ISO 9001:2015 C

9
0
4

SOCIAL AND PROFESSIONAL

ISSUES

TI TLE O F MODU LE
Authors: NOEMI P. REYES, MSIT  FAUSTO S. HILARIO, PhD.  JANE KRISTINE G. SUAREZ, MSIT  LYN M.
DALISAYMO, MIT

Editors: GERRIPER BERNARDO  DIGNA M. EVALE, DIT  JAYSON M. BATOON  NOEL FRANCO

BULACAN STATE UNIVERSITY

SERVICE TO GOD AND COMMUNITY ORDER
AND PEACE
ASSURANCE OF QUALITY AND ACCOUNTABILITY RESPECT
AND RESPONSIBILITY

CITY OF MALOLOS BULACAN 3000

 T I T L E OF MODULE

BULACAN STATE UNIVERSITY

SERVICE TO COD AND COMMUNITY
ORDER AND PEACE
ASSURANCE OF QUALITY AND ACCOUNTABILITY
RESPECTAND RESPONSIBILITY

CITY OF MALOLOS BULACAN 3000

 3

PUBLICATION NOTICE (2022)

This is a government work. No part of this publication may be reproduced for profit
without the written permission of the Bulacan State University through its Innovation and
Technology Support Office (ITSO). You may reach the ITSO at the following address:
[email protected].
 4

OVERVIEW OF ETHICS

This unit provides a brief introduction to the concepts of ethics. It is intended to be used by
students to enhance their knowledge with conceptual clarity and expose them to dilemmas that
they may encounter and how they are going to handle them. Combining the concepts of ethics
with other various disciplines and the application to business applications provides a more
comprehensive perspective and allows students to move beyond discussions about the
difference between right and wrong. This unit focuses on proper etiquette and behavior students
must possess as a future IT professional.

The aim of this unit is to give students a basic understanding of ethics and its application in
various fields like individual human behavior, business, Information Technology and computing.
This unit helps students establish and prioritize moral standards and ethical values and principles
of the fields they belong to and understand the scope, concept and importance of Ethics, its
development and its relevance as applied in particular scenarios. It also aims to encourage
independent critical thinking and develop a particular code of conduct and ethical principles within
an organization or institution at large. A business or an institution founded based on strong ethical
principles and values is brighter, more successful and more enduring than an organization with
many compromises. In general, people in organizations must present moral behavior and make
a proper judgment on human behavior based on the standards set about human conduct and
integrity.

Throughout this unit, students will be guided with a variety of perspectives involving ethical
theories and will be engaged to explore emerging ethical behaviors that IT professionals and
ordinary individuals should have. Some examples of issues are given to students so that they
can have a deeper analysis of the differences between ethical and unethical behavior.
 5

Thoughts to Ponder
“You don't teach morals and ethics and empathy and kindness in the
schools. You teach that at home, and children learn by example.”
-JudySheindlin

What is Ethics?
Ethics comes from the word “ethos” which suggests "custom" or "character" in Greek.
As originally employed by Aristotle, it referred to a man's character or personality,
especially in its balance between passion and caution. Today, ethos is used to identify
the practices or values that distinguish one person, organization, or society from
others.

At its simplest definition, what is your understanding of “ethics”? There can be as many
descriptions and explanations of what ethics is all about and some are as follows:
• Ethics may be a system of ethical principles.
• Ethics influences how people settle an issue and lead their lives.
• Ethics cares about what is good for people and society.
• Ethics covers the subsequent problems:
• the way to live an honest life
• our rights and responsibilities
• and the language of right and wrong moral decisions – what is good and
what is bad?

• Ethics Centre (2018) explained ethics using three words such as ‘values’,
‘principles, and ‘purpose’.
1. Values tell us what is good. They are the things we strive for, desire, and
seek to protect.
2. Principles tell us what is right – outlining how we may or might not achieve
our values.
3. The purpose is our reason for being. It gives life to our values and
principles.

• Ethics is the process of questioning, discovering, and defending our values,

principles, and purpose. It is about checking out who we are and staying faithful
in the face of temptations, challenges, and uncertainty. It is not always fun, and
it is rarely easy, but if we plan it, we set ourselves up to form decisions we will
stand by, building a life that is truly our own.
• Ethics also refers to justifiable standards of right and wrong that order what
humans have to do, usually in terms of rights, obligations, welfare to society,
equity, or integrity. Ethics, for instance, refers to those standards that impose
reasonable obligations to refrain from rape, stealing, murder, assault, slander,
and fraud. Ethical standards also include people who enjoin virtues of honesty,
compassion, and loyalty. Furthermore, ethical standards include standards
concerning rights, like the right to life, the right to freedom from injury, and
therefore the right to privacy. Such standards are adequate standards of ethics
because they are supported by consistent and well-founded reasons.
• Ethics refers to the study and growth of one’s moral standards. As mentioned
above, feelings, laws, and social norms can deviate from what is ethical. Thus,
it is necessary to constantly examine one’s standards to make sure that they
are reasonable and well-founded.
 6

• Ethics also means the continual effort of studying our own moral beliefs and our
moral conduct, and striving to make sure that we, and therefore the institutions
we help to shape, live up to appropriate standards.
• Ethics can be like a multidisciplinary field of study. Theologians study ethics
and morality in light of spiritual teachings and divine commands. Psychologists
seek to know how people's values influence their thinking, behavioral
motivations, and private development. Sociologists attempt to identify and
explain varying cultural norms and practices. Business educators try to help
companies, employees, and professionals avoid expensive and
counterproductive ethical misdeeds. However, the study of normative ethics
has historically been dominated by philosophers, who have applied rules of
reason and logic to seek out answers to humanity's perplexing moral questions.

What is the Use of Ethics?

Being a complex creation, humans need a guide. Almost every day we are faced
with complex and difficult questions regarding the liberty of expression, access to
information, proper privacy, property rights, and cultural diversity. Likewise, we are
faced with different ethical dilemmas such as:
• how to live a good life,
• our rights and responsibilities,
• the language of right and wrong
• moral decisions - what is good and bad?
Ethics somehow can provide answers to these. If ethical theories are to be useful in
practice, they have to affect the way citizens behave. Some philosophers think that
ethics does this. They argue that if an individual realizes that it might be morally
good to try to do something then it might be irrational for that person to not roll in the
hay. But citizens often behave irrationally - they follow their 'gut instinct' even when
their head suggests a special course of action. However, ethics can come up with
good mechanisms for covering moral issues.
Ethics can provide a moral map
Most moral issues get us pretty aroused - consider abortion and euthanasia for
starters. Because these are such emotional issues, we frequently let our hearts do
the arguing while our brains just accompany the flow. But there are different ways of
tackling these issues, and that is where philosophers can be available - they provide
us with ethical rules and principles that enable us to require a cooler view of moral
problems. So, ethics provides us with an ethical map, a framework that we will use to
seek our way through difficult issues.

Ethics can pinpoint a disagreement

Using the framework of ethics, two people that are arguing an ethical issue can often
find that what they are disagreeing about is simply one particular part of the difficulty
and that they usually agree on other matters. That can take tons of warmth out of the
argument, and sometimes give them hints on how to resolve their problem. But
sometimes ethics does not provide people with the type of help that they need. Ethics
does not always give the right answers.
 7

Ethics does not always show the proper answer to moral problems.
Indeed, more and more people think that for several ethical issues there is not one
right answer - just a group of principles that will be applied to particular cases to give
those involved some clear choices. Some philosophers go further and say that what
ethics can do is eliminate confusion and clarify the problems. After that, it is up to every
individual to come up with their conclusions.

Ethics can give several answers.

Many people want that there is one right answer to moral questions. They find moral
ambiguity hard to measure because they genuinely want to try to do the 'right' thing,
and albeit they cannot determine what that right thing is, they just like the concept that
'so

Importance of Ethics
Ethics are important because they permit society to still function, helping people to
interact and functionally live their daily lives. They are important because they will
govern an individual's code of behavior and stop moral wrongs from occurring. Ethics
keep people from doing what is wrong. If a person has no ethics, he will do anything
for as long as he believes it will benefit him and he can get away with it. Ethics are
different from laws and different from doing the proper thing as a result of fear of
consequences. While something unethical could be illegal, there is no overlap.
Furthermore, in some ways, ethics are often even more important than the law, since
the law will only deter an individual from displaying bad behavior because he fears a
penalty, while a person with a robust code of ethics will do the proper thing simply
because it is the proper thing. If an individual has no code of ethics, he can steal, as
long as nobody is watching. He could mislead his loved ones or others because the
lie is not as grave as criminal fraud. He can engage himself in doing bad things as long
as he does not get caught. Since the law can't possibly catch everyone whenever they
are doing something bad, and therefore the law can't make every "wrong" action
illegal, society will quickly disintegrate if there are no ethical principles or moral rights
or wrongs. Thus, ethics is vital due to the following:
1. Satisfying Basic Human Needs: Being fair, honest and ethical is one of the
essential human needs. Every employee wants to be part of a company that is
imposing fair and just practices not only to them but to other stakeholders.
2. Creating Credibility: A corporation that is believed to be driven by moral values
is respected within the society even by those who may have no information
about the organization. Infosys, for instance, is perceived as a corporation with
permanent corporate governance and social responsibility initiatives. This
perception is held far and wide even by those that do not even know what
business the organization is into.
3. Uniting People and Leadership: A corporation driven by values is revered by its
employees also. These values are the common thread that brings the workers
and the decision makers together on a standard platform. This goes an
extended way in aligning behaviors within the organization towards the
achievement of one common goal or mission.
4. Improving Decision Making: “Our life is the total of all the decisions we make
every day, and those decisions are determined by our priorities” (Munroe,
n.d.). The same holds for organizations. Decisions are driven by values. For
example, a corporation that does not value competition is going to be fierce in
 8

its operations, getting to wipe out its competitors and establish a monopoly
within the market.
5. Long Term Gains: Organizations guided by ethics and values are profitable at
the end of the day, though in the short run they seem to lose money. Tata group,
one of the most important business conglomerates in India was seen on the
verge of decline at the start of the 1990’sbut later on succeeded.
6. Securing the Society: Oftentimes, ethics are used to protect society. The law
machinery is usually found acting as a mute spectator, unable to save lots of
the society and therefore the environment. Technology, for instance, is growing
at such a quick pace that by the time law comes up with a regulation we have
more modern technology with new threats replacing the older one. Lawyers and
public interest litigations might not help an excellent deal, but ethics can. Ethics
tries to make a way within the organizations and sometimes when the law fails,
it is the ethics that will stop organizations from harming the society or
environment. Ethics is a set of rules that governs how people treat one another.
Concerning that, the Bible (Luke 6:31) states "Do unto others as you'd have
them do unto you." That requires brooding about yourself first, to understand
how other men should be treated (“MSG Management Study Guide”, n.d.).

Basic Principles of Ethics

When we are talking about being an ethical person, have you ever asked yourself
the following questions?
• Do you care about others or are you a selfish individual?
• Do you take responsibility for the consequences of your actions, or do you
blame others for what happens to you?
• Do you love others unconditionally or do you expect something from them in
return?
• You may ask yourself these questions to measure whether you are an ethical
person. Ethical people follow basic principles of right and wrong.
The Golden Rule. "Do unto others as you'd have them do unto you" (Bible, Luke
6:31). It means that you need to treat others the way you want to be treated. This
time-honored principle applies now more than ever because as a society, we have
lost our moral compass. It is up to each one of us to treat others fairly, with
compassion and empathy, and respectfully.
The Rights of Others. Ethical people are very considerate as to whether their actions
may influence the rights of other people or not. In today’s educational institutions,
especially on college campuses, we see an increasing number of students trying to
stifle free speech when a speaker puts forth a point of view that offends them.

The Consequences of Our Actions. Our actions have consequences. People who
use social media to vent their complaints against others rarely first consider how their
actions and words may affect others before posting something on Facebook or Twitter.
Those who do consider the results do so intending to upset others instead of stating
one’s objective point of view or starting a productive dialogue.

Be Accountable for Your Actions. When we make an error in life, we should always
take responsibility for our actions, promise to never roll in the hay again, make amends
 9

to the people we have harmed, and try to be and do better. We should learn from our
mistakes and move forward productively.
Truthfulness, alongside integrity (i.e., being a principled person; having the courage
about your convictions), structures the foremost fundamental standard of ethical
behavior (Mintz, 2018).

Figure 1 Lucernas, A. (n.d.). Honesty is only a Policy [Pinoy Meme]. Retrieved from http://9-
fail.blogspot.com/2012/07/honesty-is-only-policy.html

It is so amazing to see how little understanding people have about what truthfulness
is and what it requires to be an ethical person. The majority of us do not understand
that dishonesty is not only telling a lie. For instance, Figure 1 shows that some students
are cheating in the classroom when their teacher is not around. Maybe some of them
have a habit of doing unpleasant behavior in the classroom if they have the opportunity
to do so. they employ various strategies just to cheat with the help of some
classmates. However, not all students are like that, some still stick to their honesty
and are prepared to face whatever the result of the exam is. This is a good example
of why being truthful is an affirmative behavioral trait.

Ethics and People

Ethics are a set of ethical principles that guides a person’s behavior. These morals are
shaped by social norms, cultural practices, and religious influences. Ethics reflect
beliefs about what is right, what is wrong, what is just, what is unjust, what is good,
and what is bad in terms of human behavior. They function as a compass to direct
how people should behave toward one another, understand and fulfill their obligations
to society, and live their lives.

Ethics as a source of group strength

One problem with ethics is the way it is often used as a weapon. If a person believes
that a specific activity is "wrong", he can then use morality as the justification for
attacking those that practice that activity. When people do certain activities that are
perceived by others to be wrong, they are often seen as less human or deserving of
respect.
 10

Good people as well as good actions

Ethics is not only about the morality of particular courses of action, but it is also about
the goodness of people and what it means to measure an honest life. Virtue Ethics is
especially concerned with the moral character of the citizenry.

Searching for the source of right and wrong

In the past, some people thought that ethical problems might be solved in one of two
ways: by discovering what God wanted people to do and by thinking rigorously about
moral principles and problems. Modern thinkers often teach that ethics leads people
not to conclusions but to 'decisions'. In this view, the role of ethics is restricted to
clarifying 'what's at stake'. Philosophy can help identify the range of ethical methods,
conversations, and value systems to be applied to a specific problem. Everyone
must make their individual decision on what to do, then react appropriately to the
results (“Ethics - Introduction to ethics: Ethics: A general introduction”, n.d.).

Four Ethical “isms”

As mentioned by Hare (1993) in his book Essays in Ethical Theory, there are four
ethical 'isms'. When an individual says, "murder is bad", how will people react? That
is the kind of question that only a philosopher would ask, but it is a really useful way
of getting a transparent idea of what is happening when people talk about moral
issues. The different 'isms' regard the person uttering the statement as doing various
things. We can show several things that can be done when you say “murder is bad”
by rewriting that statement to point out what it actually means:

Moral realism: You might be making a press release about an ethical fact - "It is
wrong to murder."

Subjectivism: You might be making a press release about your very own feelings
- "I disapprove of murder."

Emotivism: You might be expressing your feelings - "Down with murder!"

Prescriptivism: You might be giving an order or a command - "Don't murder

people".

Moral realism
Moral realism is predicated on the thought that there are real objective moral facts or
truths within the universe. Moral statements provide factual information about those
truths.

Subjectivism
Subjectivism instructs that moral judgments are nothing but statements of a person's
feelings or point of view, while moral statements don't contain genuine truths about
good or bad. For further elaboration, subjectivists say that moral statements are
statements about attitudes and emotions that a specific person or group has a few
specific concerns. If an individual says something is sweet or bad, they are telling us
about the positive or negative feelings that they need. So, if someone says 'murder is
wrong' they are telling us that they disapprove of murder. These statements are true if
the person does hold an acceptable attitude or has acceptable feelings. They are false
if the person doesn't.
 11

Emotivism
Emotivism is the view that moral claims are not any reasonable expressions of
approval or disapproval. If an emotivist will tell you that "murder is wrong" it is the same
as telling you “Down with murder!" " Or simply saying "murder" while pulling a horrified
face, or making a thumbs-down gesture which is tantamount to saying "murder is
wrong". So, when someone makes an ethical judgment, they show their feelings about
something. Some theorists also suggest a person instructs others about how to react
toward a certain topic.

Prescriptivism
Prescriptivists think that ethical statements are order or advice. So, if I say something
is good, I'm recommending you to try it, and if I say something is bad, I'm telling you
to not do it. There is nearly always a prescriptive element in any real-world ethical
statement. For example, when you say "dishonesty is wrong", it can be rewritten as
"people should not be dishonest".

Branches of Ethics
One way of categorizing the sector of ethics (as a study of morality) is by distinguishing
between its three branches; one of them is applied ethics. By contrasting applied
ethics with the opposite branches, one can get a far better understanding of what
exactly applied ethics is about. These three branches are as follows:

Metaethics deals with whether or not morality exists. It focuses on the description and
origin of ethical principles.

Normative ethics (sometimes mentioned as ethical theory), usually assuming an

affirmative answer to the existence question, deals with the reasoned construction of
ethical principles, and at its highest level, determines what the elemental principle of
morality is. It deals with the nature of moral judgment. It focuses on the description
and origin of ethical principles.

Applied ethics, also usually assuming a positive answer to the existence question,
send the moral permissibility of particular actions and practices. Applied ethics is the
branch of ethics that consists of the analysis of specific, controversial, and moral
issues like giving to the poor, sex before marriage, the death penalty, gay/lesbian
marriage (or other rights), war tactics, censorship, so-called “white lies”, etc. (Internet
Encyclopedia of Philosophy, n.d.)
 12

ETHICS IN THE BUSINESS WORLD

OBJECTIVES:
At the end of this lesson, students should be able to:

• define and determine the value of business ethics and its application to
business world.
• understand the purpose of the code of ethics in an organization
• discuss and determine the importance of fostering good ethics in business.
• understand the significance why business ethics matter in the modern
professional climate
• identify common ethical violations of an employee and determine ways on
facing them
• identify tips on improving corporate ethics
 13

Thoughts to Ponder
“Ethics today in business is absolutely fundamental to the well being
of any business. If you want a business that is long time sustainable
you cannot compromise your ethics.”
-James Caan, CEO of Hamilton

Business Ethics
Ethics in business is simply the appliance of everyday moral or ethical norms in
business. Ethics in business originated from academic writings and meetings and is
within the development of a field of educational teaching, research, and publication.

The system of ethical beliefs that guides the values, behaviors, and decisions of a
business and thus the individual within that organization also refers to business ethics.
Businesses are codified into law; environmental regulations, wages, and restrictions
against trading and conspiracy are all samples of the government setting forth
minimum standards for business ethics. What qualifies as business ethics in history
has changed over time and thus, the various areas of ethics are important to every
business.

Business Ethics is the study of appropriate business policies and practices regarding
potentially controversial subjects including corporate governance, trading, bribery,
discrimination, corporate social responsibility, and fiduciary responsibilities (Twin,
2020).
Business and ethics should go together just like bread and butter. Business ethics is
a form of applied ethics. Business ethics are often both normative and descriptive;
most businesses should put more effort into rewarding ethical behavior in the
workplace. Businesses should continuously emphasize regularly the importance of
behaving ethically. If a practice is not illegal, it does not mean that it is not immoral.

How Much Do A Company’s Ethics Matter Within the Modern

Professional Climate?

More than ever, a company’s success depends on the talent it is ready to attract, but
attracting the best talent is not just about offering the simplest salary—or even the best
benefits.
Companies may have their way of giving a rewarding offer for a possible candidate,
and a culture where they are going to feel comfortable, but how do one’s corporate
ethics compare with those of its other competitors?
This may not appear to be the foremost important question to ask when you are trying
to hire someone for a position—but if you would like to stay up, you would like to
understand just how significant those ethical values are (Alton, 2017).
 14

What Qualifies As Ethics?

What do I mean by “ethics”? This is often a broad category, and subjective in nature,
but generally, this concerns the following areas:

• Fraud and manipulation. This could be obvious, but ethical companies do not
engage in shady or manipulative financial practices, like fraud, bribery, or trading.
The matter here is that individual actions are often associated with the company
as a whole, so an individual within your company who behaves in an unethical way
could compromise the reputation of your company. Putting firm strict and
uncompromising application of the policies and taking the proper punishment
imposed for breaking policies can reduce these effects.

• Sustainability. Sustainability refers to practices that can be continued indefinitely,

usually about the environment. Choosing renewable sources of energy, like solar
and wind, and decreasing pollutants are examples of these practices. However,
sustainability can also include the use or consumption of other natural resources,
like water.

• Diversity and inclusion. Diversity and inclusion efforts also are seen as
responsible, ethical business practices. These include programs to employ people
from more diverse backgrounds, including different ethnicities, sexes, and abilities
(i.e., differently-abled people).

• Exploitation. Mostly big companies can make substantial gains by utilizing local
populations, especially in developing countries, or by utilizing the inadequacy of
the businesses around them. These practices may yield your business a short-
term benefit, but they are heavily frowned upon by the public and are usually seen
as unethical.

• Donations and contributions. A business’s donations and volunteer

contributions to charitable organizations, local groups, and good causes can be
considered ethical and/or benevolent practices.

It is important that a company pays attention to, and potentially invests in the following
areas:

• The Age of Information. We have entered an age beyond the industrial; we’re
living in the modern era. And no, that is not just a buzzword used by digital
marketers—it is being studied and treated as a major leap forward in human
history. Today’s prospective employee has more information than ever before,
and businesses are more transparent now than they were before. A company’s
history, public messages, and even current staff are all publicly available
information, and all it takes is a Google search for a prospective employee to
find it. For that reason alone, company ethics are more important than they
were in past decades; one scandal or breach of ethics will stick for potentially
years, and conversely, any efforts made to conduct business ethically will be
made more apparent and publicly recognized.

• The Millennial Factor. It is also important to realize that millennials are the
next generation of talent entering the professional world—and they are the ones
dictating what is important for companies. According to a Bentley University
 15

study, 86 percent of millennials consider it a main priority to work for a business

that conducts itself ethically and responsibly. Most millennials would be willing
to take a considerable pay cut to work for such a business. What does that
mean for ethical practices at your company? It means if you want any chance
of recruiting up-and-coming talent in your industry, you need to start engaging
more responsibly. Otherwise, you will be alienating 86 percent of the young
workforce before you even get to make an offer.

• Increased Competition. One other factor to think about here is the

compounding nature of competition. As more businesses begin to understand
the importance of responsible and ethical practices, more businesses are
getting to invest in those efforts, which suggests any businesses that do not
follow suit are going to look worse by comparison.

• The Bottom Line. A company’s ethics and company social responsibility

matter more today than they did a couple of decades ago. Workers place a
higher emphasis on the values of their employers and have access to more
information than ever before. If you would like your company to stay competitive
in the search for the best candidates in your field, spend a while defining,
perfecting, and promoting your company’s ethical behavior (Alton, 2017).

What is the Purpose of the Code of Ethics in an Organization?

Determining what is ethical or unethical is debatable in any organization. However, a
code of ethics defines what is ethical within an organization and, thus, may limit debate
about ethical dilemmas. The purpose of a code of ethics within an organization is to
define acceptable standards of practice for those in the organization.

• Function. A code of ethics is designed to function as expected norms of

practice within an organization. The code provides clearly defined expectations
for members of the organization.

• Communication. A code of ethics communicates your company's norms and

policy in a clearly defined fashion. Your code of ethics communicates exactly
what characteristics are important to your company and leaves little room for
interpretation when unacceptable behaviors are exhibited.

• Integrity. According to the Institute for Business, the purpose of a code of

ethics is "to consolidate and strengthen a culture of integrity and openness, to
facilitate a long-term business". With integrity and honesty, your business
becomes more reputable and profitable.

• Reputation. A code of ethics builds your reputation within your field. When
potential clients know that your employees adhere to a code of ethics, they
know that your employees attain a certain amount of value in their work.

• Risk. When employees adhere to your company's code of ethics, they minimize
operational and integrity risks in the workplace. With risk minimized, productivity
increases and creates a higher profit margin (“The Value of Ethics When
Related To Business”, n.d.).
 16

Importance of Fostering Good Ethics

There are five reasons why corporations need to promote an ethical work environment
by encouraging employees to act ethically when making business decisions and by
supporting them when they do so:

1. To protect the organization and its employees from the action. An organization
that implements an ethics management program and cooperates with authorities
can lower the risk of receiving ethical complaints.

2. To create an organization that operates consistently. Organizations develop

and abide by values that will create an organization that operates consistently in a
manner that meets the needs of its stakeholders. Although each company’s value
system is different, many organizations have the following values in common:
• Work with honesty and integrity, staying true to what we trust.
• Operate consistent with our standards of ethical conduct- both in words and
action (“walk the talk”).
• Treat our colleagues, customers, and consumers the way we want to be
treated.
• Accept personal responsibility for our actions.
• Value diversity.
• Make fact-based and principle-based decisions.

3. To produce good services. Good ethics mean good business in most cases.
Companies that manufacture secure and effective products keep away the
management from costly product recalls and legal actions. Companies that provide
excellent customer service maintain their existing customers rather than losing
them to competitors. Good ethics can improve the profitability of the organization.

Bad ethics can lead to bad business results. A bad ethical environment can destroy
an employee's commitment to organizational goals and objectives, create low
morale, foster poor performance, leads to low employee involvement in corporate
improvement initiatives, and builds employee indifference to the needs of the
organization.

4. To avoid unfavorable publicity. Organizations perceived as operating ethically

will be regarded more favorably by customers, business partners, shareholders,
consumer advocates, financial institutions, and regulatory bodies.

5. To gain the goodwill of the community. The goodwill that socially responsible
activities create can make it easier for corporations to conduct their businesses.
Examples of goodwill are making contributions to charitable organizations and
nonprofit institutions, providing benefits for employees in excess of any legal
requirements, and choosing an economic opportunity that is judged to be more
socially desirable over a more profitable alternative (Course Hero, n.d.).

Common Workplace Ethics Violations

Chandra Anderson, an eHow Contributor, stated that maintaining high ethical
standards is an important part of one’s job. Furthermore, an ethical company is one in
which the employees and management trust one another and work for the common
 17

good. Ethics violations carry a wide variety of consequences, from policy and
procedure changes to firing. Maintaining an ethical workplace is advantageous for the
employee and the employer. Every employee should consider it his job to maintain
high ethical standards as a representative of his employer.

The following are said to be the common ethical violations of an employee inside the
sphere of his working area.

• Theft. Whether it is taking home office supplies or grabbing a stack of paper

plates from the break room when a customer steals from her employer she is
costing the company money. Theft also comes in the form of padded time
sheets, use of the company telephone for personal long-distance calls, and
abuse of sick-leave policies.
• Deception. Lying to clients, co-workers and supervisors is another common
ethics violation. Lying to the public or falsifying reports can even put the public's
health and safety at risk. When such deception is exposed (as is frequently the
case), the reputation of the company can be damaged - sometimes beyond
repair.
• Harassment. Harassment comes in a variety of behaviors but generally is
based on race, sex, age, religion, origin, and disability. Harassment, which in
many cases violates federal law in addition to a company's ethics policy, occurs
every time a person is singled out for derogatory comments or actions based
on any of these criteria. Companies are liable for the actions of their employees,
so most have put in place training programs to help recognize and avoid this
type of ethics violation.
• Internet Usage. With the advent of the Internet came a new type of workplace
ethics violation. Most companies have strict rules and guidelines regarding
Internet usage, and violating these policies can result in disciplinary actions, up
to and including firing. Examples of inappropriate use of the Internet would be
spending time on pornographic or social networking sites or blogging during
work hours. Additionally, an employee must take great care not to reveal
proprietary information via the Internet (Chapter 1 - An Overview of Ethics,
n.d.).

Improving Corporate Ethics

The risks of unethical behavior are increasing and there are many benefits to acting
ethically in business. Thus, the improvement of business ethics is becoming
increasingly important. Here are some of the actions corporations are taking to reduce
business ethics risks.

1. Appointment of a corporate ethics officer. The corporate ethics officer is a

senior-level manager responsible for improving the ethical behavior of the
members of an organization.

2. Ethical Standards are set by the board of directors. Boards of directors are
now much more involved in the creation of ethical standards. It shows that an
increased level of importance is placed on ethical standards.

3. Establish a corporate code of conduct.

• It is a guide that highlights an organization’s key ethical issues and identifies
the overarching values and principles that are important to the organization
and that can help in decision making.
 18

• It includes a set of formal, written statements about the purpose of the

organization, its values, and the principles that guide employees’ actions.
• It ensures that employees abide by the law, follow necessary regulations,
and behave ethically.

4. Conduct social audits. Companies identify ethical lapses committed in the past
and take actions to avoid similar mistakes in the future.

5. Require employees to take ethics training. The existence of formal training

programs can also reduce the company’s liability in the event of legal action.

6. Include ethical criteria in employee appraisal/reward systems. Employees

are increasingly being evaluated on their demonstration of qualities and
characteristics stated within the corporate code of conduct (QQMuch, n.d.).
 19

ETHICS IN INFORMATION TECHNOLOGY

OBJECTIVES:

At the end of this lesson, students should be able to:

• define and determine the value of business ethics and its application to

What isbusiness
Computer
world;Ethics?
• understand code of ethics that guides IT professionals to display proper
Computer behavior;
ethics is one of the essential areas of applied ethics. Problems such as the
lack •of laws andsources
identify security, and theguidance
of ethical fact thatfor
technical knowledge and hardware will
IT professionals;
continuously increase, demand for a new ethical theory to meet the challenges posed
by this cite some of the pressing ethical and legal issues confronting the industry
• revolution

When it today;
comesand to computing and business, morals and ethics are interchangeable,
with morals originating
• apply appropriate fromapproaches
the group intowhich a person
solving ethical matures,
dilemmas.and business ethics,
by implication, from the group in which your business matures
The mission statement of computer ethics involves restricting the presence of
selfishness or egoism in human nature and enabling harmonious human life in the
information technology domain.
 20

Thoughts to Ponder
"If you're guided by a spirit of transparency, it forces you to operate
with a spirit of ethics. Success comes from simplifying complex
issues, addressing problems head on, being truthful and transparent.
If you open yourself up to scrutiny, it forces you to a higher standard.
I believe you should deliver on your promise. Promise responsibly."
-Rodney Davis

What is Information Technology Ethics?

Information technology ethics is the study of the moral issues arising from the
utilization and development of electronic technologies. Its goal is to spot and formulate
answers to questions about the moral basis of individual responsibilities and actions
and the moral underpinnings of public policy (“Information Technology and Ethics,”
n.d.).

Just because you can do something does not mean you can do anything. Like any
other profession, information technology benefits from a typical, accepted code of
ethics that helps guide behavior in sometimes confusing contexts.

What will you do if someone asks you these questions?

• Is it okay to read campus users’ emails?

• What if you believe that university policies are being violated?
• Would you tell the users that their email is being read?
• Is it okay to look through files on a user's laptop when you're troubleshooting a
problem?
• What if the user is someone you think might be storing illegal content on the
laptop?

If any of these questions caused you to stop and think about what you would do, you’re
not alone. Ethical choices often seem murky. We live in a human society, subject to
less than complete information, societal pressures, and multiple interpretations of
facts. More often than not, we need to apply professional judgment, which is guided
by our own experiences as well as reliance on laws, policies, and culture.
As IT professionals, what should you do when you encounter potentially murky
situations like one of your superiors asking you to spy on the activity log of your other
coworkers, which is against the company’s policies? What will you do when you are in
that position? Sometimes, existing laws or institutional policies will guide ethical
behavior; sometimes, they won't. What many people often do not understand is that
what is legal is not always ethical. It is our responsibility as professionals to act
ethically in the performance of our work duties; otherwise, we risk losing the trust of
our students, faculty, staff, communities, coworkers, superiors, and, therefore, the
general public. Without such trust, it would be difficult to imagine how professionals
(like those in the IT sector) can continue to perform their duties effectively (Woo,
2017).
 21

Sources of Ethical Guidance for IT Professionals

Several resources help IT professionals who check out ethical guidance within the
scope of their job duties. For example, IEEE features a code of ethics for its members;
the Association of Data Technology Professionals (AITP) features a code of ethics and
standards of conduct, and SANS has published an IT code of ethics. There are other
examples beyond these three, and lots of elements in these codes might be useful to
IT education professionals. These codes assert that IT professionals need to commit
to the following:

• Integrity
• Competence
• Professional responsibilities
• Work responsibilities
• Societal responsibilities

Specific guidance stems from these general principles. Codes of ethics help IT,
professionals, to:

• Maintain technical competence

• Avoid causing a problem to others, their property, reputation, or job
• Reject bribes, kickbacks, etc.

There are interesting, though subtle, differences between the documents that may be
related to the specific character and mission of the organizations that developed the
different codes. For example, both SANS and IEEE include a commitment to honesty
about the limits of one’s capabilities, as well as a commitment to nondiscrimination.
On the other hand, both AITP and IEEE state specific commitments to acknowledging
a professional’s responsibility to society. Given IEEE’s stated mission to “foster
technological innovation and excellence for the benefit of humanity,” it is not surprising
that its code explicitly calls for a commitment to understanding the potential
consequences of the application of technology (Woo, 2017).

Legal and Ethical Issues in IT?

Questions of ethics and legality are essential in many industries. Doctors, teachers,
officialdom, and businesspeople all have legal and ethical oversight to regulate how
their professions function. Information technology, by contrast, has no overarching
standardization in place. However, as information technology becomes increasingly
influential, ethical and legal considerations become similarly relevant. Here are the five
most pressing ethical and legal issues confronting the industry today.

1. Privacy. Many people have their private information spread throughout the
digital media. Even things thought to be secure, like email or personal accounts,
are often accessed by unintended sources. Most employers actively check their
employees’ computer habits. Privacy has evolving legal implications, but there
are also ethical considerations. Do people know how their accounts are
monitored? To what extent is such monitoring occurring? As Computer World
 22

points out in this text, privacy concerns can quickly become a slippery slope,
slowly eroding an individual’s right to privacy altogether.

2. Digital Ownership. Digital media platforms have permitted information to

move more freely now unlike before. This exchange of ideas comes with a legal
and ethical backlash. How can ownership be established within the digital
realm? Things are often easily copied and pasted online, which makes property
hard to regulate. Legal notions such as copyright have struggled to keep up
with the digital era. Companies in the music and entertainment industries have
pushed for greater legal protections for intellectual properties while other
activists have sought to provide greater freedoms for the exchange of ideas in
the digital realm.

3. Data Gathering. On some level, everyone knows that their online lives are
monitored. The United States has even passed legislation allowing the
government to actively monitor private citizens in the name of national security.
These measures have revived a debate about what information can be
gathered and why. This debate applies on a smaller scale also because
companies got to consider what information to gather from their employees.
This issue invokes a question of consent. Do people know what information is
being monitored? Do they have a right to know how their data is being used?

4. Security Liability. In the past, security issues were resolved by locking a door.
Digital security is much more complicated. Security systems for digital networks
are computerized in order to safeguard important information and major
assets. However, this increased security comes with increased surveillance.
All security systems have inherent risks, which means it is a question of what
risks are acceptable and what freedoms can be forfeited. Ultimately, IT
professionals got to balance risk with the freedom to make a security system
that is effective and ethical at the same time.

5. Access Costs. Net neutrality has become a classy issue because of legislative
efforts over the previous couple of years. The issue of net neutrality is
essentially a question of access. Proponents want the web to stay hospitable
for everyone while some businesses want to make tiered access for those that
are willing to pay. The issue even extends to non-public Internet usage since
the value of service in some areas could also be cost prohibitive. The larger
ethical question is whether or not digital exchange is now a universal right. The
cost of access can hinder business growth, entrepreneurial atmosphere, and
individual impression. These issues are essential for everyone, but they carry
extra weight for those who work with information technology. It is important to
remember that working with technology is not separated from ethical contexts
but can help define a legal and ethical code for generations to come (“Legal
and Ethical Issues in IT”, n.d.).

Different Approaches to Solving Ethical Dilemmas

When an ethical dilemma is encountered, there must be a scientific path to be followed
to successfully solve the dilemma. The following are some approaches that can be
used to solve ethical dilemmas.
 23

• Moral-right approach. In this approach, the managers who face ethical

dilemmas make decisions that are based on what is morally right. The
fundamental human rights of human beings are looked at and a decision is
made accordingly. Some of the rights of humans that would be encountered in
making morally right decisions are the right to life of all human beings, their
privacy, and their health and safety.

• Justice Approach. In this approach to resolving ethical dilemmas, the

principles of impartiality, equity and fairness are followed. Gender, racial,
religious, and ethical impartiality and fairness are some examples that are
followed in the justice approach of ethical decision-making (“Concept of Global
Economy”, n.d.).

Potential Causes of Unethical Behavior

Unethical behavior may be caused by different reasons. For example, if there is a
conflict between self-interest and ethics, a person may prioritize personal interest. The
existence of doubts about what is ethical and what is not may also result in following
the unethical path.
Bosses and superiors can also do unethical behavior toward their employees just like
when they force their employees to follow things that are against the ethical principle
or interests of the organization they are working for.

Ethical Issues Faced by Business Leaders

Business leaders are expected to lead by example by fulfilling all their responsibilities
including ethical responsibilities. This level of expectation from the leaders can itself
be termed as an issue as they may not be able to follow ethical standards all the time
which might not send a positive message down the ranks. Following ethical standards
may also be difficult when there are gray areas with no clear distinction between what
is ethical and what is not. In these situations, it is difficult for leaders to follow ethics
and at the same time fulfill their corporate responsibilities.
 24

ETHICS AND IT PROFESSIONALS

OBJECTIVES:
At the end of this lesson, students should be able to:

• understand concepts of Information Technology;

• differentiate IT Professionals from IT Specialists and understand the role
they play in each sector;
• cite some of the traits and qualities that an IT Professional must possess
when it comes to career perspective;
• cite some of the attributes that make an IT Professional successful;
• identify and understand some of the roles of an IT specialist;
• enumerate some of the popular certifications that may be held by an IT
Professional in their chosen field;
• understand the importance of having a Code of Ethics and Professional
Conduct in one’s organization;
• identify and comprehend ACM Code of Ethics and professional
responsibilities; and
• understand why ACM members need to comply with the Code of Ethics.
 25

Thoughts to Ponder
“Believe passionately in what you do, and never knowingly
compromise your standards and values. Act like a true professional,
aiming for true excellence, and the money will follow.”
— David Maister

Concepts of Information Technology

IT, or information technology, refers to the transfer or other use of data by way of
computers or computer systems. IT professionals are people that maintain, build, or
repair hardware and software associated with computer systems or other components
related to information science. This job is often difficult and can require a big level of
skill and knowledge, but a university degree is not always necessary (Cavallari, 2020).
There are few, if any employed in IT, who remain in a job for a long time without
acquiring new IT skills and training. Who today knows just one coding language, one
database tool, one OS, or one methodology? Professional associations or societies
through profiles and designations help map professional skills and knowledge.
The Information Technology domain flows through all facets of today’s world. Focusing
solely on technology and knowledge ignores the broader scope that IT professionals
must practice and participate collaboratively with other professionals. Governance,
regulations, and culture are only a couple of the environmental aspects of data
technology work. Professionals get to actively participate in the local and global
discussions which impact and concern the practice of data technology.

One way to develop a network is to join an IT organization so you can develop

professional relationships with other people in the same field. Associations and
societies play a big role in the IT profession where you belong however their credibility
comes from their membership especially when no regulations grant authority. It is
beneficial to individuals who enjoy a typical professional voice and that profession can
only represent the professionals if they abide by the profession’s standards and ethics.
IT professionals, in the simplest definitions of just special education, skills, and
training, paint a shallow picture of our profession. Joining an IT professional society,
such as ACM, SANS, IEEE, and the like, helps differentiate a technology worker from
someone committed to being part of the voice of the IT profession. Professional
membership is part and parcel of being an IT professional.

Defining IT Professional and IT Specialist

What does an IT professional really mean? IT professional is a nice title but what does
it really mean? Let us define first what professional means. According to Merriam-
Webster, professional means “employment that needs education, training, or skill”
while IT Professional is “characterized by or conforming to the technological or ethical
standards of a career or profession” (Metcalfe, 2013).
 26

Wisegeek further explained that "IT professionals are people who maintain, build, or
repair hardware and software associated with computer systems or other components
related to information processing. This job is often difficult and can require a big level
of skill and knowledge, but a university degree is not always necessary."

In a world run by technology, IT specialists, also referred to as information technology

specialists are what every organization can never have enough of. These IT specialists
cater to the technical needs of companies. IT specialist may be defined as a technical
professional that is liable for the implementation, monitoring, and maintenance of IT
systems. IT support specialist job descriptions include specialization in network
analysis, system administration, security, and knowledge assurance, IT audits,
database administration, and web administration. Information technology specialists
can add various areas of data technology. They add the assistance desk to redress
the issues that end users face. Specialists also can do the following roles:
• software engineers;
• software developers;
• database administrators;
• system analysts;
• computer security technicians; and
• network analysts.
Regardless of the world and field they entered, IT support specialists would need
strong analytical skills, alongside familiarity with different operating systems, like
Windows, macOS, or Linux, and proficiency in one or more programming languages.
Usually, companies hire IT Specialists to unravel technical problems, like computer
systems, software, hardware, networks, cloud platforms, etc. (Field Engineer, 2020).

Attributes of Successful IT Professionals

Core skills in IT like programming and application development and project
management are in the highest demand followed by a mix of specific technical skills
such as business intelligence and analytics, cloud computing, security, and
virtualization. But apart from these core skills and knowledge of specific technologies,
what are the attributes that make an IT professional stand out from the crowd? Here
are what we believe are necessary for today's IT profession.

1. Business-focused. We the IT department – aren’t we supposed to focus on IT?

It is not just about the technology but it is what the technology allows the business
to do. The whole point of the IT department is to enable or drive business strategy.
These are cash-conscious times and corporations get to make sure that any
investment of their time and resources generates performance for cost. IT
organizations are expected to evaluate how technology choices impact both
business strategy and therefore, the bottom line is that pet projects have no place
in today’s IT organizations. What is the expected return on investment? Are there
other alternatives that would work equally well? Will the solution scale in the long
term or is it just a short-term fix? How will the technology work with the culture of
the organization? When you are value-focused, these are some of the questions
that will cross your mind if you are thinking about the welfare of the business.
 27

2. Strategic. IT is playing a much larger role in handling strategic transformation in

today’s enterprise. It is a far cry from the days where IT was seen as merely
enabling business operations, now IT can be a source of new services and
products. The latest technology can allow business models that had formerly been
impossible. This is even giving rise to new business models; just think of the
impact that the growth of the internet has had on disrupting established
companies. The forward-thinking Chief Information Officer or CIO understands the
"art of the possible" and can identify ways to drive the business forward by not just
enabling but proposing innovations that drive new revenue streams.

3. Pragmatic. Today’s business reality demands pragmatic thinkers who can weigh
up sometimes conflicting demands and look at what they can achieve given the
time, money, and resource constraints involved. The pragmatic IT professional
focuses on delivering to the best of their abilities within those constraints and
communicating clearly with the business about what trade-offs are being made.

4. Persuasive. Persuasion might sound like something better left to the advertisers
and marketers of the world, but the ability to persuade people to influence
outcomes is a critical skill that IT professionals need to master. It means being
able to communicate effectively about the pros and cons of one approach versus
another and helping others to see your point of view (Process Excellence Network,
2018).

Traits Necessary for Becoming Successful IT Professionals

Apart from these core skills in IT, one should analyze oneself in terms of whether he
is fit for a career in the IT professional industry. He should enter this field only if he
possesses these traits and qualities. The following are traits necessary for someone
to become a successful IT professional:

1. Patience is one of the key traits. The IT professional world is vast in nature,
IT professional tools require constant research, trial, and error efforts to
succeed in a specific solution. Therefore, one needs to be patient with the
people and equipment he works with. One should analyze the problem
thoroughly before reaching any conclusion and should avoid any type of hasty
decisions and judgments.

2. He should have good communication skills. He should be comprehensible,

simple, and crisp while communicating with different types of audiences. One
should have the knowledge and experience of handling different types of people
with different communication strategies.

3. There are constant changes and new developments within the IT

professional definition field. One should be quick to adapt and should have
a desire to learn about new technologies, software, and programs. One should
keep himself/herself up to date.

4. An IT professional should be able to handle multiple tasks

simultaneously. For example, if he is repairing a computer, he may have to
take care of both the hardware and software problems. At the same time, he
might need to learn about a new version of a software or device to efficiently
solve the problem.
 28

5. One should have the quality of problem-solving. In the fields of networking,

software, and program development, one may face problems that he has not
dealt with before. At that very moment, he will have to apply his problem-solving
principles and techniques along with the technical knowledge he has acquired
through experience and research.

6. One of the most important traits that one should possess is that a tech
professional should be passionate about his work. He should enjoy his
work, be ready to learn more about the field, and should be able to put this
knowledge into practice (“IT Professional”, 2020).

The Roles of an IT Specialist

An information technology specialist features a multitude of roles to fill. Today, nearly
all transactions in business and personal activities involve a computer: recording a
sale, computing payroll, keeping track of inventory, paying bills, and more. In this age
of high technology, every organization with a computer needs to have an IT specialist
available, either on-site or on-call, to deal with the problems that may occur. Someone
has to keep all of this software and hardware working correctly. Those are the duties
of an IT specialist. Computer support technicians have a multitude of responsibilities
that require specific skills.

The following job specifications are examples of the applications of the technological
knowledge of IT professionals:

Help desk. The unfortunate fact is that hardware and software programs do not
always work the way they are supposed to. And most of us do not have the
technological know-how to find the problem and fix it. As a result, someone places a
call to the IT specialist who is usually available 24/7.
• Computer support specialists give advice and help to anyone who uses a
computer in an organization. They receive phone calls for help and respond to
handle the problems. Most of the time, IT specialists can solve the matter remotely,
but they are also available to make on-site visits.
• IT support technicians have the skills to set up and install computer equipment
and make most repairs. They can train employees on how to use new computer
hardware and software. This includes using word-processing software, operating
printers and even providing instructions on how to send and receive emails.

Network administration. IT specialists have the responsibility to support the day-to-

day operations of a network. Their job is to make sure that network systems keep
communications and information flowing smoothly.

• IT technicians select the required computer hardware and software for specific
applications and supervise the installation. These networks include wide area
networks, local area networks, intranets, and other systems for communication.
• Network administrators design systems to operate at the least cost and increase
productivity. Network administrators confirm that employees' workstations are
working properly while the organizations' servers and any mobile equipment are
functioning correctly. They do any required maintenance, fix any network problems,
and upgrade computer security systems.
 29

Security. The world is full of people with criminal intentions, and the internet is a fertile
field for their unlawful acts. The number of threats from hackers is constantly
increasing and these threats are becoming more sophisticated. An IT specialist plays
an important role in designing software to stop cyberattacks.
• Cyberattacks can be costly. Hackers can steal personal identities and use the
information to open credit cards, apply for bank loans and even transfer home
mortgages to their names and take ownership of your house.
• Information security technicians design software, such as data encryption
programs and firewalls, to protect an organization's computer systems and
networks. They continuously check the organization's networks to detect security
breaches and investigate when an attack occurs.

Database analysis. IT specialists use special software to organize, manage and store
data. This includes information such as financial data, shipping records, purchase
orders, payroll records, and administrative expenses. Database administrators make
this information available to users in the organization and set up security procedures
that prevent unauthorized access.
IT experts monitor databases to make sure they are operating efficiently and error-
free. These technicians install backup software to restore data in the event of power
outages, software crashes, and virus attacks.

Cloud computing. Moving data storage to the cloud involves more than buying a few
megabytes of online capacity. It is not as simple as swapping an in-house computer
for an outside source. Transitioning to the use of cloud data storage requires an
analysis of the needs of an organization, then plotting and planning the installation.

IT specialists in cloud computing are the architects of a cloud infrastructure that

meets the unique requirements of each organization. This could mean, for example,
having a cloud database that is easily accessible to the marketing manager to run
simulations for various campaigns or recording all the manufacturing costs for a
product. It could also mean using software stored in the cloud. Working with the cloud
is a completely different way of handling the activities of a business and the data from
its operations. Although the concept of storing data in the cloud was the original idea,
it has now evolved into using programs in the cloud that are accessible from any
location and by all types of devices.
.
Computer systems do not have software programs stored on hard drives at the
physical site, they will be accessed through a cloud facility. This eliminates the
necessity for high-capacity hard disk storage.

Software developers. A software program runs everything you do on a computer,

and somebody had to write the code for that program. This is the job of a software
developer. Software developers work with other IT technicians to construct programs
that accomplish specific objectives. It might be a program to record a sales invoice to
a customer or a program that calculates and keeps track of payroll and deductions for
employees.

Software engineers. After a software developer has written the codes and created a
program, the programmer tests and installs the systems onto the computers. These
engineers use their knowledge of hardware and software codes to implement the
programs and make them easy to use for non-IT employees.
 30

Business intelligence analysts. A business intelligence technician takes the data

that a business has stored on its computer or in the cloud and converts it into charts
and tables. These business-oriented specialists must know SQL programming and be
able to work with software developers to create data mining algorithms. A business
analyst figures out how to extract the relevant data and prepare reports that are useful
to managers (Woodruff, 2018).

Most Popular Certifications of an IT Specialist

Many IT specialists who possess those roles mentioned above do earn degrees from
colleges and universities, as this often increases the likelihood of securing a good job,
but people with high school diplomas and significant experience or skill within the
sector also can become such professionals.
Most IT specialist positions require at least a bachelor's degree in computer science
or a related field. In a few positions, such as website design, a two-year associate's
degree may be acceptable. Other more sophisticated positions, such as a data
scientist, may require a master's degree, and educational qualifications vary with the
chosen role. Many IT specialists choose to obtain certifications in specific fields.

Some of the most popular certifications are as follows:

• Cisco Certified Network Associate. The CCNA certification shows employers

that you can install, configure and operate enterprise-level routers and switches.
CCNA technicians can detect and solve common problems with networks. IT
specialists also have the option to receive more specialized certifications in
wireless, voice, and security networking. A CCNA certification is helpful for
positions as network engineers, network administrators, and systems
administrators.

• Comp TIA A+ Technician. This certification is basic for an entry-level career

related to Information Technology. Some of the capabilities of an A+ Technician
involve handling the normal maintenance of both private and business computers,
laptops, and mobile devices. A+ technicians work as in-home support, desktop
support, and answering calls as help-desk technicians.

• Network+ Technician. A Network+ technician can design, manage, and maintain

wireless and wired networks. Network certified specialists usually work as help-
desk support.

• Systems Security Professional. Security is a top concern of every person and all
businesses. A CISSP certification is recognized worldwide because the best
credential for an IT specialist to possess is the ability to style and maintain security
programs. This certification may be a validation that the technician has the
extensive technological ability needed to engineer security protection.

• Microsoft Certified Systems Engineer. An MCSE certification means the

individual has the skills to analyze a situation and create innovative solutions by
merging multiple technologies. These IT specialists focus on server infrastructures,
cloud computing, data platforms, business intelligence, and communications
(Woodruff, 2018).
 31

Overview of Code of Ethics and Professional Conduct

As discussed in the previous lesson covering different principles, perspectives, and
approaches in handling ethical dilemmas (such as personal experiences, business-
related or technology-related issues) by individuals. This last lesson of chapter one
also covers this topic but from a much wider perspective because careers, job roles,
duties, and responsibilities are involved. A code of ethics and professional conduct
outlines the ethical principles of professionals just like in any career that governs
decisions and behavior at a company or organization.

It includes a general summary of how employees should behave. Further, it enlightens

us on how to handle issues like harassment, safety, and conflicts of interest. Some of
those examples of the inclusion of what should be followed in the code of ethics and
professional conduct of one profession are explained by Betterteam (2020) in the
article Code of Ethics and Professional Conduct. The sample guide that can be used
in the formulation of what should be defined and included in the Code of Ethics and
Professional Conduct template is as follows:

• Be inclusive. We should appreciate and support people from all walks of life
and identities regardless of their sexual orientation, age, size, family status,
belief, religion, and mental ability.

• Be considerate. We all depend upon one another to perform the best work we
need to accomplish as a corporation. Your decisions will affect clients and
colleagues, and you ought to take those consequences under consideration
when making decisions.

• Be respectful. We would not all agree all the time, but disagreement is no
excuse for disrespectful behavior. We will all experience frustration from time
to time, but we cannot allow that frustration to become personal attacks. An
environment where people feel uncomfortable or threatened is not a productive
or creative one.

• Choose your words carefully. Always conduct yourself professionally. Be

kind to others. Do not insult or put down others. Harassment and exclusionary
behavior are not acceptable. This includes, but is not limited to:

 Threats of violence;
 Insubordination;
 Discriminatory jokes and language;
 Personal insults, especially those using racist or sexist terms;
 Unwelcome sexual attention;
 Supporting for, or encouraging, any of the above-mentioned behavior.

• Do not harass. In general, if someone asks you to prevent doing something,

then stop. When we disagree, try to understand why. Differences of opinion and
disagreements are mostly unavoidable.

• Make differences into strengths. We can find strength in diversity. Different

people have different perspectives on issues, which are often valuable for
solving problems or generating new ideas. Being unable to know why someone
 32

holds a viewpoint does not mean that they are wrong. Do not forget that we all
make mistakes, and blaming each other does not get us anywhere. Instead,
focus on resolving issues and learning from mistakes (Betterteam, 2020).

A Code of ethics is predicated on clear-cut rules and well-defined consequences and

not on individual monitoring of private behavior. Despite strict adherence to the law,
some compliance-based codes of conduct do not promote a climate of ethical
responsibility in the corporate world. Most IT Professionals, unlike doctors and other
professionals, do not have a general rule-making body, they may have many
professional organizations specialized in specific groups such as:

• SysAdmin, Audit, Network, and Security Institute (SANS Institute)

• Association for Computing Machinery (ACM)
• Independent Computer Consultants (ICCA)
• Information Systems Security Association (ISSA)
• Institute of Electrical and Electronics Engineers(IEEE)
• Computing Technology Industry Association(CompTIA)

The existence of these bodies is made necessary due to the lack of respect for ethics
in society in general, requiring not only the validation of these types of bodies but also
their power to enforce sanctions when ethical violations are made evident. It can be
argued that these ruling bodies should be unnecessary since ethical considerations
do not depend on one's profession. It could also be stated that this is a function of the
state and the legal system, that delegating these functions to non-governmental,
public organizations, is detrimental to the general public, and overall blocks
transparency of procedures. These bodies will also promote the exertion of corporate
influence toward their specific group’s interests. One such interest is reducing
competition by limiting or increasing the difficulty of access to functions (and a general
increase in prices since they permit a coordinated fixing of payments in a monopolistic
way) and promoting the practice of obtaining special treatment and recognition for
those that depend on their specific activities. Because there are various independent
groups for the IT Code of Ethics, there are different ideas about what guidelines should
be there and some are as follows.

SANS Institute Code of Ethics

1. I will strive to understand myself and be honest about my capability.
2. I will conduct my business in a manner that assures the IT profession is taking
integrity and professionalism into account.
3. I respect privacy and confidentiality (SANS Institute, 2004).

IEEE Code of Ethics

All persons having obtained any CompTIA certification or certificate program
("Certified Person") and taking part in CompTIA's Continuing Education Program
("CCEP") must agree that they have read and will abide by the terms and conditions
of this CompTIA Candidate Code of Ethics Policy ("Ethics Policy"), before participating
in the CCEP.
 33

It is a violation of this Ethics Policy for any Certified Person to participate in any incident
of cheating, breach of security, misconduct, submission of fraudulent information, or
any other behavior that could be considered compromising the integrity or
confidentiality of any CompTIA certification examination, any CompTIA certification or
the CompTIA Continuing Education Program, as determined by CompTIA. All Certified
Persons shall adhere to the following:

• All information submitted for participating in and earning units from the
CCEP must have been completed by the participating Certified Person.
• A Certified Person shall abide by all the terms and conditions outlined in
the CompTIA Candidate Agreement
• Certified Persons shall only submit continuing education units that they
have completed.
• A Certified Person shall only provide accurate and authentic information
for earning continuing education units.
• A Certified Person shall abide by the CompTIA Continuing Education
Audit Policies as set forth by CompTIA from time to time.
• A Certified Person shall offer and provide professional services with
integrity.
• A Certified Person shall perform professional services in a manner that is
fair and reasonable to clients, principals, partners, and employers, and
shall disclose conflict(s) of interest in providing such services.
• A Certified Person shall not disclose any confidential client information
without the specific consent of the client.
• A Certified Person will always conduct themselves in a manner that
enhances the image of the profession.
• A Certified Person shall provide services to clients competently and
maintain the necessary knowledge and skill to continue to do so in those
areas in which they are certified.
• A Certified Person shall not solicit clients through false or misleading
communications or advertisements.
• In the course of performing professional activities, a Certified Person shall
not engage in conduct involving dishonesty, fraud, deceit, or
misrepresentation, or knowingly make a false or misleading statement to
a client, employer, employee, professional colleague, governmental or
other regulatory body or official, or any other person or entity (Computing
Technology Industry Association, n.d.).

ACM General Ethical Principles of Computing Professionals

Association for Computing Machinery (ACM) is one of the world's largest educational
and scientific computing societies, delivering resources in advanced computing as a
science and a profession. ACM provides its version of the Code of Ethics which
expresses the conscience of their profession consistently providing good relations to
the common public.

This Code of Ethics is concerned with how fundamental ethical principles are applied
to a computing professional's conduct. The Code is not an algorithm for solving ethical
problems, rather it is a basis for ethical decision-making. When going through a
particular issue, a computing professional may find that various principles should be
taken into consideration. Questions associated with different sorts of issues can best
be answered by thoughtful consideration of the elemental ethical principles,
 34

understanding that the good of the general public is of paramount consideration. The
entire computing profession benefits when the moral decision-making process is
accountable and transparent to all or any stakeholders. Open discussions about
ethical issues promote accountability and transparency.
A computing professional should do the following:
9

1. Contribute to society and human well-being, acknowledging that each

individual is a stakeholder in computing. This principle, which covers the quality
of life of all people, guarantees an obligation of computing professionals, both
individually and collectively, to use their skills for the advantage of society, its
members, and the environment surrounding them. This obligation includes
promoting fundamental human rights and protecting each individual's right to
autonomy. The vital goal of computing professionals is to cut back negative results
of computing, including threats to health, safety, personal security, and privacy.

Computing or IT professionals should review whether the outcome of their efforts

will respect diversity, be used in socially responsible ways, meet social needs, and
be broadly accessible. They are encouraged to actively contribute to society by
engaging in unpaid or volunteer work that benefits the general public.

2. Avoid harm. Harm means negative consequences, especially when those

outcomes are significant and biased. Examples of those harms include excessive
physical or mental injury; unjustified destruction or exposure of knowledge; and
unjustified damage to property, reputation, and the environment. This list is not
exhaustive.

Well-intended actions, including people who accomplish assigned duties, may

cause harm. When that harm is unintended, those responsible are obliged to undo
or mitigate the harm as much as possible. Avoiding harm begins with careful
consideration of potential impacts on all those suffering from decisions. When
harm is an intentional part of the system, those responsible are obligated to make
sure that the harm is ethically justified. In either case, make sure that all harm is
minimized.

To lessen the likelihood of indirectly or unintentionally harming others, computing

professionals should follow generally accepted best practices unless there is a
captivating ethical reason to do otherwise. Additionally, the results of knowledge
aggregation and emergent properties of systems should be carefully analyzed.

3. Be honest and trustworthy. Honesty is an essential component of

trustworthiness. A computing professional should be transparent and should
provide full revelation of all pertinent system capabilities, limitations, and possible
problems to the concerned parties. Making intentional false or deceptive claims,
forging or falsifying data, offering or accepting bribes, and other fraudulent
conduct are violations of the Code.

Computing professionals should be honest about their qualifications and any

limitations in their competence to finish a task. Their commitments as
professionals should be honored. Computing professionals should not
misrepresent an organization's policies or procedures, and will not speak on
behalf of a corporation unless authorized to do so.
 35

4. Be fair and take action not to discriminate. The values of equality, resistance,
courtesy for others, and justice rule this principle. Impartiality requires that even
careful decision processes provide some avenue for remedy of injustice.
Computing professionals should promote the just participation of all people,
including those of less represented groups. They should respect individual status
regardless of their ages, ethnicity, a state in life, social status, nationality, race,
religion or belief, sexual preferences, and other factors. Any form of harassment
including bullying and other abuses of power and authority may be a sort of
discrimination. The use of data and technology may cause new, or aggravate
existing injustice.

Computing or IT professionals should take action to avoid creating systems or

technologies that unvoiced or oppress people. It should be as comprehensive and
attainable as possible. Failure to aim for inclusiveness and availability may
establish unfair discrimination.

5. Respect the work that is vital to store new ideas, inventions, creative works,
and artifacts related to technology and computing. Creating new ideas,
inventions, creations and artifacts related to technology and computing creates
value for society, and those who take this effort should expect to gain true value
from their work.

Computing or IT professionals should credit the author of ideas, inventions, work,

and artifacts, and must respect copyrights law, patents, classified information,
contract, and other methods of protecting authors' works, particularly in the
development of creative works, new ideas, inventions, computing artifacts and
the like because they spend effort in doing their work, therefore, it should be
valued. Computing professionals should not unduly oppose reasonable uses of
their intellectual works. Efforts in assisting others by contributing time and energy
to projects that help society illustrate a positive aspect of this principle. Such
efforts include free and open-source software and work put into the general public
domain. Computing professionals should not claim private ownership of labor that
they or others have shared as public resources.

6. Respect privacy. Responsibility for respecting one's privacy applies to

computing or IT professionals in a very extreme way. Technology enables the
gathering, monitoring, and exchange of private information quickly and
inexpensively, and sometimes without the knowledge of the people concerned.
Therefore, a computing professional should become familiar with the varied
definitions and sorts of privacy and should understand the rights and
responsibilities related to the gathering and use of personal information.

Computing professionals should only use personal information for legitimate

ends and without violating the rights of people and groups. This requires taking
precautions to stop the re-identification of anonymized data or unauthorized data
collection, ensuring the accuracy of the information, understanding the
provenance of the information, and protecting it from unauthorized access and
accidental disclosure. Computing professionals should establish transparent
policies and procedures that allow individuals to know what data is being
collected and the way it is being used; to provide consent for automated collection
of data; and to evaluate, obtain, correct inaccuracies, and delete some private
data.
 36

Only the minimum amount of private information necessary should be collected

through a system. The retention and disposal periods for that information should
be clearly defined, enforced, and communicated to data subjects. Personal
information gathered for a selected purpose should not be used for other
purposes without the person's consent. Merged data collections can compromise
privacy features present within the original collections. Therefore, computing
professionals should take special care of privacy when merging data collections.

7. Honor confidentiality. Computing or IT professionals are often entrusted with

tips like trade secrets, client data, confidential business strategies, financial data,
research information, pre-publication scholarly articles, and patent applications.

Computing professionals should safeguard confidentiality except in cases where

information is evidence of a violation of law, regulations in the organization, or
the Code. In these cases, the character or contents of that information should be
disclosed only to appropriate authorities. A computing professional should
thoughtfully consider whether such disclosures are according to the Code
(Association of Computing Machinery, 2018).
 37

CYBERCRIME AND SECURITY ISSUES

Cybercrime is a crime that involves the use of digital technologies directed to computing
and communication technologies. The modern techniques that are proliferating towards
the use of internet activity result in exploitation and vulnerability making a suitable way of
transferring confidential data to commit an offense through illegal activity. The activity
involves theft; child pornography; built images; online transaction fraud internet sale fraud;
deployment in malicious internet activities such as viruses, worm; and third party abuse
like phishing, e-mail scams, etc. The universal approach to prevent illegal activities online
and to stop cybercrimes is by enforcing different levels of security to monitor and prevent
crimes carried out in cyberspace.
This unit introduces the concept of Cybercrime, the different types of cybercrimes, their
implications and ways to prevent them. It also elaborates on the various security issues.
The discussion also focuses on the essential roles of Cybercrime Law in the Philippines.
 38

CYBERCRIME

OBJECTIVES:

At the end of this lesson, students will be able to:

 Define cybercrime
 Know the history of cybercrimes
 Identify why people commit cybercrime
 Explore the different types of cybercrime
 39

Thoughts to Ponder
“A cyber hacker is more than a bank robber using another weapon. His
motivation is robbery and theft.”
-Anonymous

What is Cybercrime?
Cybercrime denotes criminal activity where a computer or a network is the source,
tool, target, or crime place (Matameh et al., n.d). It involves an Information Technology
infrastructure, including illegal access, data interference, systems interference, misuse
of devices, forgery, and electronic fraud (Rouse, n.d).

History of Cybercrime
Here is a brief overview of the history of cybercrime:

1. The era of modern computers started with the analytical engine of Charles
Babbage. In 1820, Joseph-Marie Jacquard, a textile manufacturer in France,
produced the loom device that permits the repetition of a series of steps in the
weaving of fabrics. This resulted in fear among Jacquard's employees that their
traditional employment and livelihood were being threatened. So, they committed
acts of sabotage to discourage Jacquard from further use of the new technology.
This is the first recorded cybercrime (III, S.,2011).
2. On May 3, 1978, the Web witnessed the birth of the first spam e-mail. A marketer
named Gary Thuerk, from the Digital Equipment Corporation, introduced his
message to 400 of the 2600 people on ARPAnet, the DARPA-funded spam called
"The first Internet." Initially, Thuerk was selling something (computers, or more
specifically, information about open houses where people could inspect the
computers). There annoyed tons of individuals, and he also had some success,
with a couple of recipients curious about what he was doing. And thus, spam was
born (Quigley & By, 2010).
3. The first virus to affect Apple computers was not written for the Macintosh computer
but is of historic interest nonetheless. In 1982, Rich Skrenta, a 15-year-old student,
wrote the Elk Cloner virus. That virus is capable of infecting the Apple II computer
boot sector. The Elk Cloner virus would display a short poem on every 50th boot
(Cluley, et al., 2020).

Why do people commit cybercrime?

People commit cybercrime because of various reasons such as curiosity, fame-
seeking, personal reasons such as stalking or emotional harassment, and even
political activities such as protests, espionage, or cyber warfare. However, financial
gain was frequently identified as the prime motivator of cybercrime. Individuals or groups
of people who use technology to commit malicious activities on digital systems or networks
are known as Cybercriminals (Tanny, 2018).
 40

Common Cybercrimes
Different types of cybercrime are facilitated by a range of technologies and techniques,
including:

1. Hacking
Hacking refers to testing and exploring computer systems, highly skilled computer
programming, or the practice of accessing and altering other people's computers.
Hacking may be carried out with ultimate aims or with criminal intent (Urbas, &
Choo, 2008).

In the cybercrime aspect, hacking refers to the practice of illegally accessing,

controlling, or damaging other people's computer systems. A hacker may use their
technical knowledge or may employ any of the cybercrime tools and techniques.

2. Malicious Software (Malware)

Malicious Software or Malware enables unauthorized access to networks for
different or a combination of purposes such as theft, sabotage, or spying. There
are different types of Malware, and many outbreaks use various kinds to achieve
their goals.

According to Crowdstrike (2019), there are eleven (11) different variations of

malware and these are:

• Ransomware – This is software that uses encryption to disable a target's

access to its data until a ransom is paid. The victim organization is rendered
partially or unable to operate until it settles. Still, there is no guarantee that
payment will result in the necessary decryption key or that the decryption
key provided will function properly.

Example:
In 2019, in Baltimore, a type of ransomware named RobbinHood halted all
government e-mails for weeks. Robinhood attack has cost the city more
than $18 million, and costs continue to increase. In Atlanta, in 2018, the
same type of Malware was used, resulting in damages amounting to $17
million.

• Fileless Malware – This type of malware does not install anything; instead,
it changes files that are native to the operating system. It includes
PowerShell or WMI. Fileless attack is not trapped by anti-virus software
because the operating system recognizes the edited files as legitimate.
These attacks are stealthy; they are up to ten times more successful than
traditional malware attacks.

Example:
An example of fileless malware is Astaroth. It spammed users with links to
a.LNK shortcut file. When users downloaded the file, a WMIC tool was
launched, along with many other Windows tools. When these tools were
downloaded, additional code was executed in the computer’s memory,
leaving no indication that scanners could detect. The intruder then
 41

downloaded and ran a Trojan that stole important information and uploaded
them to a remote server.

• Spyware – gathers information about users' activities without their consent.

This can include important information, such as passwords, pins, etc.
Spyware is not limited to desktop computers. It can also work in a critical
app or on a mobile phone.

Example:
This spyware targeting business and government leaders using hotel WIFI
is called DarkHotel. This type of malware accesses systems belonging to
specific, influential people. Once that access is achieved, the attackers will
install keyloggers to capture their target passwords and other sensitive
information.

• Adware – This tracks a user's surfing activity. Though adware is like

spyware, it does not install any software on a computer or capture
keystrokes. The danger brought by adware is the erosion of a user's privacy.
The data captured by adware is about the user's activity on the Web.

Example:
In 2017, adware called Fireball infected 250 million computers and devices.
This adware hijacks computer browsers and changes default search
engines, and it also tracks web activity. The malware had the potential to
become quite a mere nuisance. Three-quarters of it were ready to run code
remotely and download malicious files.

• Trojan – It disguises itself as a desirable code or software. Once

downloaded by computer users, the Trojan can take hold of victims' systems
for malicious purposes. Trojans may hide in games, apps, or maybe
software patches, or they will be embedded in attachments included in
phishing e-mails.

Example:
Emotet is a sophisticated banking trojan that has been around since 2014.
It is hard to fight Emotet because it evades signature-based detection, is
persistent, and includes spreader modules that help it propagate. Based on
the U.S. Department of Homeland Security alert, Emotet has cost up to $1
million per incident to remediate.

• Worms - They install themselves into the network's target vulnerabilities in

operating systems. Worms may gain access in several ways: through
backdoors built into the software, unintentional software vulnerabilities, or
flash drives. Once in place, malicious actors often employ worms to launch
DDoS attacks, steal sensitive data, or conduct ransomware attacks.
 42

Example:
The U.S. and Israeli intelligence forces developed the Stuxnet worm to set
back Iran's nuclear program. It is introduced into Iran's environment through
a flash drive. Stuxnet spread violently, but it did little damage only since its
function was to inhibit controllers that managed the uranium enrichment
process.

• Virus – It is a code that inserts itself into an application and executes when
the application runs. In a network, a virus may be used to steal data, launch
DDoS, or even conduct ransomware.

Example:
At the beginning of the millennium, a virus once baffled the planet. With just an
e-mail, the ILOVEYOU virus or Love Bug has spread immediately, crashing
computers, deleting files, and causing about $10 billion of injury. On May 4,
2000, people worldwide received e-mails with "ILOVEYOU" on the topic. The
message read: "kindly check the attached LOVELETTER coming from me."
Unsuspecting victims then opened the document. Unfortunately, it had been
"an executable program" that allowed the virus to require control. It is a worm
that replicated itself and sent copies of itself to all within the victim's e-mail
address book. The said virus is created by Onel de Guzman, a former computer
science student at AMA Computer College. A member of Grammersoft, an
underground hacking group.

• Rootkits – It is software that provides malicious actors remote of a victim's

computer with full administrative privileges. Rootkits are often injected into
applications, kernels, hypervisors, or firmware. Rootkits spread through
phishing, malicious attachments or downloads, and shared drives.

Example:
When users download a fake VPN app, Zacinto infects systems. Once
Zacinto is installed, it conducts a security sweep for opposing malware and
attempts to eliminate it. Afterward, it opens invisible browsers and interacts
with content like a human such as scrolling, highlighting, and clicking. The
said activity is meant to fool behavioral analysis software. When the
malware clicks on ads in invisible browsers, Zacinlo's payload occurs.

• Keyloggers – They are a type of spyware that monitors user activity.

Keyloggers have legitimate uses. Businesses can use them to monitor
employees' activities, and parents may use them to monitor their children's
online behaviors. Though used for malicious purposes, it can be used in
stealing passwords and other delicate information. It can be inserted into a
system through phishing, social engineering, or malicious downloads.

Example:
Olympic Vision, a keylogger, has been used to target U.S., Middle Eastern,
and Asian businessmen for Business E-mail Compromise (BEC) attacks. It
uses spear-phishing and social engineering techniques to infect its target
systems to steal sensitive information and infiltrate business transactions.
 43

• Bots/Botnets - They are software application that performs automated tasks

on command. Bots/Botnets are used for real purposes, such as indexing
search engines. Still, when used for malicious purposes, they take the form
of self-propagating malware that can connect back to a central server.
Usually, bots are utilized in large numbers to make a botnet, which may be
a network of bots, to launch broad remotely-controlled floods of attacks, like
DDoS attacks. Botnets can become quite expansive.

Example:
Echobot may be a variant of the well-known Mirai. Echobot attacks a good
range of IoT devices, manipulating more than 50, unlike vulnerabilities. It
also contains exploits for Oracle WebLogic Server and VMWare's SD-Wan
networking software. Besides, the malware looks for unpatched legacy
systems. Echobot might be employed by malicious actors to launch DDoS
attacks, interrupt supply chains, steal sensitive supply chain information,
and conduct corporate sabotage.

• Mobile Malware - Attacks targeting mobile devices have risen 50 percent since
2018. Mobile malware threats are as many as those targeting desktops and
include Trojans, ransomware, advertising click fraud, etc. They are distributed
through phishing and malicious downloads. They are a specific problem for
jailbroken phones, which tend to lack the default protections that were a part of
those devices' original operating systems.

Example:
Triada is a rooting Trojan injected into supply-chain when millions of Android
devices shipped with the Malware pre-installed. This mobile malware gains
access to delicate areas in the operating system and installs spam
applications. The spam application display ads, sometimes substituting
authentic ads. If the user clicks on the unauthorized advertisement, the
income from that click goes to Triada's developers.

3. Piracy
Internet piracy includes the downloading and distribution of copyrighted media
without paying for it. When people download or copy content such as music, books,
games, and other digital media, they may be infringing on copyright laws (About
Piracy, n.d.).

4. Spam
Spam refers to unsolicited e-mails or the electronic equivalent of 'junk mail.' Spam
is often spread in large amounts by sending out generic e-mails to large lists of e-
mail addresses (House of Representatives Committees: Chapter 2 Nature,
Prevalence and Economic Impact of Cyber Crime, n.d).

5. Phishing
Phishing is a criminally fraudulent way of acquiring sensitive information such as
usernames, passwords, and credit card details by masquerading as a trustworthy
entity in electronic communication (It is Phishing Season, 2020).
 44

6. Identity Theft and Identity Fraud

Identity Theft uses keystroke loggers, spyware, and phishing websites.
Cybercriminals may obtain a wide range of personal details. These stolen details
may be used to commit 'identity fraud.' It is illegal accessing a victim's bank/credit
card account, take out loans under a victim's name, sell online to other
cybercriminals, or use it to fabricate fake official documents such as passports
(House of Representatives Committees: Chapter 2 Nature, Prevalence and
Economic Impact of Cyber Crime, n.d).

7. Cyber Pornography
This refers to the act of using cyberspace to create, display, import, distribute or
publish obscene materials, especially materials that illustrate children engaged in
sexual acts with adults. Cyber pornography is a criminal offense, that causes harm
to people (Cyber pornography, n.d).

8. Copyright Infringement
The unauthorized use of works under copyright is copyright infringement (which
includes infringing the copyright owner's rights, such as the right to duplicate or
perform the copyrighted work, or to do derivative works) (Copyright Basics, n.d)

9. Denial-of-Service (DoS)
In a Denial-of-Service (DoS) attack, an attacker tries to stop legitimate users from
accessing information or services. DoS is done by accessing your computer and
its network connection. An attacker may prevent you from accessing e-mail,
websites, online accounts, or other services that depend on the affected computer
(What does "Disable Port Scan and DoS Protection, n.d.).
 45

INFORMATION TECHNOLOGY SECURITY ISSUES

OBJECTIVES:
At the end of this lesson, students will be able to:

 Understand the security in cyberspace;

 Identify what online communication is;

 Differentiate the level of privacy they can expect in their online

activities; and

 Explore the use of online tracking and monitoring.

 46

Thoughts to Ponder
“As the world becomes increasingly interconnected, everyone shares
the responsibility of securing the cyberspace ”
-Newton Lee

PRIVACY ON CYBERSPACE
Information systems made many businesses successful today (such as Google,
Facebook, eBay, etc.) would not exist without information technology. However,
improper use of information technology can create problems for the organization and
employees ( Ethical & Security Issues in Information System, n.d.).

One of the legal issues arising in cyberspace is privacy. Just as in the real world,
privacy is essential to individuals, corporations, and governments. At present, the
privacy of individual netizens has acquired critical relevance. Criminals getting access
to credit card information can cause loss to the owners or the financial institute. Using
organizational information systems, such as posting inappropriate content on
Facebook or Twitter or employing a company account, can cause lawsuits and loss of
business (Ethical & Security Issues in Information System, n.d.).

What are "online communications?"

Online communication refers to how people communicate with each other through a
network and the internet. Online communication types are instant messaging, e-mails,
online forums, filling out online forms, posting comments on social media or blogs,
social networking, or online conferencing (video and audio). These types of online
communication are being used today (“What is Online Communication”, n.d.).

EXPECTATIONS OF PRIVACY IN CYBERSPACE

What level of privacy can you expect from your online activity?
According to Privacy and Cyber-Risk (n.d.), the privacy level that you can expect will
depend on the nature of the activity. There are virtually no activities or services online
that guarantee absolute privacy. This guide informs you about ways to maximize the
privacy of your online activities and avoid common pitfalls.

• "Public" activities: Many online activities are open for public use. Engaging in
these sorts of activities does not normally create an expectation of privacy. In
fact, consistent with the Electronic Communications Privacy Act (ECPA), it is
not illegal for anyone to look at or disclose a transmission if the communication
is "readily accessible" to the public.

For example, if you posted a message post to the public, such as an online
forum, it is available to be viewed, copied, and stored by others. Furthermore,
your name, electronic mail address, and other information are usually available
for inspection as part of the message itself. Public postings made on the Web
are archived in searchable databases. On the Web, your public messages can
 47

be retrieved by someone anytime or even years after the message was initially
written.

Another example is online newsletters which are usually sent to a list of

subscribers. If you would like to privately reply to a message posted on a web
newsletter, make certain you send it specifically to the person's address and
not the newsletter’s address. Otherwise, you would possibly find that your
message has been sent to everyone on the newsletter list.

1. "Semi-private" activities: Often, the presence of security or agreement

safeguards on certain forums can lead users to believe that communications
made within these services are private. For instance, some online forums or
comment sections are restricted to users who are authorized and/or with a
password. While communications made in these forums may originally be read-
only by the members with access, nobody is preventing those members from
recording the communications and later transmitting them elsewhere.

Real-time "chat" is an example of semi-private activity, where participants type

lives messages for other participants. Chat users may capture, store, and
transmit these communications to others outside the chat service though.
Additionally, these activities are subject to equivalent monitoring exceptions
that apply to "private" e-mails (see private activities).

• Private activities: Almost all online services offer "private" activity, which
allows subscribers to send personal e-mail messages to others. The ECPA
(Electronic Communication Privacy Act) makes it unlawful for anyone to read
or disclose the contents of a transmission. This law applies to electronic mail
(e-mail) messages. Still, there are three important exceptions to the ECPA:

o The online service may view the private e-mail if it suspects the sender
of the message is attempting to wreck the system or destruction to
another user. Random monitoring of e-mail is still prohibited.
o Suppose either the sender/recipient of the message contends the
inspection or disclosure, the service may legally view and disclose
private e-mail. Some commercial services require a contract from new
members when signing up for the service.
o If the employer owns the e-mail system, the employer may inspect the
contents of the employee's e-mail on it. Hence, any e-mail sent from a
business is possibly not private. Several lawsuits have determined that
employers have a right to watch the e-mail messages of their employees.

To increase e-mail privacy, many people keep a private e-mail account for personal
matters separate from their business/other transaction accounts. Free accounts can
be obtained from some online providers, including Gmail, Yahoo, and others. Be sure
to read their privacy policies.
 48

ONLINE TRACKING AND MONITORING

Can online services track and record my online activity?
Yes, whenever you use the internet, you leave a record of the websites you visit and
everything you click. A small piece of data on many websites is called a cookie. It
saves a small amount of data to your web browser to trace this information. In addition
to cookies, many websites can use your user accounts to track browsing activity.
While this type of browser tracking does not pose a severe risk to your online security,
it is essential to understand how your online data is tracked and used (Blog,2013).

Can online services access information store on my computer without my

knowledge?
Yes, many of the public online services automatically download graphics and program
upgrades to the user's computer. The subscriber is notified of these activities. But
other intrusions are not so evident. Many reports have documented that some services
have admitted to both accidental and intentional prying into personal computers'
memory. Corporations commonly explain that they collect information (i.e., users'
hardware, software, and usage patterns) to provide better customer service.

It is hard to find these kinds of intrusions. You must remember this potential privacy
abuse and investigate new services before signing in/up. Continually scan the privacy
policy and the service agreement of any online service you prefer to use (Privacy and
the Internet: Travelling in Cyberspace Safely, n.d).

Can hackers get into my computer?

When using a broadband “always-on” service, a computer user is most susceptible to
attacks by hackers. Users should install a firewall device that monitors the network
activity and allows only the activities the user has authorized (Blog,2013).

What are Web Bugs?

An internet bug or web bug could be a graphic associate that appears on an internet
site or can be in a form of an “enhanced” e-mail message that permits the 3rd party to
watch who is reading the page or message. The graphic could also be a typical size
image that is simply seen, or it may be a virtually invisible one-pixel graphic. E-mail
messages that embrace graphic displays like websites are called increased
messages, conjointly known as stylized or HTML e-mail. The net bug will record the
information science address of the viewer once the message or online page is viewed.
(Blog, 2013).

What is Encryption?
A technique of scrambling an e-mail message or file so that it is meaningless to anyone
who does not know how to unscramble it is termed Encryption. The advantage of
encoding is that something encrypted is just about inaccessible to anyone except the
selected recipient. Thus, private information is also encrypted and so transmitted,
stored, or distributed without fear that it will be browsed by others. (Blog, 2013).

How can programs such as PGP protect your privacy?

“Pretty Good Privacy” or PGP and different encryption programs will protect a user's
privacy by encrypting the information; thus, the solely supposed recipient will access
it and know it. Sturdy encryption programs corresponding to PGP are on the online
market. (Blog},W.,2013)
 49

What is Netiquette?
A set of social agreements that facilitate interaction over networks is called Netiquette,
short for "network etiquette" or "Internet etiquette." It includes correct manners for
sending that provide rules of conduct in social things. Netiquette aims to assist,
construct, and maintain a pleasing, comfortable, and economic atmosphere for online
communication; and avoid inserting strain on the system and generating conflict
among users (Chen, 2019).
 50

CYBERCRIME PREVENTIONS

OBJECTIVES:

At the end of this lesson, the student will be able to:

 Explore how to protect privacy in cyberspace

 Identify the Do's and Don'ts in using the internet.
 51

Thoughts to Ponder
“Cybersecurity is a shared responsibility, and it boils down to this: in
cybersecurity, the more systems we secure, the more secure we are.”
-Jeh Johnson

What can I do to protect my privacy in cyberspace?

According to Slain (2018), there are seven (7) ways to protect your privacy in
cyberspace. The following cyberspace protections are:

1. The Basics:
• If In Doubt, Throw It Out: Malware and phishing are becoming subtler. Do not
attempt to open e-mails that look suspicious or uncommon, particularly if they
relate to your e-mail, social media, money services, or utility accounts. Delete
these messages.
• Stay Updated: Turn on automatic updates. Keep your computer’s operating
system, and security software up to date.
• Think Before You Act: Be particularly cautious and open-eyed if an offer
demands you to act in real-time, sounds too smart to be true, or asks for
personal information.

2. Privacy Settings
Updating privacy settings on websites and services, particularly on social media
and search sites like Facebook, Google, and Yahoo is the best way to begin
protecting yourself. This could sometimes be done through the “settings” menu
choice.

Since most sites default to data being shared in public, ever-changing settings can
help you confirm your data is seen by fewer folks. Ideally, you should share data
solely with people you recognize.

Why is this important? “Oversharing” of social media data ends up in various risks,
such as home break-ins by criminals who see that you simply are on vacation.
Also, restricted sharing and/or deleting tags on photos and pieces of writing on
your Timeline can prevent embarrassing materials from being seen by those that
do not know you well, such as your colleagues at work, acquaintances, distant
family members, or potential employers.

3. Blocking Cookies
Another good way to maintain anonymity while online is by Blocking third-party
cookies. Blocking cookies makes it harder for websites to track the last time you
visited, what username you use, and whether or not you should be signed in.
Blocking cookies can be less convenient in some ways. The increase in privacy is
worth the compromise.
 52

4. Unlinking Accounts
Some websites are now giving the option to link accounts. For example, Google
allows you to link all your different Gmail accounts in a browser. Many websites
are now giving you the option to use your Google login to access their site. While
convenient, linking accounts will produce a lot of risks. If one in each of your
accounts is compromised, all the linked accounts will be in danger. So unlinking
accounts may be a great way to safeguard data.

5. Secure Connections, Firewalls, and Antivirus Services

Always use a secure wireless connection. It is time to create a new password if
you do not have a strong password on your Wi-Fi network connection. A firewall is
also important to use in protecting your computer from unwanted network traffic. It
is also important to have some kind of anti-virus or anti-spyware to keep your
computer clean and free of viruses.

6. Stronger Passwords
To maintain security, having different and stronger password combinations is
critically necessary. With every website needing a password, people tend to get
likely to create simple passwords or use the same passwords on different websites.

Use passwords with eight characters or more with mixed types of characters. But
even passwords with simple substitutions like “3nt3rta1nm3nt” can be vulnerable
to attackers’ increasingly sophisticated technology, and random combinations like
“a9s8d7%k” are difficult to remember.

Another way to create secure passwords is passphrases. It is easy to recall short

words with spaces or separate them by other characters. Random words rather
than common phrases are the best to use—for example, love_you_goodbye.

On multiple websites, avoid using the same username/password combination. Use

unique passwords for each new internet service you signed up for.

7. Better Browsing
Internet or web user must delete cookies often. The user must have to be
compelled to log out to social media like Facebook and even Google accounts
when not using them and do not keep them open in tabs on your web browser. If
the user needs to require an ensuing step in improving privacy, attempt employing
a browser such as Tor that routes your information processing through a VPN or
Virtual non-public Network. A virtual non-public network routes all of your
information through a proxy server; thus, your information processing address and,
in several cases, your user information is protected.
 53

Do’s and Don’ts in Using the Internet

The following table shows the different activities and the Do's and Don'ts of using the
internet:

Table 2.1. Internet DO's AND DON'Ts

Activities DO's DON'Ts

Schoolwork Do - Use the Internet to help you Don't copy information from the
do your schoolwork. The internet is internet and call it your own.
the world's most extensive library.
You can find information on all
subjects from science, math, and
technology to language, art,
history, current events, etc.

When you use the information and If you take it without permission
other materials that you find on the or do not cite the source, you
internet for your homework or commit plagiarism.
research, make sure that you
indicate the information sources in
footnotes, just as you used books
to get the information.

Music, Do use the internet to learn about Don't use the internet to
video, music, video, and games. There download or share copyrighted
games, and are many websites where you can material. When something is
copyrights learn about music (by listening to copyrighted, it means that
sample tracks), can preview movie someone else owns it, and you
videos, and can learn about new cannot copy or distribute it
computer games. without their permission. It is
dishonest and illegal to
download copyrighted music,
video, games, or other
materials.

It is also dishonest and illegal to

share copyrighted music, video,
games, or other materials.
When you see this symbol — ©
— it means that the content is
copyrighted.

Do use the internet to Don't use the internet to

E-mail and communicate with friends and communicate with strangers.
instant family. E-mail and instant
messaging messaging (I.M.) are good, fun Don't give out your e-mail or
ways to share. Make sure that you I.M. address to people you do
know the people that you not know, either online or in
exchange e-mail and I.M. with. person. Don't open e-mail or e-
mail attachments from people
you do not know. Unsolicited e-
 54

mail may contain viruses that

will damage your computer and
the information on it.

Don't pretend to be someone

else. Just as you don't want
others to hide their real identity
with their e-mail or I.M. from
you, don't pretend to be
someone else when you're
online.

Don't be rude or use foul

language. When you use e-mail
or I.M., be considerate of
others. Don't be rude and
mean. What you should not do
in real life, must not be done on
the internet.

Don't give your personal

information or passwords to
anyone.

Don't tell people, especially

strangers, more about yourself
online than when you meet
them in person. Don't tell them
what you look like, your age,
where you live, your phone
number, what school you go to,
or any passwords that protect
your computer or private
information.

For Parents Do encourage your children to use

the internet. The internet has a lot Don't leave your children
of good things to offer. unsupervised. Ensure you
know what sites your children
When used wisely, it is an excellent visit when they are online, and
tool for information gathering and with whom they are
learning and for practicing written communicating. Look over their
communication (via e-mail and shoulder. Keep track of the
instant messaging). websites they visit.

There are websites and

programs available that direct
children to fun, engaging, and
appropriate sites. Others
restrict their browsing to proper
 55

websites. The best control,

however, is parental
involvement. Make sure they
understand acceptable
behavior on the internet and
they follow the rules.
(Tariao, M. (2016, June 9) D.O.'s and DONT's in WEB ETHICS. Retrieved August 9, 2020, from
https://sites.google.com/site/marjorietariaoinfo/do-s-and-dont-s-in-web-ethics)
 56

CYBERCRIME AND CYBERCRIME LAW IN THE

PHILIPPINES

OBJECTIVES:

At the end of this lesson, the student will be able to:

 Understand Cybercrimes and the Cybercrime Law in the

Philippines
 57

Thoughts to Ponder
“Cybercrime is the biggest challenge these days with development and
access to technology across the globe.”
-Rajnath Singh

Cybercrime Law in the Philippines

On September 12, 2012, the Cybercrime Prevention Act of 2012 (R.A. 10175) was
signed into law by President Benigno S. Aquino III. The original goal of R.A.10175 was
to penalize acts like cybersex, child pornography, identity theft, and unsolicited
electronic communication in the Philippines.

A provision expanding the scope of the law of libel to cover Internet posts was opposed
by different groups, which asked the Supreme Court to issue a temporary restraining
order (TRO) and a status quo ante order. The law could see Internet users sentenced
to up to twelve (12) years in prison for posting defamatory comments on social media
such as Facebook or Twitter. The online libel was not part of the original bill proposed
by the Department of Justice (DOJ) but was one of the amendments inserted by the
Senate proposed by Sen. Vicente Sotto III. The Supreme Court issued a 4-month
injunction on October 9, 2012, while it scrutinized the law for possible violations of
constitutional provisions on freedom of expression. The high court extended the TRO
indefinitely on February 6, 2013 (Inquirer, 2014).

R.A. 10175 punishes content material-associated offenses, which include cybersex,

child pornography, and libel, which can be done via a computer system. It also
penalizes unsolicited business conversation or content material that advertises or sells
merchandise and services.
There are exemptions relevant to the sending of unsolicited material. It is not a crime
if there is permission from the receiver, the communication is an announcement from
the sender to users, and if there is an easy, reliable way for the recipient to reject it,
among others.

In R.A. 10175, individuals found guilty of cybersex face a jail term of prison mayor
which is six (6) years and one (1) day to twelve (12) years or a penalty of at least
P200,000 but not exceeding P1 million.

Child pornography via an electronic device such as a computer carries a penalty one
degree higher than that stated in the Anti-Child Pornography Act of 2009 (RA 9775).
Under this Act, those who produce, disseminate, or publish child pornography will be
fined from P50,000 to P5 million and a maximum jail term of reclusion Perpetua or 20
to 40 years.
Persons found guilty of unsolicited communication face arresto mayor or imprisonment
for one (1) month and one (1) day to six (6) months or a fine of a minimum of P50,000
but less than P250,000, or both.

The law also penalizes offenses against the confidentiality, integrity, and availability of
computer data and systems, like illegal access, illegal interference, data interference,
system interference, misuse of devices, and cybersquatting.
 58

It defines cybersquatting as the acquisition of a website name on the Web in bad faith
or with the intent to profit, mislead, destroy one's reputation or deprive others of
registering an equivalent name. Computer-related forgery, fraud, and identity theft are
also covered by the law.

Cybercrimes in the Philippines

As the number of Internet users within the Philippines increases, the Philippine
National Police (PNP) has also recorded a consistent rise in cybercrime cases and
other malicious attacks over the last six years from 2013 to June 2019.

Figure ____: Nature of Cybercrime Investigated

(Gonzales, C. (2019, October 5). Cybercrime on the rise over the last six years. Retrieved August 8, 2020
https://newsinfo.inquirer.net/1177832/cybercrime-on-the-rise-over-the-last-6-years#ixzz6W3Fd1N9g)

PNP Anti-Cybercrime Group (ACG) showed data that online libel cases climbed from
only 22 cases in the year 2013 to 661 from January to June 2019; online scams from
42 to 550 cases; photo and video voyeurism cases from 10 to 356; and computer-
related identity theft from 23 cases to 258. Other issues such as online threat, rose
from 29 to 217 during the said time; hacking from 12 to 193; unjust vexation from 1
reported case to 148; cases of illegal access from zero-incident to 133; ATM/credit
card fraud from one reported case to 59; and robbery with intimidation from three to
35 incidents. NP-ACG attributed the swelling figures to the increasing number of
internet users in the country. Cybercriminals take advantage of the utilization of the
Web since it is often easily accessed (Gonzales, 2019).
 59

PRIVACY AND ANONYMITY ISSUES

"Privacy" explains how information technology affects privacy rights and discusses
several critical pieces of legislation that have addressed privacy rights.
The chapter explains how the personal information that businesses gather using
information technology can be used to obtain or keep customers (or to monitor
employees). It also discusses the concerns of privacy advocates regarding how much
information can be gathered, with whom it can be shared, how the data is collected in
the first place, and how it is used. These concerns also extend to the information-
gathering practices of law enforcement and government.
 60

PRIVACY AND ANONYMITY

OBJECTIVES:

At the end of this lesson, students will be able to:

 define privacy
 define anonymity
 differentiate privacy from anonymity
 61

Thoughts to Ponder
“No one can train you to be famous. How do you deal with the loss of
anonymity, the loss of privacy? You have to be disciplined.”
-Wesley Snipes

An Introduction to Privacy & Anonymity

Living in today's interconnected world has brought with it significant advantages. Most
apparently, the speed of communication and knowledge interchange has opened new
avenues for propagating ideas and new businesses in ways within the domain of
fantasy only a couple of generations ago. However, alongside the advantages this new
world provides, there are significant new challenges raised. An equivalent technology
that permits families to speak in real-time across continents also enables widespread
cataloging of these conversations’ contents. A similar technology that helps online
retailers to customize your shopping experiences from the comfort of your house also
allows data clearinghouses to make a highly detailed profile of you (including not only
the information you have got provided but also personal information about yourself
that they will statistically deduce with startling accuracy).

Privacy vs. Anonymity

This complex system that we discover ourselves demands precision of thought and
language to ensure that we are ready to achieve our individual privacy goals.
Therefore, it is essential to differentiate between two different, though closely
intertwined notions: privacy vs. anonymity (Holden, 2013).

It is critical to notice that privacy and anonymity are not the same. The thought of
privacy on the Web is the expectation that entities with whom a user shares data won't
disclose that data to other entities, which is not originally intended to ascertain.
Protection of privacy implies protection against hackers and corporations alike--
anyone who might exploit a user's personal information. In this sense, indeed, an
anonymous user is inherently protected because his personal information is not readily
available; however, the converse does not hold. Privacy does not necessarily imply
anonymity; an internet site may, for instance, record visitors' behavior or
demographics, but recording users' names and private information for later use or
exploitation is an invasion of privacy (n.d.).

Privacy and anonymity are two different concepts. They are both increasingly
necessary as we get increasingly wiretapped and tracked, legally or not. It is important
to know why they are an integral part of our civil liberties – why they are not just
beneficial to the individual but critical to a free society.
 62

WHAT IS PRIVACY?
What is privacy? (n.d.) states that, in general, privacy means to be free from secret
surveillance and determine whether, when, how, and to whom one's personal or
organizational information is revealed. Specifically, privacy could also be divided into
four categories:
1. Physical- restriction on others to experience a person or situation through one
or more of the human senses;
2. Informational - restriction on searching for or revealing facts that are unknown
to others;
3. Decisional - restriction on interfering in decisions that are exclusive to
an entity;
4. Dispositional – is a regulation on attempts to know an individual's state of
mind.

Privacy is the ability to keep some things to yourself regardless of their impact on
society. For example, I lock the door every time I go inside the men’s room – not
because I am doing something illegal or plotting to overthrow the government inside
the men’s room, but just because I would like to keep to myself whatever I do inside.

People have created private spaces for themselves. Even in the most oppressive
regimes, people have found how to try something outside of prying eyes (Washington,
2019).

When someone says that only criminals have something to cover, they are plain
wrong. Nobody would dream of creating a keyboard for people with three arms and
would support the exact incontrovertible detail that people do not have three arms.
Some investigation hawks and cohorts are pushing for society for people with no need
for privacy – even though such people do not exist.

So, privacy may be a concept describing activities that you simply keep entirely to
yourself or a limited group of individuals.

WHAT IS ANONYMITY?
Anonymity is from the Greek word ἀνωνυμία, anonymia, meaning "without a name"
or "namelessness." In everyday use, anonymity typically refers to the state of an
individual's identity, or personally identifiable information, being publicly unknown (
Qoara, 2017).

Anonymity is doing something without letting other people know that you are doing it.
A typical example would be if you would like to blow the whistle on abuse of power or
other sorts of crime in your organization without risking your career and social standing
in the group. This is why we typically have strong regulations that protect sources of
the press. You may also post such data anonymously online through a VPN, the TOR
anonymizing network, etc. This is often the equivalent of the anonymous tip-off letter,
which has been seen as a staple diet in our checks and balances (Washington, 2019).
Lacking anonymity in society, we have lost the ability to keep our government in check.
 63

Anonymity is not just significant to whistleblow on scandals. It can have profound

catalyzing effects in developing society, especially when breaking prohibitions or
forwarding forbidden causes that were later vindicated.
 64

PRIVACY PROTECTION AND THE LAW

OBJECTIVES:
At the end of this lesson, the student will be able to:

 understand the privacy protection and the law

 explore and understand the Data Privacy Act in the Philippines

 65

Thoughts to Ponder
“All human beings have three lives: public, private, and secret.”
-Gabriel Garcia

The Right to Privacy

Definition
– “The right to be left alone—the most comprehensive of rights, and the
right most valued by a free people” (Hill, n.d.).

– “The right of individuals to control the collection and use of information

about themselves” (Solesi, n.d.).

Legal aspects
– Protection from unreasonable intrusion upon one’s isolation
– Protection from the appropriation of one's name or likeness
– Protection from unreasonable publicity given to one’s private life
– Protection from the publicity that unreasonably places one in a false light
before the public

Introducing Data Privacy

According to Jamael Jacob(2018), the journey of Data Privacy is as follows:
• Data Protection Directive European Union’s 1995
• R.A. No. 8792, known as the Electronic Commerce Act of 2000 – recognition
and use of e-commerce and non-commercial dealings and documents
• Membership in the Asia-Pacific Economic Cooperation (APEC) -- Privacy
Framework in 2005
• DTI AO No. 8 in 2006 -- prescribed procedures for a local data protection
certification system
• The DPA was signed into law in 2012, with the local BPO sector as its most
visible endorser.
• Creation of the Dept. of Information and Communications Technology (DITC)
in 2015 (R.A. No. 10844)
• The activation of the National Privacy Commission (NPC) in 2016
• DPA's Implementing Rules and Regulations were put in effect on September 9,
2016

Republic Act No. 10173 – Data Privacy Act 2012 (DPA)

The Philippines features an increasing and significant business process management
and health information technology industry. The total IT spending reached $4.4 billion
in 2016, and therefore the sector is predicted to have quite an increase by the year
2020. Filipinos are considered heavy social media users; 42.1 million are on
Facebook, 13 million are on Twitter, and 3.5 million are LinkedIn users. In addition, the
country is in the process of setting up free public Wi-Fi. In the context of the rapid climb
 66

of the digital economy and increasing international trade of knowledge, the Philippines
has strengthened its privacy and security protections (Wall, 2017).

Republic Act No. 10173, known as the Data Privacy Act (DPA) of 2012, is a law
protecting all forms of information in information and communications systems, be it
personal, government, or private sector (Republic Act 10173 – Data Privacy Act of
2012, 2016).

The DPA of 2012 proposes to protect personal information. Most of the information
nowadays is processed online or through the Internet. There is no reservation that the
Data Privacy Act compliance is now a necessity in the business sector. It was signed
into law last August 15, 2012 (Republic Act 10173 – Data Privacy Act of 2012, 2016).

Republic Act. No. 10173, Ch. 1, Sec. 2, states that this law aims "to protect the
fundamental human right of privacy, of communication while ensuring the free flow of
information to promote innovation and growth." This complete privacy law also
established a National Privacy Commission that implements and supervises it and is
endowed with rulemaking power. On September 9, 2016, the ultimate implementing
rules and regulations came into force, adding specificity to the Privacy Act (Wall,
2017).

Figure 3.1. The Structure of the Data Privacy Act

Data Privacy Act Primer. (2017). Retrieved September 08, 2020, from
https://www.privacy.gov.ph/data-privacy-act-primer/

RA 10173 – Data Privacy Act 2012

Scope and Application
The Data Privacy Act is broadly relevant to individuals and legal entities that process
personal information, with some exceptions. The law has extraterritorial application,
applied not only to businesses with offices within the Philippines, but when equipment
 67

based in the Philippines is used for processing. The rule further applies to the
processing of Philippine citizens' private information regardless of where they reside.

One exception within the Act provides that the law does not apply to the processing of
personal information within the Philippines that was lawfully collected from residents
of foreign jurisdictions — an exception helpful for Philippine companies that provide
cloud services.

Source: Summary: Philippines Data Privacy Act and implementing .... https://iapp.org/news/a/summary-
philippines-data-protection-act-and-implementing-regulations/

Approach
The Philippines law takes the approach that “the processing of private data shall be
allowed subject to adherence to the principles of transparency, legitimate purpose,
and proportionality.”

Source: Summary: Philippines Data Privacy Act and implementing .... https://iapp.org/news/a/summary-
philippines-data-protection-act-and-implementing-regulations/

Collection, processing, and consent

The Act states that accessing private data "must have a declared, specified, and
bonafide purpose" and further states that consent is required before gathering all
personal data. When obtaining consent, the info subject must be told about the extent
and purpose of processing the information (i.e., for profiling, or processing for
marketing, and data sharing). Consent is further required for sharing information with
affiliates or mother companies.

Consent must be "freely given, specific, informed," Therefore, the definition further
requires that consent to collection and processing be evidenced by recorded means.
However, processing does not always need permission.

Consent is not required for processing where the info subject is a party to a contractual
agreement to fulfill that contract. The exceptions of compliance with a legal obligation
upon the info controller, protection of the info subject's vital interests, and response to
a national emergency are also available.

An exception to consent is allowed when processing is essential to pursue the info

controller's legitimate interests, except where the info subject's fundamental rights and
freedoms are overridden.

Source: Summary: Philippines Data Privacy Act and implementing .... https://iapp.org/news/a/summary-
philippines-data-protection-act-and-implementing-regulations/

Required agreements
The law requires that when sharing data, the sharing must be covered by an
agreement that provides adequate precautions for data subjects' rights, and that these
agreements are subject to review by the National Privacy Commission.
 68

Source: Summary: Philippines Data Privacy Act and implementing .... https://iapp.org/news/a/summary-
philippines-data-protection-act-and-implementing-regulations/

Sensitive Personal and Privileged Information

The law defines sensitive personal information as being:

• An individual's race, ethnic origin, legal status, age, color, and non-secular,
philosophical, or political affiliations;
• An individual's health, education, a genetic or sexual lifestyle of an individual,
or any offense committed or imagined to have committed;
• Issued by government agencies "peculiar" (unique) to a private individual, like
a Social Security number;
• They are marked as classified by executive order or Act of Congress.

All processing of sensitive and private information is prohibited except in certain

circumstances. The exceptions are:

• Consent of the info subject;

• According to the law that does not require consent;
• The necessity to guard the life and health of a person;
• The necessity for medical treatment;
• The necessity to guard the lawful rights of knowledge subjects in court
proceedings, legal proceedings, or regulations.

Source: Summary: Philippines Data Privacy Act and implementing .... https://iapp.org/news/a/summary-
philippines-data-protection-act-and-implementing-regulations/

Surveillance
The Philippines law states that the country's Human Security Act of 2007, a severe
anti-terrorism law that permits surveillance, must suit the Privacy Act.

Source: Summary: Philippines Data Privacy Act and implementing .... https://iapp.org/news/a/summary-
philippines-data-protection-act-and-implementing-regulations/

Privacy program required

The law requires that any entity involved in processing private information must
develop, implement, and review procedures to gather personal data, obtain consent,
limit processing to defined purposes, access management, provide recourse to data
subjects, and implement data retention policies. These requirements necessitate the
creation of a privacy program. Requirements for technical security safeguards within
the Act also mandate that an entity must have a security program.

Source: Summary: Philippines Data Privacy Act and implementing .... https://iapp.org/news/a/summary-
philippines-data-protection-act-and-implementing-regulations/
 69

Data subjects' rights

The law enumerates the rights of privacy professionals associated with the principles
of notice, choice, access, accuracy, and integrity of knowledge.

The Philippines law appears to contain a "right to be forgotten" within the sort of a right
to erasure or blocking, where the info subject may order the removal of his or her data
from the info controller's file system. Exercising this right requires "substantial proof,"
of the burden of manufacturing, placed on the info subject. The very fact expressly
limits this right that continued publication could also be justified by constitutional rights
to freedom of speech, expression, and other rights.

Notably, the law provides a personal right of action for damages for inaccurate,
incomplete, outdated, false, unlawfully obtained, or unauthorized use of private data.

The right to data portability is additionally provided.

Source: Summary: Philippines Data Privacy Act and implementing .... https://iapp.org/news/a/summary-
philippines-data-protection-act-and-implementing-regulations/

Mandatory personal information breach notification

The law defines "security incident" and "personal data breach," ensuring that the two
are not confused. A "security incident" is an occasion or occurrence that affects or
tends to affect data protection or compromise availability, integrity, or confidentiality.
This definition includes incidents that might end in a personal breach if safeguards are
not properly put in place.

A "personal data breach," on the other hand, may be a subset of a security breach that
results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure
of, or access to, personal data transmitted, stored, or otherwise processed.

Source: Summary: Philippines Data Privacy Act and implementing .... https://iapp.org/news/a/summary-
philippines-data-protection-act-and-implementing-regulations/

Requirement to notify
The law further provides that not all "personal data breaches" require notification,
which provides several bases for notifying data subjects or the info protection
authority. Section 38 of the IRRs provides the important things about breach
notification:

• The breached information must be sensitive personal information or information

that would be used for identity fraud;
• There may be a reasonable belief that unauthorized acquisition has occurred,
• The risk to the info subject is real, and
• The potential harm is severe.
 70

The law provides that the Commission may determine that notification to data subjects
is unwarranted after taking into consideration the entity's compliance with the Privacy
Act and whether the acquisition was properly done.

Source: Summary: Philippines Data Privacy Act and implementing .... https://iapp.org/news/a/summary-
philippines-data-protection-act-and-implementing-regulations/

Notification timeline and recipients

The law places a concurrent obligation to notify the National Privacy Commission
regarding affected data subjects within 72 hours of reasonable belief by the info
controller of a personal data breach.

It is unclear at present whether the Commission would allow a delay in notification of

info subjects to permit the Commission to work out whether a message is warranted
or not. By law, this can appear to be a big gamble.

Source: Summary: Philippines Data Privacy Act and implementing .... https://iapp.org/news/a/summary-
philippines-data-protection-act-and-implementing-regulations/

Notification contents
The contents of the notification must at least:
• Describe the character of the breach;
• Contain the personal data possibly involved;
• Provide the measures taken by the entity to deal with the breach;
• Explain the measures done to reduce the harm or negative consequence of the
breach;
• Identify the representatives of the private information controller, including their
contact details;
• Provide any assistance to the affected data subjects.

Source: Summary: Philippines Data Privacy Act and implementing .... https://iapp.org/news/a/summary-
philippines-data-protection-act-and-implementing-regulations/

Penalties
The law provides separate penalties for various violations, most of which also include
imprisonment. Different counts exist for unauthorized processing, negligent access,
improper disposal, unauthorized access or the intentional breach, concealment of a
breach involving sensitive personal information, unauthorized disclosure, and
malicious disclosure.

Any combination or series of acts may cause the entity to be subject to imprisonment
starting from three to 6 years and a fine between Php 100,000.00 and Php
5,000,000.00.

Notably, there is also the previously mentioned private right of action for damages,
which might apply.
 71

KEY PRIVACY AND ANONYMITY ISSUES

OBJECTIVES:

At the end of this lesson, the student will be able to:

 identify and explore key privacy and anonymity issues in:

 understand Company and Consumer Profiling
 describe Workplace Monitoring
 72

Thoughts to Ponder
“Real integrity is doing the right thing, knowing that nobody's going to
know whether you did it or not."
-Oprah Winfrey

Key Privacy Issues

According to Cobb (2004), basic data privacy principles were discussed long before
the Web's commercialization. The U.S. Federal Trade Commission (FTC) reiterated
1998 these principles within the Web context when it produced, at the branch's
request, a document called "Privacy Online: A report back to Congress." The report
began by observing that:

"Over the past quarter-century, government agencies within the US,

Canada, and Europe have studied how entities gather and use personal
information -their "information practices"- and the safeguards required to
assure those practices are fair and supply sufficient privacy protection. The
outcome has been a series of reports, guidelines, and model codes
representing widely-accepted principles concerning reasonable information
practices."

Five Core Principles of Privacy Protection (Cobb, 2004)

Source: Cobb, S. (2004, March 15). Five Key Privacy Principles. Retrieved September 09, 2020, from
https://www.computerworld.com/article/2574182/five-key-privacy-principles.html

1. Notice/Awareness
Notice may be a concept that network professionals should be familiar with. Many
systems, including internet sites, are concerned with ownership, security, and
terms of use. Notice of terms of use could be a banner that appears during network
log-on, warning that access to the network is restricted to authorized users. It could
be a splash page for an internet site informing visitors that clicking to enter
constitutes agreement to the terms of use. Within the context of internet site
privacy, notice means you want to advise visitors about your policies concerning
the private data you process.

Consumers should receive notice of an entity's information practices before any

personal information is collected from them. A consumer may not be able to make
an informed decision on whether to disclose personal information or not and how
much personal information should be disclosed. Below are the three principles that
must be considered by all parties:

• choice/consent
• access/participation
• enforcement/redress
 73

They are only meaningful when a consumer reads an entity's policies and thinks
about his/her rights concerning those policies.

The first privacy notice provided to internet site visitors is the privacy statement.
For accessible sites that set no cookies or receive no user input, such a press
release is straightforward. The more complex and interactive the location, the more
work it will do to craft a press release covering all the bases. Here are the points
that must be covered:

• Identification of the entity collecting the information.

• Identification of the intended use of the information.
• Identification of any potential recipients of the information.

Logging Activity: You would like to let visitors to your site know if you employ
automated tools to record information about their visits (information like the kind of
browser and O.S. they used to access your site, the date and time they accessed
the location, the pages they viewed, and, therefore, the paths that they took
through the site.

Use of Web Bugs and Beacons: The use of these techniques should be
disclosed, alongside a transparent statement of how and why they are used, and
what information they track.

Use of Cookies: The use of cookies must be revealed. A distinction should be

made between session cookies (which expire when the user closes the online
browser) and protracted cookies (which are transferred to the user's machine for
future use on the location).

2. Choice/Consent
Same with Notice/Awareness, this second principle should be addressed with
honesty and sensitivity. Choice means giving consumers options on how any
personal information collected from them could be used. This relates to secondary
data uses, which the FTC describes as "uses beyond those necessary to finish the
contemplated transaction." The FTC notes that "such secondary uses are often
internal, like placing the buyer on the collecting company's list to plug additional
products or promotions, or external, like the transfer of data to 3rd parties."

As you would possibly expect, privacy advocates prefer the opt-in type of consent,
during which people specifically request to be included in a list, instead of opt-out,
which adds people to the list by default, until they ask to be removed.

3. Access/Participation
The point of access and participation is to let people whom you have got
information about determine what that information is, and contest its accuracy and
completeness if they believe it is wrong.

4. Integrity/Security
The fourth widely accepted principle is that data should be accurate and secure.
Data collectors, like internet sites, must take reasonable steps to assure data
integrity, like using only reputable sources of knowledge and cross-referencing
data against multiple sources, providing consumer access to data and destroying
 74

untimely data, or converting it to an anonymous form. Security involves both

managerial and technical measures to guard against loss and unauthorized
access, destruction, use, or disclosure of the information. Administrative actions
include internal organizational measures that limit data access and ensure that
those with access do not utilize it for unauthorized purposes. Technical security
measures to stop unauthorized access include the following:

• Limiting access over access control lists (ACLs), network passwords,

database security, and other methods
• Storing data on secure servers that cannot be accessed via the Web or
modem
• Encryption of knowledge during transmission and storage. The Secure
Sockets Layer, or SSL, is considered to be acceptable when submitting
information via an internet site - but note that, unless the client system
features a digital certificate or other authentication upon which the server
can rely, SSL might not be acceptable for disclosure from server to a client.

5. Enforcement/Redress
The FTC has observed that "the core principles of privacy protection can only be
effective if there is a mechanism in a situation to enforce them." What that
mechanism is for your internet site will depend upon several factors. Your internet
site may need to suit specific privacy laws. Your organization may subscribe to an
industry code of practice or privacy seal program, both of which can include dispute
resolution mechanisms and consequences for failure to suit program requirements.
A personal action against your organization can be done if the organization is found
to be liable for a breach of privacy that caused harm to a private individual or entity.
Class-action lawsuits have also been brought, alleging privacy invasion.

Key Anonymity Issues

Data mining is applying statistical techniques and programmatic algorithms to get

previously unnoticed relationships within the info. Meanwhile, data profiling is the
process of assembling information of a few particular individuals or groups to get a
profile — an image of their patterns and behavior. Data profiling is often an incredibly
powerful tool for psychological and social network analysis. a talented analyst can
discover facts about a few people who are not even conscious of themselves.
(Surveillance, n.d.).

Economic (such as credit card acquisitions) and social (such as telephone calls and
e-mails) dealings produce large amounts of stored data and records in current society.
In the past, this data would be documented in paper records and would go away as a
"paper trail" or just not be documented at all. The connection of paper-based records
was a complicated process. It required human operators to get through documents
manually, which was time-consuming and not complete (Surveillance, n.d.).

But today, many of those records are electronic, leading to an "electronic trail." Every
payment through a credit card, a call from home, verified library book, rented video, or
otherwise complete recorded transaction generates an electronic record. Public
records—such as birth, court, tax, and other documents—are increasingly digitized
and made available online.
Company and Consumers Profiling
 75

Source: Center, E. (n.d.). EPIC - Privacy and Consumer Profiling. Retrieved September 09, 2020,
from https://www.epic.org/privacy/profiling/

Profiling is the recording and classification of behaviors. This happens through

aggregating information from online and offline purchase data, supermarket savings
cards, phonebook, surveys, lottery, competition entries, financial records, property
records, Census records, vehicle data, automatic number information, credit card
transactions, and telephone records (Customer Proprietary Network Information or
"CPNI"), credit records, product warranty cards, the sale of magazine and catalog
subscriptions, and public records. Profiling has sparked a whole industry
euphemistically labeled "Customer Relations Management" (CRM) or
"Personalization." Companies collect information derived from various resources to
create comprehensive profiles on individuals to sell products and sell reports on
behavior. This is often providing notice or extending an option to the individual to opt
out of the dossier building. Marketers could also employ these dossiers for target
advertising, and they could also be sold to the government for enforcement purposes.
Companies also enhance records that they already own by combining or overlaying
information from other databases. These records may link an individual's identity to
the subsequent attributes:

1. Social Security Number • Arrest records

2. Shopping preferences • Lifestyle preferences
3. Health information, • Hobbies (whether and
including diet type, what the individual
allergies, arthritis, collects)
incontinence/bladder • Religion (affiliation and
problems, diabetes, denomination)
hearing loss, prostate • Homeownership
problems, visual • Characteristics of
impairment, and congenital residence (size, number of
disabilities bedrooms and bathrooms,
4. Marital status sale price, rent, and
5. Financial situation mortgage payments)
(solvency, • Type of automobile owned
creditworthiness, loan • Features of a car owned
amounts, credit cards) (year, make, value, fuel
6. Date of Birth type, number of cylinders,
7. Sex presence of vanity or
8. Age special membership
9. Household income plates)
10. Race and ethnicity • Whether the individual
11. Geography responds to direct mail
12. Physical characteristics, solicitations
such as height and weight • Contributions to political,
13. Household occupants religious, and charitable
(whether an individual has groups
children) • Membership in a book,
14. Telephone number video, tape, and compact
15. Utility usage (electric or disk clubs
gas usage, telephone • Mail-order purchases and
usage, cable or satellite type
usage, Internet • Product ownership
(beeper, contact lenses,
 76

subscription, cellular electronics, fitness

phone usage) equipment, recreational
16. Magazine subscriptions equipment)
17. Occupation • Pet ownership and type
18. Level of education • Interests (including
19. Whether an individual is gambling, arts, antiques,
likely to respond to money- astrology)
making opportunities • Book preferences
• Congressional district • Music preferences
• Size of clothes worn • "Socialites"
• Habits (smoking)
Other factors, such as wealth, also index these profiles. Profiles can be purchased at
surprisingly low prices.

WORKPLACE MONITORING
Source: Admin. (2012, September 24). Menu. Retrieved September 09, 2020, from
https://www.surveilstar.com/blog/workplace-privacy-and-employee-monitoring/

Employers need to ensure their employees do an honest job, but employees do not
need their every sneeze or trip to the device logged. That is the vital problem of
workplace monitoring.

Through new technologies, employers can watch many features of their employees'
work, especially on telephones, computer terminals, electronic and voice mail, and
when employees are using the Web. The said virtual monitoring is not regulated. Thus,
unless company policy specifically states otherwise (and even this is often not
assured), your employer may listen, watch and skim most of your workplace
communications.

One company offers technology that claims to supply insight into individual employee
behavior supported by the trail of "digital footprints" created every day within the
workplace. Behavioral modeling technology can piece together all electronic records
to supply behavior patterns that employers may utilize to gauge employee
performance and conduct. For instance, it can be a search for word patterns, changes
in language or style, and communication patterns between individuals.

Current surveys have found that most employers monitor their employees. They are
motivated by concern over litigation and, therefore, the increasing role of electronic
evidence in lawsuits and agency investigations.

In the year 2007 survey by the American Management Association, the ePolicy
Institute found that two-thirds of employers monitor their employees' internet site visits
to stop inappropriate surfing. And 65% use software to dam connections to internet
sites deemed off-limits for workers. This is often a 27% upsurge since 2001 when the
survey was first conducted. Employers are worried about employees visiting adult sites
with sexual content, games, social networking, entertainment, and the like. 43% of
companies that monitor e-mail use technology to repeatedly monitor e-mail and 28%
of employers have fired workers for e-mail misuse.

Partially, employers track content, keystrokes, and time spent at the keyboard. And
12% monitor blogs to ascertain what is being written about the corporate. Another 10%
monitor social networking sites.
 77

Almost half of the businesses use video monitoring to counter theft, violence, and
sabotage. Of those businesses, only 7% state they use video surveillance to track
employees' on-the-job performance. Most employers notify employees of anti-theft
video surveillance (78%) and performance-related video monitoring (89%).

Key Issues in Workplace Monitoring

1. Telephone Monitoring
Can my employer listen to my phone calls at work?
Yes, in most cases. An employer may monitor calls with clients or customers for
reasons of quality control.

Privacy Tip: One of the best ways to ensure the privacy of your calls made at work
is to use your mobile phone, or another phone provided by your employer for
personal calls.

If I wear a headset, are my conversations with co-workers subject to

monitoring?
Yes. Your conversations with co-workers are subject to monitoring in the same way
that your conversations with clients or customers are. If you wear a headset, you
ought to be careful if you talk to a customer or client on the phone. Some headsets
have "mute" buttons, which permit you to show off the transmitter once you are not
using the phone.

Can my employer obtain a record of my phone calls?

Yes. A tool can record telephone numbers dialed from phone extensions called a
pen register. It allows the employer to ascertain an inventory of phone numbers
dialed by your extension and every call's length. This information could also be used
to evaluate the quantity of time spent by employees with clients.

2. Computer Monitoring
If you have got a computer terminal at your job, it is going to be your employer's
window into your workspace. There are several types of computer monitoring.

Employers can use computer software that permits them to ascertain what is on the
screen or stored within the employees' computer terminals and hard disks.
Employers can monitor Internet usage like web surfing and electronic messages.

People involved in intensive word-processing and data entry jobs could also be
subject to keystroke monitoring. Such systems tell the manager what percentage of
keystrokes per hour each employee is performing. It also may inform employees if
they are above or below the quality number of keystrokes expected.

Another computer monitoring technique allows employers to trace the quantity of

time an employee spends far away from the pc or idle time at the terminal.

Is my employer allowed to monitor what is on my terminal while I'm working?

Generally, yes. Since the employer owns the pc network and therefore the
terminals, they are free to use them to watch employees. Employees are given
some protection from computers and other sorts of electronic monitoring under
certain circumstances. Union contracts, for instance, may limit the employer's right
to watch.
 78

How am I able to tell if I'm being monitored at my terminal?

Most computer monitoring equipment allows employers to watch without the
employees' knowledge. But some employers do notify employees that monitoring
takes place. This information could also be communicated in memos, employee
handbooks, union contracts, meetings, or a sticker attached to the pc.

Employees determine about computer monitoring during a performance evaluation

when the information collected is employed to gauge the employee's work.

3. Electronic Mail and Voice Mail

Is electronic message private? What about voice mail?
In most cases, no. If an electronic message (e-mail) system is employed at a
corporation, the employer owns it and reviews its contents. Messages sent within
the corporate and people that are sent from your terminal to a different company or
from another company to you can be subjected to monitoring by your employer. This
includes web-based e-mail accounts like Yahoo and Hotmail, instant messages, and
voice mail systems. Generally, employees should not assume that these activities
are not being monitored and are private. Several workplace privacy lawsuits are
decided in the employer's favor.

When I delete messages from my terminal, are they still within the system?
Yes. Electronic and voice mail systems retain messages in memory even after they
had been deleted. Although it appears they are erased, they are often permanently
"backed up" on mag tape, alongside other essential data from the pc system.

My employer's electronic message system has an option for marking

messages as "private." Are those messages protected?
In most cases, no. Many electronic message systems have this feature, but it does
not guarantee your messages are kept confidential.

Is there ever a circumstance during which my messages are private?

Some employers use encryption to guard the privacy of their employees' electronic
messages. Encryption involves scrambling the message at the sender's terminal,
then unscrambling the message at the receiver terminal. This ensures the message
is read-only by the sender and his or her intended recipient. While this technique
prevents co-workers and industrial "spies" from reading your electronic messages,
your employer may have access to the unscrambled messages.

Are my text messages on an employer-provided telephone private?

An employer's policy regarding monitoring need not specify every means of
communication subject to the procedure. As an employee, you ought to assume that
any device provided by an employer could also be subject to monitoring, whether or
not such a tool is mentioned explicitly during a written policy.

4. Video Monitoring
Can employers use video monitoring within the workplace?
For the foremost part, yes. Video monitoring may be a commonplace method of
deterring theft, maintaining security, and monitoring employees. For instance, a
bank may utilize video monitoring to stop or collect evidence of a robbery. a
corporation can also use video monitoring in a parking garage as a security
measure for employee safety.
 79

Employers can also use cameras to watch employee productivity and stop internal
theft. Currently, federal law does not prohibit video monitoring even when the worker
does not know or consent to be monitored.

Are there situations where an employer cannot use video cameras?

In some instances, courts have upheld employee privacy. Specifically, courts have
sided with employee privacy in cases where the monitoring has been physically
invasive, like hidden cameras in a room or bathroom.

What about video cameras that include audio surveillance?

Video cameras that also capture sound recordings could also be subject to audio
recording laws, including wiretap and eavesdropping laws.

Federal law does not prohibit the sound recording of phone conversations as long
as both parties give their consent. Most states have extended this law to incorporate
recording in-person discussions.

5. Workplace Privacy Protections

What about my employer's promises regarding e-mail and other workplace
privacy issues? Are they legally binding?
Not necessarily. Usually, when an employer states a policy regarding any
workplace issue, including privacy issues, that policy is legally binding. Systems
are often communicated in various ways: through employee handbooks, via
memos, and in union contracts. There are usually exceptions for investigations of
wrong-doing. If you are not yet aware of your employer's workplace privacy
policies, it is good to be informed.

Are there any laws that affect workplace privacy?

Presently, there are only a few laws regulating employee monitoring. If you are
concerned about this issue, contact your legislators, especially the members of the
House and Senate Labor committees in Congress.

Table 3.1. Advantages and Disadvantages of Workplace Monitoring

ADVANTAGES DISADVANTAGES
• Maintaining a productive • Breed distrust and
workplace resentment
• Maintaining the security of • Monitoring encourages
confidential company data insincerity
• Protecting the investment in • Physical stress and
computers and other Psychological stress
equipment • Costs more money
• Protecting the business and
community reputation
• Cooperating with law
enforcement during
investigations of suspected
illegal activity
 80

ADVANCED SURVEILLANCE TECHNOLOGY

OBJECTIVES:

At the end of this lesson, the student will be able to:

 identify and explore the different advanced surveillance

technology
 81

Thoughts to Ponder
“There are no private lives. This is the most important aspect of
modern life. One of the biggest transformations we have seen in our
society is the diminution of the sphere of the private. We must
reasonably regard the fact that there are no secrets and nothing is
private. Everything is public.”
- Phillip K. Dick

What is Advanced Surveillance Technology?

Surveillance is the monitoring of the behavior, activities, or other changing information
of individuals surreptitiously. It most typically refers to the observation of people or
groups by government organizations. Disease surveillance, for instance, is monitoring
the progress of a disease in a community.
• The French word for surveillance means "watching over."
• May be applied to observation from a distance through equipment (such as
CCTV cameras), or interception of electronically transmitted information (such
as Internet traffic or phone calls) (Yann Picand, n.d.).

Surveillance is extremely useful to governments and enforcement to take care of group

action, recognize and monitor threats, and prevent/investigate criminal activity. With
the arrival of programs and technologies like high-speed surveillance computers and
biometrics software and laws, governments now possess an unprecedented ability to
watch the activities of their subjects (Yann Picand, n.d.).

Types of Surveillance
Source: Yann Picand, D. (n.d.). Definitions - Surveillance reports a problem. Retrieved September
11, 2020, from http://dictionary.sensagent.com/Surveillance/en-en/

1. Computer surveillance
The overwhelming majority of computer surveillance involves the monitoring of
information/data and traffic on the web.

There is an excessive amount of data on the web for human investigators to

manually search through all of it. So automated Internet surveillance computers sift
through the vast amount of intercepted Internet traffic and identify and report back
to human investigators traffic considered interesting by using certain "trigger"
words or phrases, visiting certain sorts of internet sites, or communicating via e-
mail or chat with suspicious individuals or groups. Billions of dollars per annum are
spent, by agencies like NSA and FBI, to develop, purchase, and implement
operating systems like Carnivore, NarusInsight, and ECHELON to intercept and
analyze all of this data, and extract only the data beneficial to enforcement and
intelligence agencies.

Computers also are a surveillance target due to the private data stored on them.
The NSA also runs a database referred to as "Pinwale," which stores and indexes
large numbers of e-mails of both Americans and foreigners.
 82

2. Telephones and mobile telephones

The official and unofficial tapping of telephone lines are widespread. In the US, for
example, the Communications Assistance For Enforcement Act (CALEA) requires
that each telephone and VoIP communication be available for real-time wiretapping
by Federal enforcement and intelligence agencies.

Mobile phones also are commonly used to collect location data. The geographical
location of a mobile phone (and the person carrying it) is often determined easily
(whether the phone is being used or not), employing a technique known as
multilateration to calculate the differences in time for a sign to travel from the
telephone to every cell tower near the owner of the phone. An issue has emerged
in the US over the legality of such techniques, particularly whether a court warrant
is required.

3. Surveillance cameras
Surveillance cameras are used for observing a neighborhood. They are often
connected to a recording device and I.P. network, and/or watched by a security
guard/law enforcement officer. Cameras and recorders are relatively expensive
and will require human personnel to watch/supervise the camera footage. Now with
cheaper production techniques, it is simple and cheap enough to be utilized in
home security systems and for everyday surveillance.

Managements often initially claim that cameras are meant to be used for control,
but many of them find themselves using them for general surveillance.

4. Social Network Analysis

One common type of surveillance is making maps of social networks supported by
data from social networking sites like Facebook, and Twitter, and from traffic
analysis information from call records like those within the NSA call database
among others. These social network "maps" are then data mined to abstract useful
information like personal interests, friendships, affiliations, wants beliefs, thoughts,
and activities.

5. Biometric surveillance
Biometric surveillance refers to technologies that measure and examine human
physical and/or behavioral characteristics for authentication, identification, or
screening purposes. Examples of physical features include fingerprints, DNA, and
facial patterns while behavioral characteristics include gait or a person's manner of
walking or voice. Furthermore, this surveillance system incorporates the use of the
unique configuration of a person's facial features to accurately identify them,
usually from surveillance video.

Ethical issues centering on biometrics:

• Concerns related to the privacy rights of individuals and personal identification

receive the most attention. One concern is about the ownership of the stored
biometric data.
• People perceive biometrics as offensive and invading their dignity, rights, and
space.
 83

• People feel untrustworthy and embarrassed. Moreover, people claim they are
being dehumanized.
• People fear being threatened by fraud and identity theft (i.e., having their
information accessed and misused by another person, like a disgruntled
worker, hacker, or thief, having their identity stolen).

Tip: To overcome biometric identification ethical issues, stored biometric data

must be protected. There should not be any unauthorized collection, use, and
retention of biometric data, and the biometrics to be deployed should be the
most effective and appropriate.

Fact: Compared to passwords, PINs, smartcards, and tokens (for user

authentication), biometric characteristics are more difficult to forge and steal.

6. Aerial surveillance
Aerial surveillance is the gathering of surveillance, usually visual imagery or video,
from an airborne vehicle—such as an unmanned aerial vehicle, helicopter, or spy
plane.

Digital imaging technology, miniaturized computers, and various other

technological advances over the past decade have contributed to rapid advances
in aerial surveillance hardware like micro-aerial vehicles, forward-looking infrared,
and high-resolution imagery capable of identifying objects at extremely long
distances.

7. Corporate Surveillance
Corporate surveillance is the monitoring of an individual’s or group's behavior by
an organization. The information collected is most frequently used for marketing
purposes or sold to other corporations but is additionally regularly shared with
government agencies. It is often used as a sort of business intelligence, which
enables the corporation to tailor their products and/or services to be desirable to
their customers. Oftentimes, the info is sold to other corporations for the
aforementioned purpose or is often used for marketing purposes, like the targeted
advertisements on Google and Yahoo, where ads are targeted to the user of the
program by analyzing their search history and e-mails.

8. Human operatives
Organizations that have enemies who wish to collect information about the group
members or activities face the difficulty of infiltration.

In addition to operatives infiltrating a corporation, the surveilling party may put

pressure on certain members of the target organization to act as informants (i.e.,
disclose the information they hold on the organization and its members).

9. Satellite Imagery
The U.S. Director of National Intelligence Michael McConnell on May 25, 2007,
authorized the National Applications Office (NAO) of the Department of Homeland
Security to permit local, state, and domestic Federal agencies to access imagery
from military intelligence satellites and aircraft sensors, which may now be used to
detect the activities of U.S. citizens. The satellites and aircraft sensors are going
to be ready to penetrate cloudiness, detect chemical traces, and identify objects in
 84

buildings and underground bunkers and can provide real-time video at much higher
resolutions than the still-images produced by programs like Google Earth.

10. Identification & Credentials

Some nations have a card system to assist identification, whilst many, like Britain,
are considering it but face public opposition. Other documents, like driver's
licenses, library cards, bankers, or credit cards, also are used to verify identity.

11. RFID & Geolocation Devices

Radio Frequency Identification (RFID) tagging is the use of very small electronic
devices (called 'RFID tags') that are applied to or incorporated into a product,
animal, or person for the aim of identification and tracking using radio waves. The
tags are often read from several meters away.

Many companies are previously "tagging" their workers, who are monitored while
at work. Workers within the U.K. went on a general strike in protest of getting
themselves tagged. They felt that it had been dehumanizing to possess all of their
movements tracked with RFID chips. Some critics have expressed fears that folks
will soon be tracked and scanned everywhere they go.

RFID device Verichip is produced by a corporation called Applied Digital Solutions

(ADS). Verichip is somewhat larger than a grain of rice and is injected under the
skin. The chip is enclosed in glass and stores a VeriChip Subscriber Number,
which the scanner uses to access their personal information, via the web, from
Verichip Inc.'s database, the Global VeriChip Subscriber Registry. Thousands of
individuals have already had them inserted. In Mexico, for instance, 160 workers
at the Attorney General's office were required to possess the chip injected for
biometric identification and access control purposes.

12. Global Positioning Systems (GPS)

In the U.S., police have implanted without a permit hidden GPS tracking devices in
people's automobiles to watch their actions. In early 2009, they were in conflict in
court that they need the proper way to do this. Several cities are running pilot
projects to require parolees to wear GPS devices to trace their movements once
they get out of prison.

13. Mobile phones

Mobile phones also are commonly used to collect geolocation data. The
geographical location of a mobile (and thus the person carrying it) is often
determined easily (whether it's getting used or not), employing a technique known
as multilateration to calculate the differences in time for a sign to travel from the
telephone to every of several cell towers near the owner of the phone.

14. Surveillance devices, or "bugs"

Surveillance devices, or "bugs," are hidden electronic devices that are used to
capture, record, and/or transmit data to a receiving party like an enforcement
agency. The U.S. has run numerous domestic intelligence, like COINTELPRO,
which have bugged the homes, offices, and vehicles of thousands of U.S. citizens,
usually political activists, subversives, and criminals.
 85

15. Postal services

As more people use fax and e-mail, the importance of surveilling the postal system
is decreasing, in favor of Internet and telephone surveillance. But interception of
posts remains an available option for enforcement and intelligence agencies, in
certain circumstances.

CONTROVERSY SURROUNDING SURVEILLANCE

Some groups of surveillance systems believe that these tools protect society from
terrorists and criminals. Other supporters simply believe that there is nothing that can
be done about it and that people must become familiar with taking no privacy. As Sun
Microsystems CEO Scott McNealy said: "You have zero privacy anyway. Recover
from it."

Another common argument is: "If you are not doing something wrong, then you do not
have anything to fear." Some critics state that this claim should be modified to read:
"As long as we do what we're told, we've nothing to fear."

For instance, an individual who is a member of a political group that opposes the
policies of the national government would not want the government to identify them so
that the government cannot easily subvert their organization, arrest them, or kill them.
Other critics state that while an individual won't have anything to cover immediately,
the government might later implement policies t which other groups oppose. Other
critics point to the very fact that the majority of people have things to cover. For
instance, if an individual is trying to find a replacement job, they would not want their
current employer to know this (Use of surveillance cameras Free Essay Example,
2020).
 86

INTELLECTUAL PROPERTY

Intellectual property (IP) pertains to any original creation of the human intellect such as
artistic, literary, technical, or scientific creation. Thus IP, in this way aids the economic
development of a country by promoting healthy competition and encouraging industrial
development and economic growth.
This unit defines intellectual property and explains the varying degrees of ownership
protection offered by industrial property and copyright. Furthermore, it focuses on the
Intellectual Property Code of the Philippines.
 87

INTELLECTUAL PROPERTY

OBJECTIVES:

At the end of this lesson, students will be able to:

 identify intellectual property

 explore industrial property
 understand copyright
 88

Thoughts to Ponder
“The intellectual property situation is bad and getting worse. To be a
programmer, it requires that you understand as much law as you do
technology.”
—Eric Allman
INTELLECTUAL PROPERTY
Intellectual Property (IP) refers to inventions, literary and artistic works, symbols,
names, and images used in commerce (What is Intellectual Property? n.d.).
IP is a somewhat nuanced concept, encompassing several different types of ideas.
Intellectual property is categorized into two:
1. Industrial Property - consists of signs transmitting information to consumers,
as regards products and services offered in the market. It is typically created
and used for industrial or commercial purposes. It includes patents for
inventions, trademarks, industrial designs, and geographical indications
(Peralta, 2013).
2. Copyright - a set of rights that is inevitably vested to someone who creates an
ingenious work – almost like a literary composition, music, movie, or software.
These rights include the proper way to breed the work, organize derivative
works, distribute copies, and perform and display the work publicly (“What is
Copyright?”, 2020).

Industrial Property
The industrial property takes a variety of forms, the main types of which are the
following:

1. PATENT

The Government, through the Intellectual Property (IP) Code of the Philippines,
issues a patent which is a right granted for a product, process, or an improvement
of a product or process which is new, inventive, and useful. These rights give the
inventor the right to exclude others from making, using, or selling the merchandise
of his invention during the lifetime of the patent.

Twenty (20) years is the term of protection of a patented product, giving an inventor
substantial commercial gain. The patent owner must share the complete
description of the invention in return. This information is made available to the
general public through the Official Gazette and may be utilized as a basis for future
research and can, in turn, promote innovation and development (Nicleus, 2014).

According to IPOPHIL (2020), the IP Code of the Philippines sets three (3)
conditions for an invention to be considered patentable:
1. it is new
2. involves an inventive step
3. industrially applicable
 89

In the IP Code, an invention is not considered new if it already forms a part of the
domain of prior art. Prior art is explained in the IP Code of the Philippines, Chapter
2, Section 24 – 24.2.

An invention that will be produced and utilized in any industry should be industrially
applicable.

2. UTILITY MODEL
According to IPOPHIL (2020), a Utility Model (UM) allows the right holder to
prevent others from commercially using the registered UM without his
authorization, provided that the UM is based on the Registrability Report.
Compared with invention patents, it is relatively inexpensive, faster to obtain, and
with less stringent patentability requirements.
Any technical explanation of a problem in any field of human activity which is new
and industrially applicable shall be registrable.

The provisions regarding “Non-Patentable Inventions” as provided for in Part 2,

Rule 202 of the Regulations for Patents shall apply, mutatis mutandis, to non-
registrable utility models:

1. Discoveries, scientific theories, and mathematical methods;

2. Schemes, methods, and rules of performing mental acts, playing games or
doing business, and programs for computers;
3. Methods for treatment for humans or animals by therapy or surgery and
diagnostic methods. This provision shall not apply to goods and composition
for use in any of these methods;
4. Plant varieties, breeds of animals, or biological procedures for the production
of plants or animals. This provision shall not apply to micro-organisms,
microbiological, and other non-biological processes.
5. Provisions under this subsection shall not preclude Congress to consider the
enactment of a law providing sui generis protection of plant varieties and animal
breeds and a system of community intellectual rights protection:
6. Aesthetic creations; and
7. Anything different to public order or morality.

3. INDUSTRIAL DESIGN
According to IPOPHIL (2020), the ornamental or aesthetic aspect of an article is
an industrial design. Design, in this aspect, may be three-dimensional structures
the shape or surface of an article, or the two-dimensional features which are the
patterns or lines of color. The focus of industrial designs ranges from fashion to
industrial goods - handicrafts, jewelry, vehicles, and appliances.

A registered industrial design owner has the right to prevent third parties from
making, selling, or importing articles bearing or embodying a design that is
substantially a copy of the protected design, when such acts are undertaken for
commercial purposes.

An industrial design must be original or an original creation to be registrable.

 90

The following designs shall not be registrable:

1. Industrial designs that are dictated essentially by technical or functional
considerations to obtain a technical result;
2. Industrial designs are mere schemes of surface ornamentations existing
separately from the industrial product or handicraft; and
3. Industrial designs conflict with public order, health, or morals.

4. TRADEMARK
According to IPOPHIL (2020), a word, a group of words, signs, symbols, logo, or a
combination thereof that identifies and differentiates the source of the goods or services
of one entity from those of others is called a trademark.

If you are a business, distinguishing your services or goods from others gives you
a viable edge. It protects a business’s brand identity in the market. Registration of
it gives the proprietor the exclusive rights to avoid others from using or exploiting
the mark in any way.

Aside from being a source identifier, differentiator, quality indicator, and

advertising device, a protective mark may also bring another stream of income to
the owner through licensing or franchising.

5. GEOGRAPHICAL INDICATIONS
According to WIPO, a symbol used on goods that have a selected geographical
origin and possess qualities or a reputation related to that place of origin may serve
as a geographical indication. Commonly, a geographical indication consists of the
place of origin of the products. Agrarian goods typically have qualities that derive
from their place of production and are influenced by specific local geographical
factors, like climate and soil. Whether a symbol functions as a geographical
indication may be a matter of national law and consumer perception. Geographical
indications could also be used for good sort of agricultural products, such as,
“Tuscany” for vegetable oil produced in a specific area of Italy, or “Roquefort” for
cheese produced in one region of France.

The use of geographical indications is not limited to agricultural products.

Geographical indications also highlight specific qualities of a product that are found
in the product’s place of origin, like specific manufacturing skills and traditions. The
place of origin could also be a village or town, a neighborhood, or a rural area. An
example of the latter is “Switzerland” or “Swiss”, perceived as a geographical
indication in many countries for products made in Switzerland and, especially, for
watches.

COPYRIGHT
According to IPOPHIL (2020), the legal protection extended to the owner of the rights
in an original work is called copyright. Original work refers to every creature in the
literary, scientific, and artistic domain.
 91

Some of the literary and artistic works enumerated in the IP Code include books and
other writings, musical works, films, paintings and other works, and computer
programs.

Copyright laws grant artists, authors, and other creators automatic protection for their
literary and artistic creations, from the moment they created them.

Recordation or deposit of your works is not necessary. Still, authors and artists may
opt to execute an affidavit of ownership with the National Library or the IPOPHIL for
the issuance of recordation and deposit.

What are the two types of rights under copyright?

1. Economic rights allow the creator to get remuneration from the exploitation of
his works by third parties.

Economic rights are the following:

 Transformation First, public distribution;
 Rental;
 Public display;
 Public performance; and
 Other communication to the general public of the work.

2. Moral rights make it possible for the creator to assume measures to require
care of and protect the private connection between himself and the work
(Philippines Board of Investments, n.d).

Moral rights include:

 Right of Attribution
 Right of Alteration
 Right of Integrity (object to any prejudicial distortion)
 Right to restrain the utilization of his name.

The exception to the moral rights

• When an author contributes to a collective work, his right to possess
his contribution attributed to him is deemed waived unless he
expressly reserves it. Collective work may be a work that has been
created by two (2) or more natural persons at the initiative and under
the direction of another with the understanding that the latter will
disclose it under his name which contributing natural persons won't
be identified.
• In the nonappearance of a contrary stipulation at the time an author
licenses or permits another to use his work, the required editing,
arranging, or adaptation of such work, for publication, broadcast, use
during a movie, dramatization, or mechanical or electrical
reproduction following the reasonable and customary standards or
requirements of the medium during which the work is to be used,
shall not be deemed to contravene the author's rights secured by this
chapter. Nor shall the destruction of a piece unconditionally
transferred by the author be deemed to violate such rights.
 92

Copyright Infringement

Copyright Infringement consists of infringing any right secured or protected under the
Code. It also consists of aiding or abetting such infringement (Copyright Law in the
Philippines: Federis, n.d.). The law also provides for the liability of a person who, at
the time when copyright subsists in a work, has in his possession an article which he
knows, or ought to know, to be an infringing copy of the work for:

• Selling or letting for hire, or by trade offering or exposing for sale or hire, the
article (Inter-library loans, 2019);
• Distributing the article for trade, or for any other purpose to an extent that will
prejudice the rights of the copyright owner in the work (Inter-library loans, 2019);
or
• Article in public trade exhibit (Inter-library loans, 2019).

Two Kinds of Copyright Infringement

1. Indirect Infringement

Even if you do not directly infringe any of the exclusive rights in copyright, you may be
guilty of indirect copyright infringement as either a “contributory infringer” or a
“vicarious infringer” if you help somebody else infringe.

• Contributory Infringement - results when somebody knows of the direct

infringement of another and substantially participates in that infringement, such
as inducing, causing, or materially contributing to the infringing conduct.
• Vicarious infringement - results when there has been direct infringement, and
the vicarious infringer is in a position to control the direct infringer and benefits
financially from the infringement.

Indirect infringement takes place when an authority (person), instead of terminating

and punishing the violators after he has known the violation, opts to contribute or give
in to the violation for the money profit.

2. Direct Infringement

It occurs when someone exercises one of the exclusive rights granted by the Copyright
Act without seeking the permission of the copyright owner. As an example, if you make
a copy of a book or a CD without the copyright owner’s permission, you have violated
the exclusive right to reproduce and have therefore committed copyright infringement.
While unauthorized copying is the most common form of direct infringement, a
violation of any of the exclusive rights constitutes copyright infringement. Direct
infringement, therefore, also includes a performance or adaptation made without the
author’s permission.

Why promote and protect intellectual property?

According to WIPO or the World Intellectual Property Organization, there are many
reasons why it is important to promote and protect intellectual property:
 93

1. The progress and well-being of humanity rest on its capacity to form and invent
new works within the areas of technology and culture.
2. The legal protection of the newest creations encourages the commitment of
additional resources for further innovation.
3. The promotion and protection of property spur economic processes, create new
jobs and industries and enhances the quality and delight of life.

An effective and equitable property system can help all countries to understand
intellectual property’s potential as a substance for economic growth and social and
cultural well-being.

The IP system helps strike a balance between the interests of innovators and the
public providing an environment during which creativity and invention can flourish, for
the advantage of all.
 94

KEY INTELLECTUAL PROPERTY ISSUES

OBJECTIVES:
At the end of this lesson, the student will be able to:

 Identify and understand the key intellectual property issues

 95

Thoughts to Ponder
"Stealing music is not right, and I can understand people being very
upset about their intellectual property being stolen."
-Steve Jobs

Key Intellectual Property Issues

Plagiarism

Using someone’s ideas or words as one’s own is known as plagiarism. The expression
of original ideas is protected by copyright laws, a bit like original inventions. Most sorts
of expression fall under copyright protection as long as they are recorded (such as a
book or a computer file) (Eugene McDermott Library, n.d.).

Eugene McDermott Library (n.d) identified the following as forms of plagiarism:

• turning in somebody else's work as your own

• copying ideas or words from somebody else without giving credit
• failing to place a quotation in quotation marks
• giving misinformation about the source of a quotation
• changing words but copying the syntax of a source without giving credit
• copying numerous ideas or words from a source that creates the bulk of your
work, whether you give credit or not.

Most cases of plagiarism are often avoided, however, by citing sources. Simply
acknowledging that certain material has been borrowed, and providing your audience
with the knowledge necessary to seek out that source, is typically enough to stop
plagiarism.

Reverse engineering

Reverse Engineering is the procedure of taking something apart to build a copy of it,
understand it, or improve it. It is originally applied to computer hardware but is now
applied to software as well. Reverse engineering of software involves analyzing it to
create a new representation of the system in a different form or at a higher level of
abstraction. Often, reverse engineering begins by using program code from which you
can extract design-stage details, which is a higher abstraction level in the life cycle. In
other words, design-level details about an information system are more conceptual
and less defined than the program code of the same system (Bonclaysama, 2011).

Reverse engineering can use the Code of the current database programming
language to recover the design of the information system application.

Other reverse engineering issues involve tools called compilers and decompilers. A
compiler is a language translator that converts computer program statements
expressed in a source language (such as COBOL, Pascal, or C) into machine
language (a series of binary codes of 0s and 1s) that the computer can execute.
 96

Decompilers and other reverse engineering techniques can be used to analyze a

competitor’s program by examining its coding and operation to develop a new program
that either duplicates the original or that will interface with the program.

Open Source Code

According to Landyvega (n.d.), open-source Code refers to any program whose

source code is made available for use or modification as users or other developers
see fit. Its advocates believe that this process produces better software than the
traditional closed model.

Here are several reasons why firms or individual developers create open-source Code
if they do not receive money for it:

• Some people share Code to earn respect for fashionably solving a standard
problem.
• Some people have used an open ASCII text file that was developed by others
and feel the necessity to pay back.
• A firm may develop an open ASCII text file in anticipation of earning software
maintenance fees when end users need changes and switch to the first
developer to implement the changes.

Competitive Intelligence

Competitive intelligence is the gathering of legally obtainable information to help a

company gain an advantage over its rivals. Competitive intelligence is often integrated
into a company’s strategic plans and decision-making.

Cybersquatting

Companies that want to establish an Internet presence know that the best way to
capitalize on the strength of their brand names is to make the names part of the domain
names for their websites. When the websites were first established, there was no
procedure for validating the legitimacy of requests for Web site names, which were
given out on a first-come, first-served basis. Some individuals cyber squat registered
domain names for famous trademarks or company names to which they had no
connection, with the hope that the trademark’s owner would buy the domain name for
a large sum of money.
 97

INTELLECTUAL PROPERTY CODE OF THE

PHILIPPINES

OBJECTIVES:

At the end of this lesson, the student will be able to:

 explore and understand IP Code of the Philippines

 98

Thoughts to Ponder
"It's very important to remember that it's your intellectual
property; it's not your computer. And in the pursuit of protection of
intellectual property, it's important not to defeat or undermine the
security measures that people need to adopt in these days."

-Stewart Baker

Intellectual Property Code of the Philippines

Source: https://www.swinburne.edu.my/library/about-library/inter-library-loans.php

Intellectual Property Code of the Philippines

R.A. No. 8293
The law:
Republic Act No. 8293 (R.A. No. 8293) is an Act prescribing the Intellectual Property
(IP) Code and establishing the Intellectual Property Office (IPO), Providing its powers
and functions, and other purposes otherwise known as the Intellectual Property (IP)
Code of the Republic of the Philippines

State policy declaration:

The State recognizes that an efficient intellectual and industrial property system is
significant to the event of domestic and artistic activity, attracts foreign investments,
facilitates the transfer of technology, and ensures market access for products. It shall
secure and protect the exclusive rights of inventors, scientists, artists, and other gifted
Filipino citizens to their property and creations, particularly when beneficial to the
people, for such periods as provided during this Act.

The use of intellectual property bears an affair. To the present end, the State shall
promote the diffusion of data and knowledge for the promotion of national development
and progress and the commonweal.

It is also the policy to streamline administrative procedures of registering patents,

trademarks, and copyright; liberalize the registration of the transfer of technology, and
reinforce the enforcement of property rights in the Philippines.

Effect on international conventions and the principle of reciprocity:

Any individual who may be a national or who is domiciled or features a real and
effective industrial establishment in a country that may be a party to any convention,
treaty, or agreement concerning intellectual property rights or the repression of unfair
competition, to which the Philippines is a party, or extends reciprocal rights to nationals
of the Philippines by law is entitled to benefits to the extent necessary to offer effect to
any provision of such convention, treaty or reciprocal law, additionally to the rights to
which this Act otherwise entitles any owner of a property right.
Laws repealed:
 99

Republic Act No. 8293 rescinded all Acts and parts of Acts inconsistent with, more
particularly:

R.A. No./P.D./Articles Provisions

Republic Act No. 165 An Act Creating a Patent Office,
Prescribing its Powers and Duties,
Regulating the Issuance of Patents, and
Appropriating Funds Therefor
Republic Act No. 166 An Act to Provide for the Registration
and Protection of Trademarks, Trade-
Names, and Service-Marks, Defining
Unfair Competition and False Marking
and Providing Remedies Against the
Same, and for Other Purposes
Presidential Decree No. 49 Decree on the Protection of Intellectual
Property
Presidential Decree No. 285 Decree on the Protection of Intellectual
Property

Parts of the law:

The Intellectual Property Code of the Philippines is divided into five (5) parts, to wit:

PART Inclusions
I The Intellectual Property Office
II The Law on Patents
III The Law on Trademarks, Service Marks, and Trade Names
IV The Law on Copyright
V Final Provisions

Intellectual property rights under the I. P. Code:

The intellectual property rights under the Intellectual Property Code are as follows:
1. Copyright and related rights;
2. Trademarks and service marks;
3. Geographic indications;
4. Industrial designs;
5. Patents;
6. Layout designs (topographies) of integrated circuits; and
7. Protection of undisclosed information.
Government Agencies:
The agency of the government in charge of the implementation of the Intellectual
Property Code is the Intellectual Property Office which replaced the Bureau of Patents,
Trademarks, and Technology Transfer. It is divided into six [6] Bureaus, namely:
[1] Bureau of Patents;
[2] Bureau of Trademarks;
[3] Bureau of Legal Affairs;
[4] Documentation, Information, and Technology Transfer Bureau;
 100

[5] Management Information System and EDP Bureau; and

[6] Administrative, Financial, and Personnel Services Bureau.

Functions of the Intellectual Property Office:

The property Office is remitted under the law to:

1. Examine applications for the grant of patents for inventions and register utility
models and industrial designs;
2. Examine applications for the geographic indication, registration of marks, and
integrated circuits;
3. Register technology transfer arrangements and settle disputes involving
technology transfer payments covered by the provisions of Part II, Chapter IX
on Voluntary Licensing and develop and implement strategies to market and
facilitate technology transfer;
4. Promote the utilization of patent information as a tool for technology
development;
5. Publish regularly in its publication the marks, utility models, patents, and
industrial designs, issued and approved, and the technology transfer
arrangements registered;
6. Administratively adjudicate contested proceedings affecting property rights;
and
7. Coordinate with other government agencies and the private sector efforts to
formulate and implement plans and policies to strengthen the protection of
property rights within the country.
 101

SOCIAL IMPACT OF INFORMATION TECHNOLOGY

Today's world has become a little village because of information technology. The
method of communication and transmission of data has become so fast that the
information has spread worldwide, and has greatly affected human life and
caused a complete change. The world now depends on technology. However,
knowing that this technology also carries a significant risk of destroying society,
some wonder what the new technologies of data and communication consist of
and what their effects on the daily lives of people are.
This chapter explains the impacts of ICT in various areas of life like society,
education, entertainment, workplace, health system and even government.
 102

SOCIAL IMPACT OF INFORMATION TECHNOLOGY

OBJECTIVES:

At the end of this lesson, students will be able to:

 explain the different social impacts of ICT in:

o private life and society
o education
o entertainment
o workplace
o health system
o government
 103

Thoughts to Ponder
“It is not about the technology; it’s about sharing knowledge and
information, communicating efficiently, building learning communities
and creating a culture of professionalism in schools. These are the
key responsibilities of all educational leaders.”

– Marion Ginapolis
Social Impact of Information Technology
History has observed that humanity went through several revolutions. The newest one is
the revolution of data and communication technology. This revolution caused a rupture of
everything old. Todays considered new may quickly become an old and obsolete trend
tomorrow. Due to these evolutions, the demand for data and communication technology
has increased.
Our world is witnessing a rapid evolution process with a need for information facilities in
terms of quantity, quality, and access to information to form the most straightforward
decision supported by the various changes and dynamics of the enterprise's environment.
This demonstrates the growing importance of data systems and their ability to satisfy the
requirements of enterprise information. This emphasizes the importance of developing
these systems and covering their effectiveness and efficiency. One of the critical elements
of those systems' success is that they need to become hooked into sophisticated
technology that has dramatically enabled access to information and reduced access costs.
The telecommunications area has undertaken a decisive transformation during a short
period because of the technological developments that underpin it. It has become the
infrastructure of what is known today because the knowledge economy depends on the
knowledge and its delivery methods within the shortest time and at rock bottom costs
possible. Thus, the Internet has put businesses ahead of a replacement challenge, which
is the acquisition of data and communication technology.
No one can doubt that information technology may be a fundamental and innovative
revolution that has touched human life considerably in the last century. Indeed, far from
being an effervescent phenomenon or a passing trend, information and communication
technology has just exploited various aspects of life.
Information technology (IT) uses any computers, storage, networking, and other physical
devices, infrastructure, and processes to make, process, store, secure, and exchange all
sorts of electronic data. It is utilized in the framework of enterprise operations as against
personal or entertainment technologies. The commercial use of IT encompasses both
technology and telephony.

ICT Impact on Private Life and Society

The social impact of ICT has two sides, it cannot be 100 percent negative or hundred
percent positive. Sociologists compared the effect of data technology on society to
reworking the planet from vast continents separating people and relatives, to a really small
village encompassing the whole world’s population, which is named globalization. Before
information technology, communication between people required days or even months to
reach one another. Because of information technology, communication between people in
 104

several parts of the world has become a simple and fast process, via different ways: instant
messaging, phone calls, or video calls.
The way people perceive reality has been changed by information technology. Modern
technology has changed our perspective on many concepts. It also changed our dealings
with many traditions and customs that were once considered sacred and the pillars of
society. Although the modern means of communication made the world a small village that
facilitates communication, these means also created a kind of alienation and divergence
within the family. Communication between members of the same family is almost non-
existent; worse, communication between people, in general, has become virtual. We note
the disappearance of human relations.
Furthermore, another negative impact of IT on society is poor language proficiency as this
skill consists of an individual’s ability to talk or perform using a target language. This is a
serious matter to be concerned about regarding the development of information
technology and its impact on society. Because of modern technology, students can now
communicate with their families and associates instantly using computers or mobile
applications such as Line, WeChat, WhatsApp, and the like. This application will make it
easier to communicate, but this can also be a reason for some to ignore the spelling of
different words and the usage of correct grammar. With the increasing amount of
information on the web, Internet users may come across inaccurate information and be
misinformed (IESC, 2018).

ICT Impact on Education

It is challenging and perhaps even impossible to imagine future learning environments that
are not supported, in one way or another, by Information and Communication
Technologies (ICT). Watching the present widespread diffusion and use of ICT in modern
societies, especially by the young – the so-called digital generation – it should be clear
that ICT will affect the entire learning process today and in the future. ICT has contributed
hugely to the development of education in some ways (Final Year Research Project Topics
& Materials from IPROJECT.,n.d.).
Education is considered one of the key pillars for the growth of the economy in a country
in this ICT era called "the Global ICT Society – a global society supported by a universal
technology." The education system is shifting rapidly due to ICT innovations, which
resulted in the Knowledge Society, also called the "knowledge and information society."
This society can be understood as "a society endowed with the ability and capacity to
generate and capture new knowledge and access, absorb and use the information and
ICTs effectively" (Nosmik, n.d.).
Information technology has made the education process more effective and productive. It
has increased the well-being of the students. Advanced education methods have made
this process easier, such as replacing books with tablets and laptops. The emergence of
e-learning platforms allows students to learn from their homes. These platforms can be a
useful alternative for people out of school or who have difficulties keeping up with their
teachers in class. These platforms give students the chance to review the courses with
more straightforward and more concrete explanations at every moment, and this reinforces
the educational process and leads to better results for most of the students (IESC,
A.,2018).
 105

ICT Impact on Entertainment

ICT improved communication during entertainment and leisure, introducing instant and
interactive chatting using social media sites. There are modern social media platforms that
allow people to interact directly without meeting physically. Social media platforms also
leave the exchange of entertainment material in visual and audio forms.
ICT aids the wide distribution of music through download websites. ICT helps in
disseminating content to several people at the same time. It has improved the organization
of entertainment and leisure activities. Some programs allow people to enjoy shared
activities from the comfort of their homes.
ICT paves the way for the spread of entertainment and leisure activities, which can be
accessed easily from the comfort of one's home. One can watch movies and hear music
directly from the web. ICT also supports playing online games. Entertainment material is
often stored using ICT products like compact discs and memory cards for future use. ICT
has improved the standard of entertainment and leisure activities by developing better
graphics for music and films (Joebest, 2020).
Furthermore, ICT has changed entertainment, making it far more popular, comfortable,
convenient, and enjoyable. Almost every area of entertainment is now digital technology,
enabling more entertainment options. ICT has revolutionized entertainment, whereby it
has dramatically enhanced the accessibility of music, movies, games, and gambling.
Music and films can now be purchased online free of charge or at a coffee cost. At present,
there is also a proliferation of online gambling sites.

ICT Impact in the Workplace

Nowadays, it is hard to find a workplace with no ICT equipment. The utilization of
computers and the Internet is one of the foremost prominent examples. Computers make
the method of working faster and easier, while web utilization is critical because it may be
a data source. Also, the utilization of email and instant messaging is as important as
communication tools (ICT at Workplace, 2008).
The impact of ICT has been good and bad on employment in the workplace. It resulted in
the creation of the latest jobs. New staff members are often required to perform tasks like
monitoring the ICT system, providing assistance, programming, and managing data.
However, it also causes job losses. As computer systems are often programmed to
perform various tasks, they will replace the workers that were initially trained to do those
tasks.

ICT Impact on Health System

In the field of the health system, medical devices have undergone an interesting
development. People in the medical field need to become more efficient. Because of the
IT sector, the earth has witnessed distance surgeries through the use of robots, artificial
legs, hands, and even artificial cardio-aortic valves.
"IT is of particular importance to healthcare delivery. Developments in the patient's
computerized records will enhance the efficiency, effectiveness, and distribution of health
 106

care. As managed care programs develop, population-based information will accelerate

the importance of health care providers and the public health community. The capacity to
transfer this information through telecommunication linkages, including telemedicine, will
revolutionize healthcare accessibility to underserved areas, including rural and urban
areas. These developments will raise substantial concerns regarding confidentiality and
privacy because health information could also be very relevant to employment and
insurability. Efficient, effective, reliable information systems could enhance the human
quality of patient/doctor interactions by specializing in clinical decision-making and patient
preferences instead of systematic data collection. In this regard, information technology
might enhance the standard of that interaction" (IESC, 2018).
The development of the sector of drugs is vital for humanity. It is the idea of living a healthy
life away from disease and pain.

ICT Impact on Government

ICT is an essential channel for gaining knowledge, increasing political awareness, making
consciousness, understanding and guiding citizens, and managing political and social
forces and groups. ICT serves as a tool for the development of transparency, government
accountability, and the reduction of corruption. E-Government uses ICT for more efficient
and more economical delivery of government services (Impact of information and
communication technology (ICT) on governance quality, n.d.).
The government agencies should adopt complete ICT solutions that are appropriately
designed to handle their day-to-day activities. Otherwise, instead of being models that
encourage others to use ICT, they may contribute towards dissuading them.
 107

ETHICAL ISSUES

This unit provides a thorough discussion of the software development process and the
importance of software quality. This unit covers issues on software manufacturers and
deciding “how good is good enough” with regard to their software products—particularly
when the software is safety-critical and has software glitches.

Topics include software product liability, risk analysis, and different approaches to quality
assurance testing.

This unit also examines Capability Maturity Model Integration (CMMI), the ISO 9000
family of standards, and the failure mode and effects analysis (FMEA) technique.

It also presents ethics in Business and Governance, Ethical Issues and Implications of
E-Commerce, Employee/Employer Issues, Use of Non-Traditional Workers, Contingent
Workers, H-1B Workers, Offshore Outsourcing, Whistle Blowing Protection for Whistle
Blowers and Dealing with a Whistle Blowing Situation.

.
 108

SOFTWARE DEVELOPMENT PROCESSES AND

ETHICS

OBJECTIVES:

At the end of this lesson, students will be able to:

 provide a thorough discussion of the Software Development

Processes and Ethics;
 learn the essential of Capability Maturity Model for Software;
 gain understanding of the Development of Safety-Critical
Systems; and
 discuss the importance of Quality Management Standards
 109

Thoughts to Ponder
Any process that tries to reduce software development to a “no brainer” will
eventually produce just that: a product developed by people without brains.
-Andy Hunt and Dave Thomas, “Cook Until Done”

Software Development Processes and Ethics

High-quality software systems are easy to understand and use because they perform
quickly and efficiently; they meet their users’ needs. They operate reliably and safely,
so that system downtime is kept to a minimum. The software has long been required
to support nuclear power, air traffic control, health care, automobile safety, space
exploration, and military and defense. Nowadays, computers and software have
become integral parts of almost every business, and the need for high-quality software
is in demand. End users cannot afford lost work, lower productivity or system crashes,
nor can they tolerate security holes through which intruders can steal data, spread
viruses, or shut down Internet sites. Software manufacturers face ethical,
organizational, and economic challenges associated with improving the quality of their
software.

A defect in software is an error that if not removed can cause the software to fail to
satisfy the needs of the user. The impact of those defects is often trivial; for instance,
a computerized sensor during a refrigerator’s cube maker might fail to acknowledge
that the tray is full and still make ice. Other defects could lead to tragedy—the system
for an automobile’s antilock brakes could malfunction and send the car into an
uncontrollable spin. The defect could be subtle and undetectable, like a tax preparation
package that creates a minor miscalculation; or the defect could be glaringly obvious,
like a payroll program that generates checks with no deductions for taxes, loans, etc.
(Anonymous, 2016).

According to Ethics in Information Technology (n.d.) here are some notable software
bugs that have occurred:

• Nokia’s Lumina 900 smartphone had a software problem that could cause
the device to lose its high-speed data connection. The company had hoped
that the new smartphone would help raise its share of the U.S. market,
which had slipped below 1 percent. The software glitch was a major setback
for the firm and caused it to lower its profit forecasts. As a result, Nokia
shares hit a 15-year low.
• The IRS plans to invest $1.3 billion through 2024 to update its software for
handling the filing of tax returns; however, an early change designed to
speed up the processing of tax returns resulted in refunds that were delayed
by up to 10 days for millions of taxpayers in 2012.
• Some 4,000 owners of the 2013 Chevy Volt were informed that a software
bug could cause their plug-in hybrid car’s electric motor to shut down while
the vehicle is in motion.
• In late 2012, many people looking to take part in a Georgia Powerball game
were upset when a software error interrupted sales of tickets for the $425
 110

million jackpot. The problem was widespread, affecting many locations in

Georgia, lasting most of the day of the drawing.
• Washington State University recently implemented a $15 million software
system designed to handle all major student processes—from registering
for a class, to paying tuition, to scheduling advisers. Unfortunately, user
unfamiliarity with the system and software bugs led to lengthy delays in
processing financial aid. Many students who normally rely on financial aid
had to dip into reserve funds or call upon parents to help pay for tuition,
books, housing, and food until they could receive their financial aid.
The scope to which a software product meets the needs of its users is software quality.
Quality management focuses on measuring, refining, and defining the development
process's quality and the products developed during several stages. These products
— including flowcharts, user documentation, and statements of requirements — are
known as deliverables. To help developers deliver high-quality systems that encounter
their users' needs is the objective of quality management. Unfortunately, the first
release of any software rarely meets all the expectations of the users. A software
product does not usually work well as its users would like it to until it has been used,
found deficient in some ways, and then upgraded or corrected (Hogdend, 2013).
The leading cause of low software quality is that many developers do not know how
to design quality software from the start. To develop high-quality software, developers
must follow and define a set of software engineering principles and be committed to
learning from past errors. Also, they need to understand the environment in which their
systems will operate and design systems that are as resistant to human error.
All software programmers and designers make mistakes in defining user requirements
and turning them into programming code. According to one study, even
knowledgeable software developers unknowingly inject an average of design or
implementation defects in every 7 to 10 lines of code. The developers are not lazy or
incompetent—they are just human. Everyone makes errors or mistakes, but in
software, these errors or mistakes can result in defects.
Another feature that can contribute to poor-quality software is the extreme pressure
that software companies feel. They are driven by the necessity to beat the competition
in delivering new functionality to users, to start generating revenue to recover the value
of development, and to point out a profit for shareholders. They are also driven by the
necessity to satisfy quarterly earnings forecasts employed by financial analysts to put
a worth on the stock. The time and resources needed to ensure quality is usually cut
under the extreme pressure to ship a replacement product.
As an outcome of the lack of consistent quality in software, many organizations avoid
buying the first release of a software product or exclude its use in critical systems; their
rationale is that the first release often has many defects that cause problems for users.
Due to the defects in the first two famous Microsoft operating systems (DOS and
Windows), including their tendency to crash unexpectedly, many believe Microsoft did
not have a reasonably reliable operating system until its third significant variation—
Windows NT.
Even software products that are reliable over a long period can falter suddenly when
operating conditions change.
 111

Importance of Software Quality

When most people first think about software, they think of business information
systems. A set of interrelated components that include software, hardware, networks,
databases, procedures, and people that collect data, process it, and disseminate the
output is known as business information systems.

The one that captures and records business transactions is a common type of
business system. An example is the manufacturer’s order-processing system that gets
order information, processes it, updates inventory and financial records, and ensures
that the order is complete and shipped on time to the customer.

A decision support system (DSS) is another type of business information system,

which is used to improve decision-making in different companies. It can be used to
recommend stocks and bonds for an investment portfolio, develop accurate forecasts
of customer demand, or schedule shift workers in such a way as to minimize cost while
meeting customer service goals. Significant undesirable consequences for an
organization and its customers are a result of a software defect.

But the question is how important it is for a business to have quality software. What
will be the impact of poorly developed software on a business?

• A software defect can be devastating, resulting in reduced revenue and lost

customers.
• Any defect in software can lead to increased waste and costs, decreased
product quality, or even unsafe operating conditions for employees.
• A software defect can have minor consequences, such as clothes not drying
long enough, or it can lead to much more serious damage, such as the patient
being overexposed to X-rays.

Software is also used to control many company processes to eliminate human error,
improve quality, reduce costs, and shorten the time it takes to manufacture products.
For example, steel manufacturers use process-control software to capture data from
sensors, the equipment that rolls steel into bars, and the boiler that heats the steel
before it is rolled. Without process-control computers, employees could react to
defects only after the fact and would have to guess the alterations needed to correct
the process.
Process-control computers allow the process to be monitored for variations from
standards of operation and to eliminate product defects before they affect the quality
of the product. Any defect in software can lead to increased waste and costs,
decreased product quality, or even unsafe operating conditions for employees.
As a result of the massive use of computers and software in business, many
companies are now in the field of software business whether they like it or not. The
usability, timely development, and quality of software are critical to most industries.
The speed with which a corporation develops software can put it before or behind its
competitors. Software problems may have caused frustrations in the past, but
mishandled software can now be fatal to a business, causing it to miss product delivery
 112

dates, incur increased development costs, and deliver products that have poor quality
(ConstableButterfly13529, n.d.).

Software Product Liability

According to Software Development (n.d.), software product litigation is certainly not
new. Product liability is the liability of sellers, lessors, manufacturers, and others for
injuries formed by defective products.

If a software defect causes injury to users, purchasers, or lessees of the goods or

product, injured parties may be able to sue. Injuries range from physical mishaps and
death to an increase in expenses or loss of revenue due to a business disturbance
caused by a software failure. Software product liability claims are often based on strict
liability, negligence, breach of warranty, or misrepresentation.

Strict liability means that the offender is held accountable for injuring another person,
regardless of intent or negligence. The complainant must prove only that the software
product is unreasonably dangerous or defective and that the defect caused the injury.
There is no condition to prove that the manufacturer was careless or negligent or to
prove who caused the defect. All parties in a certain chain of distribution—the
manufacturer, subcontractors, and distributors—are strictly liable for injuries caused
by the product and may be sued.

A warranty guarantees buyers or lessees that a product meets a certain standard of

quality. A warranty may be either implied by law or expressly stated. Express
warranties can be written, oral, or conditional on the seller’s conduct.

For example, sales contracts encompass an implied warranty of merchantability,

which involves that the following standards be met:

• The goods or products must be fit for the ordinary purpose for which they
are used.
• The goods or products must be adequately contained, packaged, and
labeled.
• The goods or products must be of an even kind, quality, and quantity within
each unit.
• The goods or products must conform to any affirmation or promise of fact
made on the container or label.
• The quality of the goods or products must pass without opposition in the
trade.
• The goods or products must meet a fair average or middle range of quality.

If a good or product fails to meet its warranty, the lessee or buyer can sue for breach
of warranty. Most unsatisfied customers will first seek a substitute product, a
replacement, or even a refund before filing a lawsuit.
 113

The complainant must have a valid contract that the supplier did not fulfill to win a
breach of the warranty claim. Most software manufacturers give limited warranties and
disclaimers to avoid any claim of misrepresentation.

Software Development Process

The development of information system software is not a simple process. It requires
completing many activities, with many dependencies among the various activities.
Systems analysts, architects, programmers, project managers, database specialists,
trainers, testers, and documentation specialists are all involved in software projects.
Each of these groups has a function to do and has specific tasks and responsibilities.
In addition, each group creates decisions that can affect the quality of the software
and the skill of an individual or an organization to use it effectively.

Most software companies have implemented a software development methodology or

process—a standard, established work process that enables project managers,
systems analysts, programmers, and others to make controlled and orderly progress
while developing high-quality software. A methodology explains activities in the
software development process and the group and individual tasks for achieving these
activities. It also recommends specific techniques for achieving the various activities,
such as using a flowchart to document the logic of a computer program. A
methodology offers guidelines for managing the quality of software during the various
stages of development. Figure 6.1 shows the methodology the company undertakes
concerning software development.

Figure 6.1. Software Development Methodology

It is easier and cheaper to avoid software problems from the beginning, rather than
attempt to fix the damages after.
According to Ethics in Information Technology (n.d), if a defect is exposed during a
later stage of development, some revision of the deliverables formed in previous
stages will be essential. The later the error is detected, the greater the number of
individuals who are going to be suffering from it. Thus, the greater the costs are going
to be to communicate and fix the error. Thus, software developers try to identify and
remove errors early in the development process not only as a cost-saving measure
but also as the most effective way to improve software quality.
 114

A product containing integral defects that harm the user could even be the area of a
product liability suit. The use of an efficient methodology can protect software
manufacturers from legal liability in two ways. First, an efficient methodology reduces
the number of software that can occur. Second, if an organization follows widely
acknowledged development methods, negligence on its part is harder to prove.
However, even a successful defense against a product liability case can cost many
thousands of dollars in legal fees. Thus, failure to develop software carefully and
consistently is often serious in terms of liability exposure.
The methods within the development cycle are designed to ensure the reliable
operation of a product. These methods are applied at each stage of the event cycle
and are understood as Quality assurance (QA). However, some software
manufacturing organizations without a proper standard approach to QA consider
testing to be their only QA method. Rather than checking for errors throughout the
event process, some companies bank on testing just before the product ships to
ensure some extent of quality.
According to Ethics in Information Technology (n.d.), there are different types of tests
used in software development:
Dynamic Software Testing
Software is developed in units called subroutines or programs. These units are
combined to make large systems. One approach is to check the code for a completed
unit of software by actually entering test data and comparing the results with the
anticipated leads through a process called dynamic software testing. There are two
forms of dynamic software testing:
• Black-box testing - involves observing the software unit as a tool that has
expected input and output behaviors but whose internal mechanisms are
unknown (a black box). If the unit demonstrates the expected behaviors for all
the input data within the test suite, it passes the test. Black-box testing takes
place without the tester having any knowledge of the character or structure of
the actual code. For this reason, it is often done by someone apart from the one
that wrote the code.
• White-box testing - treats the software unit as a tool that has probable input
and output behaviors but whose internal workings, unlike the unit in BlackBox
testing, are known. White-box testing contains testing all possible logic paths
through the software unit with thorough knowledge of its logic. The test data
must be carefully constructed so that every program statement executes a
minimum of once. As an example, if a developer creates a program to calculate
an employee’s gross pay, the tester would develop data to see cases during
which the worker worked but 40 hours, exactly 40 hours, and quite 40 hours (to
check the calculation of overtime pay).
Other Types of Software Testing
• Static testing — Static analyzers are special software programs that are run
against new code. Instead of reviewing input and output, the static analyzer
looks for suspicious patterns in programs that may indicate a defect.
• Integration testing — After successful unit testing, the software units are
combined into an integrated subsystem that undergoes rigorous testing to
 115

make sure that the linkages among the varied subsystems work
successfully.
• System testing — After successful integration testing, the varied
subsystems are combined to check the whole system as an entire entity.
• User acceptance testing — Independent testing is performed by trained
end-users to make sure that the system operates as they expect.

Quality Management Standards

The International Organization of Standardization (ISO), founded in 1947, is a
worldwide federation of national standards bodies from some 100 countries (ISO,
2015).

In 1988 the ISO issued its 9000 series of business management standards. The
standards require organizations to develop formal quality management systems that
specialize in identifying and meeting the wants, needs, and expectations of their
customers.

The ISO 9000 standard serves many various industries and organizations as a guide
to quality products, services, and management.

To get the certification, the organization must undergo an examination by an external

assessor. To be certified, an organization must do three things:
1. Have written procedures for everything they do.
2. Follow those procedures.
3. Prove to an auditor that they have written procedures and that they follow
those procedures. This can require observation of actual work practices and
interviews with customers, suppliers, and employees.

The various ISO 9000 series of standards address the following activities:

ISO 9001 Design, development, production, installation, servicing

ISO 9002 Production, installation, servicing
ISO 9003 Inspection and testing
ISO 9000-3 The development, supply, and maintenance of software
ISO 9004 Quality management and quality systems elements

Many software development organizations are applying ISO 9001 to meet the special
needs and requirements associated with the purchase, development, operation,
maintenance, and supply of computer software.

Ethical Issues in Software Development

 116

Source: Jennifer. (n.d.). Ethical Issues in Software Development - PDF Free Download. Retrieved
September 24, 2020, from https://qdoc.tips/ethical-issues-in-software-development-pdf-free.html

A. Using Open Source Code

Open source is source code that is readily available to the user. In other words, the
application contains the source code that was used to create the product.

There are three particular types of open source code:

1. Licensed Source Code: The source code may contain a General Public
License (GPL) or Library General Public License (LGPL) that details how the
software and the source code are to be distributed, copied, and modified.

2. Copyrighted or Credited Source Code: The source code may be freely

published on an Internet site with the author’s permission for the programmer
to use the source code as long as the author is credited in the code.

3. Public Domain: The source code may be in the public domain, which means
that the author explicitly relinquishes all rights to the software. In other words,
the code is free to use without consequence.

The first two types do pose ethical issues to the programmer and therefore the third
type of source code does not cause any ethical issues because there is no obligation
to produce credit to be used. In the case where the open source code contains a GPL
or LGPL, the programmer must follow the principles as stated in the GPL or LGPL.
Some companies do follow the license. For instance, IBM’s Web sphere product relies
on the Apache Web Server, and up until the most recent re-write that no longer uses
Apache code, IBM included the GPL for Apache Web Server in their literature about
the software. However, some companies do not follow the GPL.

In some cases, the businesses claim the code as their own. To assist companies in
using the GPL properly, the Free Software Foundation launched the GPL Violations
Project. This watchdog organization monitors companies that are using open-source
projects in their software development to ensure that the GPL is referenced correctly.

In the case where the open source code has no license, but the author explicitly
requests that s/he is referenced within the developer’s code, some programmers do
not do that, mainly because the author is not a company entity. In most cases, it had
been difficult for the programmer to prove that a developer plagiarized his/her code.
With the passing of the Digital Media Copyright Act (DMCA), this will become a
significant issue for developers who frequently use code without crediting the original
author. Consistent with the DMCA, if someone publishes information on the web, that
information is automatically copyrighted as long as the author says so.

B. Using Illegal Software

Due to time and money crunches, it is tempting for a corporation to use a pirated copy
of software or violate the software license. A number of the largest companies have
used pirated copies of software or violated the software licensing rules in the past.
 117

Some companies still illegally use software despite the very fact that software
companies lose $12 billion in revenues because of software piracy and license
violations.

C. Reverse Engineering Code

Reverse engineering may be a controversial and confusing subject within the software
development world. Out of all the problems mentioned, this issue frequently creates
dilemmas for software engineers and corporations. Reverse engineering is the
process of decompiling an application to reveal the source code. During the early times
of software development, many software engineers engaged in the practice of reverse
engineering to seek out how a specific program acted. With the passing of the DMCA,
reverse engineering has now legal implications.

Software companies and developers who are using reverse engineering to check
security problems or to seek out how the code works to form a program compatible
with other hardware platforms can reference many cases where US courts determined
that reverse engineering for that purpose is legal. However, both the businesses and
developers need to be prepared for the possibility of being sued by another company
or developer. Before attempting a project where reverse engineering is important,
software companies and developers should contact legal counsel for assistance
regarding this matter.

D. Not Addressing Known Bugs

To satisfy deadlines, software programmers and corporations have a bent to scrimp
on quality assurance testing. As a result, either quality assurance misses finding major
flaws within the software, or major flaws that are discovered are not fixed because
there is not enough time to re-test the fix. These flaws cause huge losses for
businesses and inconveniences to thousands of individuals.

Microsoft is usually in the news regarding security flaws and bugs found in its operating
systems. For instance, in 2003, Microsoft released news of a critical flaw in its
operating systems that allowed hackers to access a person’s machine and take hold
of the machine by running any program the hackers wished.

Although a software company or developer cannot be sued for bugs that cause
damage as long as they state that they are not liable, a reputation of a software
company or developer might be ruined by releasing untested or bad code.

E. Taking Talent from the Competition

Companies that take talents from the competition are placed at an advantage. The
company can get proprietary information about technology and can put the competition
at an obstacle by reducing the human resources needed for software projects.
Companies attempt to prevent talent from getting to competitive firms by having their
employees sign non-compete agreements. However, even with a signed non-compete
agreement, companies can still face a legal battle over the wording of the document,
including whether the document is impeding an employee’s “right to work”. If the
corporate did not require its employees to sign non-compete agreements, a competing
company can easily take its talent pool from another company. However, even without
the non-compete clause, the corporate can face legal action from the competitor.
 118

In 2006, the case of Microsoft vs. Google appeared in the Washington court. This case
addressed whether a non-compete agreement was violated. Based on the article
written by Elinor Mills on C-Netnews, Google hired Kai-Fu Lee, a former Microsoft
executive from China, to run the Chinese branch of Google. However, Microsoft
contends that the role that Mr. Lee would perform at Google (recruiting staff for the
developer center in China) was an immediate violation of the non-compete agreement
that Mr. Lee signed at Microsoft. The court ruled that recruiting workers in China was
not a violation of the non-compete agreement, but he was not allowed to figure out
technologies, set budgets or salaries, or choose what research Google can be
neutralized in China.

Although many users will pop a disk into their computer without much thought, there
are various legal issues surrounding software development and usage. Software
development may be a growing industry that employs workers from around the world.
In theory, almost anyone can engage in development because free tools are readily
available. Awareness of legal issues in software development is vital, however. Even
software that is supposedly offered for free features several legal factors surrounding
its use. Without familiarity with these issues, you will end up on the incorrect side of a
court case.

Software Patents (Copyright)

Software patents are a controversial sort of property protection that covers practical
methods of accomplishing a task in a new and non-obvious way through the utilization
of a programing language. Patents were originally invented to encourage innovation
by allowing companies to possess exclusive rights to an invention to recover the prices
of making it. Many of those costs do not exist with software because it is not a tangible
product. The sheer volume of software production results in instances where multiple
programs accomplish tasks in the same way. Additionally, it is not always clear what
is "non-obvious" when it involves programming methods. As a result, violation cases
are plentiful within the software world. Software developers must be careful to make
sure they are not infringing on any software patents during development.

Licensing
The license under which a bit of software is released determines the legal rights of
those who use the software. Some licenses, just like the GNU General Public License
(the GNU GPL), allow users to switch the source code and redistribute the new
program under the condition that the new program is additionally licensed under the
GPL. Software licenses can impact the event of the latest software if licensed source
code or tools are being used in the development of that software. Violation of those
licenses allows the copyright holder to hunt reparation for any damages in court.

Liability
Software developers may need to consider liability issues for any damage caused by
their software. Users may sometimes attempt to sue if the software does not work
properly or leads to data loss or hardware damage. Developers plan to counter this by
issuing an end-user licensing agreement (EULA) with their applications. This
agreement must be accepted by the user before the installation of the software.
Whether or not these agreements are legally enforceable tends to vary from case to
 119

case in court. End-user licensing agreements are often long, difficult to read, and
unavailable for review before the acquisition of a software package. Although this calls
their legal viability into question, courts have upheld the terms of those agreements on
multiple occasions.

Solving Ethical Problems

Ethical problems in the software industry can cause legal consequences, such as fines
and civil suits, and it can cause business ramifications, such as a ruined reputation
that will cost the company sales. What can software developers and companies do to
help prevent problems? While these suggestions may help prevent problems caused
by unethical behavior, it is not a guarantee that they will solve all the problems.
a. Assign a task to a compliance officer to make sure that the licenses are being
used properly.
b. Consult with the legal department about non-compete agreements and fair use
with reverse engineering non-compete agreements, which help prevent talent
raiding. The fair use of reverse engineering has numerous legal implications.
Before beginning a project where reverse engineering is necessary, or before
devising a non-compete agreement, companies and developers should consult
with an attorney who is familiar with these subjects. The attorney can guide the
developers and companies on the correct way to perform these actions.
c. Let the public know about flaws or delays in the software release.
d. Publish ethical guidelines on software development. When developing a guideline,
companies and developers should consult with an attorney who is familiar with the
legal issues of software development.
 120

Business and Governance

OBJECTIVES:
At the end of this lesson, students will be able to:

 define the meaning of E-Commerce;

 enumerate the benefits of E-Commerce;
 distinguish the ethical and moral implications of E-Commerce;
 learn the government’s involvement in E-Commerce;
 differentiate E-Government and E-Governance; and
 gain understanding of the Ethical Issues and Implications of E-
Commerce
 121

Thoughts to Ponder
“If you build a great experience, customers tell each other about
that. Word of mouth is very powerful. ”
-Jeff Bezos, Amazon

What is E-Commerce?
The ability of a corporation to possess a dynamic presence on the web which allowed
the corporate to conduct its business electronically, in essence having an electronic
shop, is understood as E-Commerce or Electronic Commerce. Products are often
advertised, sold, and purchased electronically without the necessity for them to be
processed by a person. (E-commerce, n.d.).

The biggest advantage of E-Commerce is the ability to provide secure shopping

transactions via the web matched with almost instant verification and validation of
MasterCard transactions. This has caused E-Commerce sites to explode as they cost
less and can serve more customers.

In the broad meaning, electronic commerce (E-Commerce) may be a means of

conducting business using one among many electronic methods, usually involving
telephones, computers (or both). E-Commerce is not about the technology itself, it is
about doing business using the technology.

Figure 6.2. Number of internet users in the Philippines as of January 2020

(in millions)
Sanchez, P., & 3, S. (2020, September 03). Philippines: Number of internet users 2020. Retrieved
September 24, 2020, from https://www.statista.com/statistics/221179/internet-users-philippines/

According to Sanchez, et al. (2020) going digital is inevitable and plenty (if not all
services) are now accessible online. Accessing the web is now the most popular tool
 122

for consumers in the Philippines. The product value of the internet economy helped
boost industries as a result of their existence online, making the marketing of the
products and services much easier. Booking travels, online media, transport, selling
products, and food deliveries are the blooming businesses within the Philippines
through digitalization.

With this increasing Internet usage among Filipino citizens, the digital market is
significantly emerging as part of the typical local stores.

Benefits of E-Commerce

E-Commerce offers many advantages to businesses of all types and sizes. The main
advantages are:

1. Access to a global Market - The web allows companies to access the global
market instead of just the potential customers within the surrounding area of their
physical location. Because the website site is open 24 hours daily, time differences
between countries are no longer a problem. You do not have to rise early to order
something in another country anymore (A web marketing campaign, n.d.).

2. Cutting out the Middleman - Businesses can sell directly to the buyer instead of
having to sell to a supplier. This implies that the company can usually offer the
merchandise at a discount compared to their retailers because only one company has
got to make a profit instead of two or more (A web marketing campaign, n.d).

3. A Level Playing Field - A small business can compete and show itself as a
professional company as much as a large one as finances for setting up a professional
website are relatively inexpensive to the amount of return you can get on them (E-
commerce n.d.).

4. Open 24 Hours a Day - With fully automated order processing and payment
systems, your site will never be closed even if your office or warehouse is. Orders can
be dispatched during opening hours while orders can be taken 24 hours a day. This
has great advantages for people who might be at work or busy during normal working
hours of some shops.

5. Greater Customer Satisfaction - An E-Commerce site can be a powerful tool for

building customer loyalty if it is effective enough. A well-designed Internet site puts the
customer in charge of the relationship. They can browse, ask for help, buy, or track
the progress of orders they have placed where they want and when they want (What
is E-Commerce? - Meaning, Definition, Types and Strategies, 2019).

6. Reduced Marketing Costs – Using word of mouth can be incredibly powerful on

the Web through e-mail recommendations and search engine rankings. You can
achieve a great deal through growth by treating customers well, keeping them
informed about your activities, and benchmarking yourself against competitors. Also,
 123

with internet advertisement being relatively cheap, you can reach many more people
at a cheaper cost than using conventional advertising methods.

7. Better Customer Information - Sellers can quickly and easily analyze their
customers or buyers by area and location as well as the products they are going to
buy as you will have to request the name of the customer and address when
processing a transaction. Sellers are also being more informed about their customers,
as well as customers are also more informed on E-Commerce sites. There is more
description and information on a product including reviews to help customers choose
the right product for them. This is in the best interest of the site as it cuts down on the
amount of returned goods (Better Customer Information You can quickly and easily
analyze your customers, n.d.).

8. Security - Most E-Commerce suits offered by companies have built-in security

within the software. With the acquisition of a dent SSL certificate and a few good server
configurations, you will safely know that each small print of your customers is going to
be safe and secure. You will get approved certificates to point out that your site is
secure and meets certain standards. This lets your customers know that they are safe
to buy at your site and the data won't be in the wrong hands. Also, sensitive information
like credit card numbers are usually automatically processed so there is no need for
any staff at the corporate to ascertain them, making purchasing online even safer (E-
commerce, n.d.).

Ethical and Moral Implications of E-Commerce

According to Sunanda (2018), when using the E-Commerce and Internet it is important
to remember that there are many moral, ethical, and legal matters to consider.

Businesses entering the e-commerce world are going to face a set of ethical
challenges. It is easy for businesses to become sidetracked by the technical
challenges of operating in this way and to pay little attention to the ethical implications.
There are many ethical implications for businesses to run into that will normally be
addressed when doing business face to face. As an example, selling tobacco and
alcohol to an underage minor online is often impossible to manage easily and
effectively (Sunanda, 2018).

Legal Implications
According to E-commerce (n.d.), the central issues of E-Commerce and the law
includes the development of E-Commerce, the role of consumers, and the regulation
of e-commerce concerning consumer protection. Although E-Commerce has a big
effect on global trade, governments also have a large effect on the growth of E-
Commerce on the internet by regulating it accordingly. As governments set regulations
for E-Commerce, organizations’ managers are starting to worry if the regulations will
be too tight or may reduce the market for online trade.

Rules of E-commerce are very important for the cyberspace market as they can help
or stop the organizations working with E-Commerce and protect the consumers in the
online market.
 124

Security Implications
Many security implications occur when setting up an E-Commerce website, especially
when handling sensitive information like credit card information and private details like
addresses. Many parts will need to be protected well in the communication between
the customer and the website server and the server itself from any hacker trying to
intercept information or retrieve existing information from databases (E-commerce,
n.d.).

Customer & Server

To secure data between the customer and the web server, there is a system called
SSL (Secure Socket Layer) which encrypts the information between them so no one
else can read it. The concept of it is quite basic and uses the following steps:

• The user sends data to the server, before it leaves it is encrypted with a unique
key for the session.
• The server receives this information and then encrypts the information one
more time this time using its unique session. This is completely different from
the user’s unique key. It then sends back the data.
• The user’s computer now unlocks the data with the key it locked it with earlier.
The data is still encrypted but now only with the server’s key. The user’s
computer then sends the data back.
• The server then receives this information and unlocks it with its key and now
has the unencrypted data of what the user was sending to the server.

This type of encryption comes in different strengths depending on the SSL certificate
you purchase for your server. You can get certificates from 40-bit encryption up to 256-
bit encryption.

Server Security
as Aside from the security between the consumer and server, there is also security
needed on the server(s) as well, especially if sensitive information is stored under
customers’ accounts, such as credit card information and other personal information.

Servers will have to be protected to withstand any hack attempts to retrieve the
information that is stored. Prevention measures such as firewalls, checking for root
kits, antivirus systems, and others should be put in place, as well as encryption of the
data if possible so should a hacker gain entry, the information he sees is useless to
him or her.

Government Involvement
During the incidence of the “Love Bug Virus,” the Philippines had no law specifically
governing computer crimes; the applicable laws used in that instance were RA 8484
(Access Device Regulation Act) and Article 327 of the Revised Penal Code (Malicious
Mischief). The Access Device Act law was designed to penalize credit card fraud. The
“Love Bug” incident put pressure on the Philippine Congress to pass a bill regulating
 125

the use of computers and penalizing hacking, launching of viruses, and other
cybercrimes (Borje, 2002).

The Philippines E-Commerce Law – Republic Act No. 8792

Source: Republic Act No. 8792: GOVPH. (2000, June 14). Retrieved September 24, 2020, from
https://www.officialgazette.gov.ph/2000/06/14/republic-act-no-8792-s-2000/

Former President Joseph Estrada's administration wants to position the Philippines as

a gateway to the Southeast Asian markets. In relation to this, last June 14, 2000,
Estrada signed the Electronic Commerce Act into law. This is a law providing for the
recognition and use of electronic commercial and non-commercial transactions and
documents, penalties for unlawful use thereof, and other purposes. To further
elaborate, take note of the following excerpt:
Sec. 3. Objective. – This Act aims to facilitate domestic and international dealings,
transactions, arrangements, agreements, contracts and exchanges, and storage of
information through the utilization of electronic, optical, and similar medium, modes,
instrumentality, and technology to recognize the authenticity and reliability of electronic
documents related to such activities and to promote the universal use of electronic
transaction in the government and general public.
E-Commerce Regulation
The Electronic Commerce Act of 2000 (RA 8792) was imposed to penalize the
following:

1. Hacking or cracking, referring to unauthorized access into or interference in

a computer system/server or information system, or any access to corrupt,
alter, steal or destroy, introduce computer virus and/or loss of electronic
data documents; and
2. Piracy, or the unauthorized copying, reproduction, dissemination, removal,
distribution, importation, use, substitution, modification, storage, uploading,
downloading, communication, making available to the public, or
broadcasting, of protected materials, electronic signatures, or copyrighted
works, including legally protected sound recordings, phonograms and
information material on protected works, in a manner that infringes on
intellectual property rights. The penalty regarding the above acts is a fine of
a minimum of P100,000 fine and a maximum as commensurate to the
damage incurred, and from 6 months to 3 years imprisonment.

As a framework for combating cybercrime, the Philippine government has established

a council known as Information Technology and E-Commerce Council (ITEC). To
achieve their aims, the following goals were marked as points of concern:

• Information Infrastructure Development

• Human Resource Development
• Business Development
• E-Government Implementation
• Create enabling Legal and Regulatory environment.
 126

The government agencies that are involved in the framework and their responsibilities
are listed below:
National Bureau of Investigation Anti-Fraud and Computer Crimes Division): in charge
of Investigations of all computer-related crimes and other offenses which make use of
advances in technology;

• Intellectual Property Office: Handles intellectual property rights violations;

• National Telecommunications Commission: Supervises and regulates the
telecom and broadcast industry; and
• Department of Trade and Industry: Implements E-Commerce Act and Handles
Consumer complaints.

Figure 6.3. Net Satisfaction Ratings of Presidents: the Philippines, May

1986 to March 2019
https://newsinfo.inquirer.net/1105439/duterte-net-satisfaction-rating-up-by-6-points-in-q1-
2019#ixzz6YZ7cSvLx

According to Inquirer (2019), President Rodrigo Roa Duterte’s net satisfaction rating
was up by 6 points in the first quarter of 2019.
Read more: https://newsinfo.inquirer.net/1105439/duterte-net-satisfaction-rating-up-by-6-points-in-q1-
2019#ixzz6YwNXEPn2

From E-Government to E-Governance

Common distinctions between the two exist. Heeks (2001b), for instance, would simply
say that e-government deals with the internal workings of government, while e-
governance deals with the government’s external dealings in governance. Further,
UNESCO would define e-governance as the public sector’s use of information and
communication technologies to improve information and service delivery, encourage
citizen participation in the decision-making process, and make government more
 127

accountable, transparent, and effective government. E-governance, in other words,

encompasses e-government.

In governance, communication flows can go through various avenues. As such, the

primary delivery models are described as Government-to-Citizen or Government-to-
Customer (G2C), Government-to-Business (G2B), and Government-to-Government
(G2G).

What is E-Governance?
• E-governance is the use of ICT by different actors of society to improve their
access to information and build their capacities.
• E-Governance is the public sector’s use of information and communication
technologies to improve information and service delivery, encouraging citizen
participation in the decision-making process; and making government more
accountable, transparent, and effective.

Implications of E-Governance
Privacy over Internet
A further important aspect of Internet civil rights is the question of privacy, particularly
concerning the vast extent of personal information held on the databases throughout
the world; and also the privacy of e-mail communication. With telephone
conversations, there is the assumption of implicit point-to-point privacy; that is, we
assume that the conversation cannot be overheard in any but the most extraordinary
of circumstances. This gives an obvious requirement to the encryption processes to
maintain the privacy of communication. Making such laws may be possible but
applying them in practice will be very difficult.

Digital Ownership
In the real world, it is relatively easy to know that one owns a particular physical object.
It can be traded, damaged, or stolen. It is usually easy to understand when and how
one can subsequently lose or relinquish it. In the context of the Internet, these
questions of ownership become complex. Goods traded within the Internet are digital
and can therefore be duplicated exactly and precisely, and ideas shared among a
group of friends or researchers can become globally visible; thereby passing into the
public domain of general awareness and hence become non-patentable. However, the
laws to deal with the issue have been successfully developed and exercised in many
countries.

Policing the Internet

While the protection of copyright and ownership of goods in cyberspace might have
been achieved by most countries, the task of policing the Internet is not very easy.
This is particularly the case when we consider virtual companies, spoofed consumers,
and the internet highway as the distribution channel. In addition to this trading activity
focused on companies and consumers, there are also the issues of policing the
content over the Internet; and the activities of the individuals – involving the issues
such as taxation and duties evasion.
 128

Political Challenges
Much of the current usage of the Internet has resulted from the enthusiasm of the
governments in India and other developing nations in favor of e-governance initiatives.
The availability of the ICT infrastructure that can support e-learning, net banking, e-
commerce, e-trading, and e-governance has emerged as a great benefit. The political
challenges that result from this enthusiasm are, however, both varied and complex.
The political role in the Internet society encompasses aspects such as the
establishment of the legal framework to outlaw offensive practice and content; the
establishment of regulating bodies equipped and able to police those very same laws;
and the establishment of necessary international agreements to allow those legal and
regulatory frameworks to be effective in practice.

Ethical Issues of E-Governance

E-governance Trends
Governments around the globe are starting to adapt Internet technology for e-
government. Some countries show more resilience in adapting the technology and
some are slow in the process (O’Brien, 2001). United Kingdom launched the UK online
in September 2000, with an aspiration of becoming one of the world’s leading
knowledge economies. As a major initiative, a network of almost 6,000 UK online
centers is established to allow people to access and familiarize themselves with the
online services.

Pressure is mounting on the government to reduce the operating cost. At the same
time, citizens expect an improved service from the government with more flexibility
and efficiency, and without any premium rate for the additional services. Service
delivery mechanisms are undergoing fundamental change and moving toward citizen-
centered government.

The growing number of digital citizens

Internet access is now commonly available to millions of people around the globe. The
common man’s skill level in using digital technology is increasing with a gradual and
marginal increase in developing countries. Digital citizens are moving from passive
consumers of government services to active consumers.

Networking Technologies
Internet technology is available in more than 150 countries with an increased
bandwidth provision. This makes the citizens believe that anything is possible!
Consequently, the government’s traditional monopoly structure is threatened by the
virtual worlds and the industrial-age structure is currently changing because of the
networked technologies. Moreover, the technology is eliminating the boundaries
between and within the government branches.

For developing countries like the Philippines, lack of vision and cultural issues are
hindering the progress in e-governance. Despite the high level of technology
penetration, the gaps between digital haves and have-nots are growing exponentially.
The countries, which are slow in adapting to e-governance, have a lot of work to do in
getting services and transactions online.
 129

Employee- Employer Issues

OBJECTIVES:
At the end of this lesson, students will be able to:

 identify the key ethical issues for organization;

 gain understanding about non-traditional Workers; and
 explore Whistle Blowing.
 130

Thoughts to Ponder
DURATION: 1.5 hour
“The truth of the matter is that you always know the right thing to
do. The hard part is doing it.”
-Gen. H. Norman Schwarzkopf

Key Ethical Issues for Organizations

The use of nontraditional workers, including temporary workers, contractors,
consulting firms, H-1B visa workers, and outsourced offshore workers, gives an
organization more flexibility in meeting its staffing needs, often at a lower cost. The
use of nontraditional workers also raises ethical issues for organizations. When should
such nontraditional workers be employed, and how does such employment affect an
organization’s ability to grow and develop its employees? How does the use of such
resources impact the wages of the organization’s employees?
Whistle-blowing is an effort to attract public attention to a negligent, illegal, unethical,
abusive, or dangerous act by a company or some other organization. It is an important
ethical issue for individuals and organizations. How does one safely and effectively
report misconduct, and how should managers handle a whistle-blowing incident?
• Green computing is a term applied to a variety of efforts directed toward the
efficient design, manufacture, operation, and disposal of IT-related products,
including personal computers, laptops, servers, printers, and printer supplies.
Computer manufacturers and end-users are faced with many questions about
when and how to transition to green computing, and at what cost.

• The electronics and information and communications technology (ICT) industry

recognizes the need for a code to address ethical issues in the areas of worker
safety and fairness, environmental responsibility, and business efficiency. What
has been done so far, and what still needs to be done?
Let’s begin with a discussion of the use of nontraditional workers and the ethical issues
raised by this practice.

The Need for NonTraditional Workers

According to a March 2008 survey by the Computing Research Association, the

number of declared undergraduate computer science majors at doctoral-granting
computer science departments continued its seven-year decline, with the number of
students enrolled in the fall of 2007 half of what it was in the fall of 2000. In 2008,
however, enrollment numbers increased slightly, which may indicate that a turnaround
has begun (see Figure 10-1). The decline in enrollment took place despite the forecast
for an increased need for workers in this field. The Bureau of Labor Statistics has
forecasted that “employment in computer system design and related services will grow
by 38.3 percent” between 2006 and 2014 and “that this employment growth will be
driven by the increasing reliance of businesses on information technology and the
continuing importance of maintaining the system and network security.” Jobs related
 131

to networking and data communications analysis had the highest forecasted growth
rate at 50 percent. As a result, IT firms and organizations that use IT products and
services are concerned about a shortfall in the number of U.S. workers to fill these
positions.

Facing a likely long-term shortage of trained and experienced workers, employers are
increasingly turning to nontraditional sources to find IT workers with skills that meet
their needs; these sources include contingent workers, H-1B workers, and outsourced
offshore workers. Employers face ethical decisions about whether to recruit new and
more skilled workers from these sources or to develop their staff to meet the needs of
their business.

Contingent Workers
The Bureau of Labor Statistics defines contingent work as a job situation in which an
individual does not have an explicit or implicit contract for long-term employment. The
contingent workforce includes independent contractors, temporary workers hired
through employment agencies, on-call or day laborers, and on-site workers whose
services are provided by contract firms.
A firm is likely to use contingent IT workers if it experiences pronounced fluctuations
in its technical staffing needs. Workers are often hired on a contingent basis as
consultants on an organizational restructuring project, as technical experts on a
product development team, and as supplemental staff for many other short-term
projects, such as the design and installation of new information systems.
Typically, these workers join a team of full-time employees and other contingent
workers for the life of the project and then move on to their next assignment. Whether
they work, when they work, and how much they work depends on the company’s need
for them. They have neither an explicit nor an implicit contract for continuing
employment.
 132

Organizations can obtain contingent workers through temporary staffing firms or

employee leasing organizations. Temporary staffing firms recruit, train, and test job
seekers in a wide range of job categories and skill levels, and then assign them to
clients as needed. Temporary employees are often used to fill in during staff vacations
and illnesses, handle seasonal workloads, and help staff with special projects.
However, they are not considered official employees of the company, nor are they
eligible for company benefits such as vacation, sick pay, and medical insurance.
Temporary working arrangements sometimes appeal to people who want maximum
flexibility in their work schedule as well as a variety of work experiences. Because
temporary workers do not receive additional compensation through company benefits,
they are often paid a higher hourly wage than full-time employees doing equivalent
work.
In employee leasing, a business (called the subscribing firm) transfers all or part of its
workforce to another firm (called the leasing firm), which handles all human resource-
related activities and costs, such as payroll, training, and administration of employee
benefits. The subscribing firm leases these workers, but they remain employees of the
leasing firm. Employee leasing firms operate with minimal administrative, sales, and
marketing staff to keep down overall costs, and they pass the savings on to their
clients. Employee leasing is a type of co-employment relationship, in which two
employers have actual or potential legal rights and duties to the same employee or
group of employees. Employee leasing firms are subject to special regulations
regarding workers’ compensation and unemployment insurance. Because the workers
are technically employees of the leasing firm, they may be eligible for some company
benefits through the firm.
Organizations can also obtain temporary IT employees by hiring a consulting firm.
Consulting organizations maintain a staff of employees with a wide range of skills and
experience, up to and including world-renowned industry experts; thus, they can
provide the exact skills and expertise that an organization requires. Consulting firms
work with their clients on engagements for which there are typically well-defined
expected results or deliverables that must be produced (e.g., an IT strategic plan,
implementation of an ERP system, or selection of a hardware vendor). The contract
with a consulting firm typically specifies the length of the engagement and the rate of
pay for each of the consultants, who are directed on the engagement by a senior
manager or director from the consulting firm. Table 6.1 shows the world’s 10 largest
IT consulting firms and the number of consultants that each employs.
 133

Table 6.1. The 10 Largest IT Consulting Firms

Advantages of Using Contingent Workers

When a firm employs a contingent worker, it does not usually have to provide benefits
such as insurance, paid time off, and contributions to a retirement plan. A company
can easily adjust the number of contingent workers it uses to meet its business needs
and can release contingent workers when they are no longer needed. An organization
cannot usually do the same with full-time employees without creating a great deal of
ill will and negatively impacting employee morale. Moreover, because many contingent
workers are already specialists in a particular task, the firm does not customarily incur
training costs. Therefore, the use of contingent workers enables the firm to meet its
staffing needs more efficiently, lower its labor costs, and respond more quickly to
changing market conditions.

Disadvantages of Using Contingent Workers

One downside to using contingent workers is that they may not feel a strong
connection to the company for which they are working. This can result in a low
commitment to the company and its projects, along with a high turnover rate. Although
contingent workers may already have the necessary technical training for a temporary
job, while working for a particular company, many contingent workers gain additional
skills and knowledge, which are lost to the company when they depart at the project’s
completion.

Deciding When to Use Contingent Workers

When an organization decides to use contingent workers for a project, it should
recognize the trade-off it is making between completing a single project quickly and
cheaply versus developing people within its organization. If the project requires unique
skills that are probably not necessary for future projects, there may be little reason to
invest the additional time and costs required to develop those skills in full-time
employees.
 134

If a particular project requires only temporary help, and the workers will not be needed
for future projects, the use of contingent workers is a good approach. In such a
situation, using contingent workers avoids the need to hire new employees and then
fire them when staffing needs decrease.
Organizations should carefully consider whether or not to use contingent workers
when those workers are likely to learn corporate processes and strategies that are key
to the company’s success. It is next to impossible to prevent contingent workers from
passing on such information to subsequent employers. This can be damaging if the
worker’s next employer is a major competitor.
Although using contingent workers is often the most flexible and cost-effective way to
get a job done, their use can raise ethical and legal issues about the relationships
among the staffing firm, its employees, and its customers, including the potential
liability of customers for withholding payroll taxes, payment of employee retirement
benefits and health insurance premiums, and administration of workers’ compensation
to the staffing firm’s employees.
Depending on how closely workers are supervised and how the job is structured,
contingent workers may be viewed as permanent employees by the Internal Revenue
Service, the Labor Department, or a state’s workers’ compensation and
unemployment agencies.
For example, in 2001, Microsoft agreed to pay a $97 million settlement to some 10,000
“permatemps” — temporary workers who were employed for an extended length of
time as software testers, graphic designers, editors, technical writers, receptionists,
and office support staffers. Some had worked at Microsoft for several years. The
Vizcaino v. Microsoft class action was filed in 1992 by eight former workers who
claimed that they and thousands more permatemps had been illegally shut out of a
stock purchase plan that allowed employees to buy Microsoft stock at a 15 percent
discount. Microsoft shares skyrocketed in value throughout the 1990s. The sharp
appreciation in the stock price meant that had they been eligible, some temporary
workers in the lawsuit could have earned more money from stock gains than they
received in salary while at Microsoft.
The Vizcaino v. Microsoft lawsuit dramatically illustrated the cost of misclassifying
employees and violating laws that cover compensation, taxes, unemployment
insurance, and overtime. The key lesson of this case is that even if workers sign an
agreement indicating that they are contractors and not employees, the deciding factor
is not the agreement but the degree of control the company exercises over the
employees. The following questions can help determine whether someone is an
employee:
• Does the person have the right to control the manner and means of
accomplishing the desired result?
• How much work experience does the person have?
• Does the worker provide his tools and equipment?
• Is the person engaged in a distinct occupation or an independently established
business?
• Is the method of payment by the hour or by the job?
• What degree of skill is required to complete the job?
• Does the person hire employees to help?
 135

The Microsoft ruling means that employers must exercise care in their treatment of
contingent workers. If a company wants to hire contingent workers through an agency,
then the agency must hire and fire the workers, promote and discipline them, do
performance reviews, decide wages, and tell them what to do daily.
Read the manager’s checklist in Table 6.2 for questions that pertain to the use of
contingent workers. The preferred answer to each question is yes.
Table 6.2. Manager’s checklist for the use of contingent employees

H-1B Workers
An H-1B is a temporary work visa granted by the U.S. Citizenship and Immigration
Services (USCIS) for people who work in specialty occupations — jobs that require at
least a four-year bachelor’s degree in a specific field, or equivalent experience. Many
companies turn to H-1B workers to meet critical business needs or to obtain essential
technical skills and knowledge that cannot be readily found in the United States. H-1B
workers may also be used when there are temporary shortages of needed skills.
Employers often need H-1B professionals to provide special expertise in overseas
markets or on projects that enable U.S. businesses to compete globally. A key
requirement is that employers must pay H-1B workers the prevailing wage for the work
being performed.
A person can work for a U.S. employer as an H-1B employee for a maximum
continuous period of six years. After a worker’s H-1B visa expires, the foreign worker
must remain outside the United States for one year before another H-1B petition will
 136

be approved. Table 6.3 shows the employers who received approval for the most H-
1B visas in 2008.
Table 6.3. Top H-1B visa employers in 2008

H-1B temporary professionals make up less than 0.1 percent of the U.S. workforce,
but nearly 40 percent are employed as computer programmers. The top five
outsourcing countries for H-1B workers are India, China, Canada, the United Kingdom,
and the Philippines.
Each year the U.S. Congress sets a federal cap on the number of H-1B visas to be
granted, although the number of visas issued often varies greatly from this cap. Since
2004, the cap has been set at 65,000 with an additional 20,000 visas available for
foreign graduates of U.S. universities with advanced degrees. Of the 65,000 visas,
5,400 are reserved for nationals of Singapore and 1,400 for nationals of Chile under
certain trade agreements between the U.S. and these countries. The cap only applies
to certain IT professionals, such as programmers and engineers at private technology
companies. A large number of foreign workers are exempt from the cap, including
scientists hired to teach at American universities, work in government research labs,
or work for nonprofit organizations.
When considering the use of H-1B visa workers, companies should take into account
that even highly skilled and experienced H-1B workers may require help with their
English skills. Communication in many business settings is fast-paced and full of
idiomatic expressions; workers who are not fluent in English may find it difficult and
uncomfortable to participate. As a result, some H-1B workers might become isolated.
Even worse, H-1B workers who are not comfortable with English may gradually stop
trying to acclimate and may create cliques, which can hurt a project team’s morale and
lead to division. Managers and coworkers should make it a priority to assist H-1B
workers looking to improve their English skills and to develop beneficial working
relationships based on mutual respect for any cultural differences that may exist. H-
1B workers must feel at ease and be able to easily interact to feel like true members
of their team.
As concern increases about employment in the IT sector, displaced workers and other
critics challenge whether the United States needs to continue importing thousands of
 137

H-1B workers every year. Many business managers, however, say such criticisms
conceal the real issue, which is the struggle to find qualified people, wherever they
are, for increasingly challenging work. Heads of U.S. companies continue to complain
that they have trouble finding enough qualified IT employees and have urged the
USCIS to loosen the reins on visas for qualified workers. They warn that reducing the
number of visas will encourage them to move the work to foreign countries, where they
can find the workforce they need. Some human resource managers and educators are
concerned that the continued use of H-1B workers may be a symptom of a larger,
more fundamental problem—that the United States is not developing a sufficient
number of IT employees with the right skills to meet its corporate needs.
Many IT workers in the United States have expressed concern that the use of H-1B
workers has a negative impact on their wages. Researchers from New York University
and the Wharton School of the University of Pennsylvania examined tens of thousands
of résumés as well as demographic and wage data on 156,000 IT workers employed
at 7,500 publicly held U.S. firms. Their conclusions were “that H-1B admissions at
current levels are associated with a 5% to 6% drop in wages for computer
programmers, systems analysts, and software engineers.”

H-1B Application Process

Most companies make ethical hiring decisions based on how well an applicant fulfills
the job qualifications. Such companies consider the need to obtain an H-1B visa after
deciding to hire the best available candidate. To receive an H-1B visa, the person must
have a job offer from an employer who is also willing to offer sponsorship.
Once a decision has been made to hire a worker who will require an H-1B visa, an
employer must begin the application process. There are two application stages: the
Labor Condition Application (LCA) and the H-1B visa application. The company files
an LCA with the Department of Labor (DOL), stating the job title, the geographic area
in which the worker is needed, as well as the salary to be paid. The DOL’s Wage and
Hour Division reviews the LCA to ensure that the foreign worker’s wages will not
undercut those of an American worker. After the LCA is certified, the employer may
then apply to the USCIS for the H-1B visa, identifying who will fill the position and
stating the person’s skills and qualifications for the job. A candidate cannot be hired
until the USCIS has processed the application, which can take several days or several
months.
Companies whose contingent of H1-B workers makes up more than 15 percent of their
workforce face hurdles before they can hire any more. To do so, they must prove that
they first tried to find U.S. workers—for example, they can show copies of employment
ads they placed online or in newspapers. They must also confirm that they are not
hiring an H-1B worker after having laid off a similar U.S. worker. Employers must attest
to such protections by affirmatively filing with the DOL and maintaining a public file.
Failure to comply with DOL regulations can result in an audit and fines over $1,000
per violation, payment of back wages to the employee, and ineligibility to participate in
immigration programs.
To cut down on the amount of time it can take to hire an H-1B worker, a provision was
added to the American Competitiveness in the Twenty-First Century Act
 138

of 2000 that allows current H-1B holders to start working for employers as soon as
their petitions are filed. Therefore, a company looking to hire a critical person who
already has H-1B status can do so in a matter of weeks.

Using H-1B Workers Instead of U.S. Workers

To compete in the global economy, U.S. firms must be able to attract the best and
brightest workers from all over the world. Most H-1B workers are brought to the United
States to fill a legitimate gap that cannot be filled with the existing pool of workers.
However, some managers reason that as long as skilled foreign workers can be found
to fill critical positions, why spend thousands of dollars and take months to develop
their current U.S. workers? Although such logic may appear sound for short-term hiring
decisions, it does nothing to develop the strong core of permanent IT workers that the
United States will need in the future. Heavy reliance on the use of H-1B workers can
lessen the incentive for U.S. companies to educate and develop their workforces.

Potential Exploitation of H-1B Workers

Even though companies applying for H-1B visas must offer a wage that is not 5 percent
less than the average salary for the occupation, some companies use H-1B visas as
a way to lower salaries. Because wages in the IT field vary greatly, unethical
companies can get around the average salary requirement. Determining an
appropriate wage is an imprecise science at best. For example, an H-1B worker may
be classified as an entry-level IT employee and yet fill a position of an experienced
worker who would make $10,000 to $30,000 more per year. Unethical companies can
also find other ways to get around the salary protections included in the H-1B program,
as shown in the charges filed in February 2009 against the Vision Systems Group.
The company was charged with H-1B visa fraud for allegedly stating that certain H-1B
workers in its New Jersey office were working in Iowa, where the company had another
office and where the prevailing wage is much less. If found guilty of underpayment, an
employer must reimburse the underpaid employee for back wages.

Until Congress approved the Visa Reform Act of 2004, there were few investigations
into H-1B salary abuses. The act increased the H-1B application fee by $2,000, of
which $500 was earmarked for antifraud efforts; the act also defined a modified wage-
rate system, allowing for greater variances in pay to visa holders. Investigations are
typically triggered by complaints from H-1B holders, but the government can conduct
random audits or launch an investigation based on information from third-party
sources.

Companies using H-1B workers, as well as the workers themselves, must also
consider what will happen at the end of their six-year visa term. The stopgap nature of
the visa program can be challenging for both sponsoring companies and applicants. If
a worker is not granted a green card, the firm loses the worker without having
developed a permanent employee. Many of these foreign workers, finding themselves
suddenly unemployed, are forced to uproot their families and return home.
 139

Outsourcing
Outsourcing is another approach to meeting staffing needs. Outsourcing is a long-term
business arrangement in which a company contracts for services with an outside
organization that has expertise in providing a specific function. A company may
contract with an organization to provide such services as operating a data center,
supporting a telecommunications network, or staffing a computer help desk.
Coemployment legal problems with outsourcing are minimal because the company
that contracts for the services does not generally supervise or control the contractor’s
employees. The primary rationale for outsourcing is to lower costs, but companies also
use it to obtain strategic flexibility and to keep their staff focused on the company’s
core competencies.
In the 1970s, IT executives started the trend toward outsourcing as they began to
supplement their IT staff with contractors and consultants. This trend eventually led to
outsourcing entire IT business units to such organizations as Accenture, Electronic
Data Systems, and IBM, which could take over the operation of a company’s data
center as well as perform other IT functions.

Offshore Outsourcing
Offshore outsourcing is a form of outsourcing in which the services are provided by an
organization whose employees are in a foreign country. Any work done at a relatively
high cost in the United States may become a candidate for offshore outsourcing—not
just IT work. However, IT professionals, in particular, can do much of their work
anywhere—on a company’s premises or thousands of miles away in a foreign country.
In addition, companies can reap large financial benefits by reducing labor costs
through offshore outsourcing. As a result, and because a large supply of experienced
IT professionals is readily available in certain foreign countries, the use of offshore
outsourcing in the IT field is increasing. American Express, Aetna, Compaq, General
Electric, IBM, Microsoft, Motorola, Shell, Sprint, and 3M are examples of big
companies that employ offshore outsourcing for functions such as help-desk support,
and network management, and information systems development.
As more businesses move their key processes offshore, U.S. IT service providers are
forced to lower prices. Many U.S. software firms set up development centers in low-
cost foreign countries where they have access to a large pool of well-trained
candidates. Intuit—maker of the Quicken tax preparation software—currently has
facilities in Canada, Great Britain, and India. Accenture, IBM, and Microsoft maintain
large development centers in India. Cognizant Technology Solutions is headquartered
in Teaneck, New Jersey, but operates primarily from technology centers in India.
Because of the high salaries earned by application developers in the United States
and the ease with which customers and suppliers can communicate, it is now quite
common to use offshore outsourcing for major programming projects. According to the
Gartner Group, the top four sources of contract programming include India, Ireland,
Canada, and Israel. Contract programming is also flourishing in Argentina, Australia,
Belarus, Brazil, Bulgaria, China, Malaysia, Malta, Mexico, Nepal, the Philippines,
Poland, Russia, Serbia, Singapore, Sri Lanka, and Vietnam. But India, with its rich
 140

talent pool (a high percentage of whom speak English) and low labor costs, is widely
acknowledged as the best source of programming skills outside Europe and North
America.
NXP creates semiconductors, system solutions, and software for mobile phones, TVs,
and personal media players. It employs 37,000 people working in 20 countries, with
2007 sales reaching $6.3 billion. In 2008, NXP awarded Tata Consultancy Services a
five-year, $100 million outsourcing contract to provide its IT services. These services
include data center operations, networking, and application development out of
computing centers located in Bangalore, Bangkok, and Eindhoven in the Netherlands.
The purpose of the outsourcing was to provide operational cost savings and to enable
NXP’s managers and executives to focus on core business activities. The project has
gone so well that Tata won the Netherlands Outsourcing Award in 2009.
Table 6.4 shows the leading countries that provide offshore IT services to U.S. firms
while Table 6.5 lists several offshore IT outsourcing firms.
Table 6.4. Leading countries for providing offshore IT Services

Table 6.5. A partial list of offshore IT outsourcing firms

 141

Wages that an American worker might consider low represent an excellent salary in
many other parts of the world, and some companies feel they would be foolish not to
exploit such an opportunity. Why pay a U.S. IT worker a six-figure salary, they reason,
when they can use offshore outsourcing to hire three India-based workers for the same
cost? However, this attitude might represent a short-term point of view—offshore
demand is driving up salaries in India by roughly 15 percent per year. Because of this,
Indian offshore suppliers have begun to charge more for their services. The cost
advantage for offshore outsourcing to India used to be 6:1 or more—you could hire six
Indian IT workers for the cost of one U.S. IT worker. The cost advantage has now
shrunk to 3:1. Once it shrinks to 1.5:1, the cost savings would no longer be much of
an incentive for U.S. offshore outsourcing to India.
Another benefit of offshore outsourcing is its potential to dramatically speed up
development efforts. For example, the State of New Mexico contracted the
development of a tax system to Syntel, one of the first U.S. firms to successfully launch
a global delivery model that enables workers to make progress on a project around
the clock. With technical teams working from networked facilities in different time
zones, Syntel executes a virtual “24-hour workday” that saves its customers money,
speeds projects to completion, and provides continuous support for key software
applications.
Although it has its advocates, offshore outsourcing does not always pay off. For
example, a software developer in Cambridge, Massachusetts, went to India in search
of cheap labor but found lots of problems instead. Customs officials charged huge
tariffs when the company tried to ship the necessary development software and
manuals, and the programmers were not nearly as experienced as they claimed to be.
The code produced in India was inadequate. The company had to send a
representative to India for months to work with the programmers there and correct the
problems.
While offshore outsourcing can save a company in terms of labor costs, it will also
result in some new expenses. In determining how much money and time a company
will save with offshore outsourcing, the firm must take into account the additional time
that will be required to select an offshore vendor as well as the additional costs that
will be incurred for travel and communications. In addition, organizations often find that
it can take years of ongoing effort and a large up-front investment to develop a good
working relationship with an offshore outsourcing firm. Finding a reputable vendor can
be especially difficult for a small or midsized firm that lacks experience in identifying
and vetting contractors.
Many of the ethical issues that arise when considering whether to use H-1B and
contingent workers also apply to offshore outsourcing. For example, managers must
consider the trade-offs between using offshore outsourcing firms and devoting money
and time to retaining and developing their staff. Offshore outsourcing tends to upset
domestic staff, especially when a company begins to lay off employees in favor of low-
wage workers outside the United States. The remaining members of a department can
become bitter and nonproductive, and morale can become extremely low.
Cultural and language differences can cause misunderstandings among project
members in different countries. Indian programmers, for instance, are known for
keeping quiet even when they notice problems. And the difficulty of communicating
 142

directly with people over long distances can make offshore outsourcing perilous,
especially when key team members speak English as their second language.
The compromising of customer data is yet another potential outsourcing issue. For
example, the Australian Broadcasting Corporation uncovered evidence that the
personal details of Australian citizens (including names, addresses, telephone, and
other ID numbers, and employment information) were taken from customer databases
in India and offered for sale on the black market. Most countries have laws designed
to protect the privacy of their citizens. Firms that outsource must take precautions to
protect private data, regardless of where it is stored or processed or who handles it.
Another downside to offshore outsourcing is that a company loses the knowledge and
experience gained by outsourced workers when those workers are reassigned after a
project’s completion. Finally, offshore outsourcing does not advance the development
of permanent IT workers in the United States, which increases its dependency on
foreign workers to build the IT infrastructure of the future. Many of the jobs that go
overseas are entry-level positions that help develop employees for future, more
responsible positions.

Strategies for a Successful Outsourcing

Successful projects require day-to-day interaction between software development and
business teams, so the hiring company needs to take a hands-on approach to project
management. Companies cannot afford to outsource responsibility and accountability.
To improve the chances that an offshore outsourcing project will succeed, a company
must carefully evaluate whether an outsourcing firm can provide the following:
1. Employees with the required expertise in the technologies involved in the
project
2. A project manager who speaks the employer company’s native language
3. A pool of staff large enough to meet the needs of the project
4. A state-of-the-art telecommunications setup
5. High-quality on-site managers and supervisors
To ensure that company data is protected in an outsourcing arrangement, companies
can use the Statement on Auditing Standards (SAS) No. 70, Service Organizations,
an internationally recognized standard developed by the American Institute of Certified
Public Accountants (AICPA). A successful SAS No. 70 audit report demonstrates that
an outsourcing firm has effective internal controls following the Sarbanes-Oxley Act of
2002.
The following list provides several tips for companies that are considering offshore
outsourcing:
Set clear, firm business specifications for the work to be done.
• Assess the probability of political upheavals or factors that might interfere with
information flow, and ensure that the risks are acceptable.
• Assess the basic stability and economic soundness of the outsourcing vendor
and what might occur if the vendor encounters a severe financial downturn.
• Establish reliable satellite or broadband communications between your site
and the outsourcer’s location.
 143

• Implement a formal version-control process, coordinated by a quality assurance

person.
• Develop and use a dictionary of terms to encourage a common understanding
of technical jargon.
• Require vendors to supply project managers at the client site to overcome
cultural barriers and facilitate communication with offshore programmers.
• Require a network manager at the vendor site to coordinate the logistics of
using several communications providers around the world.
• Obtain advance agreement on the structure and content of documentation to
ensure that manuals explain how the system was built, as well as how to
maintain it.
• Carefully review a current copy of the outsourcing firm’s SAS No. 70 audit report
to ascertain its level of control over information technology and related
processes.

Whistle Blowing
Like the subject of contingent workers, whistle-blowing is a significant topic in any
discussion of ethics in IT. Both issues raise ethical questions and have social and
economic implications. How these issues are addressed can have a long-lasting
impact not only on the people and employers involved but also on the entire IT
industry.
As noted above, whistle-blowing is an effort to attract public attention to a negligent,
illegal, unethical, abusive, or dangerous act by a company or some other organization.
In some cases, whistle-blowers are employees who act as informants on their
company, revealing information to enrich themselves or to gain revenge for a
perceived wrong. In most cases, however, whistle-blowers act ethically in an attempt
to correct what they think is major wrongdoing, often at great personal risk.
A whistle-blower usually has personal knowledge of what is happening inside the
offending organization because of his or her role as an employee of the organization.
Sometimes the whistle-blower is not an employee but a person with special knowledge
gained from a position as an auditor or business partner.
In going public with the information they have, whistle-blowers often risk their careers
and sometimes even affect the lives of their friends and family. In extreme situations,
whistle-blowers must choose between protecting society and remaining silent.
In December 2005, the New York Times broke the alarming story that just months after
the 9/11 attacks in 2002, President Bush had secretly authorized the National Security
Agency (NSA) to listen in on the calls of hundreds, perhaps thousands, of American
citizens to obtain evidence of terrorist activity without the court-approved warrants
required for domestic spying. (The White House had asked the New York Times not
to publish the article on the basis that it could jeopardize ongoing investigations and
provide an alert to terrorists.) Whistle-blower Russell Tice, who had worked for both
the Defense Intelligence Agency and the NSA, later disclosed that he was one of the
sources for the story. Tice said that “as far as I’m concerned, as long as I don’t say
anything that’s classified, I’m not worried. We need to clean up the intelligence
community. We’ve had abuses, and they need to be addressed.”
 144

Definition
• Whistleblowing can be an employee’s effort to attract the attention of others
outside of the employee’s company to negligent, illegal, unethical, abusive, or
dangerous act by the company that threatens the public interest.
• Whistle blowers are acting as no more than informers on their company,
revealing information to enrich themselves or to gain revenge for some
perceived wrong.
• They are acting ethically out of a conviction to correct major wrongdoing, often
at great personal risk.

The slow or lack of progress in the Philippines’ anticorruption efforts is attributed to the
following issues that need to be addressed:

• weak enforcement of corruption laws;

• the need to reinvigorate the anticorruption agencies and improve their
coordination;
• the low social awareness and high tolerance of corruption;
• the need to institutionalize government-civil society-business collaboration; and
• the need to strengthen integrity and accountability in government-business
transactions

AHA! A Whistleblower and Tipster's Project

By: Ronnie V. Amorado, Ph.D.

Dr. Amorado is the National Coordinator of the Aha! Ehem!, a joint anti-corruption
project of the Philippine Province of the Society of Jesus and the Office of the
Ombudsman. An anti-corruption expert who has done extensive studies in some of
the most corrupt government agencies, he teaches at the Ateneo de Davao University
and the University of the Philippines-Mindanao.

The results of the 20 Focus Group Discussions (FGDs) conducted nationwide by the
Philippine Province of the Society of Jesus and the Office of the Ombudsman from
October to December 2005 provide rich insights on the conditions for ensuring the
success of whistleblowing against corrupt practices in the Philippine context. They are
valuable for policymakers and researchers interested in knowing the:

• Different notions on whistleblowing;

• People and organizations who can serve as whistleblowers;
• The six emerging types and roles of whistleblowers;
• Factors that facilitate or constrain whistleblowing;
• Favorable and unfavorable conditions in whistleblowing;
• Important steps in, and preparations for, whistleblowing.

The Whistleblower and Tipster's Project

In 2003, the Office of the Ombudsman and the Philippine Province of the Society of
Jesus signed a Memorandum of Collaboration to design and implement anti-corruption
 145

initiatives anchored on the complementation of cultural reform and legal enforcement

programs. An offshoot of this collaboration, the Aha! Whistleblower and Tipster's
Project got a grant from the United States Agency for International Development-Rule
of Law and Effectiveness Program (USAID-ROLE) to characterize the environmental
conditions that facilitate or constrain whistleblowing in the country, conduct an
idiographic analysis of the whistleblowing culture based on the analysis of actual
experiences of whistleblowers, and develop a handy primer on whistleblowing
procedures and tips.

The Focus Group Discussions (FGDs)

From October to December of 2005, a total of 20 FGDs were conducted nationwide:

four (4) each in NCR and Northern/Southern Luzon, and six (6) each in
Eastern/Central/Western Visayas and Northern/Western/Southern Mindanao. An
estimated 36% out of the 263 FGD participants had direct experience in
whistleblowing; the other 62% were involved in whistleblowing advocacy. Half of the
participants came from the public sector.

What is whistleblowing? Analysis of the FGD outputs reveals that whistleblowing is

primarily and dominantly seen as an act of exposing, reporting, revealing, corrupt acts
and irregular practices. Whistleblowing is also seen as a source of evidence. In
addition, it is viewed as a citizen's performance of his or her duty to combat corruption.

Whistleblowing is not an alien concept in Philippine culture. There are several

indigenous, local, and popular concepts closely related or equivalent to
whistleblowing. These indigenous or local versions include such Filipino-Tagalog
terms such as "pagsisiwalat", "pagsumbong ng katiwalian", "pagbulgar",
"magsuplong". The Bisaya (language widely used in the Visayas and in Mindanao)
equivalents of whistleblowing are "pahibalo", "pag-alarma", and "pagboking sa
nakitang kahiwian".

Some whistleblowing notions articulated by FGD participants have negative

connotations. These include the notions that whistleblowing is squealing or an act of
betrayal ("piyait" in Bisaya, "ipagkanulo" in Tagalog) and gossiping ("taga tsismis").

Benefits of whistleblowing. Whistleblowing has several benefits for organizations

and society. According to FGD participants, whistleblowing:

• arouses public involvement in fighting corruption;

• inspires people to do what is right;
• prods agencies and media into action;
• improves government systems and procedures;
• promotes good governance, progress, and political and social reforms;
• makes people more vigilant about wrongdoing.

What is and who can/should be a whistleblower?

 146

A whistleblower plays a very important role in fighting corruption because he or she

provides evidence of, exposes, and reports, wrongdoing. A whistleblower is a hero in
his or her own right for sacrificing personal enjoyment and safety for the common good.
There are six emerging types and roles of whistleblowers in the Philippines, to wit:

• Tipsters- bearer of tip or information;

• Squealers- insider informants and participants of the anomaly;
• Witnesses- plain and state witnesses;
• Complainants- aggrieved party, known and anonymous complaints;
• Reporters- to report and make public;
• Watchdogs- watchers on the ground; collective whistleblowing

The "watchdogs" role underscores the idea that whistleblowing can be more than an
individual act or decision; groups and offices can blow the whistle, too. Among the
actual or potential whistleblowers identified in the FGDs are the following:

Individuals
• concerned citizens and taxpayers;
• parishioners, students, youth;
• government officials and employees;
• professionals;
• eminent persons;
• resident Ombudsmen;
• Internal Affairs auditor and personnel.

Offices/groups
• anti-corruption NGOs/civil society organizations
• watchdogs or monitoring groups;
• professional associations;
• Junior Graftwatch Units (JGUs);
• accredited Corruption Prevention Units (CPUs);
• associations of Resident Ombudsmen (AROGAs);

There are certain ideal or desirable characteristics of whistleblowers. Whistleblowers,

according to the FGD participants, should have a "good standing in the community or
organization." In addition, they should be:

• credible, morally upright, trustworthy;

• courageous, principled, and determined;
• without vested interest or personal agenda of self-aggrandizement;

Drivers of whistleblowing. The strong support of the various sectors in society can
drive the development of whistleblowing culture and practice. Whistleblowing is likely
to flourish in the Philippines if a support system built on the following elements is
present, to wit:

• understanding and support of family members;

 147

• support of colleagues at work;

• adequate logistical, financial, and legal support;
• legislative and judicial reforms.

The personal characteristics of whistleblowers or potential whistleblowers can also

promote whistleblowing. These characteristics include courage, bravery, strong
commitment, honesty, genuine concern, and personal integrity.

Suppressors of whistleblowing. Expectations of suffering from heavy personal risks

discourage whistleblowing. The personal risks include the loss of a job and other
retaliatory actions at work, ostracism by colleagues and severance of social
relationships, and threats to personal security and safety.

The lack of financial, legal, and social support is a major impediment to whistleblowing.
Unfavorable conditions such as discouragement by family and friends, having no
access to legal aid, financial and logistical constraints, and negative reception by
media, decrease the chances of actual whistleblowing.

Lack of evidence or access to documents that will prove wrongdoing is also a critical
factor that contributes to the individual's propensity to stay silent than blow the whistle
amidst observed wrongdoing.

Perceptions that whistleblowing is ineffective and useless as a change instrument may

also discourage whistleblowing. Whistleblowing's lack of impact is captured in such
terms as "walang epek" (no effect) and "walang nangyayari" (nothing happened).

Promoting whistleblowing. Several conditions are needed to encourage actual

whistleblowing and make it effective as an instrument for fighting wrongdoing. Among
these favorable conditions are the following:

• Adequacy of support (government protection; public sympathy; legal aid;

financial and logistical provision);
• Structure (whistleblower's centers; complaints' desks; witness protection
program);
• Whistleblower's protection from reprisal, reprimands, harassment, ostracism;

Preparation and steps in whistleblowing. The high risk and cost of whistleblowing
should be taken into account when planning to blow the whistle. One should be
prepared mentally, financially, physically, and emotionally, to deal with the stress
associated with being a whistleblower.

To realize the objectives of whistleblowing, potential whistleblowers need to employ

the two best strategies to succeed in whistleblowing, namely:

• securing external support;

• ensuring sufficiency of the evidence.

In addition, the whistleblower needs to undertake the following preparations and steps:
 148

• Gather and verify data and evidence.

o Record events, dates, and names of people.
o Secure original documents, and pictures.
o Know the case well.
o Do background investigations.

• Assess the level of personal preparation.

• Do some self-assessment and self-reflection.
• Check one's motive and conscience.
• Check the level of preparedness in meeting the risks.
• Consult trusted friends and family members.
• Consult spiritual director/priests.
• Consult lawyers and seek independent professional advice.
• Put up some money for financial and logistical requirements.
• Reproduce evidence and give a copy to trusted friends and family members.
• Establish links with other whistleblowers and watchdogs.
• Look for witnesses.
• Connect with responsible and credible media.
• Connect with law enforcement authorities.

Each potential whistle-blowing situation involves different, issues, and personalities.

Two people in the same company facing the same situation may have different values
and concerns, causing them to react somewhat differently, without either person being
unethical.

Dealing with a Whistle-Blowing Situation

1. Assess the seriousness of the situation. The first step is to determine the
seriousness of the problem that has been observed. For someone to consider
whistle-blowing, that person should have specific knowledge of a situation where
someone is taking a course of action that is unethical and that represents a serious
threat to the public interest.

2. Attempt to address the situation internally. Ideally, the employee can get the
problem out into the open and deal with it from inside the organization, creating as
few bad feelings as possible.

3. Begin documentation. Any attempt to address the situation should be

documented with a summary of the problem provided to the appropriate managers
including a statement that they either responded or chose not to respond. This
record will be helpful if they chose not to respond. This record will help construct a
chronology of events if legal testimony is required in the future. Documentation
should be maintained and kept up-to-date throughout the whistle-blowing process.

4. Consider escalation within the company. The employee was maybe

unsuccessful in his or her initial attempt to deal with the situation internally. Some
 149

people who elect to take no further action continue to wrestle with their
consciences; they can develop ulcers, drug or alcohol problems, and/or lose their
peace of mind. Others may feel so strongly about the situation that they must take
further action. This is often the case when a very determined and conscientious
individual faces a truly serious problem. Thus, the employee who is still concerned
is forced to choose between escalating the problem and going over his or her
manager’s head or going outside the organization to deal with the problem. At this
point, the employee may become a whistle-blower if he or she feels compelled
because there appears to be no choice but to solve the problem internally.

5. Assess the implications of becoming a whistle-blower. If the employee feels

he or she has made a strong attempt to resolve the problem internally and has
achieved no results, the employee is now at the threshold of blowing the whistle
and must stop and fully assess if he or she is prepared to go forward.

6. Use experienced resources to develop an action plan. A whistle-blower should

consult with competent, qualified legal counsel with experience in whistle-blowing
cases. They will determine what statutes and laws apply to the case. There may
be more than one provision that may apply depending on the agency, employer,
state involved, and the nature of the case. Legal counsel should determine the
statute of limitations for reporting the offense as well as the length and nature of
whistle-blower protection.

7. Execute the action plan. Choose to continue with the matter legally, the claim
should be pursued based on the research and decisions previously made with legal
counsel. The consequences of every action should be understood. The problem
with this approach is that people often do not take such anonymous claims
seriously.

8. Live with the consequences. Whistle-blowers must be on guard against some

form of retaliation. Co-workers may be asked to help discredit the person and he
or she may even be threatened, the whistleblower must be careful with the
possibility of being “set up” in a situation that would be damaging.

Assess the Situation of Becoming a Whistle-Blower

If the employee feels he has made a strong attempt to resolve the problem internally
without results, he must stop and fully assess whether he is prepared to go forward
and blow the whistle on the company. Depending on the situation, an employee may
incur significant legal fees to air or bring charges against an agency or company that
may have access to an array of legal resources and a lot more money than the
individual employee. An employee who chooses to proceed might be accused of
having a grievance with the employer or of trying to profit from the accusations. The
employee may be fired and may lose the confidence of coworkers, friends, and even
family members.
 150

A potential whistle-blower must attempt to answer many ethical questions before

deciding on how to proceed:
Given the potentially high-stakes situation, do I want to proceed?
• Have I exhausted all means of dealing with the problem? Is whistle-
blowing all that is left?
• Am I violating an obligation to be loyal to my employer and work for its
best interests?
• Will the public exposure of corruption and mismanagement in the
organization correct the underlying cause of these problems and protect
others from harm?
From the moment an employee becomes known as a whistle-blower, a public battle
may ensue. Whistle-blowers can expect attacks on their integrity and character as well
as negative publicity in the media. Friends and family members will hear these
accusations, and ideally, they should be notified beforehand and consulted for advice
before the whistle-blower goes public. This notification helps prevent friends and family
members from being surprised at future actions by the whistle-blower or the employer.
The whistle-blower should also consider consulting support groups, elected officials,
and professional organizations. For example, the National Whistleblowers Center
provides referrals for legal counseling and education about the rights of whistle-
blowers.

Protection for Whistle-Blowers

Source: SENATE S.B.No. 3533 EXPLANATORY NOTE.
https://www.senate.gov.ph/lisdata/1301611690!.pdf

• "Whistle Blower Protection Act of 2009."

Senator Richard J. Gordon, Chairman and members of the Committee on
Accountability of Public Officers and Investigations introduced the
"Whistleblower Protection Act of 2009."

On his explanatory note he said:

“Section 27, Article II of the 1987 Constitution provides that as a State Policy,
"The State shall maintain honesty and integrity in public service and take
positive and effective measure against graft and corruption."

Furthermore, Section 1, Article XI of the 1987 Constitution provides that, "Public

office is a public trust. Public officers and employees must at all times be
accountable to the people, serve them with utmost responsibility, integrity,
loyalty, and efficiency, act with patriotism and justice, and lead modest lives."

It is the intent of this bill to encourage citizens to stand up and report alleged
violations of law, improper use of governmental office, gross waste of funds, or
any other abuse or gross neglect of duty on the part of an agency, public officer
or employee, and private entity. Furthermore, by protecting citizens who
 151

disclose wrongdoing from retaliatory acts, we hereby strengthen accountability

and reduce corruption in the public and private sectors.”

• House Bill No. 132

Introduced by Reps. Teodoro a. Casiño and Neri Javier Colmenares

This is an act providing for the protection, security, and benefits of
whistleblowers and other purposes.
A part of the Bill stated:
SECTION. 2. Declaration of Policy. Public Office is a public trust. It is the policy
of the State to promote and ensure full accountability in the conduct of its
officers and employees, and exact full retribution from those who shall engage
in graft and corrupt practices. Towards this end, the State shall:
(a) maintain honest and high standards of integrity in the public
service;
(b) safeguard the national interest through the prosecution of corrupt
and erring public officials and employees; and
(c) encourage and facilitate the disclosure of corrupt conduct and
practices in the public service by providing benefits and protection to
whistleblowers