Professional issues Una Benlic ube@cs.stir.ac.uk
Aims Give a precise meaning of the terms profession and professional Discuss the obligations and privileges which membership of a profession carries Consider some codes of conduct that arise in UK computing Consider some legislations in UK computing
What is a profession and what is involved in being a professional? just doing it for money ( professional footballer ) or do we mean something else?
Professionalism From Chambers 20 th Century Dictionary Profession: an employment not mechanical and requiring some degree of learning: a calling, habitual employment; the collective body of persons engaged in any profession; Features that collective bodies have in common: The collective body controls entry to a profession; Is self governing, in the sense that it establishes and enforces a code of conduct to its members; Is established either by a Royal Charter or by statute (act of Parliament) which requires it to undertake certain duties and responsibilities. The archetypal professions are medicine, law, the clergy.
General features of a profession A service relationship: a vendor and a purchaser, but no tangible commodity that can be sold on the vendor belongs to a specialist group possessing arcane skills the purchaser may be forced to buy, or otherwise face e.g. disease, imprisonment, or damnation
Regulations of a profession A professional body sets: Standards of education as a condition of entry and achievement of professional status. Ethical standards and ethical rules which are to be followed by members. Rules are designed for the benefit of the public, typically stressing the pre-eminence of the client s interests over those of the service provider. Each profession has an appropriate degree of independence in setting professional standards whilst allowing Government to legislate for the public interest.
Benefits to the professional In exchange for these concessions, the specialist group typically demands new forms of market power Normally mediated through occupational closure, guild These include Monopoly of practice Control of entry and training Self-regulation There is no single picture: but professionalisation may bring practitioners benefits in both income and esteem Or they may find that their own ethics make them vulnerable (vicars, hospital doctors)
Professionalisation as a goal Occupational groups are often very keen to grasp the benefits Particularly the market power conferred by monopoly plus control of recruitment & training Frequently we find sustained campaigns by groups to achieve professional status Or to deny it to competing groups Professionalisation may bring benefits to others (particularly purchasers) For example, strongly-internalised norms of Duty to the client Continual improvement of personal skills Prevention of abuse May bring very much better services
Computing in the UK The British Computer Society (BCS) is the professional society for Information System Engineers in the UK. Its professional qualifications are based on the scheme for engineers. It has its own exams: a university can apply for its own degrees to provide exemptions from the BCS exams This involves inspection every five years. The BCS recognises the University of Stirling MSc for part-exemption from its entrance examination requirements. See http://www.bcs.org/membership/ for membership details. MBCS requires: 5 years IT work experience, or 2-3 years IT work experience plus relevant recognised qualifications (depending on level of qualification), or an Honours degree with BCS accreditation.
The BCS s Professional Code Assures the quality of professional services in the public interest. Strong emphasis on competence And duty of care towards the client and towards the public. The professional must seek to upgrade their professional knowledge and skill and shall maintain awareness of technological developments, procedures and standards. See the BCS Code of Conduct and Code of Good practice at http://www.bcs.org/server.php?show=nav.6029 Violations of the Code by members will be considered under the Society s disciplinary procedures.
BCS Code of Conduct: duties in the public interest 1. You shall carry out work or study with due care and diligence in accordance with the relevant authority s requirements, and the interests of system users. If your professional judgement is overruled, you shall indicate the likely risks and consequences. 2. In your professional role you shall have regard for the public health, safety and environment. 3. You shall have regard to the legitimate rights of third parties. 4. You shall ensure that within your professional field you have knowledge and understanding of relevant legislation, regulations and standards, and that you comply with them.
BCS Code of Conduct, continued 5. You shall conduct your professional activities without discrimination against clients or colleagues. 6. You shall reject any offer of bribery or inducement. Principles 7, 8, 9 are obligations to the relevant authority. These concern avoiding or disclosing situations where there is a conflict of interest between you and the authority; non-disclosure of confidential information; and not misrepresenting or withholding information about products or taking advantage of others lack of knowledge.
Legal Framework Probably the four most important pieces of UK computing legislation are: The Data Protection Act (discussed in ITNP33) The Computer Misuse Act together with the Police and Justice Act (2006) The Regulation of Investigatory Powers Act
CMA Section 1 1. A person is guilty of an offence if A. he causes a computer to perform any function with intent to secure access to any program or data held in any computer; B. the access he intends to secure is unauthorised; and C. he knows at the time when he causes the computer to perform the function that that is the case 2. The intent a person has to have to commit an offence under this section need not be directed at A. any particular program or data; B. a program or data of any particular kind; or C. a program or data held in any particular computer. (up to six months imprisonment and/or up to 2000 penalty)
CMA Section 2&3 Section 2 covers cases where the Section 1 offence is aggravated by an intent to commit a further crime (e.g. blackmail, theft) Section 3 covers any act which causes unauthorised modification of computer material [with intent to] A. to impair the operation of any computer; B. to prevent or hinder access to any program or data held in any computer; or C. to impair the operation of any such program or the reliability of any such data. In both cases the penalty is an unlimited fine and up to five years imprisonment.
The DOS attack loophole The Computer Misuse Act did not deal well with Denial of Service (DOS) attacks. What is a DOS attack? (Nothing to do with Microsoft s DOS operating system!) In a DOS attack, a server on a network is maliciously bombarded with a huge volume of requests, effectively bringing it to a standstill. An example: Three Russian hackers extorted up to 2M from UK online bookmakers, by threatening to launch DOS attacks against their websites. Placing a bet is a legitimate use of a gambling website, so it would have been difficult to argue that this was a crime under the CMA.
The Police and Justice Act (2006) The Police and Justice Act (2006) broadens the scope of the CMA and imposes tougher penalties. It closes the DOS attack loophole by making it an offence to commit an unauthorised act in relation to a computer which has the effect that it impairs the operation of any computer The PJA also makes it an offence to obtain or distribute software (such as hacking tools) if it is known that it will be used for illegal purposes. And the PJA increases the penalties for the crimes defined under the CMA (up to 10 years imprisonment for some offences). and the Russian hackers? They were arrested and tried in Russia in 2006, fined, and sentenced to 8 years imprisonment.
Regulation of Investigatory Powers Act (2000) (This summary is from http://www.magnacartaplus.org/bills/rip/) The government can demand that a public telecommunications service intercepts an individual's communications. The Home Secretary can serve interception warrants to perform mass surveillance. The government can require ISPs to fit equipment that enables them to perform surveillance. The government can demand that decryption keys be handed over in order to access protected information. (not yet in force). The government can access internet traffic data for... any reason the Secretary of State deems fit.
Regulation of Investigatory Powers Act (2000) Surveillance data may not be used in legal proceedings so if someone has illegitimately been the subject of an interception warrant there is no legal way for them to know about it. Needless to say, there has been some controversy about this law! http://www.theguardian.com/commentisfree/2013/oct/13/observ ereditorial-press-regulation-debate http://www.wired.co.uk/news/archive/2013-10/04/campaigngroupstake-british-government-to-court http://www.bbc.co.uk/news/technology-24388499