This section of the course is simultaneously the most in depth and interesting of all topics we study. The legal side of computing is fascinating in its own right, but the often forgotten environmental impact of the technology we consume is more prevalent than ever in a world where nearly everyone recognises the impact of climate change, a culture of consumerism and a distinct lack of investment in the repair, re-use and recycle economy.
It would be perfectly possible to write an entire website on this topic alone and, therefore, you should recognise that it simply isn’t feasible to go in to the depth necessary to truly understand every aspect of these topics. The answer to this is simple – you need to read the news. As a computing student, you should be regularly reading the “normal” news, but also tech based news sites. By doing so, you will be exposed to all manner of legal, ethical and environmental issues that will give you far greater familiarity than simply reading this site or your revision notes.
Some sites to start you off:
- Home – BBC News
- Technology – BBC News
- The Register: Enterprise Technology News and Analysis
- Slashdot: News for nerds, stuff that matters
In this section (click to jump)
- Laws
- Impacts of digital technology on wider society
- Open and Closed Source Software
- Creative Commons License
Laws
Laws come from acts of parliament. Broadly speaking, we elect a government by voting in local elections. Each area of the country will select an MP (Member of Parliament) who is meant to represent them and their local concerns in government or opposition. The party with the most MP’s or “seats” are then able to form a government.
It is the governments job to decide how to legislate regarding issues that affect us all as a society. When a new law is proposed, it is drafted as a “white paper” which is then debated in parliament. Once a draft has been debated, amended and ultimately successfully voted on it becomes and “Act of Parliament.” This means the rules and regulations that were debated and voted on are now enforceable in law by the court system.
Surprisingly, there are very few laws which cover the use of computers and technology. Indeed, it wasn’t until a very high profile case which involved someone accidentally letting themselves in to the online mailbox used by a member of the royal family that a specific Act covering the misuse of computing was implemented. Many people argue that the current Computer Misuse Act is no longer fit for purpose in a world where so much happens online in terms of security breaches, hacking, ethical security research and so forth.
There are three specific acts that you need to know about for your exam:
- Data Protection Act 2018
- Computer Misuse Act 1990
- Copyright Designs and Patents Act 1988
Data Protection Act 2018
What is it?
The Data Protection Act was introduced so that individuals (you and I) had control over our data when it was used or gathered by businesses and other organisations. In other words – we had the right to know what was being done with our information, the right to see it on request and the right to have our data deleted or amended as necessary.
The data protection act applies automatically to individuals and must be applied by any individual or organisation that is collecting and processing data.
If you need to give an example of what “data” actually is then sensible answers would include information such as name, address, email, date of birth, account numbers and so forth.
The data protection act was updated in 2018 to take on board the European wide General Data Protection Regulations of GDPR, fortunately for us the principles are largely the same as they were other than “data subjects” now have much clearer guidance on how they can request copies of their personal data that has been collected by an organisation and organisations have to be much clearer about what they are collecting and how people can request their information.
Furthermore, subjects now have the right to erasure – not the late 80’s early 90’s pop duo, but the right to have data deleted that has been stored. There are some exceptions to this – for example you cannot ask for your criminal record to be deleted and previous employers can hang on to your data for a number of years after you leave.
What are the main principles?
The Data Protection Act sets out 8 principles, which basically translates to “8 things people have to do when processing or handling data in order to comply with the law.”
The principles below are not exactly how they are written in the act, because it uses scary legal speak, so these are abbreviated and easier to remember versions. The green text explains what each principle means.
- Personal data shall be processed fairly and lawfully. This means you cannot do anything with data that has not been agreed or breaks any of the other principles.
- Personal data shall be obtained only for specified and lawful purposes. In other words, you can only collect the data you say you need and you can only use it in a lawful way.
- Personal data shall be adequate, relevant and not excessive. You are not allowed to collect any data you don’t need!
- Personal data shall be accurate and, where necessary, kept up to date. You must check for any changes to data you hold and update it. This is to stop problems like personal letters being sent to the wrong address, for example.
- Personal data shall not be kept for longer than is necessary. Once you have used the data, unless you have a lawful reason to do otherwise, you must delete the data you hold after a reasonable length of time.
- Personal data shall be processed in accordance with the rights of data subjects (individuals). People have the right to ask to see data, have it deleted or amended.
- Appropriate measures shall be taken to prevent accidental loss or destruction of, or damage to, personal data. You must make sure data is protected, not accessed for illegal purposes (e.g. asking a police officer mate to look up an address for you) and is kept securely.
- Personal data shall not be transferred to a country outside the European Economic Area. Data cannot be stored or moved outside of Europe unless that country has the same or better data protection laws.
The 2018 update added a few more protections for data subjects (people):
There is now stronger legal protection for more sensitive information, such as:
- race
- ethnic background
- political opinions
- religious beliefs
- trade union membership
- genetics
- biometrics (where used for identification)
- health
- sex life or orientation
This data falls under “protected characteristics” and can only be collected where strictly necessary and must be strongly protected by any organisation that holds such information.
Finally, clear rights were established for data subjects. Under the Data Protection Act 2018, you have the right to find out what information the government and other organisations store about you. These include the right to:
- be informed about how your data is being used
- access personal data
- have incorrect data updated
- have data erased
- stop or restrict the processing of your data
- data portability (allowing you to get and reuse your data for different services)
- object to how your data is processed in certain circumstances
If someone requests a copy of their data, a company must respond within 28 days and provide the data requested unless there is a legal reason not to – such as it endangering another person or the security of the organisation.
Computer Misuse Act 1990
What is it?
The Computer Misuse Act was designed to protect individuals or organisations against pretty much any use of a computer which could be classed as unlawful. This means that even using a computer with the intention of doing damage is against the law.
As an overview, if you use a computer to hack, try to get passwords that aren’t yours, look at information you’re not allowed to, delete files deliberately or anything like that, you’re breaking the law/act.
The Computer Misuse Act has 3 main principles, but 4 in reality as the third comes on two parts:
What are the principles?
- Unauthorised access to computer material – Simply, you are not allowed to look at, or try to access, anything on a computer that you don’t have permission to see. For example, trying to gain access to shares you don’t have permission to see, or opening files that do not belong to you.
- Unauthorised access with intent to commit or facilitate commission of further offences – You are not allowed to try and get into a computer system with the intention of either doing something wrong yourself, or to help someone else to commit a crime. For example, gaining access to a system and installing a virus or backdoor to allow others to use the system.
- Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc.
- 3A: Unauthorised acts causing, or creating risk of, serious damage – You cannot use a computer to deliberately cause damage to either the system itself or any data stored. Furthermore, you cannot do something which may cause damage to occur.
- 3B: Making, supplying or obtaining articles for use in offence under section 1, 3 or 3A – You cannot make software or hardware which helps people to break the law, gain access to systems, circumvent security measures and so forth. This would include writing malware, spyware, viruses, key loggers or similar.
The Computer Misuse Act has been the subject of a review by the UK government in 2023 and is widely expected to either be updated or replaced by new legislation which is more appropriate to modern online activity. The motivation for this review is outlined from the government consultation below:
Copyright Designs and Patents Act 1988
What is it?
The Copyright, Designs and Patents Act (CDPA) is designed to protect something called “intellectual property.” Literally translated this means the property of your mind… More usefully, it means the CDPA protects any original work you produce with some form of creative thought process. So, if you take a photograph, write a beautiful ode to your favourite graphics card, write a story, record a song, paint a picture etc then you are automatically protected under the CDPA.
The CDPA provides protection of your rights of ownership. This means that your right to own your work and do what you like with it is recognised in law. As a creator of content, you have the right to say what can be done with your work, when, how, and by whom. In other words – you have complete control unless you decide to give that up by selling your work and the rights to it to someone else.
A Patent is a further legal protection that can be applied for, usually for an invention such as a new games controller. The inventor applies for a patent which proves that:
- The design truly is “new” and has not been done before
- The designer has exclusive rights to the design meaning no one else can do something in the same way, nor produce the same product without a license
- The design is protected for up to 20 years
- The design is made public – everyone can see how a particular design works in detail. This is partly so people can avoid being sued for having similar/same designs.
The CDPA in computing is particularly relevant when discussing file sharing, copying software, copying music, copying or streaming films and so forth. All of these if done illegally would breach the CDPA.
What are the principles?
- There are no specific principles you need to learn, however you do need to be able to discuss where the act would apply and what the impact/consequence may be to someone who breaks the act.
- The CDPA applies automatically and instantly to a piece of work you create. You do not have to put (C) or COPYRIGHT or anything similar for your work to be legally protected. However, content creators can opt to register their copyright which provides greater legal protection.
- If copyright infringement is proven in court then the act provides a wide range of potential outcomes including:
- Unlimited fines (decided by the courts)
- Imprisonment
- Confiscation of material
- Confiscation of profits from copyright breach
- Restraining orders – legal requirements for people to do or not do something
Impacts of digital technology on wider society
Ethics
Quickly, what does that mean?
Briefly, your “morals and ethics” are your core beliefs. They are the things you fundamentally believe in and steer your understanding of what you think is right and wrong, acceptable and unacceptable. They are your principles and values and cover any scenario imaginable.
Some morals and ethics are clear cut and generally accepted across society. For example, we would probably all agree that morally, it is wrong to fill up our cars with fuel and then drive off without paying. There is a strong sense of what is fair and right built into most of us that would prevent us from stealing.
However, some areas are far more grey. For example, should you buy a t-shirt knowing that it has come from a country where working laws are non-existent, people have worked in terrible conditions for next to no money to make it and there is potential for child labour to be involved? In this case we often protect ourselves by passing the blame – “Ah, but the shops shouldn’t buy from suppliers that allow those things to go on!” Morally, we have moved the blame or responsibility from ourselves onto the shop or manufacturer, whilst still purchasing the product and therefore funding these practises! Is that morally and ethically correct?!
In computing there is an awful lot of moral and ethical issues we may never have questioned before studying this topic. These include, but are certainly not limited to:
- The manufacturing and supply chain of electronics – this often involves mining of minerals in extremely poor conditions, low paid and depressing working conditions on manufacturing production lines.
- The disposal of electronic waste – we live in times where technology is made to be disposable. You can buy, for example, disposable battery packs from pound shops to charge your phone. This is a horrific waste of resources and often batteries are simply discarded to landfill. What happens to your old laptop, TV, phone or tablet when you no longer need them? What countries does your waste end up in? Why…? What do they do with it?
- Surveillance and monitoring of citizens – you conduct your life online and as a result it is trivial for governments and various other agencies to monitor your daily lives, from communications to journeys you make and your activities online. Surveillance is virtually undetectable to the average person and has only been made possible by widespread adoption of technology
- Distribution of content online – the internet is full of services offering TV channels and streams for free, that are normally charged on a monthly basis. One of the biggest examples is the Premier League where services offer streams of games for free or much lower prices than typical providers like Sky, BT and ESPN offer. Moral/Ethical arguments often revolve around the prices charged and an argument of “if they were lower we’d buy it legally.” This is sometimes true – Steve Jobs proved to the music industry that lowering prices increases legal consumption and also paved the way for the extremely popular streaming services we have now. However, this has also led to a massive squeeze on the amounts performers and content creators can earn.
- Hacking/Malware/Online Extortion – there is a massive market for the making and selling of tools that allow people to steal identities and other data online. Furthermore there is a huge underground market of personal details, credit card details and so forth. One of the most popular attacks is ransom or “scareware” where attackers compromise a system and demand payment in return for removing encryption or “not releasing” personal data on the internet.
In more detail we need to consider:
The only sensible way for you to ensure you have sufficient knowledge for the exam is to make sure you’ve read around the subject and looked in detail at the content we’ve been through in lessons. You should ideally make sure you’re reading the news and specifically browsing technology oriented websites. You are likely to have to discuss in longer answer questions the impact/consequence of various ethical or moral arguments. Have a look through the specific sections below, but any exam question on this section will basically boil down to your ability to suggest some sensible ethical/moral arguments based on the context of the question, which shouldn’t be too hard!
Cultural Issues
Quickly, what does that mean?
We are living in a global society, meaning that when we create an app, website or piece of hardware we have to consider an audience that is wider than just our own country. Different countries all have their own culture, some of which are vastly different to our own.
A “culture” is basically a way of life and usually covers:
- Customs – the way people do things, what is considered polite and impolite. Consider the British custom that putting the kettle on and having a cup of tea solves all problems.
- Ideas and beliefs – Literally what it says on the tin, what do people of a certain culture believe in (including the majority religion of that country)
- Social behaviour – the way people conduct themselves in public. There can be some properly odd social behaviours, for example Norwegians when they’re listening to you, nod along whilst inhaling all the air in the room and muttering “yeah” in a high pitch as they do so.
In more detail we need to consider:
In an exam you would need to show an understanding that “our way isn’t the only way.” Some good examples to focus on are:
- Reading direction – some languages require left to right, others right to left
- Language – an obvious one!
- Colour – some colours mean different things in different countries. Apparently blue is the safest colour in the world and you don’t want to wear a green hat in China because it means your wife is cheating on you…
- Imagery – the content of images and any symbolism must be considered. Some gestures or imagery may be totally acceptable in some cultures and deeply offensive in others.
- Content – some cultures expect clean, clear design (western) and others (east asian) expect the screen to be as full of information as possible to maximise the use of space available.
- Data collection – there are differing rules in each country about what is and is not acceptable to collect from users.
An interesting read about cultural considerations when designing a website can be found here and gives good examples of how designs differ for various cultures.
Environmental Issues
Quickly, what does that mean?
Electronics creates a huge environmental impact and not simply from the waste or disposal of devices after we have finished with them. These are becoming more and more prevalent as societies wake up to the idea of global warming and the impact that our actions have on our environment. However, the story is not entirely negative as technology is also driving forward clean energy, electric and self driving vehicles and green technologies which will reduce emissions.
In more detail we need to consider:
- Mining – Mining is one of the dirtiest industries around, often destroying mile after mile of landscape and wildlife habitats. Mining often involves pumping millions of litres of water under or over ground which is extremely wasteful and causes devastation in mining areas. Mining is often poorly regulated and offers workers in some countries extremely dangerous working conditions.
- Manufacturing – Factories produce huge amounts of waste and pollution. No manufacturing process is 100% efficient so there is always waste. In the production of microchips and displays, often the failure rate can be as high as 75% when a new process in introduced. These failed devices are often simply disposed of. Factories also pollute rivers and air quality in many countries that have much poorer laws and controls on emissions than we are used to in the UK.
- Waste disposal – When consumers are ready to dispose of a device they are supposed to send them to an appropriate recycling scheme. Sometimes this doesn’t happen, but more worrying is how devices are actually “recycled.” All too often, electronics find their way to developing nations where they are simply burned to recover precious metals like copper and gold. The burning of electronics is extremely toxic and often ends up eventually killing the people who work on recovering the metals and materials.
- Recycling – Increasingly, companies are being forced to be more responsible for the eventual waste they create. Certain states in America and shortly the EU, have introduced “right to repair” laws which compel manufacturers to make devices that users can fix rather than throw away. The biggest issue with devices is often the batteries die and this should be an easy fix, but modern phones, for example, are increasingly sealed preventing easy replacement.
- Carbon Footprint/Emissions – The manufacture of electronics and their global distribution creates a lot of emissions that are harmful to the environment. From the mining and refining of metals and silicon to the transportation of goods using air, sea and land based vehicles – all of which create emissions.
- Clean energy – Recently, large manufacturers such as Apple and Google are using clean energy sources and realising this can be used as a marketing tool – they are attempting to power their offices and factories with renewable energy and therefore promoting themselves as environmentally conscious companies.
Privacy Concerns
Quickly, what does that mean?
Your privacy has never been so under threat as it is today in our always on, social media culture. This isn’t simply because your data is at risk of being stolen, in fact the biggest risk to your data is yourself and the insatiable appetite we seem to have for freely sharing our lives online. We give away enough data to make companies like Facebook worth hundreds of billions of dollars – the value is all in our information.
With so much data around, your privacy can be invaded in some incredible ways, from tracking your every movement to predicting your future behaviours.
In more detail we need to consider:
- Data breaches – our data is stored on so many computer systems it would be a difficult task for you to accurately remember all the places you’ve submitted some kind of information to. Companies have a legal obligation to keep this data safe (Data Protection Act), however some do incredibly poor jobs (Sony Playstation network…) and this data can be stolen. Every time a data source us breached your security and privacy is at risk, sometimes with incredibly high stakes – consider when the adultery website Ashley Madison was hacked, revealing thousands of people that had conducted affairs and were subsequently blackmailed or found themselves with some awkward conversations to have…
- Tracking – Mobile phones track our every movement. Google a shop and ask yourself how they know the most busy times of the day. This data is incredibly sensitive in some circumstances and yet most of us agree to its collection or are not even aware we have agreed to it. It is also possible for security agencies such as MI5 or the NSA to compromise and use mobile phones to monitor the movements of subjects they need to monitor.
- Health data collection – The biggest growth area in mobile technology at the moment is in the collection and processing of health information. Apple CEO Tim Cook has gone on record to say he believes their impact in the health sector will be Apples legacy to society. There is no more personal data than your medical or health data and yet we are being encouraged to share more and more of this data and collect more data with fitness trackers and smart watches. Whilst not entirely a bad thing, certainly some good research and advances in medicine will come from this, again it is a matter of how much data we choose to give away or are aware we are giving away and how it is used that should be of concern.
- Cookies and other user profiling tools – your online activities are constantly being tracked and companies such as Google will try to link your activity across websites together to build a profile of you as a person. This doesn’t simply stop at web browsing, apps too will collect absurd amounts of data, down to how fast you scroll the screen, how long you pause to read or look at something, what you click on or like, what was the last thing you looked at before closing it and so forth. You can build a startlingly accurate image of someones habits, likes, dislikes and their personality from this information which is invaluable to advertisers who will pay a lot of money to get hold of it. This data is allegedly “anonymised” but you’re given a unique ID which doesn’t take too much work to associate to a real person.
- Surveillance – The RIPA (Regulation of Investigatory Powers Act) is a law which has allowed the widespread surveillance and monitoring of citizens basically whenever authorities feel like it. The act was passed without any real scrutiny in Parliament despite opposition from many groups in society. RIPA allows the monitoring of any electronic communications of anyone suspected of being a criminal/terrorist in the UK without their knowledge. It is fairly common knowledge since the rise of Wikileaks and other informants/whistleblowers that organisations such as the NSA/MI5/6 employ a huge range of surveillance including the interception and storage of all internet communications and the circumventing of mobile phone security in order to grant access to their cameras, microphones and GPS data.
- CCTV – We are surrounded by CCTV almost everywhere we go and sometimes this is linked with facial recognition technology and behavioural monitoring software which attempts to automatically highlight those who act suspiciously. Obviously face recognition and the storage of people’s faces is a privacy concern, especially as the accuracy of these systems (especially recently in London) has been proven to be poor in some circumstances, leading to false identifications.
Open and Closed Source Software
All software/apps are made up of code, as you should already know. This is often called the “source code.” Creating code which is of use to people is not a trivial task, it requires skill, experience, training, dedication and excellent problem solving skills.
Some people create code for fun, or simply for the enjoyment of solving a problem. These people may decide to share their code with others so they may learn or benefit from it in any way in which they see fit. Other people recognise that there is money to be made from writing computer software and therefore your code is a trade secret which should not be shared with anyone.
The choice of whether or not to share your code puts a project in to one of two categories – open source or closed source. Furthermore, there are many different ways of sharing your source code if you do choose to go open source, and this usually falls under the “creative commons” license.
Closed Source
If you’ve any experience in programming, you’ll know that creating software that is anything other than the most simple of programs is quite difficult. This goes a long way to explain why programmers are paid so much money – because they’re worth it. Programming is a highly skilled job which requires years of experience and knowledge to get to a point where you’re capable of writing the kind of software that can stand up to public release and use.
For these reasons, its not surprising that most companies decide to keep the source code to themselves. This is called “closed source” or “proprietary” software.
Companies release closed source software because:
- They pay developers a lot of money to work for them and create software – they need to make that money back
- Simply to enable them to make money from the software
- To protect their intellectual property – other people can’t see how they made their program.
- Techniques can be kept secret – sometimes programmers have come up with incredibly complex or unique ways of solving problems that others can’t or couldn’t – this is worth a lot of money so you’d want to keep others from seeing how you solved a problem or implemented a feature.
- They can restrict/closely control what people can or cannot do with the software depending on the license the software is released under.
As a consumer/user of closed source software there are some advantages:
- You are using a product that has probably been well tested and is robust
- If the software is an “industry standard” like Office or Photoshop then there are likely lots of resources/support available
- Bug fixes and feature upgrades are likely to be regular and readily available
- The product should be kept secure and up to date (companies have to keep their reputations – if their software lost your data or personal information it wouldn’t look good!)
There are some disadvantages:
- You cannot modify or alter the software in any way unless permission is given
- Extra features you may need will probably be in a new version or a paid upgrade
- When support ends (the program is old) then you may lose all support, updates and bug fixes
Open Source
This is the exact opposite of closed source – anyone can view, edit or modify the code which makes up the application/software.
One of the most famous examples of open source software is Linux – an operating system that has been created by many thousands of people working collaboratively – all giving away their work for free so that others can benefit. If you’ve never heard of Linux you’ve almost certainly used something that was based on it – Android, now one of the most widely used operating systems in the world.
Open source software exists because:
- It removes barriers for people to use computer systems and software
- It enables people to share and build on the ideas of others
- There are many people that simply like to code/share their expertise for free
As a consumer/user of closed source software there are some advantages:
- You can learn from the code other people have written
- It’s free!
- You can save a lot of money by basing your software/ideas on an existing code base (developing takes time, time = money)
- Updates/bug fixes may be released more quickly
- Potentially code is more secure because people can freely examine the code for security weaknesses
There are some disadvantages:
- Code may not be as robust as closed source
- Code may not have been as extensively tested
- You may get no support or help at all if you come across bugs or problems
Creative Commons License
We must start by making one thing clear – the creative commons license does not just apply to software / code. You may decide to share any creative work under the creative commons license. This includes things like:
- Literary works, such as books or articles
- Videos
- Sounds
- Songs
- Pictures
If someone decides to share their work, they often do not want to simply give it away without recognition. The Creative Commons license is a way in which creators can choose exactly how they want to share their work and how much control and ownership they’d like to retain.
There are different “levels” of Creative Commons license that people may choose to use:
- Attribution only – people can do what they like with your work if they just credit you (put your name next to it, for example)
- Share-alike – people can do what they want but must share any changes they make
- No derivatives – people can use, share and distribute the work but cannot change it
- Non-Commercial – people can use, share and distribute the work but cannot make money from it or sell it
In summary, the Creative Commons License exists to allow content creators an easy way to:
- Distribute their creations
- Allow users a range of rights to change, edit, share or amend that content
- Decide whether they want to allow commercial use or just private/personal use of their creation
- All whilst retaining the copyright to their original content – meaning they can change or revoke the license at any time.
Generally, people adopt the “share alike license” which grants permission to:
- Freely distribute the content – if the author is credited (i.e. don’t try and pass it off as your own work)
- Edit/make changes to the content (generally IF they then publish those changes as well.
Publishers may choose to use this license because:
- They want others to learn from their work
- They believe in the free distribution of content (especially in education or to further a particular field)
- They want a their content to be part of a collaborative project
- They still want recognition for their work but don’t want to charge for it.