DAWOOD UNIVERSITY OF ENGINEERING AND TECHNOLOGY, KARACHI

Department of Computer System Engineering

8thsemester Final year batch: 20/F
Name: Muhammad Hussain
Roll No: 20/F-CS-24
Subject Professional Ethics

ASSIGNMENT 2

Question 01

Q1) Justify and differentiate among the below-mentioned electronic crimes. (clo2.plo8.level:c4)

a. Cracking

b. Wire fraud

c. Cyber bullying

a. Cracking

Definition: Cracking refers to the act of breaking into a computer system, network, or software with
malicious intent. Unlike hacking, which can sometimes be legal and ethical when performed by security
professionals to test and improve security measures (ethical hacking), cracking is illegal and involves
bypassing security measures to gain unauthorized access.

Examples:

 Breaking into a company's internal network to steal sensitive data.

 Bypassing software protection mechanisms to use paid software for free.
 Defacing websites by exploiting security vulnerabilities.

Justification: Cracking is a criminal activity because it involves unauthorized access to systems and
data, violating the privacy and security of individuals and organizations. It often results in data breaches,
financial loss, and damage to the reputation of the targeted entities.

Legal Consequences:
  Fines and restitution.
 Imprisonment, depending on the severity of the breach and damage caused.
 Civil lawsuits from affected parties.

b. Wire Fraud

Definition: Wire fraud involves using electronic communications, such as emails, faxes, or online
messaging, to defraud someone of money or property. It typically involves schemes designed to deceive
victims into transferring funds or sensitive information.

Examples:

 Phishing scams where victims are tricked into providing personal and financial information.
 Business email compromise (BEC) where attackers pose as company executives to authorize
fraudulent transfers.
 Online auction fraud where sellers receive payment but do not deliver the promised goods.

Justification: Wire fraud is a serious crime because it involves deception and manipulation to steal
money or property. It exploits trust and often targets vulnerable individuals or businesses, leading to
significant financial and emotional harm.

Legal Consequences:

 Significant fines.
 Long-term imprisonment (up to 20 years in the United States).
 Restitution to victims.

c. Cyberbullying

Definition: Cyberbullying is the use of electronic communication tools, such as social media, emails, or
messaging apps, to harass, threaten, or intimidate someone. It often targets individuals repeatedly and
can include spreading false information, posting harmful or offensive content, or engaging in persistent
harassment.

Examples:

 Sending threatening or abusive messages via social media.

 Sharing embarrassing or private information about someone without their consent.
 Creating fake profiles to demean or harass a person.

Justification: Cyberbullying is considered a crime because it can have severe psychological and
emotional impacts on victims, leading to anxiety, depression, and even suicidal thoughts. It creates a
hostile and unsafe environment online, particularly affecting children and teenagers.

Legal Consequences:
  Cyberbullying laws vary by jurisdiction, but consequences can include fines and imprisonment.
 Schools and workplaces may impose disciplinary actions.
 Victims can pursue civil lawsuits for damages.

Differentiation Among the Crimes

1. Nature of Activity:
o Cracking: Involves unauthorized access to computer systems and networks.
o Wire Fraud: Involves deceptive practices using electronic communications to steal
money or property.
o Cyberbullying: Involves harassment or intimidation through electronic communication.
2. Intent:
o Cracking: Typically involves malicious intent to steal, disrupt, or damage.
o Wire Fraud: Involves intent to deceive and defraud victims for financial gain.
o Cyberbullying: Aims to harm, intimidate, or embarrass individuals.
3. Impact on Victims:
o Cracking: Can lead to data breaches, financial loss, and compromised security.
o Wire Fraud: Results in financial losses and breach of trust.
o Cyberbullying: Causes psychological harm, emotional distress, and damage to
reputation.
4. Legal Framework:
o Cracking: Covered under computer crime and cybersecurity laws.
o Wire Fraud: Governed by fraud and electronic communications laws.
o Cyberbullying: Addressed through anti-harassment and cyberbullying statutes, which
vary widely.
5. Common Methods:
o Cracking: Exploiting vulnerabilities, using malware, brute force attacks.
o Wire Fraud: Phishing, social engineering, impersonation.
o Cyberbullying: Harassment, doxing, trolling, fake profiles.

Question 02

Q2) You discover a critical security vulnerability in a widely used software application. As a
computer systems engineer, you have the knowledge to exploit the vulnerability, but doing so could
cause significant harm to users. Write the ethical considerations in this situation, and how would
you responsibly disclose the vulnerability to the software vendor to ensure prompt and effective
patching while minimizing potential risks (clo3.plo12.level:5)

Ethical Considerations and Responsible Disclosure of a Security Vulnerability

Ethical Considerations
 1. Non-Maleficence:
o The principle of "do no harm" is paramount. Exploiting the vulnerability could cause
significant harm to users, including data loss, financial damage, and privacy violations.
o As an engineer, it's important to prioritize the safety and security of users over potential
personal or professional gain.
2. Professional Responsibility:
o Adhering to the professional codes of ethics, such as those from the ACM (Association
for Computing Machinery) or IEEE (Institute of Electrical and Electronics Engineers),
which emphasize the responsibility to protect the public.
o Maintaining integrity and trustworthiness by not engaging in actions that could
compromise the security and privacy of users.
3. Confidentiality:
o Protecting the details of the vulnerability to prevent malicious actors from exploiting it
before a patch is released.
o Ensuring sensitive information is disclosed only to trusted parties who can address the
issue.
4. Transparency and Honesty:
o Being transparent with the software vendor about the discovery, including all relevant
details of the vulnerability.
o Providing accurate and complete information to facilitate an effective and timely
response.
5. Accountability:
o Accepting responsibility for the discovery and handling of the vulnerability.
o Ensuring actions taken are traceable and justifiable, fostering trust in the disclosure
process.

Responsible Disclosure Process

1. Preparation:
o Gather comprehensive information about the vulnerability, including steps to reproduce
it, potential impact, and any mitigations.
o Prepare a detailed report documenting the vulnerability, including technical details,
potential risks, and recommendations for fixing it.
2. Initial Contact:
o Identify the appropriate contact point within the software vendor's organization, typically
a security team or dedicated vulnerability disclosure program.
o Use secure communication channels, such as encrypted email, to protect the information
during transmission.
3. Vulnerability Report:
o Submit the detailed report to the vendor, clearly explaining the vulnerability, how it was
discovered, its potential impact, and suggested fixes.
o Offer to provide additional information or clarification if needed.
4. Coordination:
o Work collaboratively with the vendor’s security team to ensure they understand the
vulnerability and can reproduce it.
 o Agree on a timeline for addressing the issue, considering the severity of the vulnerability
and the time required to develop a patch.
5. Monitoring and Support:
o Monitor the vendor's progress in developing a patch and provide support as needed.
o Avoid disclosing any information about the vulnerability publicly until the vendor has
released a fix and users have had a reasonable time to update their software.
6. Public Disclosure:
o Once the patch is released, coordinate with the vendor to publicly disclose the
vulnerability responsibly.
o Include information about the vulnerability, the patch, and the importance of updating to
mitigate the risk.
o Consider publishing a detailed post-mortem analysis to educate the community and
prevent similar issues in the future.

Example Disclosure Timeline

1. Day 0: Discovery and Initial Analysis

o Verify the vulnerability and gather all necessary information.
2. Day 1-3: Initial Contact
o Reach out to the vendor's security team via secure communication.
3. Day 4-10: Detailed Report Submission and Initial Response
o Submit the detailed report and receive acknowledgment from the vendor.
4. Day 11-30: Coordination and Patch Development
o Work with the vendor on reproducing the issue and developing a patch.
5. Day 31-60: Testing and Release of the Patch
o Vendor tests the patch and prepares for release.
6. Day 61+: Public Disclosure
o After the patch is released, publicly disclose the vulnerability with the vendor’s
coordination.

Question 03

Q3) Explain the copyright law and define its importance in today’s rapidly growing technological

advancement? (clo1, PLO 8, level 2) (Max Marts: 10)

Copyright Law and Its Importance in Today’s Technological Advancement

Understanding Copyright Law

Definition: Copyright law is a form of intellectual property protection granted to the creators of original
works of authorship, including literary, dramatic, musical, and certain other intellectual works. It gives
the creator exclusive rights to use, distribute, and modify their work, usually for a limited period. These
rights are intended to incentivize creativity and innovation by ensuring creators can benefit
economically from their work.

Key Rights Under Copyright Law:

1. Reproduction Right: The right to make copies of the work.

2. Distribution Right: The right to sell or otherwise distribute copies to the public.
3. Modification Right: The right to create derivative works based on the original.
4. Public Performance Right: The right to perform the work publicly.
5. Public Display Right: The right to display the work publicly.

Duration:

 The duration of copyright protection varies by jurisdiction, but it typically lasts for the life of the
author plus 50 to 70 years after their death. For works made for hire, it usually lasts 95 years
from publication or 120 years from creation, whichever is shorter.

International Framework:

 International copyright protection is facilitated through treaties such as the Berne Convention for
the Protection of Literary and Artistic Works, which requires member countries to provide
certain minimum levels of protection.

Importance of Copyright Law in Today’s Technological Advancement

1. Incentivizing Innovation and Creativity:

o Copyright law encourages creators to produce new works by ensuring they can control
and profit from their creations. This is especially important in the digital age, where the
creation and distribution of content have become easier and more widespread.
2. Economic Benefits:
o Copyright-intensive industries contribute significantly to the economy. By protecting the
economic interests of creators, copyright law supports the financial viability of these
industries, fostering job creation and economic growth.
3. Protection Against Infringement:
o In the digital era, where copying and distributing works can be done effortlessly,
copyright law serves as a crucial deterrent against unauthorized use. It provides legal
recourse for creators whose rights are violated, helping to protect their intellectual
property.
4. Encouraging the Dissemination of Knowledge:
o Copyright law balances the interests of creators and the public by eventually transferring
works into the public domain, where they can be freely used by anyone. This promotes
the dissemination of knowledge and cultural enrichment.
5. Adapting to Technological Changes:
o As technology evolves, so too does copyright law. For example, digital rights
management (DRM) technologies help enforce copyright protections in the digital realm,
 and recent legislative updates address issues like online piracy and the sharing of digital
content.
6. Supporting Digital Transformation:
o Copyright law plays a crucial role in the digital economy, where content creation,
distribution, and consumption are predominantly digital. It provides a framework for
licensing and monetizing digital content, essential for platforms like streaming services,
e-books, and online education.
7. Promoting Fair Use and Access:
o Copyright law includes provisions for fair use (or fair dealing in some jurisdictions),
allowing limited use of copyrighted material without permission for purposes such as
criticism, comment, news reporting, teaching, scholarship, or research. This supports
educational and informational uses, fostering a knowledgeable society.

Challenges and Considerations

1. Digital Piracy:
o The ease of copying and distributing digital content has led to widespread piracy, posing
significant challenges to copyright enforcement. Efforts to combat piracy include legal
actions, technological protections, and public awareness campaigns.
2. Balancing Rights and Access:
o Striking the right balance between protecting creators’ rights and ensuring public access
to knowledge and culture is an ongoing challenge. Overly restrictive copyright laws can
hinder access and innovation, while too lenient laws can discourage creation.
3. Global Enforcement:
o Enforcing copyright law internationally is complex due to varying legal frameworks and
enforcement mechanisms. International cooperation and treaties help standardize
protections, but challenges remain in cross-border enforcement.
4. Evolving Nature of Content:
o The nature of content creation and consumption is continually evolving, with new forms
of media and platforms emerging. Copyright law must adapt to these changes to remain
relevant and effective.

Question 04

Q4) Justify you are developing an algorithm to assist in college admissions. Which takes in to account

various factors such as academic performance. Extracurricular activities and personal

background .however. You notice that the algorithms tends to favor applicants from privileged

backgrounds, leading to a lack of diversity in the admitted students. How would you address this issue of

algorithmic bias and ensure a fair and ethical college admission process? (clo2.plo8.level:c4)
Addressing algorithmic bias in a college admissions algorithm is crucial to ensure fairness and promote
diversity among admitted students. Here’s a structured approach to mitigate bias and uphold ethical
standards in the admissions process:

1. Identify and Understand Bias

 Data Analysis: Conduct a thorough analysis of historical admissions data to identify biases.
Look for patterns where certain demographics (e.g., socioeconomic status, race, gender) are
disproportionately favored or disadvantaged by the algorithm.
 Algorithmic Review: Review the algorithm's design and implementation to understand how
different factors (e.g., academic performance, extracurricular activities, personal background) are
weighted and processed.

2. Collect Diverse and Representative Data

 Diverse Training Data: Ensure the training dataset used to develop the algorithm is diverse and
representative of the applicant pool. Include data points from various socioeconomic
backgrounds, geographic locations, racial and ethnic groups, and gender identities.
 Avoid Biased Variables: Exclude variables that could indirectly encode bias (e.g., zip codes
indicating wealth, race-related proxies) unless absolutely necessary and justified.

3. Mitigate Bias in Algorithm Design

 Algorithm Transparency: Ensure transparency in how the algorithm evaluates applicants.

Clearly define the criteria and weights assigned to each factor so stakeholders understand how
decisions are made.
 Use Multiple Criteria: Expand the criteria beyond academic performance to include holistic
factors like community service, overcoming adversity, and unique personal experiences. This
reduces reliance on metrics that might disproportionately favor privileged applicants.

4. Implement Bias Detection and Correction Mechanisms

 Regular Audits: Conduct regular audits of the algorithm’s outcomes to detect and mitigate
biases. Use statistical methods and fairness metrics to assess disparities among different
demographic groups.
 Bias Correction Techniques: Implement techniques such as re-weighting samples, adjusting
decision thresholds, or using adversarial training to reduce bias in algorithmic outcomes.

5. Human Oversight and Decision-making

 Human Review: Incorporate human oversight in the admissions process to review algorithmic
recommendations. Admissions officers should have the authority to override algorithmic
decisions based on individual circumstances and holistic considerations.
 Ethics Committee: Establish an ethics committee comprising diverse stakeholders (faculty,
students, community representatives) to provide ongoing oversight and ensure adherence to
fairness principles.
6. Continuous Improvement and Accountability

 Feedback Loop: Create mechanisms for collecting feedback from applicants and stakeholders
about the fairness and transparency of the admissions process. Use this feedback to iteratively
improve the algorithm and decision-making framework.
 Accountability Measures: Hold accountable those responsible for developing, maintaining, and
implementing the algorithm. Ensure there are clear channels for reporting and addressing
concerns about bias or discrimination.

7. Education and Awareness

 Training and Awareness: Provide training to admissions staff, faculty, and stakeholders about
algorithmic bias, diversity, equity, and inclusion. Foster a culture that values fairness and
diversity in all aspects of the admissions process.
 Public Engagement: Engage with the public and stakeholders to communicate the steps taken to
address bias and promote transparency in admissions decisions.

Question 05

Q6) Explain the term video conferencing and what the benefit of real-time video conferencing are.

(clo2.plo8.level:c4)( Max Marts: 10)

Video Conferencing: Definition and Benefits

Definition of Video Conferencing:

Video conferencing refers to the technology that enables real-time communication between two or more
participants, located in different physical locations, using video and audio transmission. It allows
individuals or groups to conduct meetings, discussions, and collaborations as if they were in the same
room, despite being geographically dispersed.

Components of Video Conferencing:

 Video: Transmission of live video feeds of participants.

 Audio: Real-time audio communication.
 Data Sharing: Ability to share documents, presentations, and screens.
 Interactive Features: Chat, polls, and virtual whiteboards.

Benefits of Real-Time Video Conferencing:

1. Enhanced Communication and Collaboration:

 o Face-to-Face Interaction: Participants can see each other, which improves non-verbal
communication and fosters better relationships and understanding.
o Real-Time Interaction: Enables immediate feedback and discussion, facilitating more
effective collaboration compared to asynchronous communication methods like email.
2. Cost Savings:
o Reduced Travel Expenses: Organizations save on travel costs for face-to-face meetings,
including airfare, accommodation, and transportation.
o Time Efficiency: Meetings can be conducted quickly without the need for travel time,
enhancing productivity.
3. Increased Flexibility and Accessibility:
o Remote Work: Facilitates remote work arrangements by enabling employees to
participate in meetings from anywhere with internet access.
o Global Reach: Overcomes geographical barriers, allowing organizations to collaborate
globally without time zone constraints.
4. Improved Decision Making:
o Timely Discussions: Enables decision-makers to convene quickly and address issues
promptly, leading to faster decision-making processes.
o Inclusive Participation: Ensures all stakeholders can participate in discussions
regardless of their location, ensuring diverse perspectives are considered.
5. Enhanced Learning and Training:
o Virtual Classrooms: Facilitates remote education by connecting students and teachers in
real-time, enabling interactive lessons and discussions.
o Professional Development: Enables organizations to conduct training sessions and
workshops remotely, reaching employees across different locations.
6. Scalability and Integration:
o Scalable Solutions: Video conferencing platforms can accommodate varying group
sizes, from one-on-one meetings to large webinars and conferences.
o Integration with Other Tools: Often integrates with collaboration tools, CRM systems,
and project management software to enhance productivity and streamline workflows.
7. Environmental Benefits:
o Reduced Carbon Footprint: Decreases greenhouse gas emissions associated with
business travel, contributing to environmental sustainability.

Question 06

Q7) You are part of a team working on developing a smart home IoT system that collects various
data from users' devices to provide personalized experiences and improve system performance.
However, some data collected could potentially be sensitive and raise privacy concerns. How would
you design the system to respect user privacy while still providing valuable services? Develop the
steps it would you take to obtain informed consent from users regarding data collection and usage.
(clo3.plo12.level:5)
Designing a smart home IoT system that respects user privacy while delivering valuable services
involves implementing robust privacy protections and obtaining informed consent from users regarding
data collection and usage. Here are steps to achieve this:

Steps to Respect User Privacy and Obtain Informed Consent

1. Data Minimization and Purpose Limitation

 Define Data Collection Scope: Clearly define what types of data will be collected from users'
devices (e.g., sensor data, usage patterns) and limit collection to only what is necessary for
providing the intended services.
 Specify Purpose of Data Use: Inform users about the specific purposes for which their data will
be used (e.g., personalizing experiences, improving system performance), ensuring transparency.

2. Privacy by Design Principles

 Implement Privacy Controls: Embed privacy features directly into the design and architecture
of the IoT system. This includes data encryption, secure data storage, and access controls to
protect sensitive information from unauthorized access.
 Anonymization and Aggregation: Where possible, anonymize or aggregate data to minimize
the risk of identifying individuals while still deriving insights for system improvement.

3. Transparent Data Practices

 Privacy Policy: Develop a comprehensive privacy policy that clearly explains how data will be
collected, used, stored, and shared. Ensure the policy is easily accessible to users.
 User Notifications: Provide timely and understandable notifications to users about data
collection activities, changes to privacy practices, and any potential risks associated with data
sharing.

4. Obtaining Informed Consent

 Clear Consent Process: Implement a clear and straightforward process for obtaining users'
consent before collecting their data. This process should be separate from other terms and
conditions.
 Plain Language: Use plain language in consent requests and privacy notices to ensure users
understand what data is being collected, why it is being collected, and how it will be used.
 Granular Consent Options: Offer granular consent options whenever possible, allowing users
to choose specific types of data collection and uses they are comfortable with.

5. User Control and Access

 Data Access and Correction: Provide users with mechanisms to access their data, review what
information is being stored, and correct inaccuracies if needed.
 Data Deletion: Offer users the ability to request deletion of their data when they no longer wish
to use the IoT system or services.
6. Security Measures

 Data Security: Implement robust security measures to protect user data from unauthorized
access, breaches, and cyber threats. This includes encryption, secure authentication, and regular
security audits.

7. Education and Support

 User Education: Educate users about their privacy rights, how their data is being protected, and
best practices for securing their devices and data.
 Support Channels: Provide channels for users to contact support for privacy-related inquiries,
concerns, or complaints.

Example Consent Process Outline:

1. Introduction and Context:

o Explain the purpose of the IoT system and how data collection will enhance user
experience.
2. Data Collection Details:
o Specify the types of data that will be collected (e.g., device usage patterns, environmental
sensor data).
3. Purpose of Data Use:
o Describe how collected data will be used (e.g., to personalize recommendations, improve
energy efficiency).
4. Consent Options:
o Present clear options for users to consent to each type of data collection and use
separately.
5. Duration of Consent:
o Specify how long consent will be valid and how users can withdraw consent at any time.
6. Privacy Policy Link:
o Provide a link to the full privacy policy for users to review detailed information.
7. Confirmation and Record Keeping:
o Obtain explicit consent through an affirmative action (e.g., clicking "I agree") and keep
records of consent received.
8. Ongoing Communication:
o Maintain transparency by notifying users of any changes to data practices and offering
opportunities to update consent preferences.