Chapter 5

Chapter 5
Information and Society
We live in an information society where knowledge workers channel [focus] their energies to
provide a cornucopia of computer based information service. The knowledge worker’s job
function revolves around the use, manipulation, and dissemination of information. In an
information society, the focus of commerce becomes the generation and distribution of
information. A technology revolution is changing our way of life; the way we live, work, and
play. The cornerstone of this revolution, the computer, is transforming the way we communicate,
do business, and learn and an explosion of computing advances is speeding this change.

5.1 Virtual Society

The ability of each party in the information society during a transaction to ascertain the identity
of the other party - in the non-electronic world, we use our signature. If bank, by e-mail system
avoid the need for signatures on checks they insure for their customers by using proper
authentication that their transaction will be protected. In private networks the source of the
request for payment can be recorded and proved. There are 3 ways a computer system can verify
whether the user have authorized right of access. System try to authenticate users identify by
determining
 What you have?
 What you know?
 What you are?
Authentication mechanism are used to satisfy the user that entities – people, data, applications
or computers – are actually what they claim to be. One of the most commonly used mechanism
for authenticating people has been the password. Passwords are expected to be known only by
the owner. However, passwords can be guesses or learnt by intruders through interception of
communications networks or re-use of encrypted passwords. Re-use of passwords can be
prevented by time stamping or by using passwords only once. Another mechanism is the
challenge-response system in which the host throws a random ‘challenge’ to the entity being
authenticated, which in turn has to send an appropriate ‘response’ for validation at the distanced
computer.

Smart cards are similar to credit cards except that they have chips embedded in them. These
cards can be used to store value and carry authentication information. Other technologies that
are being used to provide authentication services include recognition of fingerprints, voice and
handwriting, retinal scan and resultant measurements of the signing event such as typing rhythm
and pressure exerted during input. Digital signature is also a very popular method for providing
authentication based on two-key cryptosystems.

VIRTUAL IDENTITY
Identification theft: stealing your good name – TOI – Theft of Identity – is a crime in which
thieves hijack your Name and identity and use your good credit rating to get cash or to buy
things. To do these, what they need is – full name and social security number. With the help
of these two information, add PIN number, employer driving license number, mother’s

1
 Chapter 5

maiden name, and so on, they are off to the races, gambling, applying credit facility every
where often – however, thieves simply mail order what ever they want. They have
 No face-to-face contact
 No weapons
 No finger prints

HOW DOES IDENTITY THEFT START?

Wallet Theft
 Earlier money now PIN/SSN only that they want and rest, they will make. Not to put
your ATM – PIN No., SSN, other Password on a slip of paper
Mail Theft
 Thieves – wants. Mailbox as a fair game, Yield them bank statements new bank
check books, tax forms, and other personal information.
Mining the Trash
 Throwing credit card offers portions of bills with details
 Old bank books cancelled, some thieves – target – trash cans – garbage box.
 Tear up – any discarded mail
 Waste for you may be useful for others
Telephone Solicitation
 Prospective thieves – call up and ask your bank – credit card Company, government
agency – attempt to collect data about you.
 You cross check and be safe

VIRTUAL STORE FRONT

Internet facilities like e-commerce, is creating new channels for marketing, sales and
customer support by eliminating middleman in buying and selling transactions. There are
many different business models for e-commerce on the internet including virtual store front.
Virtual store front – sells physical goods or services on-line instead of through a physical
storefront or retail outlet.

VIRTUAL UNIVERSITY
Distance learning is the use of computer and/or video networks to teach courses to students
outside the conventional classroom. Until recently, distance learning has been largely outside the
mainstream of campus life. That is, it concentrates principally on part time students, those who
cannot easily travel to campus, those interested in noncredit classes, or those seeking special
courses in business or engineering. However, part timers presently make up about 45% of all
college enrolments. This says very clearly “anytime, anywhere education holds special appeal.”

VIRTUAL SUPER MARKET

Virtual super market is sure to change the way we shop. This interactive online approach helps
take the hassle and the mystery out of grocery shopping. We can view items by category [snack
foods], by item [cookies], or by brand. We can even pursue the items on sale. We can request

2
 Chapter 5

that items be arranged alphabetically by brand, by price per unit, by package size, or we can even
request a listing by nutritional value.

In the minds of the busy people who shop online, the cost of the e-service is easily offset by
other savings [better prices, less spent on travel and so on]. These savings do not consider the
extra personal time shoppers recover by shopping online.

VIRTUAL OFFICE
Now big foreign companies are eliminating office and allowing employees to work from any
location they choose. Employees are supposed to work in virtual offices in any place, car, train,
plane, or home where their work can be done. Virtual offices are possible because of cellular
telephones, fax machines, portable computers, and other mobile computing and communication
devices. Virtual offices help
1. To reduce office space
2. answer from home
3. Eliminate office infrastructure and cost
4. Eliminate real estate costs
5. Eliminate unwanted traveling time to office
6. etc.

Virtual office employees have more flexibility and control over their own time. But, is the
virtual office a better way of working? What is its impact on individual?
1. Identity
2. Worker’s job satisfaction
3. and where is their corporate community

Some employees fear the virtual office will lead to downsizing, part time work and
eventually the loss of their jobs.
1. Other respond to the loss of daily social contacts
2. Loss of morality and integrity due to their virtual
3. Less the interaction with their colleagues, superiors and other co-workers

Organizations use networks for linking people, ideas to create and distribute products and
services, not being limited by traditional organizational boundaries or physical locations.
5.2 Issues and Ethics in IT
Issues in IT can be classified into four categories
1. Security issue
Security issues go right to the basic workability of computer and communications system in
the information society. Some threats to IT environments are
 Errors and accidents
 Natural and other hazards
 Crime against computers and communications
 Crime using computers and communications
 Worms and viruses
 Computer criminals

3
 Chapter 5

2. Quality of Life issue

Quality of life issues related to IT are
 Environment problems
o Pollution
o Radiation
 Mental Health problems
o Isolation
o Gambling
o Net addiction
o Stress
 Work place problems
o Misuse of technology
o Information overload

3. Economical Issue
May people worry that the effects of IT are reducing jobs, they also worry that it is
widening the gap between the haves and have-nots.
It will give the opportunity to worry about
 Technology the job killer or job creator
 Gap between rich and poor

If your job is replaced by computer that means human is not fittest for that job, it is not
worthy for human that is what the interpretation should be, not in the other way.

4. Privacy issue
Privacy is the right of people not to reveal information about them.
New communication and information technologies have enabled many organizations and
people to collect, organize, and sell information about other people and organizations,
both quickly and cheaply. The easy availability of personal information makes banking,
education, health care, and sales much more convenient for both consumers and sellers.
Credit card and automated teller machine (ATM) systems would be impossible without
large databases of information available on demand. Scanners in the supermarket rapidly
and accurately record every item that passes over them, making grocery checkouts faster
and error free. Companies maintain huge mailing lists of customers that record not only
their names, addresses, and phone numbers, but also major recent purchases, credit
ratings, and demographic information (such as sex, age, income, and educational level)
that helps the companies identify target markets for specific products.

The negative side to all this shared information is that there is little control over who sees
or uses this personal information. Medical records are shared not only by doctors’ offices
and by hospitals but are regularly made available to insurance companies as well. Auto
insurance companies obtain information about traffic violations from state and local
police departments. Credit report errors occur often and can be very damaging to a

4
 Chapter 5

person's financial situation. Many Americans worry that having so much of their personal
information available to so many others may hurt their privacy.

Privacy refers to how personal information is collected, used, and protected. The privacy
issue has not arisen because of computers; at one time, the taking of photographs caused
serious concern about invasion of personal privacy. In IT need of privacy is amplified
because of its enormous capabilities.
Because if a person gives an information for school admission.
 Where then information now?
 Who has control of it?
 Who has access to it and for what purpose?
 Is there a chance the data are being used in ways the student did not intend or have
not authorized?
 Who knows about that student’s personal history because they have access to data
that student has provided?
Since privacy applies to IT, privacy refers to how personal information is collected, used,
and protected. However, the enormous capabilities of IT to store and retrieve data have
amplified the need for the protection of personal privacy. Earlier privacy protection was
only the consumer issue. Now it is to the whole society.

Privacy Legislation: To protect individual privacy, national legislatures and parliaments

of some countries have passed several important pieces of legislation. Some of the
privacy legislation, that US is following are
1. Fair credit reporting Act
2. Freedom of information Act
3. Privacy Act
4. Electronics Communications Privacy Act
US government also released a publication titled “A code of Fair Information Practices”
as a set of rules for protecting personal privacy within government agencies which
became guide for all other countries.

Important guidelines contained in the code state that

1. There must be no personal data record keeping system whose very existence is a
secret
2. There must be a way for people to access the information about them in record and
find out how that information is used.
3. There must be a way for people to prevent information about themselves obtained for
one purpose from being used or made available for other purposes without their
consent.
4. There must be a way for people to correct or amend a record of information about
them.
5. Any organization creating maintaining, using, or disseminating record of identifiable
personal data must ensure their reliability and must take reasonable precautions to
prevent misuse of the data.

5
 Chapter 5

ETHICS - Can be defined as a branch of philosophy dealings with the determination of what is
right or wrong, good or bad. Simply if we define” ethics are moral standards that help to guide,
behavior, actions, and choices. Ethics are grounded in the notion of responsibility and
accountability.

The standard of conduct and moral behavior that people are expected to follow. Personal ethics
pertain to an individual’s day-to-day activities; societal ethics pertain to the actions of people in
their various social activities including the way in which they deal with colleagues, customers,
and anyone else society with whom the society interacts.

The difference between ethical behavior and legal behavior is important. Ethics are the actions
expected of people. In contrast, laws deal with required actions. An action may be legal but not
ethical, or ethical but not legal. Business societies are challenged by many questions of ethics
surrounding the widespread use of information technology. Not limited to IT professionals, these
issues involve anyone in the business society who provides data to or uses information from the
business society systems. Therefore, IT users must count on a company’s ethical policies for
protection of private information.

ETHICS IN AN INFORMATION SOCIETY

Ethical choices are decisions made by individual who are responsible for the consequence of
their actions. Basic concepts of ethics are
 Responsibility
Accepting the potential costs, duties and obligations for the decisions one makes
 Accountability
The mechanisms for assessing responsibility for decisions made and actions taken
 Liability
The existence of laws that permit individuals to recover the damages done to them by
other actors, systems, or organizations
 Due process
A process in which laws are well known and understood and there is an ability to appeal
to higher authorities to ensure that laws are applied correctly.

5.3 Computer Crimes

The term computer crime includes any unauthorized use of a
computer system – including software piracy – or theft of system
resources for personal use – including computer processing time and
network access time. Actions intended to alter data and programs or
to damage or destroy data, software, or equipment is also crimes.
Most common types of computer crimes are
DATA DIDLING Changing data and information before they enter a system
DATA LEAKAGE Erasing or removing data and files from a system without
indicating that they were removed or leaving any trace, they ever
existed.
LOGIC BOMB A program designed to execute when certain conditions occur.

6
 Chapter 5

Designed to sabotage system data, programs or processing [refer

time bomb]
PIGGY BACKING Gaining access to a system or process by using the passwords or
access codes of an authorized system user. Alternatively, taking
over a terminal or worker station in use by an authorized user,
perhaps while he or she has stepped away from the system
shortly.
SALAMI DATA Developing or modifying software to capture small amounts
SLICING [slices] of money in a transaction and redirecting them to a
hidden account. The amounts are so small they go unnoticed.
However, accumulate to substantial amounts in large volume
transaction processing systems.
SCAVENGING Searching trashcans, either figuratively through a computer
system icon or literally in a computer center, to find discarded
data and information program details. Used to obtain
confidential information or to learn the structure of a program
TIME BOMB A program designed to execute on a specific date and time. The
program monitors the computer’s internal clock or calendar.
When the preset date arrives, the program comes to life causing
its damage.
TRAPDOOR An illicit and unknown point of entry into a program or network
that can be used to gain access to the system
TROJAN HORSE A program that appears to do one thing, but actually does
something very different. Named after Trojan horse of ancient
Greek lore because the program masquerades as a harmless
application and then does its damage after it is loaded onto a
disk or into computer memory.
WIRETAPPING Using any device to capture data transmission electronically or
to listen in on network conversations, especially those
transmitted using wireless methods or over copper cables.
ZAPPING Damaging or erasing data and information or programs. Usually
possible because the criminal is able to bypass security systems.

All these crimes are committed through intrusion, forced and unauthorized entry into the system.
Computer crime through intrusion can occur by following ways.
1. Hackers
2. Crackers
3. Viruses

Hackers
A hacker is a person who gains access to a system illegally. Hackers usually gain access to a
system through a network, but sometimes they will physically enter a computer or network
facility.

Skilled technicians also called themselves, which does not mean their ability to break into
computers and networks, but rather to their technical skill for computer programming and

7
 Chapter 5

making a system perform in innovative and productive ways. Hackers who break into systems
also have good technical skills, but have chosen to apply them in undesirable [often-illegal]
ways. The increased frequency of hacking, coupled with the newness of the problem as an issue
of law, has led many governments to publish legislation in place to deal with this form of
computer crime.
 INDIA passed a bill “the information technology act 1998”
 US congress passed the “Computer Fraud and Abuse Act in 1984”

Protection against intrusion by hackers

There is always the possibility that the individual responsible for a computer crime are
disgruntled former employees. Hence good security means looking inside company as well as
outside company.

Preventing unauthorized access to a system entails having good physical security. Hiring honest,
reliable people is an obvious starting point.
Techniques helpful in deterring intrusion by hackers
1. Change access passwords frequently
2. Allow workers access to only the system functions they need to use
3. Permit workers to access only the data that they need to use
4. Establish physical security systems
5. Separate critical processing functions so that more than one person must be involved
6. Encrypt data by scrambling or coding information.
7. Adopt procedural controls
8. Keep staff well informed through education programs
9. Audit system activities
10. Keep a log of all transactions and user activities

Some expert security organizations use additional methods to supplement these techniques.
When caller dial into the system, they provide the telephone numbers from which they are
calling. The system may also sense the calling number automatically. The user then hangs up and
the system, after verifying that the telephone number is valid and authorized to call. Then it calls
back the user. This is called call back security adds another layer of protection to the above
techniques.

Despite these precautionary measures, some hackers do manage to break into even the best-
guarded systems. When a kicker has penetrated a system, it is important to determine whether
any damage or theft has occurred and to know that there is a trapdoor – that is an undetectable
way of entering the system bypassing the security system.
Crackers
Crackers also gain unauthorized access to information technology but do so for malicious
purposes. Crackers attempt to break into computers and deliberately obtain information for
financial gain, shut down hardware, pirate software, destroy.

5.4 Computer Viruses and Worms

VIRUS: A hidden program that alters, without the user’s knowledge the way a computer
operates or modifies the data and program stored on the computer.

8
 Chapter 5

Computer intrusion occurs by way of software in the name of virus. The virus is written by
individual’s intent on causing damage or wreaking havoc in a system. It is called virus because it
reproduces itself, passing from computer to computer when disks are shuttled from one computer
to another. A virus can also enter a computer when a file to which it has attached itself is
downloaded from a remote computer over a communications network an infected disk or diskette
will continue to spread the virus each time it is used

Each virus has its own characteristics – its own signature. Some destroy irreplaceable data by
writing gibberish over the disk they infect. Others take control of the operating system and stop it
from functioning. Still others embed commands into the operating system, causing it to display
messages on the computer screen. The worst forms of virus are much more susceptible, moving
through data and changing small amounts of detail in selected files, so unnoticeable they are
difficult to detect.

WORMS: A Worm is a program that copies itself repeatedly into memory or onto a disk drive
until no more space is left.
A virus is a typical program that attaches itself to a computer system and destroys or corrupts
data.
Viruses are passed in three ways
1. By diskette [copying ]
2. By network [data sharing]
3. By internet [ e-mail ]
Some worms erase, destroy, and change the data

Methods of virus detection

All types of computers are vulnerable to viruses. To protect against them, companies must buy
and use virus detection software. There are three methods of virus detection.
 Scanning programs – search the computer and main memory to detect a virus
 Detection Programs – monitor processing activities and signal the user when a virus tries to
infect the system
 Digital signature encryption – uses a mathematical coding scheme designed to foil a virus’s
attempt to attack programs and data. Alternatively, we can say published programs are
encoded with mathematical key, making it difficult for virus to attack data or programs. Also
makes detection of alterations caused by viruses easier.
Names of some viruses are
 Stoned
 Christmas or X-Mas
 Friday the 13th
 Falling letters
 Disk killers
 Mis-Speller

The issues discussed above are real and affecting every individual directly or indirectly. The
most important point to take from this information are simple, with the use of IT comes the need
to

9
 Chapter 5

1. User should be aware of possible misuse

2. User should be capable to take responsibility for safeguarding the resources under our
control

10