorporated; Napster peer to peer network for file sharing started
o 2000s: social networks, gaming, streaming media
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
8 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

o 2008: Open Flow protocol was designed by Nick McKeown, leading to software
defined networking (SDN)
o Next: ?

1.5 Pioneers of Computing

Those persons who have contributed significantly in the field of computing should be listed
here.

The term "algorithm" is derived from the algorism, the

technique of performing arithmetic with Hindu–Arabic numerals
0830 Al-KhwarizmI
popularised by al-Khwarizmi in his book "On the Calculation
with Hindu Numerals".

1944 Howard Aiken Conceived and co designed the Harvard Mark I.

Developed bit vector notation and program control flow graphs.

1970
Frances E. Allen Became the first female IBM Fellow in 1989. In 2006, she became
1989
the first female recipient of the ACM's Turing Award.

Built the first electronic digital computer, the Atanasoff–Berry

1939 John Atanasoff Computer, though it was neither programmable nor Turing-
complete.

Originated the concept of a programmable general-purpose

1822
Charles Babbage computer. Designed the Analytical Engine and built a prototype
1837
for a less powerful mechanical calculator.

Led the team that created FORTRAN (Formula Translation), the

1954 first practical high-level programming language, and he
John Backus
1963 formulated the Backus–Naur form that described the formal
language syntax.

1989 Invented World Wide Web. With Robert Cailliau, sent first HTTP
Tim Berners-Lee
1990 communication between client and server.

1966 Corrado Böhm Theorized of the concept of structured programming.

1847 George Boole Formalized Boolean algebra, the basis for digital logic and

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
9 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

1854 computer science.

1947 Kathleen Booth Invented the first assembly language.

Developed the RC 4000 multiprogramming system which

introduced the concept of an operating system kernel and the
separation of policy and mechanism, effectively the first
1969 microkernel architecture. Co-developed the monitor with Tony
Per Brinch Hansen
1978 Hoare, and created the first monitor implementation. Implemented
the first form of remote procedure call in the RC 4000, and was
first to propose remote procedure calls as a structuring concept for
distributed computing.

1959 Manager of IBM System/360 and OS/360 projects; author of The

Fred Brooks
1995 Mythical Man-Month.

Analogue computing pioneer. Originator of the Memex concept,

1930 Vannevar Bush
which led to the development of Hypertext.

With John Pinkerton, developed the LEO computer, the first

1951 David Caminer
business computer, for J. Lyons and Co

With Bob Kahn, designed the Transmission Control Protocol and

1978 Vint Cerf Internet Protocol (TCP/IP), the primary data communication
protocols of the Internet and other computer networks.

Made contributions to computer science with his work in

linguistics. He developed Chomsky hierarchy, a discovery which
1956 Noam Chomsky
has directly impacted programming language theory and other
branches of computer science.

Founded contributions to theoretical computer science, specifically

1936 Alonzo Church for the development of the lambda calculus and the discovery of
the undecidability problem within it.

Designed LINC, the first functional computer scaled down and

priced for the individual user. Put in service in 1963, many of its
1962 Wesley A. Clark
features are seen as prototypes of what were to be essential
elements of personal computers.

Edmund M. Developed model checking and formal verification of software

1981
Clarke and hardware together with E. Allen Emerson.

Proposed and formalized the relational model of data management,

1970 Edgar F. Codd
the theoretical basis of relational databases.

Formalized the notion of NP-completeness, inspiring a great deal

1971 Stephen Cook
of research in computational complexity theory.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
10 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

1965 James Cooley With John W. Tukey, created the fast Fourier transform.

With Kristen Nygaard, invented the proto-object oriented language

1962 Ole-Johan Dahl
SIMULA.

Made advances in algorithms, pioneered and coined the term

1968 Edsger Dijkstra structured programming, invented the semaphore, and famously
suggested that the GOTO statement should be considered harmful.

With John Mauchly, designed and built the ENIAC, the first
1943
J. Presper Eckert modern (all electronic, Turing-complete) computer, and the
1951
UNIVAC I, the first commercially available computer.

Developed model checking and formal verification of software

1981 E. Allen Emerson
and hardware together with Edmund M. Clarke.

Best known for inventing the computer mouse (in a joint effort
with Bill English); as a pioneer of human-computer interaction
1963 Douglas Engelbart
whose Augment team developed hypertext, networked computers,
and precursors to GUIs.

Her team defined a simple text file format for Internet host
names.[29] The list evolved into the Domain Name System and
1974 Elizabeth Feinler
her group became the naming authority for the top-level domains
of .mil, .gov, .edu, .org, and .com.

Designed and built the Mark 1 and the ten improved Mark 2
1943 Tommy Flowers Colossus computers, the world's first programmable, digital,
electronic, computing devices.

1994 Sally Floyd Is known for her work on Transmission Control Protocol.

Developed first-order predicate calculus, which was a crucial

1879 Gottlob Frege
precursor requirement to developing computation theory.

Proved "don't-care" circuit minimization does not necessarily yield

1958
optimal results, proved that the ALGOL programming language is
1961 Seymour Ginsburg
context-free (thus linking formal language theory to the problem
1967
of compiler writing), and invented AFL Theory.

Proved that Peano axiomatized arithmetic could not be both

logically consistent and complete in first-order predicate calculus.
1931 Kurt Gödel
Church, Kleene, and Turing developed the foundations of
computation theory based on corollaries to Gödel's work.

Awarded the 2009 IEEE John von Neumann Medal for

2011 Susan L. Graham "contributions to programming language design and
implementation and for exemplary service to the discipline of

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
11 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

computer science".

1974 Innovator in database systems and transaction processing

Jim Gray
2005 implementation.

Created the first computational model of discourse, which

1986 established the field of research and influenced language-
Barbara Grosz
1990 processing technologies. Also developed SharedPlans model for
collaboration in multi-agent systems.

Credited with coining the phrase "Software engineering" and

developed the concepts of asynchronous software, priority
Margaret
1971 scheduling, end-to-end testing, and human-in-the-loop decision
Hamilton
capability, such as priority displays which then became the
foundation for ultra reliable software design.

Created the mathematical field of error-correcting code, Hamming

code, Hamming matrix, the Hamming window, Hamming
1950 Richard Hamming
numbers, sphere-packing (or Hamming bound), and the Hamming
distance. He established concept of perfect code.

André Truong
1972 Invention of the Micral N, the earliest commercial, non-kit
Trong Thi and
1973 personal computer based on a microprocessor.
François Gernelle

Wrote The Art of Computer Programming and created TeX.

1968
Donald Knuth Coined the term "analysis of algorithms" and made major
1989
contributions to that field, including popularizing Big O notation.

With Ken Thompson, pioneered the C programming language and

1967 Dennis Ritchie
the Unix computer operating system at Bell Labs.

1958– Designed the software of the first transistor-based computer. Also

Saul Rosen
1960 influenced the ALGOL programming language.

1979 Bjarne Stroustrup Invented C++ at Bell Labs

Author of Sketchpad, the ancestor of modern computer-aided

1963 Ivan Sutherland drafting (CAD) programs and one of the early examples of object-
oriented programming.

Created mobile ad hoc networking; Implemented the first working

wireless ad hoc network of laptop computers in 1998 using Linux
1993 Chai Keong Toh
OS, Lucent WaveLan 802.11 radios, and a new distributed routing
protocol transparent to TCP/UDP/IP.

1991 Linus Torvalds Created the first version of the Linux kernel.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
12 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Made several founding contributions to computer science,

including the Turing machine computational model, the
1936 Alan Turing conceiving of the stored program concept and the designing of the
high-speed ACE design. Widely considered as the father of
computer science and artificial intelligence.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
13 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Unit 2
Social Context of Computing
2.1 Society and Technology
2.1.1 Impact of technology on society and vice versa
 Innovation and changes in all spheres of life and makes life convenient,
economical and easier.
 Technology and development go hand on hand
 Technology and stress comes together
 Technology made communication/mass communication possible and
easier but made people isolated from society

2.1.2 Using Technology for Poverty Alleviation (Alleviate: reduce, ease)

―Poverty is the inability of having choices and opportunities, a violation of human dignity. It
means lack of basic capacity to participate effectively in society‖-UN definition

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
14 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

 Nepal's GDP Per Capita reached 1,003.64 USD in first quarter of 2018, compared
with 866.48 USD in Jul 2017. (you can check it here:
https://www.ceicdata.com/en/indicator/nepal/gdp-per-capita)
 More than 25% of population is under the poverty line.
 Extreme poverty – those who is living on less than 1USD per day.
Technologies that is capable to alleviate poverty-
Radio
Television
Telephone
Computer and Internet

Strategies for poverty alleviation

 Distribution of locally relevant information
 Targeting disadvantaged and marginalized groups
 Promoting local entrepreneurship
 Strengthening the education
 Promoting trade and e-commerce
 Building capacity and capability
 Enriching culture
 Supporting local product and agriculture
 Creating employment opportunities

2.1.3 Health Related Issues for an IT Professional

 Eye strain
 Stress and depression
 Back pain/tiredness caused from the efforts of muscle to hold to hold your posture for
long period of time
 Skin rashes that are caused from the static field in front of the screen causing ions and
pollutants in the air to become positively charged and attach themselves to your
negatively charged skin
 Abnormal reproductive outcome due to electromagnetic radiations effect on
biological function and biomedical process inside our cells.
 Cancer
 Skin aging
 Monotonousness
Ergonomics- the study of people's efficiency in their working environment.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
15 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

―An applied science concerned with designing and arranging things people use so that the
people and things interact most efficiently and safely — called also biotechnology, human
engineering, human factors‖
―Ergonomics is a way to work smarter not harder by designing of tools, equipments, work
station and tasks to fit the job to the worker- not the worker to the job‖
Simple things to think:
-Layout/ type of controls and displays
-Lighting and temperature
-Process (Height, weight ....)

What Is "Computer Ergonomics"? Ergonomics is the science of designing a job, equipment

and/or workplace to fit the worker. The goal is to optimize the "fit" between each worker and
his or her work environment to optimize performance and reduce the risk of repetitive strain
injuries.

Ergonomic Advices
Posture and Positioning
 Maintain good posture when working at the keyboard. Utilize a chair with back
support. Keep your feet supported on the floor or on a footrest when you work to
reduce pressure on your lower back
 Avoid twisting or bending your trunk or neck. Frequently used items should be
positioned directly in front of you and angled upward on a copyholder when working.
Keep your shoulders relaxed with your elbows close to your sides.
 Avoid resting your elbows on the hard surface or edge of your table. Pads can be used
to protect your elbows if necessary.
 Elbows should be positioned at 100 to 110 degrees when working in order to keep a
relaxed position at the keyboard. This could require a slight negative tilt (front of
keyboard higher than back) when working in upright positions. If reclined in your
chair, the keyboard could be at a positive angle to maintain this relaxed position.
 Your wrists should be in a neutral or straight position when keying or using a pointing
device or calculator. Wrist rests can assist you in maintaining a neutral position when
used properly during pauses. Float your arms above the keyboard and wrist rest when
keying. Avoid planting your wrists on the table or wrist rest. This can result in
bending the wrists either up and down or side to side.
 Take breaks. These breaks can be brief and should include stretches for optimal
results. If possible, take a one or two-minute break every 15 to 20 minutes, or a five-

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
16 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

minute break every hour. Every few hours, get up, move around, and do an alternative
activity.
Work Technique
 Reduce keystrokes with the use of macros or software programs allowing "sticky
keys." Use scroll locks and keystroke combinations to reduce pointing-device
movements.
 Alternate tasks to make changes in your working position to avoid making the same
movements for prolonged periods of time.
 Keep your fingers and knuckles relaxed when working at the keyboard.
 Never hold a pen or pencil in your hand when keying.
 Avoid hitting the keyboard with excessive force. Studies have shown that the average
user hits the keyboard with four times the required force when keying.
 Avoid holding your pointing device tightly. Your hand should be relaxed.
 Rest your eyes by refocusing on distant objects intermittently when working.
Work Environment
 Avoid excessive reaching. Your keyboard, pointing device, files and telephone should
be within easy reach.
 Use a keyboard tray to properly position your keyboard and pointing device.
 Use a copyholder positioned in line with your monitor and keyboard.
 When writing at the computer, avoid excessive reaching over the keyboard or work
materials. A sturdy in-line copyholder can double as a writing surface if appropriately
positioned.
 Position the monitor so that the viewed part of the screen allows you to keep your
neck in a neutral or straight position. The monitor should be cantered directly in front
of you. The top of the computer screen should be slightly below the top of your head,
so that you are looking at it with a slightly downward gaze.
 Position your monitor to eliminate excessive glare or reflections from windows and
lighting.
 Customize your computer by using your software. The screen font, contrast, pointer
size, speed, and colour can all be adjusted to maximize your comfort and efficiency.
Lifestyle
 Aerobic exercise will help to sustain strength, improve cardiovascular conditioning,
and counteract the strain of sedentary computer use.
 Routine use of non-prescribed medications or a wrist brace is not recommended. If
you begin to develop symptoms, notify your supervisor. Slight changes made early
can avoid future complications.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
17 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

2.2 Internet and society

Positive impact of internet on society
There are several advantages with the use of internet. The uses of internet includes but not
limited to usage of search engines which will help you to collect data from all over the world,
usage of email and other instant message services which are giving flexibility of sharing
information among groups within seconds, usage of internet in shopping via online shopping
carts helped both clients and customers. Internet has become a platform to share knowledge
between different communities. Several universities are publishing their research papers in
their websites/digital libraries and helping other university students, researchers and
professors scholar activities.
Negative impact of internet on society

While coming to the negative aspects of the internet, there is so much illegal and
inappropriate information available on internet without any restrictions. Even children can get
access to mature and blood related games, pornography and other stuff which is not suitable
for their age. Internet is becoming a platform to share copyrighted or illegal material, music,
videos and other documents. Computer viruses, phishing, Trojans etc. are increasing rapidly
creating several crimes. Financial crimes are also growing at a steady pace which requires
attention amongst all internet users. The freedom of use to internet at anytime and by anyone
is luring the criminals to do heinous crimes via internet. Another aspect of internet is people
can spend unlimited amount of time without any bore or hard feeling. Recent trends shows
that the publicizing the personal life and information in social network websites is increasing
and the tendency of considering the virtual online world as real world is increasing very
rapidly. Recent medical studies show that addiction of internet is causing personal,
professional as well as social problems.

2.2.1 Digital Divide and Bridging the Digital Divide

It refers to the gap between individuals, households, business and geographic areas at
different socio-economic levels with regard both to their opportunities to access information
and communication technologies (ICTs) and to their use of the internet for the wide variety of
activities.
This rapid technological change has brought many benefits to the poor and has been nothing
short of transformational:
 For example, in Kenya, after the introduction of the M-Pesa digital payment system,
the cost of sending remittances for workers in urban areas with families in the
countryside dropped by up to 90 percent.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
18 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

 In India, the Aadhar digital identification system has already reached more than 1
billion people, enabling many of the poor to access services more easily and saving
the government billion each year by reducing corruption and waste.
 The small country of Estonia is perhaps closest to becoming a digital society as
citizens can access more than 3,000 public and private services using nothing more
than their mobile phones.
 And here in China, Alibaba‘s e-commerce platform has created more than 8 million
netprenuers (net entrepreneurs), of which 62 percent are small-scale entrepreneurs,
one-third are women, and one percent are people with disabilities.
 NEPAL???
World banks World Development Report 2016 Digital Dividends documents many more
examples like these where digital technologies have promoted inclusion, efficiency and
innovation. The payoff is considerable: faster economic growth, more jobs, and better
services—what we call digital dividends.
And yet, the claim that the benefits of this digital revolution will automatically trickle down
to everyone and everywhere is far from clear: we all know that many people around the world
have yet to see these benefits. Digital adoption by firms in developing countries has been
slow. Automation is disrupting labour markets, and will displace a significant number of jobs
over the next few decades.
So why are these benefits not being shared universally?
One big reason is the persistent digital divide. Six billion people lack access to high speed
internet and four billion still have no internet access at all. So, we must invest in
infrastructure, in particular by incentivizing the private sector to expand access of telecom
and internet services to all.
But connectivity is not enough. That alone is not going to solve basic development problems
that have persisted for decades. Indeed, countries need broader digital development agendas
that promote connectivity, but also much more. They need to strengthen the analog
foundations of the digital revolution.
2.2.2 Governance of internet

-Internet governance is the development and application of shared principles, norms, rules,
decision-making procedures, and programs that shape the evolution and use of the Internet.
This article describes how the Internet was and is currently governed, some of the
controversies that occurred along the way, and the ongoing debates about how the Internet
should or should not be governed in the future.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
19 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

-The term internet governance has evolved over time, and various groups have attempted to
develop working definitions. As the internet first opened to commerce and the wider public in
the mid-1990s, the term referred to a limited set of policy issues associated with the global
synchronization and management of domain names (e.g., samplesite.com) and IP addresses
(e.g., 192.168.1.1).
-Internet governance refers to the process impact how the internet is managed.
-Governance mechanism relies on relies on users, business and governments.

2.3 E-governance and e-government system

Electronic governance or e-governance is the application of information and

communication technology (ICT) for delivering government services, exchange of
information, communication transactions, integration of various stand-alone systems and
services between government-to-citizen (G2C), government-to-business (G2B), government-
to-government (G2G), government-to-employees (G2E) as well as back office processes and
interactions within the entire government framework.

E-government refers to the use of information and communication technologies that has the
ability to transfer information between government agencies and public and vice versa. Some
definitions restrict e-government to Internet-enabled applications only, or only to interactions
between government and outside groups. Here, we do not - all digital ICTs are included; all
public sector activities are included.
There are three main domains of e-government, illustrated in figure below.
 Improving government processes: eAdministration
 Connecting citizens: eCitizens and eServices
 Building external interactions: eSociety
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
20 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Improving Government Processes: eAdministration

eGovernment initiatives within this domain deal particularly with improving the internal
workings of the public sector. They include:
 Cutting process costs: improving the input/output ratio by cutting financial costs
and/or time costs.
 Managing process performance: planning, monitoring and controlling the
performance of process resources (human, financial and other).
 Making strategic connections in government: connecting arms, agencies, levels and
data stores of government to strengthen capacity to investigate, develop and
implement the strategy and policy that guides government processes.
 Creating empowerment: transferring power, authority and resources for processes
from their existing locus to new locations.
Connecting Citizens: eCitizens and eServices
Such initiatives deal particularly with the relationship between government and citizens:
either as voters/stakeholders from whom the public sector should derive its legitimacy, or as
customers who consume public services. These initiatives may well incorporate the process
improvements identified in section B1. However, they also include a broader remit:
 Talking to citizens: providing citizens with details of public sector activities. This
mainly relates to certain types of accountability: making public servants more
accountable for their decisions and actions.
 Listening to citizens: increasing the input of citizens into public sector decisions and
actions. This could be flagged as either democratisation or participation.
 Improving public services: improving the services delivered to members of the public
along dimensions such as quality, convenience and cost.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
21 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Building External Interactions: eSociety

Such initiatives deal particularly with the relationship between public agencies and other
institutions - other public agencies, private sector companies, non-profit and community
organisations. As with citizen connections, these initiatives may well incorporate the process
improvements identified in section B1. However, they also include a broader remit:
 Working better with business: improving the interaction between government and
business. This includes digitising regulation of, procurement from, and services to,
business to improve quality, convenience and cost.
 Developing communities: building the social and economic capacities and capital of
local communities.
 Building partnerships: creating organisational groupings to achieve economic and
social objectives. The public sector is almost always one of the partners, though
occasionally it acts only as a facilitator for others.
Characteristics of e-government system
 Electronic service delivery
 Electronic work flow
 Electronic voting
 Electronic productivity
Types of e-government
G2G (government to government agencies)
G2C and/or C2G (government to citizen)
G2B and/or B2G (government to business)
G2E and/or E2G (government to employees)

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
22 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Unit 3
Computer ethics and ethical theories

Ethics Law .
-as a guideline -as a rule
- free to follow -must follow
Ethics - moral principles that govern a person's behaviour or the conducting of an activity.
―Branch of philosophy that address the questions about moral, i.e. questions about what is
good and what is bad, right or wrong.‖
Computer Ethics
―Computer ethics is a part of practical philosophy concerned with how computing
professionals should make decisions regarding professional and social conduct. Any informal
code of ethical conduct that exists in the work place. Exposure to formal codes of ethics.‖
This is the study of the ethical questions that arises as a consequence of the development and
deployment of the computers and computing technologies.
It involves the following activities
1. Identifying and bringing focus in to the issues and problems that fall within the scope,
raising awareness of the ethical dimension of a particular situation.
2. Providing an approach to these issues, a means of advancing our understanding of,
and suggesting ways of reaching wise solution to these problems.
3.1 Philosophical and professional ethics
Philosophical ethics
- Assumes that human are basically good and can be more ethical.
- Reason is sufficient basis for developing ethics.
We may conveniently divide contemporary philosophical ethics into at least four parts. Meta-
ethics conducts an analysis of moral concepts, ethical justification, and the meaning of moral
language. Descriptive ethics describes ethical behaviour among various people and in various
cultures. (Social scientists now do most of this work.) Normative ethics contemplates the
norms, standards, or criteria that serve as theories or principles for ethical behaviour. Applied
ethics applies normative theories to particular ethical problems like abortion, euthanasia,
capital punishment, sexuality etc. Some areas of applied ethics have become their own sub-
specialties like medical, environmental, business, or computer ethics.
Professional ethics
Professionally accepted standards of personal and business behavior, values and guiding
principles. Codes of professional ethics are often established by professional organizations to

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
23 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

help guide members in performing their job functions according to sound and consistent
ethical principles.
Purpose: help professionals to act in particular situation ethically.
Complexity: can be many people working together-many issues might be involves-may be
historical issues-may be an issue on what to decide- who decide.
3.2 Moral and Legal issues
Legal
- Know what protection law provides for computer and data.
- Appreciate laws that protect the right of others with respect to computer, program and
data.
- Understand existing laws as a basis for recommending new laws to protect computers,
program and data.
Moral
- Moral issues are those which involve a difference of belief and not a matter of
preference.
A moral dispute would involve a factual disagreement (or a disagreement in belief)
where one or the other or neither belief is correct. It would not involve a disagreement
in attitude (or a disagreement in feeling).
- Moral issues are those which involve the experience of a special kind of feeling.
This feeling is said to differ intuitively from other kinds of feelings such as religious
or aesthetic feelings. (E.g., some people think these feelings arise from arise from
conscience.)
- Moral issues are those which involve the specific kind of situation where actions
affect other people.
On this view, essentially, whenever people interact, issues of moral concern would
arise.
By inference, then, there would be no matters of moral concern for persons such as
Robinson Crusoe.
3.3 Descriptive and Normative Claims
Descriptive ethics
Descriptive claims do not make value judgments.
- Empirically based, aim to describe and discover moral benefits of a specific culture.
- Deals with the meanings of moral utterances, the relationship between them and
moral actors and the nature of moral argumentation.
- Descriptive ethics may take a sociological, philosophical, psychological, ethnographic
approach.
Examples
 ―The mug of coffee in front of me is now at room temperature.‖

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
24 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

 ―I had toast and eggs for breakfast this morning.‖

 ―Kevin is under six feet tall.‖
Normative ethics
Normative claims make value judgments
- Search for norms, not in the sense that what is average but in the sense that what is an
authoritative standard of what is ―OUGHT‖ to be.
- Deals with the formulation of ethical codes of behaviour and moral models of
evaluative decision making.
- Normative ethics prescribes moral principle defining the goods, the right, duty,
obligation, law and justice.
- A normative approach assumes the universality of its ethical principles and attempts
to justify them on a rational basis.
Examples
 ―Star Wars Episode VII: The Force Awakens, is a better movie than Star Wars
Episode 1: The Phantom Menace‖.
 ―That was a really stupid thing to do.‖
 ―If you wanted to pass that test you should have studied harder.‖
 ―Your electrocardiogram test results are normal.‖
 ―The State should not have the right to take the life of one of its citizens as
punishment for a crime.‖

3.4 Ethical Relativism

Ethical relativism is the belief that there are no universal standards for what is right and
what is wrong: sometimes that may be considered right in one society might be considered
wrong in another society.
That is, whether an action is right or wrong depends on the moral norms of the society in
which it is practiced.
-this is the belief that no values ought to be applied to all.
-the claim that there is no objective moral standard of right and wrong, and the moral values
are relative to a person‘s culture or individual background, or to a certain situation.

3.5 Utilitarianism and Deontological Theories

Utilitarianism
It tells that actions are right if they are useful or for the benefit of a majority.
An ethical philosophy in which the happiness of the greatest number of people in the society
is considered the greatest good. According to this philosophy, an action is morally right if its
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
25 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

consequences lead to happiness (absence of pain), and wrong if it ends in unhappiness (pain).
Since the link between actions and their happy or unhappy outcomes depends on the
circumstances, no moral principle is absolute or necessary in itself under utilitarianism.
Proposed by the English philosopher-reformer Jeremy Bentham (1748-1832) in his 1789
book Principles Of Morals And Legislation it was developed by the English philosopher-
economist John Stuart Mill (1806-73) in his 1863 book Utilitarianism.
There are basically two branches of utilitarianism. They both agree that the goal of ethics is
to maximize happiness. But they disagree on where that decision should be applied:
 Act Utilitarianism argues that we should always choose our actions based on what
will cause the greatest amount of happiness.
 Rule Utilitarianism argues that we should figure out what sort of behaviour usually
causes happiness, and turn it into a set of rules.
Example: the Trolley Problem
Imagine there is a trolley heading toward a group of 5 workers on the tracks. You are sitting
in a control centre several miles away, and you have a button that can switch the trolley onto
another track where there‘s only 1 worker. If you flip the switch, one person will die. If you
do nothing, 5 people will die. Should you flip the switch?
In surveys, most people in America and Britain say yes. 1 death is better than 5 deaths, so if
you have to choose, you should try to minimize the loss of life by flipping the switch. This is
an example of utilitarian reasoning, and the survey results show that this school of thought is
popular in British and American culture. (In other cultures, people think about the problem
differently.)

Deontological Theories
-Deontological theories claim that the morality of an action depends on its intrinsic nature, on
its motives, or on its being in accord with some rule or principle.
-Emphasizes duty and absolute rules
-Rules should apply to determine with what is good.
-Treat people as an ends (not a means)

Example: Accounts Payable Clerk

Consider an accounts payable clerk. This person is responsible for reviewing invoices and
expense reports, ensuring that they conform to policy and then issuing prompt payment. If
company policy required original receipts to justify the items on the expense report, and the
employee submitted photocopies only, a clerk with a duty-based ethic may reject the report
and require the originals even though other clerks may simply process the report without
question. The clerk acts in this manner because he believes he has a duty to follow the full

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
26 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

and literal policy that the employer had imposed, irrespective of whether the need for
originals instead of copies made any difference.
Example: Customer Service Manager
The manager of a retail store with a posted merchandise return policy may choose to honour
the policy or to make exceptions, depending on the circumstances of a particular return.
Managers with a strong duty-based ethic will typically hold closely to the literal text of the
policy and make fewer exceptions, because she views upholding her employer's policy as her
job. Consequentiality -- that is, people who favour evaluating the outcome of an act rather
than the act itself -- may be more willing to grant exceptions to keep customers happy.

3.6 Rights
Rights are legal, social, or ethical principles of freedom or entitlement; that is, rights are the
fundamental normative rules about what is allowed of people or owed to people, according to
some legal system, social convention, or ethical theory. Rights are of essential importance in
such disciplines as law and ethics, especially theories of justice and deontology.
Rights are often considered fundamental to civilization, for they are regarded as established
pillars of society and culture, and the history of social conflicts can be found in the history of
each right and its development. According to the Stanford Encyclopaedia of Philosophy,
"rights structure the form of governments, the content of laws, and the shape of morality as it
is currently perceived"
Natural Vs. Legal rights
 Natural rights are rights which are "natural" in the sense of "not artificial, not man-
made", as in rights deriving from human nature or from the edicts of a god. They are
universal; that is, they apply to all people, and do not derive from the laws of any
specific society. They exist necessarily, inhere in every individual, and can't be taken
away. For example, it has been argued that humans have a natural right to life. These
are sometimes called moral rights or inalienable rights.
 Legal rights, in contrast, are based on a society's customs, laws, statutes or actions by
legislatures. An example of a legal right is the right to vote of citizens. Citizenship,
itself, is often considered as the basis for having legal rights, and has been defined as
the "right to have rights". Legal rights are sometimes called civil rights or statutory
rights and are culturally and politically relative since they depend on a specific
societal context to have meaning.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
27 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Unit 4
Professional Ethics
4.1 Profession
A Profession is a vocation founded upon specialized educational training, the purpose of
which is to supply disinterested counsel and service to others, for a direct and definite
compensation, wholly apart from expectation of other business gain.
A Professional is a member of a vocation founded upon specialized educational training.
Similarly, Professionalism is the standing, practice, or methods of a professional, as
distinguished from an amateur.
Profession, Professional & Professionalism

Profession: Definition and Characteristics

A profession can be defined as a field of skill and knowledge which is practiced by a
person who has acquired such skill and knowledge through specialized training and
education.
Profession is synonym to job or occupation.
Profession helps providing specialized type of service for a needy person or community.
Characteristics of Profession
 Systematic knowledge and skills
 Authenticity of knowledge and skill/ specialized types of services
 Honored and respected in society
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
28 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

 It is a public property and matter of public evaluation

 Bound by code and ethics
 Every profession has some culture that is similar to the other person of same
profession and different from different profession.
Engineering and Computing as a Profession
Computing professionals perform a variety of tasks: They write specifications for new
computer systems, they design instruction pipelines for superscalar processors, they diagnose
timing anomalies in embedded systems, they test and validate software systems, they
restructure the back-end databases of inventory systems, they analyze packet traffic in local
area networks, and they recommend security policies for medical information systems.
Computing professionals are obligated to perform these tasks conscientiously because their
decisions affect the performance and functionality of computer systems, which in turn affect
the welfare of the systems‘ users directly and that of other people less directly. For example,
the software that controls the automatic transmission of an automobile should minimize
gasoline consumption and, more important, ensure the safety of the driver, any passengers,
other drivers, and pedestrians.
The computing filed is young and very broad. This is in sharp contrast to the medical and
accounting fields. It is also very malleable i.e. it is used in many domains teaching,
engineering, librarians etc. Some of these workers are not seen as computer professionals.
So is computing a profession? We compare computing with the five characteristics of
profession.
1. Mastery of Esoteric Knowledge: Many do acquire knowledge through higher
educational institutions. This is more true as time goes on. There also exists a division
between researchers and practitioners. There is a large demand as many in the field
have inadequate knowledge. However, some people have argued that computing relies
on how to do things and not on a systematic and abstract body of knowledge.
2. Autonomy: This is not strongly differentiated i.e. there are no jobs that only
professionals can do that others cannot. Although this could be considered a
chicken/egg problem).
3. Formal organisation: There are many such organisations in many countries such as
CSSA (Computing Society of South Africa) and the BCS (British Computing
society).
4. Code of ethics: There is no single code worldwide but they do exist. CSSA has such a
code.
5. Fulfilment of a social function: Computing is a crucial part of society, but does it
fulfil a need. It supports a variety of social functions but is not one in itself.
4.2 Professional Responsibilities and Rights

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
29 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Professional responsibility is the area of legal practice that encompasses the duties of
attorneys to act in a professional manner, obey the law, avoid conflicts of interest, and put the
interests of clients ahead of their own interests.
The basic rights of engineers include the right to live freely and pursue their legitimate
interests as any human being, along with the right to be against racial or sexual
discrimination, receiving one‘s salary according to the work, choosing of political activities,
etc., as other employees. Besides all of them, engineers have some special rights as
professionals.
The rights that engineers have as professionals are called Professional Rights. These
professional rights include −
 The basic right of professional conscience.
 The right of conscientious refusal.
 The right of professional recognition.
Right of Professional Conscience
This is a basic right which explains that the decisions taken while carrying on with the duty,
where they are taken in moral and ethical manner, cannot be opposed. The right of
professional conscience is the moral right to exercise professional judgement in pursuing
professional responsibilities. It requires autonomous moral judgement in trying to uncover the
most morally reasonable courses of action, and the correct courses of action are not always
obvious.
There are two general ways to justify the basic right of professional conscience.
 The exercise of moral reflection and conscience that justifies professional duties is
necessary, with respect to that duty.
 The general duties to respect persons and rule-utilitarianism would accent the public
good of allowing engineers to pursue their professional duties.
Right of Conscientious Refusal
The right of conscientious refusal is the right to refuse to engage in unethical behavior. This
can be done solely because it feels unethical to the doer. This action might bring conflicts
within the authority-based relationships.
The two main situations to be considered here are −
 When it is already stated that certain act is unethical in a widely shared agreement
among all the employees.
 When there occurs disagreement among considerable number of people whether the
act is unethical.
Hence it is understood that engineers and other professionals have a moral right to refuse the
unethical acts such as bribery, forging documents, altering test results, lying, padding payrolls
or coercing employees into acting by threatening, etc.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
30 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Right to Recognition
An engineer has a right to the recognition of one‘s work and accomplishments. An engineer
also has right to speak about the work one does by maintaining confidentiality and can
receive external recognition. The right for internal recognition which includes patents,
promotions, raises etc. along with a fair remuneration, are also a part of it.
The fulfilment of right to recognition motivates the employee to be a trustful member of the
organization, which also benefits the employer. This makes the employee morally bound
which enhances the ethical nature to be abided by the professional ethics.
4.2.1 Conflict of Interests and Whistleblowing
A widely used definition is: "A conflict of interest is a set of circumstances that creates a risk
that professional judgment or actions regarding a primary interest will be unduly influenced
by a secondary interest.―
Primary interest refers to the principal goals of the profession or activity, such as the
protection of clients, the health of patients, the integrity of research, and the duties of public
officer. Secondary interest includes personal benefit and is not limited to only financial gain
but also such motives as the desire for professional advancement, or the wish to do favors for
family and friends. These secondary interests are not treated as wrong in and of themselves,
but become objectionable when they are believed to have greater weight than the primary
interests.
Conflict of interest rules in the public sphere mainly focus on financial relationships since
they are relatively more objective, fungible, and quantifiable, and usually involve the
political, legal, and medical fields.

Types of Conflict of Interest

1. Actual Conflict of Interest
Example: a civil engineer working for a state department of high ways might have a financial
interest in a company that has a bid on a construction project.
2. Potential Conflict of Interest which threaten easily to become actual conflict
Example: an engineer might find himself becoming friends with a supplier for his company.
There is a potential that the engineer judgment might be conflicted by the need to maintain
friendship.
3. Appearance of a conflict of interests
This might occur when an engineer is paid based on a percentage of the cost of the design
How to avoid conflict of interest?
• You can follow the guidance of a company policy
• You can ask a coworker or your manager to give you a second opinion and that make
the situation clear that you are not trying to hide something
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
31 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• You can use the ethical problem-solving techniques.

• You can look to the statements in the professional ethics codes that uniformly forbid
conflicts of interest.
Whistleblowing
Whistleblowing is the act of drawing public attention, or the attention of an authority figure,
to perceived wrongdoing, misconduct, unethical activity within public, private or third-sector
organizations. Corruption, fraud, bullying, health and safety violation, cover-ups and
discrimination are common activities highlighted by whistleblowers. The act by an employee
of informing the public or higher management of unethical or illegal behavior by an employer
or supervisor .Whistle blowing is a way to connect the responsibilities and rights of an
engineer. According to codes of ethics of the professional engineering societies, they have
duties to protect the health and safety of projects.
Types of Whistleblowing
1. Internal Whistleblowing
Occurs when an employee goes over the head of an immediate supervisor to report a
problem to a higher level management .
However it‘s done , the whistleblowing is kept within the company or organization
2. External Whistleblowing
Occurs when the employee goes outside the company and reports wrongdoing to
newspapers or law-enforcement authorities .
3. Anonymous Whistleblowing
Occur when the employee who is blowing the whistle refuse to make public his name
when making accusations. They might be take the form of : Anonymous memos to upper
managements , a police phone call or news media .
4. Acknowledged Whistleblowing
Occurs when the employee put his name behind the accusation and is willing to withstand
the scrutiny brought on by his accusation.
Disadvantage of Whistleblowing
It may lead to distrust, disharmony, and inability of employees to work together.
When is an engineer morally obligated to blow the whistle?
• You are only obligated to blow the whistle when there is great imminent danger of
harm to someone if the activity continues and the four conditions have been met.
• It is acceptable to blow the whistle to protect the public interest, but not exact
revenge upon fellow employee, supervisors, or your company. Nor is it acceptable to
blow the whistle in the hopes of future gains through book contracts and speaking
tours.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
32 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Four Steps To Solve Whistleblowing

First: An Ethics Culture
- In each organization, there must be a strong corporate ethics culture.
-This should include a clear commitment to ethical behavior.
- Starts at the highest levels of management, and mandatory ethics training for all employees.
- All managers must set the tone of ethical behavior of their employees.
Second: Communication
- There should be clear lines of communication within the corporation.
- This openness give an employee a clear path to air his concerns
Third: Access to managers
- All employees must have meaningful access to high level managers.
- To bring their concerns forward.
- This access must be guaranteed with no retaliation(act of violent).
- These employees should be rewarded to fostering the ethical behavior of the company.
Fourth: Willingness
- There should be willingness from managements to admit mistakes publically if necessary.
- This attitude will set the stage for ethical behavior by all employees.

4.3 Professional code of Ethics

Ethics means two things:
First, ethics refers to well-founded standards of right and wrong that prescribe what humans
ought to do, usually in terms of rights, obligations, benefits to society, fairness, or specific
virtues
Secondly, ethics refers to the study and development of one's ethical standards. Feelings,
laws, and social norms can deviate from what is ethical

Ethics
Ethics, also known as moral philosophy is a branch of philosophy that addresses questions
about morality—that is, concepts such as good and evil, right and wrong, virtue and vice,
justice, etc.
A set of principles of right conduct.
A theory or a system of moral values

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
33 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Engineering Ethics mean the rules or standards governing the conduct of a person or the
members of a engineering profession. It is the field of applied ethics which examines and sets
standards for engineers' obligations to the public, their clients, employers and the profession.

Some replies from the employees on ‘ETHICS’

“Ethics has to do with what my feelings tell me is right or wrong.”
“Ethics has to do with my religious beliefs”
“Being ethical is doing what the law requires”
“Ethics consists of the standards of behavior our society accepts”
“I don't know what the word means”
Engineering Ethics
The field of applied ethics which examines and sets standards for engineers‘ obligation to
the Public, their Clients, Employers and Profession. Ethical Approaches mostly
influenced by whether the engineers are independently providing professional service or
government service or production enterprises.
Fundamental Ethical Values for Code of Ethics
 Protection of life and safeguarding people
 Sustainable management and care for the environment
 Community well being.
 Professionalism, integrity and competence
 Sustaining engineering knowledge.
Importance of “Code of ethics” & “Guidelines for Professional Engineering Practice”

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
34 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

i. Code of ethics governs the conduct of all practitioner

ii. It ensures that engineers practice within their expertise, they do so in a fair and ethical
manner and they place good of society above their personnel gain.
iii. This is a means by which engineers govern (direct) themselves
iv. It is a privilege earned over the years through knowledge, experience and trust.
Fundamental Ethics (Canons) of an Engineer
 Engineers shall hold paramount the safety, health and welfare of the public and shall
strive to comply with the principles of sustainable development in the performance of
their professional duties.
 Engineers shall perform services only in areas of their competence.
 Engineers shall issue public statements only in an objective and truthful manner.
 Engineers shall act in professional matters for each employer or client as faithful
agents or trustees, and shall avoid conflicts of interest.
 Engineers shall build their professional reputation on the merit of their services and
shall not compete unfairly with others.
 Engineers shall act in such a manner as to uphold and enhance the honor, integrity,
and dignity of the engineering profession and shall act with zero-tolerance for bribery,
fraud, and corruption.
 Engineers shall continue their professional development throughout their careers, and
shall provide opportunities for the professional development of those engineers under
their supervision.―
 Engineers shall not sign upon any documents, which are not prepared by him or under
his/her direct supervision.
Other Ethics
 Relationships with clients, consultants, competitors, and contractors
 Ensuring legal compliance by clients, client's contractors, and others
Conflict of interest- Bribery, which also may include: Gifts, meals, services, and
entertainment
 Treatment of confidential or proprietary information
 Consideration of the employer‘s assets
 Outside employment/activities (Moonlighting)
Moral Dilemma and Ethical Decision Making
Moral: It means pertaining to, or concerned with the principles or rules of right conduct or the
distinction between right and wrong. It is related with expressing or conveying truths or
counsel as to right conduct

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
35 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

It is founded on the fundamental principles of right conduct rather than on legalities,

enactment, or custom. It means conforming to the rules of right conduct acting on the mind,
feelings, will, or character.

Values, Morals & Ethics

Values are the rules by which we make decisions about right and wrong, should and
shouldn't, good and bad.
Morals have a greater social element to values and tend to have a very broad acceptance.
Morals are far more about good and bad than other values. We thus judge others more
strongly on morals than values. A person can be described as immoral, yet there is no word
for them not following values.
You can have professional ethics, but you seldom hear about professional morals. Ethics tend
to be codified into a formal system or set of rules which are explicitly adopted by a group of
people. Ethics are thus internally defined and adopted, whilst morals tend to be externally
imposed on other people.
Characteristics of Ethical Problems
 Ethical problems in managements are complex, as most ethical decisions have-
 Extended consequences
 Multiple alternatives
 Mixed outcomes
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
36 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

 Uncertain outcomes
 Personal Implications
Methods of making Proper Decision
 Utilitarianism : A decision or act is right or good only if it generates the greatest
amount of benefit for the largest number people with lowest cost and harms to others.
 Universalism : A decision or act is right or good only if everyone faced with the same
set of circumstances should be expected to make same decision.
 Based on Existing Law and Tradition
 Distributive Justice: A decision or act is right or good only if the least advantaged
member of the society somehow enjoy a better standard after the decision compared
to as they did before.
 Personal Liberty: A decision or act is right or good only if all the member of our
society somehow have a greater freedom to develop their own lives after the decision.

Engineering Professional institutions in Nepal

A. Nepal Engineering Council
B. Nepal Engineers Association

Nepal Engineering Council (NEC)

After the political change in the sixties, engineering activities began to contribute to the
development of the country and the engineering profession started to gain respect in the
society. The engineering community began to grow in number and was involved in all
spheres of national development and engineers were allowed to compete in administrative
service also for the post of secretary.
After the introduction of democracy in 1990 encouraged the growth of engineering colleges
in Nepal and the enrolment of students into these engineering colleges was rising very fast.
Hence it was expected that nearly 3000 engineers would be graduating from local
engineering colleges every year with nearly an equal amount graduating from colleges
abroad.
A need was felt for an organization to manage the engineering profession. Therefore, to make
the engineering profession more effective, Nepal Engineering Council was formed under the
Nepal Engineering Council Act, 2055 promulgated by then His Majesty the King on B.S.
2055/11/27 (11th March, 1999 A.D.).
As per the Act, NEC has been vested with the statutory authority for the planning,
coordinated development and monitoring of engineering profession and education in the
country. NEC Act 2055 gives an outline on the formation of the Council, its tenure and the
roles and responsibilities of the Chairman, Vice Chairman and the Registrar.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
37 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

NEC Rules 2057 also lays down the professional code of conduct for engineers registered
with the Council.
The code directs the relationships of Nepalese Engineers with:
 Public
 Employers and Clients
 Other Engineers
Nepal Engineering Council Rules, 2057 has also been prepared and approved by then His
Majesty's Government as per the provision of Clause 37 of the Act. The first Executive
Council was formed on Magh 2056 under the chairmanship of Er. Ram Babu Sharma and
completed its tenure on Magh 2060.
Engineering Profession according to Nepal Engineering Council
Nepal Engineering Council Act 2057 defines the engineering profession as the occupation
which is done by the engineers. The engineer has been defined as a person having
graduate degree in engineering from the institute recognized by the council.
It can be defined various way, generally it is defined as “it’s a practice with the act of
designing, composing, advising, reporting, directing or supervising where in the
safeguarding of, health, property or the public welfare is concerned and that requires the
application of engineering principles.”
Jurisdiction (Scope) of NEC
 Licensing or registration of Engineer
 Accreditation of Certificates of academic qualification.
 Recognition of academic institutions
 Produce and monitor the professional code of conduct
Objectives of NEC
The objective of NEC is to make engineering profession effective by mobilizing it in a more
systematic and scientific and also to register the engineers as per their qualifications. Its
duties and responsibilities are:
 To prepare policies, plans and programs for the smooth functioning of the
engineering profession and to execute them
 To grant permission and approval to carry out engineering education to
those engineering colleges and institutions that meet the required norms
and standards and to honour their degrees and certificates
 To set norms and standards for engineering education in Nepal
 To monitor and inspect the quality of engineering education provided by
the engineering colleges and institutions
 To fix the qualification necessary in order to practice engineering
profession and to register their name in the Council
 To remove their name from the registration of the engineering council if
found to violate the code of ethics.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
38 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Code of Ethics of Nepal Engineering Council

a. Honesty and Discipline: All engineers must provide service/professional jobs without
making engineering professional moral low,
b. Loyalty and Morals: All engineering professional practicing engineers must be loyal
to their organization, employers or clients.
c. Impartiality: While practicing engineering professional knowledge and skill,
engineers should be impartial in relation to religion, color, gender or caste or any
other.
d. Performing only related professional jobs only: The engineers should practice
their knowledge and skill in engineering within the scope of their education,
profession, knowledge and skill.
e. Never do anything that brings low moral in the Engineering Profession: Engineers
should not come financial or other influences by any change while performing
engineering jobs that lowers engineering moral in the society.
f. Personal Responsibility: In engineering professions, engineers are responsible for
their doings.
g. Name, Rank and Register no. : The engineers must produce their name, rank and
registration number after their professional work like writing, drawing, design,
specification, estimate, etc.
h. Do not publish statements to leave unnecessary influence: The engineers shall not
publish any notice or writing that brings influence the public and other client
unnecessary.
Removal of Name from Register Book
The name of Engineers shall not be removed from Register Book except in the following
cases:
1. Mentally ill
2. Bankrupt in case being unable to pay loans back
3. Violated specified professional conducts and reported to NEC to remove name from
Register Book and if decided by two third majority
4. If the court proved the engineer guilty in public case on moral ground
5. By mistake or mischief if anybody without basic qualification has been registered

Registration of NEC
The council categorized the engineers as under according to Section - 2 of the
Engineering Council Acts:
A - General Registered Engineers.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
39 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

B - Professional Engineers.
C - Non-Nepalese Registered Engineers.
Registration Requirements
 Application with approved format
 Copies of certificates of academic qualification
 Registration Fees
 Other relevant documents
Nepal Engineer’s Association (NEA)
Nepal Engineers' Association is an independent non profit organization of Nepalese
Engineers. It was established in 1968 AD (2024 BS).
NEA during 1968-1989 was successful in establishing this very organization. The organizing
of the World Engineering Congress along with first three national conventions were major
milestones in this period.
Nepal Engineers Association office is located at Pulchowk behind UNDP building.
NEA during 1990-1999 was successful in membership drive. Similarly the organizing of
the interaction program among the four Ps (Press, Public, Professional and Politician) was
a major step achieved by NEA in promoting the profession and in improving the image of
its fellow members.
NEA was successful in expansion of in- country NEA centers, conversion of existing
ones to Regional Centers as well as establishment of an international wings.
During the past decade, NEA broadened its activities by expanding its relation with
international Engineering societies. NEA became member of World Federation of
Engineering Organizations (WFEO) and was successful to establish Federation of
Engineering Institute of South and Central Asia (FEISCA).
During the past decade, NEA has been successful in construction of its own building at
Pulchowk behind UNDP building.

Objectives of NEA
 To promote development of the engineering science and technology in Nepal.
 To promote fellowship goodwill and cooperation assistance among the
Nepalese engineers and safeguard their rights and interests.
 To continuously enhance the highest professional ideals among the members
and widen it.
 By utilizing, to the highest extent possible, the participation of the national
engineering manpower of the country in the national development activities of
Nepal, make effort towards ending foreign dependency in this regard.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
40 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

 To develop relations, fellowship and goodwill with international engineering

associations and institutions.
4.3.2 Code of Ethics of IEEE and ACM
There are two computing professional societies
a) The Association for Computing Machinery (ACM)
b) The Institute for Electrical and Electronics Engineers – Computer Society (IEEE-CS)
ACM Code of Ethics and Conduct
1. Regarding to society and others
1.1 Contribute to society and human well-being.
1.2 Avoid harm to others.
1.3 Be honest and trustworthy.
1.4 Be fair and take action not to discriminate.
1.5 Honor property rights including copyrights and patent.
1.6 Give proper credit for intellectual property.
1.7 Respect the privacy of others.
1.8 Honor confidentiality.
2. More specific professional responsibilities
As an ACM computing professional I will ....
2.1 Strive to achieve the highest quality, effectiveness and dignity in both the process and
products of professional work.
2.2 Acquire and maintain professional competence.
2.3 Know and respect existing laws pertaining to professional work.
2.4 Accept and provide appropriate professional review
2.5 Give comprehensive and thorough evaluations of computer systems and their impacts,
including analysis of possible risks.
2.6 Honor contracts, agreements, and assigned responsibilities.
2.7 Improve public understanding of computing and its consequences.
2.8 Access computing and communication resources only when authorized to do so.

IEEE Code of Ethics

1. To accept responsibility in making engineering decisions consistent with the safety,
health and welfare of the public, and to disclose promptly factors that might endanger the
public or the environment;

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
41 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

2. To avoid real or perceived conflicts of interest whenever possible, and to disclose them
to affected parties when they do exist;
3. To be honest and realistic in stating claims or estimates based on available data;
4. To reject bribery in all its forms;
5. To improve the understanding of technology, its appropriate application, and potential
consequences;
6. To maintain and improve our technical competence and to undertake technological tasks
for others only if qualified by training or experience, or after full disclosure of pertinent
limitations;
7. To seek, accept, and offer honest criticism of technical work, to acknowledge and
correct errors, and to credit properly the contributions of others;
8. To treat fairly all persons regardless of such factors as race, religion, gender, disability,
age, or national origin;
9. To avoid injuring others, their property, reputation, or employment by false or malicious
action;
10. To assist colleagues and co-workers in their professional development and to support
them in following this code of ethics.

4.4 Hacker Ethics and Netiquette

Hacker Ethics
The hacker ethic refers to the feelings of right and wrong, to the ethical ideas this community
of people had—that knowledge should be shared with other people who can benefit from it,
and that important resources should be utilized rather than wasted.
• Sharing
• Openness
• Decentralization
• Free access to computers
• World Improvement
• Access to computers—and anything which might teach you something about the way
the world works—should be unlimited and total. Always yield to the Hands-On
Imperative!
• All information should be free
• Mistrust authority—promote decentralization
• Hackers should be judged by their hacking, not criteria such as degrees, age, race, sex,
or position

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
42 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• You can create art and beauty on a computer

• Computers can change your life for the better
Netiquette
The word netiquette is a combination of 'net' (from internet) and 'etiquette'. It means
respecting other users' views and displaying common courtesy when posting your views to
online discussion groups.
Rules of Netiquette
Rule 1: Remember the Human
Rule 2: Adhere to the same standards of behavior online that you follow in real life
Rule 3: Know where you are in cyberspace
Rule 4: Respect other people's time and bandwidth
Rule 5: Make yourself look good online
Rule 6: Share expert knowledge
Rule 7: Help keep flame wars under control
Rule 8: Respect other people's privacy
Rule 9: Don't abuse your power
Rule 10: Be forgiving of other people's mistakes
Basic Netiquette example
Email
• Check your email as much as possible and respond quickly to messages you receive;
your input may be critical to someone else.
• Never send anything that you wouldn‘t want someone other than the recipient to read.
• Get good virus protection software and make sure it scans your incoming emails.
• Don‘t open an attachment in an email if:
 You don‘t know the sender,
 The subject line doesn‘t make sense or is suspicious in any way,
 The attachment name is suspicious, or
 The attachment or message text doesn‘t make sense or you aren‘t expecting
them.
• Don‘t type in all capital letters; it looks like you are screaming.
• Try not to use sarcasm or humor; it doesn‘t always come across well.
• When you‘re subscribed to a listproc (ListProc is an automated information
distribution and retrieval system for electronic mailing lists and file archives) make

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
43 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

sure you reply to one person and not the whole list, unless you want the whole list to
read what you have to say.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
44 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Unit 5
Risk and Responsibilities
5.1 Computer Liability
Computer Liability includes:
 Causes of Software Failures
 Risks
 Consumer Protection
 Improving Software Quality
 Producer Protection
 Complex application software defects
 Operating system failures
 On-line transaction processing performance issues
 Security issues
 Database architecture disputes
 International licensing disputes
 Shrink-wrap software disclaimers
 Consulting errors and omissions
Software Issues: Risks and Liabilities
 For healthy relationship between software developer and clients, we must consider
following things
(1) Standards – universally accepted level of confidence
Standards depend on:
 Development testing
 Verification and Validation
(2) Reliability – software reliability does not depend on age and wear and tear like
hardware
 Software reliability - is the probability that the software does not encounter an input
sequence resulting into failure.
(3) Security- software is secure if it does not contain trapdoors through which an intruder can
access the system.
(4) Safety – the safety of a software product means the absence of a likelihood of an accident,
a hazard, or a risk

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
45 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

 A number of life critical systems depend on software, therefore, software safety is

important.
(5) Quality- a software product has quality if it maintains a high degree of excellence in
standards, security, safety, and dependability.
Causes of Software Failures
Factors that contribute to software failures:
Human factors
• Memory lapses and attention failures: For example, someone was supposed to have
removed or added a line of code, tested, or verified but did not because of simple
forgetfulness.
• Rush to finish: The result of pressure, most often from management, to get the product
on the market either to cut development costs or to meet a client deadline can cause
problems.
• Overconfidence and use of nonstandard or untested algorithms: Before algorithms are
fully tested by peers, they are put into the product line because they seem to have
worked on a few test runs.
• Malice: Software developers, like any other professionals, have malicious people in
their ranks. Bugs, viruses, and worms have been known to be embedded and
downloaded in software as is the case with Trojan horse software, which boots itself
at a timed location.
• Complacency: When either an individual or a software producer has significant
experience in software development, it is easy to overlook certain testing and other
error control measures in those parts of software that were tested previously in a
similar or related product,
• Experience
Nature of software
• Complexity: Unlike hardwired programming in which it easy to exhaust the possible
outcomes on a given set of input sequences, in software programming a similar
program may present billions of possible outcomes on the same input sequence.
• Difficult testing: There will never be a complete set of test programs to check
software exhaustively for all bugs for a given input sequence.
• Ease of programming: The fact that software programming is easy to learn
encourages many people with little formal training and education in the field to start
developing programs, but many are not knowledgeable about good programming
practices or able to check for errors.
• Misunderstanding of basic design specifications: This affects the subsequent design
phases including coding, documenting, and testing.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
46 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Risk
Risk is a hazard level together with the likelihood of an accident to occur and the severity of
the potential consequences. A hazard is a state or set of conditions of a system or an object
that, together with other conditions in the environment of the system, or object, will lead
inevitably to an accident
• Software risks are caused by:
 Personnel shortfalls
 Unrealistic schedules and budgets
 Developing the wrong functions and properties
 Developing the wrong user interface
 Continuing stream of requirements changes
 Shortfalls in externally furnished components
 Shortfalls in externally performed tasks
 Real-time performance shortfalls
 Straining computer-science capabilities
Consumer Protection and the Law
• Buyer‘s rights:
• Replacement
• Refunds
• Updates
• Understanding software complexity- software as:
• Product
• Service
• Mix
Costumer protection tools:
(1) Contract (used with products):
• Express warranties
• Implied warranties
• Third-party beneficiary
• Breach of contract – lack of compliance
(2) Tort (used with services): Tort is any private or public action, which leads to loss or
damages
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
47 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• Intentional
• Unintentional
Torts includes-
• Negligence – careless, lack of competence, etc..
• Malpractice
• Strict liability
• Misrepresentation
If vendors were responsible for harmful consequences of defects
• Companies would test software more
• They would purchase liability insurance
• Software would cost more
• Start-ups would be affected more than big companies
• Less innovation in software industry
• Software would be more reliable
• Making vendors responsible for harmful consequences of defects may be wrong.
• Consumers should not have to pay for bug fixes .
Improving Software Quality
The safety and reliability of a software product defines the quality of that software. Software
quality can only be improved during the development cycle. The following techniques done
during the software development phase can improve software quality:
• Final review
• Inspection
• Walk-through
• Phased-inspection
Producer Protection and the Law
• Protection against:
• Piracy
• Illegal copying/downloading of copyrighted software
• Fraudulent lawsuits by customers
• Seek protection from the courts
Safety critical systems

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
48 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Systems with a component of real-time control that can have a direct life-threatening impact.
Some of the examples are as below-
• Aircraft, air traffic control
• Nuclear reactor control
• Missile systems
• Medical treatment systems
• Safety critical software used in the design of physical systems can have massive
impact.
Accuracy vs. Democracy in Internet
The Internet is one of the final frontiers. Untamed and unregulated, it offers huge opportunity
for individual freedom in exploration and communication. With a smartphone, you have
access to anything you want to know at all times. However, the price of this great freedom is
increased personal responsibility.

Questions to determine accuracy on the internet

1. Is the information true?
– Look at the source of the article. Is it a well-known source? Does the source have a
bias?
– Do a Google search using a key phrase. Check out several of the articles that show
up, not just one.
– If they quote research, check to see if it is quality, valid research.
– If it‘s a quote, check attribution with Wikiquotes or Quote Investigator.
2. What is the real information?
Often information is packaged in interpretation and opinions. Ask what is the
information itself, not the interpretation of the information? Look for data and make
your own decision on the interpretation. Even Wikipedia articles need to be evaluated.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
49 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

3. How would someone who holds a different view interpret the article?
Put yourself in the shoes of someone who does not hold your views. This can be one
of the most effective ways to help you be objective and find where there are holes in
the article.
Skill to develop to identify the accuracy
Three Skills to Develop
1. Evaluating research to identify quality, valid studies.
2. Separating data from opinion.
3. Critical thinking: stepping out of emotionality and using objective analysis.
Democracy In Internet
Internet users have the potential to
• Share what‘s on their minds(social media have becomes important media for voicing
one‘s opinion)
• Express their thoughts
• Connect with others or join groups who share their opinions.
The internet has also become an important medium for the expression of criticism or dissent,
especially in socio-political matters.
How Internet promotes Democracy?
• The spread of free information through the internet has encouraged freedom and
human development. The internet is used for promoting human rights, including free
speech, religion, expression, peaceful assembly, to governments accountability, and
the right of knowledge and understanding. These rights support democracy.
• "The freedom to connect – the idea that governments should not prevent people from
connecting to the internet, to websites, or to each other. The freedom to connect is like
the freedom of assembly, only in cyberspace. It allows individuals to get online, come
together, and hopefully cooperate.
• Unmediated mass communication on the internet, such as through newsgroups, chat
rooms, and others.
• practical issues involving e-democracy include: effective participation; voting
equality at decision stage; enlightened understanding; control of the agenda; and
inclusiveness.
• This collective decision making and problem-solving gives more power to the citizens
and helps politicians make decisions faster.

5.2 Value in design

Value-driven design is a systems engineering strategy based on microeconomics which
enables multidisciplinary design optimization. Value-driven design is being developed by the
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
50 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

American Institute of Aeronautics and Astronautics, through a program committee of

government, industry and academic representatives. In parallel, the US Defense Advanced
Research Projects Agency has promulgated an identical strategy, calling it Value centric
design, on the F6 Program. At this point, the terms value-driven design and value centric
design are interchangeable. The essence of these strategies is that design choices are made to
maximize system value rather than to meet performance requirements.

Software and Design Problems

 People may come and go, but software may remain
• A software product is often expected to be used for an extended period of time
by someone who did not write the program and who is not intimately familiar
with its internal design
 Software may evolve
• New features may be added, environments may change, so initial specification
may be incomplete
 Software specification is not easy
• It should be generated at the beginning of project and maintained up-to-date
while the software goes through changes
• It should be clarified through extensive interaction between the users and the
system analyst, and then approved by the users
• It should be clear and understandable to any programmer

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
51 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Coping with change

 Change is inevitable in all large software projects.
• Business changes lead to new and changed system requirements
• New technologies open up new possibilities for improving implementations
• Changing platforms require application changes
 Change leads to rework so the costs of change include both rework (e.g. re-analyzing
requirements) as well as the costs of implementing new functionality
Design activity
Architectural design, where you identify the overall structure of the system, the principal
components (sometimes called sub-systems or modules), their relationships and how they are
distributed. Interface design, where you define the interfaces between system components.
Component design, where you take each system component and design how it will operate.
Database design, where you design the system data structures and how these are to be
represented in a database.
Hardware Design Issue
The design of the system will be affected by the choice of H/W and the type of S/W they use.
Users wish certain apparent properties in a system that is a system should be fast, convenient
to use, reliable, easy to learn and to use, and safe. The system should be comfy to design,
implement, and maintain and it should be precise for the following mentioned goals.
• Performance
• Complexity
• Power management
• Reliability
• Security
• Time to market
Hardware Design Challenges
• Rigid, Therefore Fragile
• Easier to use than to reuse
• Cohesion and coupling
• Trying to duplicate the test environment
Improving Professionalism in Software Development
Three steps:
1. Work with Professional Engineering societies.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
52 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

We should stop fighting and work with the Engineering groups on the establishing
standards for a new ―flavor‖ of Engineer, either ―Software Engineer‖ or ―Computer
Engineer‖. We should take the advantage of the experience that this groups have in
setting professional standards. We should use existing legislations to enforce those
standards.
2. Develop better educational programs.
We are not ready to work with the accreditation committees even if they are:
• Little agreement on the essential knowledge required of those practicing
Software Engineering
• We need to remember that Engineering is not Management our current
programs and literature confuse them.
3. Develop accreditation procedures for Software Engineering programs
It is time to develop standards for the educational programs that will be uniquely
designed and target needs of Software Engineering as a discipline not as a
subprogram of Electrical Engineering or Computer Science.
The aim [of education] must be the training of independently acting and thinking
individuals who, however, see in the service to the community their highest life
achievement. – Albert Einstein

How is software designed today?

 Software Myths -Managers
◦ We have standards and procedures for building software, so developers have
everything they need to know.
◦ We have state-of-the-art software development tools; after all, we buy the
latest computers.
◦ If we're behind schedule, we can add more programmers to catch up.
◦ A good manger can manage any project.
 Software Myths – Client
◦ A general statement of objectives is sufficient to begin writing programs - we
can fill in the details later.
◦ Requirement changes are easy to accommodate because software is flexible.
◦ I know what my problem is, therefore I know how to solve it.
 Software Myths - Practitioner
◦ If I miss something now, I can fix it later.
◦ Once the program is written and running, my job is done.
◦ Until a program is running, there's no way of assessing its quality.
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
53 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

◦ The only deliverable for a software project is a working program.

Software Realities
• The cost of finding an error rises an order of magnitude for every phase before the
error is discovered.
• 60%-90% of the total cost is maintenance.

5.3 Professional responsibilities of computer users

 You will use these computer and information systems in an ethical and legal
manner.
 You agree not to duplicate or use copyrighted or proprietary software without
proper authorization.
 You may not use others computer information for any business.
 You are responsible for protecting your personal identification number,
authentication token, and/or password.
 You may not share your account privileges with anyone or knowingly permit any
unauthorized access to a computer, computer privileges, systems, networks, or
programs.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
54 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Unit 6
Privacy
6.1 Privacy and its values
Privacy
Privacy is the ability of an individual or group to seclude themselves, or information about
themselves, and thereby express them selectively. When something is private to a person, it
usually means that something is inherently special or sensitive to them.
The domain of privacy partially overlaps security (confidentiality), which can include the
concepts of appropriate use, as well as protection of information.
Values of Privacy
• The right to be let alone
• The option to limit the access others have to one's personal information
• Secrecy, or the option to conceal any information from others
• Control over others' use of information about oneself
• States of privacy
• Personhood and autonomy
• Self-identity and personal growth
• Protection of intimate relationships
Privacy Risks
Risks associated with the collection, use and management of an agency‘s personal
information holdings.
Top 10 Privacy Risks
• Web Application Vulnerabilities
• Operator-sided Data Leakage
• Insufficient Data Breach Response
• Insufficient Deletion of personal data
• Non-transparent Policies, Terms and Conditions

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
55 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• Collection of data not required for the primary purpose

• Sharing of data with third party
• Outdated personal data
• Missing or Insufficient Session Expiration
• Insecure Data Transfer
6.2 Privacy Risks
6.2.1 Government Information
It is well known fact that government information are critical and most of such information
should be private and kept safely. While using such information in internet, there is chance of
losing private/secret information to third party. This may lead to huge lose to the government.
Information privacy, or data privacy (or data protection), is the relationship between the
collection and dissemination of data, technology, the public expectation of privacy, and the
legal and political issues surrounding them. Privacy concerns exist wherever personally
identifiable information or other sensitive information is collected, stored, used, and finally
destroyed or deleted – in digital form or otherwise.
Data privacy issues may arise in response to information from a wide range of sources, such
as:
• Government policies
• Defense, security and diplomatic policies
• Security policies
• Diplomatic policies
6.2.2 Consumer Information
Information privacy, or data privacy (or data protection), is the relationship between the
collection and dissemination of data, technology, the public expectation of privacy, and the
legal and political issues surrounding them. Privacy concerns exist wherever personally
identifiable information or other sensitive information is collected, stored, used, and finally
destroyed or deleted – in digital form or otherwise. Improper or non-existent disclosure
control can be the root cause for privacy issues.
Data privacy issues may arise in response to information from a wide range of sources, such
as:
• Healthcare records
• Criminal justice investigations and proceedings
• Financial institutions and transactions
• Biological traits, such as genetic material
• Residence and geographic records

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
56 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• Privacy breach
• Location-based service and geo-location.
• Web surfing behavior or user preferences using persistent cookies
6.3 Privacy of Consumer Information
6.3.1 Privacy of Database and personal records
Database security concerns the use of a broad range of information security controls to
protect databases (potentially including the data, the database applications or stored
functions, the database systems, the database servers and the associated network links)
against compromises of their confidentiality, integrity and availability.
Security risks to database systems
• unintended activity or misuse by authorized database users, database administrators,
or network/systems managers, or by unauthorized users or hackers (e.g. inappropriate
access to sensitive data, metadata or functions within databases, or inappropriate
changes to the database programs, structures or security configurations);
• Malware infections causing incidents such as unauthorized access, leakage or
disclosure of personal or proprietary data, deletion of or damage to the data or
programs, interruption or denial of authorized access to the database, attacks on other
systems and the unanticipated failure of database services;
• Overloads, performance constraints and capacity issues resulting in the inability of
authorized users to use databases as intended;
• Physical damage to database servers caused by computer room fires or floods,
overheating, lightning, accidental liquid spills, static discharge, electronic
breakdowns/equipment failures and obsolescence;
• Design flaws and programming bugs in databases and the associated programs and
systems, creating various security vulnerabilities (e.g. unauthorized privilege
escalation), data loss/corruption, performance degradation etc.;
• Data corruption and/or loss caused by the entry of invalid data or commands, mistakes
in database or system administration processes, sabotage/criminal damage
Ways to security control in database
• Access control
• Auditing
• Authentication
• Encryption
• Integrity controls
• Backups
• Application security
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
57 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• Database Security applying Statistical Method

6.3.2 E-mail Privacy
Email privacy is dealing with issues of unauthorized access and inspection of electronic mail.
This unauthorized access can happen while an email is in transit, as well as when it is stored
on email servers or on a user computer.
Threats in e-mail privacy
• Threats to the security of e-mail itself
• Loss of confidentiality
• E-mails are sent in clear over open networks
• E-mails stored on potentially insecure clients and mail servers
• Loss of integrity
• No integrity protection on e-mails; body can be altered in transit or on
mail server
• Lack of data origin authentication
• Lack of non-repudiation
• Lack of notification of receipt
Threats Enabled by E-mail
• Disclosure of sensitive information
• Exposure of systems to malicious code
• Denial-of-Service (DoS)
• Unauthorized accesses etc.
What are the Options?
1. Secure the server to client connections (easy thing first)
• POP, IMAP over ssh, SSL
• https access to webmail
• Very easy to configure
• Protection against insecure wireless access
2. Secure the end-to-end email delivery
• The PGPs of the world
• Still need to get the other party to be PGP aware
• Practical in an enterprise intra-network environment
Email based Attacks

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
58 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

i. Active content attack

• Clean up at the server (AV, Defang)
ii. Buffer over-flow attack
• Fix the code
iii. Shell script attack
• Scan before send to the shell
iv. Trojan Horse Attack
• Use ―do not automatically use the macro‖ option
v. Web bugs (for tracking)
• Mangle the image at the mail server
Email SPAM
• SPAM filtering
• Content based – required hits
• White list
• Black list
• Defang MIME
PGP (“Pretty Good Privacy)
• First released in 1991, developed by Phil Zimmerman
• Freeware: OpenPGP and variants:
• OpenPGP specified in RFC 2440 and defined by IETF OpenPGP working group.
• www.ietf.org/html.charters/openpgp-charter.html
• Available as plug-in for popular e-mail clients, can also be used as stand-alone
software.
• Functionality
• Encryption for confidentiality.
• Signature for non-repudiation/authenticity.
• Sign before encrypt, so signatures on unencrypted data - can be detached and stored
separately.
• PGP-processed data is base64 encoded
PGP Algorithms
Broad range of algorithms supported:
• Symmetric encryption:

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
59 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• DES, 3DES, AES and others.

• Public key encryption of session keys:
• RSA or ElGamal.
• Hashing:
• SHA-1, MD-5 and others.
• Signature:
• RSA, DSS, ECDSA and others.
PGP Services

PGP Message

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
60 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

PGP Key Rings

• PGP supports multiple public/private keys pairs per sender/recipient.
• Keys stored locally in a PGP Key Ring – essentially a database of keys.
• Private keys stored in encrypted form; decryption key determined by user-entered
pass-phrase.
Key Management for PGP
• Public keys for encrypting session keys / verifying signatures.
• Private keys for decrypting session keys / creating signatures.
• Where do these keys come from and on what basis can they be trusted?
• PGP adopts a trust model called the web of trust.
• No centralised authority
• Individuals sign one another‘s public keys, these ―certificates‖ are stored along with
keys in key rings.
• PGP computes a trust level for each public key in key ring.
• Users interpret trust level for themselves.
PGP Key Management Issues
• Original intention was that all e-mail users would contribute to web of trust.
• Reality is that this web is sparsely populated.
• How should security-unaware users assign and interpret trust levels?
• Later versions of PGP support X.509 certs.
• Trust levels for public keys dependent on:
• Number of signatures on the key;
• Trust level assigned to each of those signatures.
• Trust levels recomputed from time to time.
PGP Message Generation

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
61 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• The sending PGP entity performs the following steps:

• Signs the message:
• PGP gets sender‘s private key from key ring using its user id as an
index.
• PGP prompts user for passphrase to decrypt private key.
• PGP constructs the signature component of the message.
• Encrypts the message:
• PGP generates a session key and encrypts the message.
• PGP retrieves the receiver public key from the key ring using its user
id as an index.
• PGP constructs session component of message
PGP Message Reception

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
62 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• The receiving PGP entity performs the following steps:

• Decrypting the message:
• PGP get private key from private-key ring using Key ID field in
session key component of message as an index.
• PGP prompts user for passphrase to decrypt private key.
• PGP recovers the session key and decrypts the message.
• Authenticating the message:
• PGP retrieves the sender‘s public key from the public-key ring using
the Key ID field in the signature key component as index.
• PGP recovers the transmitted message digest.
• PGP computes the message for the received message and compares it
to the transmitted version for authentication.
6.3.3 Web Privacy
• Get/give as little data as possible.
• Data anonymization.
• Audit trail: record who has accessed what data.
• Security and controlled access

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
63 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• Training, quality, restricted usage, data left in place.

• Policy.
Issues in Computer Security: Data mining and privacy
• Government data mining.
• Privacy preserving data mining:
• Data mining is ―extracting hidden patterns from large amounts of data‖
• Solutions to preserve privacy:
• Remove id information. Doesn‘t work.
• E.g., Sweeney‘s report: > 87% US population can be identified
by: 5 digit zip code, gender and date of birth.
• Data perturbation. Example. Needs to be done carefully.
Privacy on the web
• Think about this:
• On the web: every word you speak (blog) can be read
• Someone selling something may have ads on their site for something else.
• Identity of the other person may not be known!
• Some issues on the web are protected.
• Can you name them?
Privacy on the web
• Credit card payments are protected.
• But not necessarily private.
• Paypal etc.. May solve the privacy issues.
• Site and portal registrations:
• Beware of ―we will enhance your browsing experience‖
• Using email as id on some sites. Issues?
• Third party ads.
• Contests and offers: Free iphones!
Privacy issues
• Cookies:
• Be-aware
• Third party cookies. E.g., Double Click and online profiling.
• Adware
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
64 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• Web-bug.
• Spyware: keystroke loggers.
Email security
• Interception of email.
• Can be encrypted using PGP or S/MIME
• Email monitored legallly.
• Anonymous E-mail and remailers
• Sending anonymous emails.
• Spoofing and spamming.
Impact on Emerging technologies
• RFID tags
• RFID and privacy issues:
• Consumer products. How can this be exploited?
• RFID in individuals.
• Electronic voting
• Privacy issues.
• VoIP and Skype
• Privacy issues.
6.4 Protect your privacy
Somehow we all are protecting our privacy in internet. For example, we all make our social
media account secure by using the provided security options. But what if that did not work?
Follow the following instructions to protect your privacy.
• Don‘t fill out your social media profile.
• Be choosy about sharing your social security number—even the last 4 digits.
• Lock down your hardware.
• Turn on private browsing.
• Use a password vault that generates and remembers strong and unique passwords.
• Use two-factor authentication.
• Set up a Google alert for your name.
• Pay for things with cash.
• Keep your social network activity private.
• Don‘t give your zip code when making credit card purchases.
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
65 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• Lie when setting up password security questions.

6.5 Offensive speech and censorship in cyberspace
What is offensive speech?
– Political or religious speech.
– Pornography.
– Racial slurs.
– Nazi materials.
– Abortion information.
– Depictions of violence
– How to make Bombs
– Alcohol ads. Etc…
Freedom of Expression: Key Issues
• Controlling access to information on the Internet
• Anonymity
• Defamation
• Hate speech
• Pornography
Controlling Access to Information on the Internet
• Material Inappropriate for Children
– Technology Changes the Context
• On the Web, children have access to the same ‗adult‘ text, images,
videos, etc. as adults.
• Online proprietors don‘t know the customer is not an adult.
– Protecting Children
• It is illegal to create, possess or distribute child pornography,
regardless of the medium.
• Material Inappropriate for Children
– There is no doubt that there is material on the Web that most people would
consider inappropriate for children.
– There is much on the Web that is extremely offensive to adults.
– It is not surprising that some people see the Internet as a scary place for
children.
• Censorship Laws
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
66 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

– Communications Decency Act (CDA, 1996)

• Publicity and public pressure lead Congress to pass this act.
• Anyone who made available to anyone under 18 any communication
that is obscene or indecent would be subject to a $100,000 fine and two
years in prison.
• In 1997, the CDA was ruled unconstitutional because it was too vague
and too broad in protecting children online and because less restrictive
means are available.
– Child Online Protection Act (COPA, 1998)
• Commercial Web sites that make available to minors materials
―harmful to minors‖, as judged by community standards would be
subject to a $50,000 fine and six months in jail.
• In 2000 and 2003, COPA was ruled unconstitutional by a federal court.
– Children‘s Internet Protection Act (CIPA, 2000)
• Any school or library receiving federal Internet funds must install
filtering software on all Internet terminals.
• Filters must block sites containing child pornography, obscene
material, and any material deemed ―harmful to minors.‖
• A federal appeals court ruled a major part of CIPA unconstitutional in
2002 but the Supreme Court upheld the law in 2003.
• Internet Access in Libraries and Schools
– Filtering Software
• Benefit: prevent access to inappropriate material on the Internet by
screening words or phrases, blocking sites according to rating system,
or disallowing access to specific sites in a list.
• Problems: can be ineffective—kids get around the filters; the words,
phrases, rating systems, etc. are subjective; ―banned‖ keywords can be
overly restrictive for adult users and for legitimate use by minors.
– Filtering Software
• URL filtering
• Blocks URLs or domain names
• Keyword filtering
• Blocks key words or phrases
• Dynamic content filtering
• Web site‘s content is evaluated immediately before being
displayed
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
67 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• Uses
• Object analysis
• Image recognition
• Popular Internet filters
– ContentProtect
– CYBERsitter
– NetNanny
– CyberPatrol
• HateFilter
• ICRA(Investment Information & Credit Rating Agency) rating system
o Questionnaire for Web authors
o Generates a content label
 Uses Platform for Internet Content Selection (PICS) standard
o Users can configure browsers to read the label to block content
o Relies on Web authors to rate their site
o Complement to other filtering techniques
• ISP blocking
o Blocking is performed on the ISP server
o ClearSail/Family.NET prevents access to certain Web sites
• Federally financed schools and libraries must block computer access to
o Obscene material
o Pornography
o Anything considered harmful to minors
• Schools and libraries subject to CIPA do not receive Internet access discounts
unless they certify that Internet safety measures are in place
o Required to adopt a policy to monitor the online activities of minors
• CIPA does not require the tracking of Internet use by minors or adults
• Acceptable use policy agreement is an essential element of a successful
program in schools
o Signed by
 Students
 Parents
 Employees
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
68 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• Difficulty implementing CIPA in libraries because their services are open to

people of all ages
o Including adults with First Amendment rights
6.6 Anonymity
Way to express your views without exposing your identity.
• Principle of anonymous expression
– People can state opinions without revealing their identity
– In the wrong hands, it can be a tool to commit illegal or unethical activities
• Common Sense and the Internet
– Early publications by some of our Founding Fathers were published under
pseudonyms.
– Jonathon Swift published his humorous and biting political satire Gulliver’s
Travels anonymously.
– In the nineteenth century, when it was not considered proper for women to
write books, women writers such as Mary Ann Evans published under male
pseudonym.
– Today, there are publications on the Net that are posted anonymously.
– Whistleblowers may choose to release information via anonymous postings.
– To send anonymous e-mail, one sends the message to a remailer service,
where the return address is stripped off and the message is resent to the
intended recipient.
– Several businesses, like Anonymizer.com and Zero-Knowledge Systems,
provide a variety of sophisticated tools and services that enable us to send e-
mail and surf the Web anonymously.
Defamation and Hate Speech
• Actions that can be prosecuted include
– Sending threatening private messages over the Internet to a person
– Displaying public messages on a Web site describing intent to commit acts of
hate-motivated violence
– Libel directed at a particular person
• Some ISPs voluntarily agree to prohibit subscribers from sending hate messages
– Does not violate subscribers‘ First Amendment rights
– ISPs must monitor the use of their service
– Take action when terms are violated

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
69 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Unit 7
Computer and Cyber Crimes
7.1 Introduction to computer crime and cyber crime
A computer crime is any unlawful activity that is done using a computer.
Cybercrime is any criminal activity that involves a computer, networked device or a network.
While most cybercrimes are carried out in order to generate profit for the cybercriminals,
some cybercrimes are carried out against computers or devices directly to damage or disable
them, while others use computers or networks to spread malware, illegal information, images
or other materials. Some cybercrimes do both i.e., target computers to infect them with
viruses, which are then spread to other machines and, sometimes, entire networks.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
70 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

A primary impact from cybercrime is financial, and cybercrime can include many different
types of profit-driven criminal activity, including ransom ware attacks, email and internet
fraud and identity fraud, as well as attempts to steal financial account, credit card or other
payment card information. Cybercriminals may target private personal information, as well as
corporate data for theft and resale.
The U.S. Department of Justice divides cybercrime into three categories: crimes in which the
computing device is the target, for example, to gain network access; crimes in which the
computer is used as a weapon, for example, to launch a denial-of-service (DoS) attack; and
crimes in which the computer is used as an accessory to a crime, for example, using a
computer to store illegally obtained data.
The Council of Europe Convention on Cybercrime, to which the United States is a signatory,
defines cybercrime as a wide range of malicious activities, including the illegal interception
of data, system interferences that compromise network integrity and availability, and
copyright infringements. Other forms of cybercrime include illegal gambling, the sale of
illegal items, like weapons, drugs or counterfeit goods, as well as the solicitation, production,
possession or distribution of child pornography.
The ubiquity of internet connectivity has enabled an increase in the volume and pace of
cybercrime activities because the criminal no longer needs to be physically present when
committing a crime. The internet's speed, convenience, anonymity and lack of borders make
computer-based variations of financial crimes, such as ransomware, fraud and money
laundering, as well as hate crimes, such as stalking and bullying, easier to carry out.
Cybercriminal activity may be carried out by individuals or small groups with relatively little
technical skill or by highly organized global criminal groups that may include skilled
developers and others with relevant expertise. To further reduce the chances of detection and
prosecution, cybercriminals often choose to operate in countries with weak or nonexistent
cybercrime laws.
The First Incident of Cyber Crime
• The first major computer crimes came into being in the 1960‘s when a group of
hackers emerged from Massachusetts Institute of Technology (MIT).
• The first virus came into being in 1981. It was created on the Apple II operating
software and was spread through floppy disk, containing the operating software.
7.2 Types of Cyber Crimes

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
71 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

1. Viruses and Worms

Viruses are programs that attach themselves to a computer or a file. They then circulate
themselves to other files and to other computers on a network. Worms, unlike viruses do
not need the host to attach themselves to. They merely make functional copies of themselves
and do this repeatedly till they eat up all the available space on a computer's memory.
2. Denial-of-Service-Attacks
These attacks occur when a person or a group of people try to prevent a internet site from
functioning effectively either temporarily or on a long term basis.
In an amplified DNS denial-of-service attack, the attacker generates crafted domain name
system (DNS) requests that appear to have originated at the victim's network and sends them
to missonfigured DNS servers managed by third parties.

Example of DOS
One such vulnerability is a weakness that allows a hacker to enter the system and take it over
remotely. Then all he or she has to do is prevent a legitimate user from accessing or working
on the system. Lockouts are possible, where the denial of service (DoS) prevents legitimate
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
72 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

users from accessing their system. This comes from the fact that many systems have
authentication features, such as a login name and password. It is also typical that there are a
limited number of attempts that can be used in order to gain access, and reaching that limit
locks out the user. So a hacker can manipulate the login account limit and lockout the user.

3. Malware
Malware means malicious software. It is designed to secretly access an individual‘s computer
without his/her permission. Most malware are software‘s created with the intent of stealing
data. Using these software‘s, which are usually disguised as harmless pop-ups and such,
information about the users is collected without their knowledge.
4. Hacking
Hacking is unauthorized access over a computer system, and it usually involves modifying
computer hardware or software to accomplish a goal outside the creator‘s purpose.
5. Software Piracy
Unauthorized copying of purchased software is called software piracy. Making copies of the
software for commercial distribution, or resale is illegal. However software piracy is still
rampant around the globe, because it is almost impossible to put an end to it.
6. Fraud
Online fraud and cheating is one of the most lucrative businesses that are growing today in
the cyber space. Some of the cases of online fraud and cheating that have come to light are

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
73 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

those relating to credit card crimes, bank fraud, contractual crimes, internet scams, identity
theft, extortion etc.
7. Cyber stalking
Cyber stalking involves following a person's movements across the Internet by posting
threatening messages on the bulletin boards frequented by the victim, entering the chat-rooms
frequented by the victim, and constantly bombarding the victim with emails.
8. Obscene or Offensive Content

Includes contents of websites that may be distasteful, obscene, or offensive in many ways.
One of the major victims of this type of crime is child pornography.
Child pornography includes sexual images involving children under puberty, and post-
puberty and computer-generated images that appear to involve them in sexual acts.
9. Online Harassment
Any comment that may be considered degratory or offensive is considered harassment.
Harassment via the internet occurs in chat rooms, social networking sites, and e-mails.
10. Trafficking
Trafficking may assume different forms. It may be trafficking in drugs, human beings, arms
or weapons. These forms of trafficking are carried on under pseudonyms, encrypted emails,
and other internet technology.
11. Computer Vandalism
Vandalism means deliberately destroying or damaging property of another.
These acts may take the form of the theft of a computer, some part of a computer or a
peripheral attached to the computer, or by physically damaging a computer or its peripherals.
12. Spam
The unwanted sending of bulk e-mail for commercial purposes is called spam.
Although this is a relatively minor crime, recently new anti-spam laws have cropped up to
restrict the sending of these e-mails.
13. Phishing
• A criminal activity using social engineering techniques (a collection of techniques
used to manipulate people into performing actions or divulging confidential
information).

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
74 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• Phishers attempt to fraudulently acquire sensitive information, such as usernames,

passwords and credit card details, by masquerading as a trustworthy entity in an
electronic communication.
• eBay and PayPal are two of the most targeted companies, and online banks are also
common targets.
• Phishing is typically carried out by email or instant messaging, and often directs users
to give details at a website, although phone contact has been used as well.
• E-mails supposedly from the Internal Revenue Service have also been used.
• Social Networking sites are also a target of phishing, since the personal details in such
sites can be used in identity theft.
14. Online Pornography
• The Internet has been a boon to the pornography industry
– More than 60,000 Web sex sites are accessible
– The sites generate at least $1 billion a year in revenue
• CAN-SPAM Act
– Deterrent in fighting the dissemination of pornography
• Reasonable steps to stop access in the workplace
– Establishing a computer usage policy
• Prohibiting access to pornography sites
– Identifying those who violate the policy
– Taking action against those users
• Numerous federal laws address child pornography
– Federal offense
15. Digital Forgery
Forgery is the criminal act that provides misleading information about a product or service. It
is the process of making, adapting, or imitating documents or objects with the intent to
deceive. Digital forgery (or digital tampering) is the process of manipulating documents or
images for the intent of financial, social or political gain. This paper provides a brief
introduction to the digital forgery.
Prevention of Computer Crimes

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
75 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Always use latest and updated antivirus software's to

guard against virus attacks.

Avoid sending photographs online particularly to strangers

and chat friends as there have been incidents of misuse of
the photographs.

Web site owners should watch internet traffic and check any
irregularity on the site. Putting host-based intrusion detection
devices on servers may do this.

Use a security program that gives control over the cookies and
sends information back to the site, as leaving the cookies
unguarded might prove fatal.

Top 20 countries that commit the most Cyber Crimes

A Comparison of Software Piracy Rates in the World

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
76 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Pircacy rate Piracy rate

23% 93%
22% 93%
22% 93%
21% 93%
92%
21% 92%
20% 92%
20% Pircacy 92% Piracy
19% rate 92% rate
91%
Luxembourg
Newzealand
United States

Armenia
Bangladesh
Azerbaijan
7.3 Introduction to digital forensics
Digital Forensics is the preservation, identification, extraction, interpretation and
documentation of computer evidence which can be used in the court of law.
Branches of Digital Forensics
• Branches of Digital Forensics include:
– Network Forensics
– Firewall Forensics
– Database Forensics
– Mobile Device forensics
• The names of the different branches speak to the different areas which they focus on.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
77 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

The Benefits of Digital Forensics

 Digital Forensics help to protect from and solve cases involving:
 Theft of intellectual property-
• This pertains to any act that allows access to patient, trade secrets, customer
data, and any confidential information.
 Financial Fraud-
• This pertains to anything that uses fraudulent solicitation of victim‘s
information to conduct fraudulent transactions.
 Hacker system penetration-
• Taking advantage of vulnerabilities of systems or software using tools such as
rootkits and sniffers.
• Distribution and execution of viruses and worms-
• These are the most common forms of cyber crime and often cost the most
damage.
Challenges faced by Digital Forensics.
 The increase of PC‘s and internet access has made the exchange of information quick
and inexpensive.
 Easy availability of Hacking Tools.
 Lack of physical evidence makes crimes harder to prosecute.
 The large amount of storage space available to suspects, up to over 10 Terabytes.
 The rapid technological changes require constant upgrade or changes to solutions.
Computer crime fighting with Digital Forensics
 Information lost or deleted from computers will be able to be uncovered or restored
and be used as evidence.
 Digital Forensics will allow the tracing criminal activities and personnel online.
 Perpetrators can now be investigated and brought to justice regardless of their
Geographical Location.
 Various measures can now be put into place so that crimes such as espionage can be
recognized easily and swift action to be undertaken.
Technologies that have Inspired the rise of Digital Forensics
• Logicube
– Created in 1993.
– One of the Leading digital forensic hard drive data recovery technology.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
78 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

– Widely used by cybercrime experts and corporate security personnel.

– Provides mainly hardware based solutions but do have software solutions.
• DIBS
– Initiated in the early nineties.
– Hardware and software, specifically designed to copy, analyze and present
computer data in a forensically sound manner.
• AccessData
– A pioneer in digital investigations since 1987.
– Provide state of the art cyber security, password cracking, eDiscovery and
decryption solutions.

Digital Forensics Playing a Role !!

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
79 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Case #1
• On Friday September 03, 2010 in Abu Dhabi, United Arab Emirates, a case
concerning the alleged raping of a 14 year old Brazilian girl was brought to the courts.
• As details of the case unfolded in the court the charges changed from rape to
consensual sex.
• Digital forensics helped in uncovering evidence in the form of intimate text messages
and photographs sent by the girl to the man from her mobile phone.
• The girl was eventually sentenced to six months in jail followed by deportation and
the 25 year old Pakistani bus driver was sentenced to one year in jail followed by
deportation.
• Digital forensics played an important role in the final verdict of the case

Case #2
• A large publicly traded financial institution contacted reputable firm Global Digital
Forensics (GDF) for assistance after suspecting multiple instance of fraud . It is
alleged that the company charged customer ‗hidden fees‘ to customers accounts.
• The problem one party faced included going through over 50 million transaction
records to find evidence that would increase the damages to be paid by the company.
• GDF using knowledge of the technology created processes that calculated the
information needed and assisted in drafting deposition notices and document requests
that narrowed the scope of the inquiry.
• This eased the concerns related to finding critical evidence and not spending huge
amounts of money doing it.
Case #3
• A pharmaceutical company received complaints that there was a dip in the usually
high sales in some geographical locations.
• It was discovered that large amounts of drugs were being diverted into the US and
being resold locally. An investigation led to the seizure of millions of dollar of
diverted drugs , computers and other electronic equipment.
• There was however a problem as all communication done between the perpetrators
through email which was encrypted and fairly complex as well as in a foreign
language.
• The Global Digital forensics (GDF) firm was contacted to carry out a digital analysis
of the computers seized to gain evidence.
• GDF forensic specialist decrypted and extracted a wealth of information from the
systems. GDF was able to provide documentation show that :

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
80 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• The diverted drugs were being purchased from European and Canadian
Distributor and shipped to the US.
• The distributors controlled several pharmacies and nursing homes in the area.
• The distributors have been engaged in drug diversion for over 10 years.
• The distributor was repackaging vitamins manufactured to appear the same as
the prescription drugs and selling and shipping them to Asia
• The distributor was operating unlicensed pharmacies and nursing homes.
• The company suffered 13 million dollars a year in lost revenues.
What is the Future for Digital forensics?
• There is an increasing wide array of tools used to preserve and analyze digital
evidence.
• The single approach to utilize single evidence such as hard drives will change as
there is increasing size of hundreds of Gigabytes and Terabytes to be used.
• Huge targets will require more sophisticated analysis techniques and equipment.
• There will also be better collaborative functions to allow forensics investigators to
perform investigations a lot more efficiently that they do presently.

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
81 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Unit 8
Intellectual property and legal issues
8.1 Intellectual Properties
Intellectual property (IP) is a category of property that includes intangible creations of the
human intellect. There are many types of intellectual property, and some countries recognize
more than others. The most well-known types are copyrights, patents, trademarks, and trade
secrets. It was not until the 19th century that the term "intellectual property" began to be
used, and not until the late 20th century that it became commonplace in the majority of the
world.
The main purpose of intellectual property law is to encourage the creation of a wide variety
of intellectual goods. To achieve this, the law gives people and businesses property rights to
the information and intellectual goods they create, usually for a limited period of time. This
gives economic incentive for their creation, because it allows people to profit from the
information and intellectual goods they create. These economic incentives are expected to
stimulate innovation and contribute to the technological progress of countries, which depends
on the extent of protection granted to innovators.
The intangible nature of intellectual property presents difficulties when compared with
traditional property like land or goods. Unlike traditional property, intellectual property is
"indivisible" – an unlimited number of people can "consume" an intellectual good without it
being depleted. Additionally, investments in intellectual goods suffer from problems of
appropriation – a landowner can surround their land with a robust fence and hire armed
guards to protect it, but a producer of information or an intellectual good can usually do very
little to stop their first buyer from replicating it and selling it at a lower price. Balancing
rights so that they are strong enough to encourage the creation of intellectual goods but not so
strong that they prevent the goods' wide use is the primary focus of modern intellectual
property law.
• Intellectual Property (IP) is a group of legal rights that provides protection over things
people create or invent.
• Typical methods of protection:
• Contract
• Trade Secrets
• Copyrights
• Trademarks
• Patents

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
82 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

Why should I care about IP?

• Intellectual Property Protection can…

– Attract investment $$$$$
• Or increasing exit valuation (e.g., IPO, M&A)
– Deter others from stealing your ideas
– Deter others from entering a market
– Defend against other patent portfolios
– License or Trade with others (Cross-License)
• Provide alterative sources of income…
Methods of Protecting IP
• Contracts

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
83 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• Copyrights
• Trademarks
• Trade Secrets
• Patents
Contracts
Contracts protect inventions in ways a patent or patent application can‘t. For example,
a contract can:
1. Limit the other person‘s ability to exploit your idea
2. Require the other person to assign an invention to you
3. Limit a manufacturer‘s ability to use your tooling for others
4. Require them to keep your idea a secret
A patent cannot do any of these things. Only a contract can do these things. A contract is an
agreement with those you have direct contact with, such as investors, independent
contractors, employees, and manufacturers.
• Affordable cost to gain protection
– Protection defined by contract
– Examples:
• non-compete terms
• anti-reverse engineering terms
• assignment of IP rights
• Length of time protection lasts
– Flexible
– Depends on terms of the contract
• Commercial Importance
– always important at some stage of business
• Enforcement – contract…

Copyrights
• ―Expression‖
– Art, Writing, Music, Movies, etc…
– Any ―work‖ reduced to a tangible medium of expression
• Policy

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
84 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

– Moral rights of the Author

• Europe
– Incentive to produce
• U.S.
• Free and Automatic
– Protection is automatic as soon as the work is reduced to a tangible medium…
• Aspects of Protection
– Scope - Narrow
– Term
• Life + 70 years
• Commercial (Work for Hire) - 120 years
• Commercial Benefits
– Supports entire industries
• Music
• Movies etc...
Trademarks
• Identification of Source
– Any word, name, symbol, or device or any combination thereof used by a
person or which a person has a bona fide intention to use in commerce
• §45 Lanham Trademark Act (1946)
– Examples:
• Google®
• Coke®
• Color Brown (UPS)
• Sounds – Windows Start-Up, NBC Chimes, etc
• Symbols
– ® - used to indicate a Registered Trademark
– ™ - used to brand a product
– ℠ - used to brand a service
• Relatively inexpensive to obtain
– ~ $500 - $2,500
• Protection lasts as long as the mark is used in commerce
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
85 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

– As long as the mark identifies source

– Use it or lose it…
• Commercial Benefits
– Powerful barrier to entry
– Price support
• Genericide…
– Popular marks must police use
Trade Secrets

• Shhh, don‘t tell anyone…

• Information that not known outside of an organization that provides a
competitive advantage
• Examples:
• Formula for Coca-Cola (Coke™)
• Decided not to patent to keep secret FOREVER…
• KFC‘s secret recipe
• Only 3 executives have access to the recipe
• WD-40
• Guarded in a bank vault
• Company mixes the formula in only three facilities to maintain the
secret.
• Relatively low cost to gain protection
• Some consider it practically free
• Must take precautions to maintain secrecy
• Protection lasts as long as the secret remains a secret
• protects information/knowledge that can be kept ―relatively secret‖
• Commercial Benefits
• Can provide critical barriers to entry

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
86 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• Enforcement…
• Enforcement complicated by variation in State law
Patents
• Protects implementation of technical ideas
– Article of Manufacture (e.g., light bulb)
– System (e.g., cell phone)
– Composition of Matter (e.g., compounds)
– Process (e.g., process of making or using)
• Microwaving Food (Spencer)
• Search engine (Google)
• 1-click purchase (Amazon)
• Types of Patents
– Utility Patent
– Design Patent
– Plant Patent
• Relatively expensive to obtain
– Initial filing ~$8,000 - $12,000
– Prosecution ~ $10,000+
– Limited term of protection
– 20 years from filing
– Commercial Benefits
– Exclusivity
– Monopoly Pricing
– Licensing
• What is the standard for getting a patent?
– New
– Useful
– Non-obvious
• What do you get if you meet the standard?
– Right to exclude others from the invention for a limited time
– Not a right to use the invention
• What do you give up by getting a patent?
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
87 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

– You have to teach others how to make and use the invention
• What do you risk by not patenting your invention?
– i.e., trying to keep it a trade secret
– Someone else can patent it and exclude you from using it.
• Selecting what to Patent?
– Business Value:
• What is the likely value of the technology?
• Will exclusivity provide a competitive advantage?
• Does the technology align with your commercial products?
– Legal Strength:
• What is the novelty over prior art?
• Business Methods?
– Exclusivity:
• Will competitors have viable design-around options?
• Can infringement be detected?
• Patent Strategy - Benefits from Patents
– Monopoly Pricing
• Increase profit margins through exclusionary power
– Extra Income
• Generate income through licensing activities
– Access to Technology
• Cross-license to access other technologies
– Business Asset
• Can be used to assist in securing funding or obtaining desired exit
valuations
– Marketing Tool
• Patent Pending
• Chilling effect on competition
• Demonstrated expertise in a particular field
• Patent Strategies
– Aggressive/Licensing strategy
• Patent everything
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
88 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• Expensive up front, but ensures that you cover everything and

eventually provides a revenue stream.
– Blocking strategy
• Patent technologies your competitors might use
• Moderate costs but provides essential protection and cross-licensing
opportunities if you can identify the key technologies.
– Defensive strategy
• Only patent key technologies
• Lower initial costs, but you risk missing key technologies.
• Patent Strategies
– Fences
• Patent critical features that are difficult to design around.
• Keep costs in check while protecting key product areas
– Land mines
• File blocking patents, but sparingly
• Dealing with a Competitor‘s Patents
– The right to Exclude
• A patent gives the owner the right to exclude others…
• …but a patent does not grant any affirmative rights
– Blocking Patent
• Someone else might have a dominant patent
– Freedom to Operate
• Knowledge of potentially problematic patents may give rise to an
affirmative duty to determine whether or not your product infringes
• Legal opinion-of-counsel
• Dealing with a Competitor’s Patents
– Options for dealing with a ―problem patent‖
• Design around the claims
• Identify claim elements that you can avoid
• Invalidate the patent
• Find prior art that invalidates the problem claims
• Ideally a single published document that discloses all of the
claim elements and pre-dates the patent‘s priority date
Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
89 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)
Course Manual on: Social and Professional Issues in IT (SPIT)

• License the Patent

IPR in Nepal
PLEASE FIND SEPARATE ATTACHMENT!
IT Related Laws in Nepal

Compiled By: 1. Trailokya Raj Ojha, Assistant Professror, Nepal Engineering College (nec)
90 2. Ishwor Pokhrel, Assistant Professor, Nepal Engineering College (nec)