ITNP023 - Autumn Aims

Transcription

1 PROFESSIONAL ISSUES

2 2 Aims Give a precise meaning of the terms profession and professional Discuss the obligations and privileges which membership of a profession carries Consider some codes of conduct that arise in UK computing Consider some legislations in UK computing

3 3 Professionalism What is a profession and what is involved in being a professional? Just doing it for money ( professional footballer ) Or do we mean something else? 3

4 4 Professionalism From Chambers 20th Century Dictionary: Profession: an employment not mechanical and requiring some degree of learning: a calling, habitual employment; the collective body of persons engaged in any profession; Features that collective bodies have in common: The collective body controls entry to a profession; Is self governing, in the sense that it establishes and enforces a code of conduct to its members; Is established either by a Royal Charter or by statute (act of Parliament) which requires it to undertake certain duties and responsibilities.

5 5 Professionalism The archetypal professions are medicine and law General features: a service relationship: a vendor and a purchaser, but no tangible commodity that can be sold on the vendor ( professional ) belongs to a specialist group possessing arcane skills (eg medical doctor) the purchaser may be forced to buy, or otherwise face e.g. disease, imprisonment The relationship is inherently unequal The purchaser is dependent on the integrity and skill of the vendor 5

6 6 Regulations of a profession A professional body sets: Standards of education as a condition of entry and achievement of professional status. Ethical standards and ethical rules which are to be followed by members. Rules are designed for the benefit of the public, typically stressing the pre-eminence of the client s interests over those of the service provider. Each profession has an appropriate degree of independence in setting professional standards whilst allowing Government to legislate for the public interest.

7 7 Benefits to the professional In exchange for these concessions, the specialist group typically demands new forms of market power Normally mediated through a closed association, guild... These include monopoly of practice control of entry and training self-regulation, both of normal practice and of disciplinary procedures There is no single picture: but professionalisation may bring practitioners benefits in both income and esteem Or they may find that their own ethics make them vulnerable (eg hospital doctors) 7

8 8 Professionalisation as a goal Occupational groups are often very keen to grasp the benefits particularly the market power conferred by monopoly plus control of recruitment & training Frequently we find sustained campaigns by groups to achieve professional status or to deny it to competing groups Professionalisation may bring benefits to others particularly purchasers For example, defined norms of duty to the client continual improvement of personal skills detection and prevention of abuse May bring very much better services 8

9 9 Computing in the UK BCS, The Chartered Institute for IT (formerly British Computer Society) is the professional society for Information System Engineers in the UK Its professional qualifications are based on the scheme for engineers: Chartered Information Technology Professional (CITP) Chartered Scientist (CSci) Chartered Engineer (CEng) 9

10 10 Membership of the BCS It has its own entrance exams A university can apply for its own degrees to provide exemption from the BCS exams this involves inspection every five years The BCS recognises the Stirling MSc IT for part-exemption from its entrance examination requirements for CITP See for membership details MBCS requires additional professional experience: 5 years IT work experience, or 2-3 years IT work experience plus relevant recognised qualifications (depending on level of qualification), or an Honours degree with BCS accreditation. 10

11 11 The BCS s Professional Code Stresses the need to balance one s duty to the employer (or client) and to the public. Strong emphasis on competence and duty of care towards the client and towards the public. The information professional must seek to upgrade their professional knowledge and skill and shall maintain awareness of technological developments, procedures and standards. See the BCS Code of Conduct and Code of Good Practice at Violations of the Code by members will be considered under the Society s disciplinary procedures. 11

12 12 Excerpts from the BCS Code of Conduct Public interest: You shall have due regard for public health, privacy, security and wellbeing of others and the environment. You shall promote equal access to the benefits of IT and seek to promote the inclusion of all sectors in society wherever opportunities arise. Duty to relevant authority: You shall carry out your professional responsibilities with due care and diligence in accordance with the Relevant Authority s requirements whilst exercising your professional judgement at all times. You shall accept professional responsibility for your work and for the work of colleagues who are defined in a given context as working under your supervision. 12

13 13 Excerpts from the BCS Code of Conduct Professional competence and integrity You shall only undertake to do work or provide a service that is within your professional competence. You shall NOT claim any level of competence that you do not possess. You shall develop your professional knowledge, skills and competence on a continuing basis, maintaining awareness of technological developments, procedures, and standards that are relevant to your field. You shall ensure that you have the knowledge and understanding of Legislation and that you comply with such Legislation, in carrying out your professional responsibilities. Duty to the profession You shall accept your personal duty to uphold the reputation of the profession and not take any action which could bring the profession into disrepute. 13

14 14 Legal Framework Probably the four most important pieces of UK computing legislation are: The Data Protection Act (discussed in ITNP033) The Freedom of Information Act (discussed in ITNP033) The Computer Misuse Act together with the Police and Justice Act (2006) The Regulation of Investigatory Powers Act The Computer Misuse Act (1990) drafted after two hackers left a message in the Duke of Edinburgh s mailbox introduces three new offences 14

15 15 CMA Section 1 1. A person is guilty of an offence if (a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer; (b) the access he intends to secure is unauthorised; and (c) he knows at the time when he causes the computer to perform the function that is the case 2. The intent a person has to have to commit an offence under this section need not be directed at (a) any particular program or data; (b) a program or data of any particular kind; or (c) a program or data held in any particular computer. (up to six months imprisonment and/or up to 2000 penalty) 15

16 16 CMA Section 2 & 3 Section 2 covers cases where the Section 1 offence is aggravated by an intent to commit a further crime (e.g. blackmail, theft) Section 3 covers any act which causes unauthorised modification of computer material [with intent to] (a) to impair the operation of any computer; (b) to prevent or hinder access to any program or data held in any computer; or (c) to impair the operation of any such program or the reliability of any such data In both cases the penalty is an unlimited fine and up to five years imprisonment 16

17 17 The DOS attack loophole The Computer Misuse Act did not deal well with Denial of Service (DOS) attacks. What is a DOS attack? Nothing to do with Microsoft s DOS operating system! In a DOS attack, a server on a network is maliciously bombarded with a huge volume of requests, effectively bringing it to a standstill. An example: Three Russian hackers extorted up to 2M from UK online bookmakers, by threatening to launch DOS attacks against their websites. Placing a bet is a legitimate use of a gambling website, so it would have been difficult to argue that this was a crime under the CMA. 17

18 18 The Police and Justice Act (2006) The Police and Justice Act (2006) broadens the scope of the CMA and imposes tougher penalties. It closes the DOS attack loophole by making it an offence to commit an unauthorised act in relation to a computer which has the effect that it impairs the operation of any computer The PJA also: makes it an offence to obtain or distribute software (such as hacking tools) if it is known that it will be used for illegal purposes. increases the penalties for the crimes defined under the CMA (up to 10 years imprisonment for some offences). and the Russian hackers? They were arrested and tried in Russia in 2006, fined, and sentenced to 8 years imprisonment. 18

19 19 Regulation of Investigatory Powers Act (2000) (Summary from The government can demand that a public telecommunications service intercepts an individual's communications The Home Secretary can serve interception warrants to perform mass surveillance The government can require ISPs to fit equipment that enables them to perform surveillance The government can demand that decryption keys be handed over in order to access protected information not yet in force 19

20 20 Regulation of Investigatory Powers Act (2000) The government can access internet traffic data for... any reason the Secretary of State deems fit Surveillance data may not be used in legal proceedings so if someone has illegitimately been the subject of an interception warrant there is no legal way for them to know about it. Needless to say, there has been some controversy about this law! press-freedomstate-surveillance-straw-editorial 20

21 21 Tutorial We will have a tutorial to discuss aspects of professional conduct