Consequences of uses of computing

PAPER 2 - ⇑ Paper 2 ⇑

Consequences of uses of computing Legal and ethical issues →

Moral and ethical issues

Ethical issues - factors that define the set of moral values by which society functions.

An ethical issue is one that concerns our own individual behaviour and our own personal concept of right and wrong. We learn our moral values from other people such as our parents, teachers and peers, and we learn them for ourselves from experience. Ethics vary slightly from morals in that they are a way of trying to define a set of moral values or principles that people within society live by. Ethical issues are sometimes referred to therefore as social issues.


Topics that aren't examined but you might be interested in:

The use and misuse of personal data


Data misuse- the inappropriate use of data as defined when the data was initially collected.

Most organisations collect data on an ongoing basis and much of this data is personal. At a basic level this might be name and address information, but may also include data about individuals' finances, health, relationship status, family, employment history and even their personal views.

This presents a number of issues:

  • personal privacy
  • data security
  • misuse of data
  • 'big brother'
  • online profile
  • profiling.
prevent data and information misuse-
  • Block Out-of-Policy User Activity- More often than not, your users have the keys to the kingdom. They can access vital files, data, and systems in order to perform their day-to-day tasks
  • Improve Cybersecurity- 64% of all insider threat incidents are caused by negligent users*, not users with malicious intent
Personal data - data which can be related to an identifiable living person.

Other moral and social issues


There are a number of other moral and ethical issues relating to Computer Science:

  • unauthorised access
  • unauthorised use of software
  • inappropriate behaviour
  • inappropriate content
  • freedom of speech
  • unemployment
  • access to the Internet.
Unauthorised access - where computer systems or data are used by people who are not the intended users.


Topics that aren't much examined but you might be interested in:

As is clear from the topics discussed above, ethical and moral issues become a matter of debate. When you are using your own computer at home, you make your own moral decisions about these issues. When you are using a computer in a school, college or any other organisation, you normally have to agree to a code of conduct.

Moral issues - factors that define how an individual acts and behaves.

Code of conduct - a voluntary set of rules that define the way in which individuals and organisations will behave.

The main principles of the British Computer Society (BCS) code of conduct are that members should:

  • always operate in the public interest
  • have a duty to the organisation that they work for, or the college they attend
  • have a duty to the profession
  • maintain professional competence and integrity.
Legal issues - factors that have been made into laws by the Government.

Legal issues relate to those issues where a law has been passed by the Government. There are very few Acts of Parliament that are specific to the world of computing. The two main ones are the Data Protection Act and the Computer Misuse Act.

In addition, the Freedom of Information Act, the Regulation of Investigatory Powers Act and the Copyright, Designs and Patents Act are of particular relevance to computing.

Also, using a computer does not exempt you from all the other laws of the Kingdom. For example, someone who carries out an act of fraud on the Internet can be prosecuted under the Fraud Act. Someone who steals computer data can be prosecuted under the Theft Act. Someone who makes false allegations about someone else in an email can be prosecuted for libel under the Defamation Act.

The freedom of information act - The Freedom of Information Act (FOIA) generally provides that any person has the right to request access to federal agency records or information except to the extent the records are protected from disclosure by any of nine exemptions contained in the law or by one of three special law enforcement record exclusions.

Data Protection Act




The Data Protection Act places controls on organisations and individuals that store personal data electronically. The Act's definition of "personal data" covers any data that can be used to identify a living individual.

The DPA determines what organisations can do with personal data that they have collected.

The DPA also defines the rights of the individual over the data that is stored about them.

In 2018, the DPA was strengthened by the introduction of a new act called General Data Protection Regulation (GDPR).

There are eight main principles behind the Data Protection Act. Anyone processing personal data must comply with the eight enforceable principles of good practice. They say that data must be:

  • fairly and lawfully processed
  • only used for the stated purpose
  • adequate, relevant and not excessive for the specified use
  • accurate and kept up-to-date
  • not kept longer than necessary
  • processed in accordance with the data subject's rights
  • kept safe and secure
  • not transferred to countries without adequate data protection

Another feature of the Act is that data subjects have the right to know what data are stored about them by any particular individual or organisation. These are known as subject access rights.

Freedom of Information Act




The Act implements what was a manifesto commitment of the Labour Party in the 1997 general election. Before its introduction, there had been no right of access to government by the general public, merely a limited voluntary framework for sharing information.

The Act went through Royal Assent in 2000 and came fully into force in 2001. It is important to note due to devolution, Scotland has its own version of the Act named the Freedom of Information (Scotland) Act, which was passed in 2002 and was full enforced at 2005.



The Freedom of Information Act extends the subject access rights of the Data Protection Act and gives general rights of access to information held by public authorities such as hospitals, doctors, dentists, the police, schools and colleges.

The Act gives individuals access to both personal and non-personal data held by public authorities. The idea behind the Act was to provide more openness between the public and government agencies. Therefore, to respond to individual requests for information. Much of this is done through websites and email communications.

Computer Misuse Act




The Computer Misuse Act 1990 is an Act of the Parliament of the United Kingdom, introduced partly in response to the decision in R v Gold & Schifreen case of 1988. Critics of the bill complained that it was introduced hastily and was poorly thought out. Intention, they said, was often difficult to prove, and that the bill inadequately differentiated "joyriding" hackers like Gold and Schifreen from serious computer criminals.

The Act has nonetheless become a model from which several other countries, including Canada and the Republic of Ireland, have drawn inspiration when subsequently drafting their own information security laws, as it is seen "as a robust and flexible piece of legislation in terms of dealing with cyber crime”. Several amendments have been passed to keep the Act up to date.


Data misuse - using data for purposes other than for which it was collected.

The Computer Misuse Act was introduced primarily to prevent hacking (data misuse) and contains three specific offences relating to computer usage:

  • unauthorised access to computer programs or data
  • unauthorised access with further criminal intent - For example, this makes creating, obtaining or deploying malware a criminal offence.
  • unauthorised modification of computer material.

The Act was introduced before the widespread use of the Internet, which has led to problems with enforcement. Prior to the Internet, hacking did take place, but not on the scale that it does today. There are now millions of computers and networks connected to the Internet and the opportunities for hackers have increased enormously.

Regulation of Investigatory Powers (RIP) Act




The Regulation of Investigatory Powers (RIP) Bill was introduced in the House of Commons on 9 February 2000 and completed its Parliamentary passage on 26 July. A number of offences have been prosecuted involving the abuse of investigatory powers. Widely reported cases include the Stanford/Liddell case, the Goodman/Mulcaire Royal voicemail interception, and Operation Barbatus.

The Act has numerous critics, many of whom regard the RIP as excessive and a threat to civil liberties in the UK. Campaign group Big Brother Watch published a report in 2010 investigating the improper use of RIP by local councils. Some even argue that the Act contravens the Human Rights Act, the European Charter on Fundamental Rights (which was introduced by the Lisbon Treaty) and the European Convention on Human Rights.



The RIP Act was introduced to clarify the powers that government agencies have when investigating crime or suspected crime. It is not specific to the world of computing but was introduced partly to take account of changes in communication technology and the widespread use of the Internet.

There are five main parts of the Act. The most relevant to computing are Part 1 which related to the interception of communications, including electronic data, and Part 3 which covers the investigation of electronic data protected by encryption. In simple terms, it gives the police and other law enforcement agencies the right to intercept communications where there is suspicion of criminal activity. They also have the right to decipher these data if they are encrypted, even if this means that the user must tell the police how to decrypt the data.

It also allows employers to monitor the computer activity of their employees; for example, by monitoring their email traffic or tracking which websites they visit during the work time. This raises a number of issues relating to civil liberties.

Copyright, Designs and Patents Act




The Copyright, Designs and Patents Act 1988 (c 48), also known as the CDPA, is an Act of the Parliament of the United Kingdom that received Royal Assent on 15 November 1988. The Act was passed following a number of cases, such as:

The Copyright, Designs and Patents Act 1988 (c 48), also known as the CDPA, is an Act of the Parliament of the United Kingdom that received Royal Assent on 15 November 1988. The Act was passed following a number of cases, such as:

  • A&M Records v Video Collection International [1995]
  • Gramophone Company v Stephen Cawardine [1934]
  • Godfrey v Lees [1995]
  • Levy v Rutley [1871]
  • Stuart v Barret [1994]
  • University of London Press v University Tutorial Press [1916]

The Act creates a specific regime of moral rights for the first time in the United Kingdom: previously, an author's moral right had to be enforced through other torts, e.g. defamation, passing off, malicious falsehood.

The Act was also passed to implement European Union directives into UK law.



The Act gives rights to the creators of certain kinds of material, allowing them control over the way in which the material is used. The law covers the copying, adapting and renting of materials.

The law covers all types of material but of particular relevance to computing are:

  • original works including instruction manuals, computer programs and some types of databases
  • web content
  • original musical works
  • sound recordings
  • films and videos.
Copyright - the legal ownership that application software, music, films and other content.

Copyright applies to all works regardless of format. Consequently, work produced on the Internet is covered by copyright. It is illegal to produce pirate copies of software or more versions on a network than have been paid for. It is an offence to adapt existing versions of software without permission. It is also an offence to download music or films without the permission of the copyright holder.

It is possible to request permission from the copyright owner to use their material, by writing to them and telling them what you intend to use their work for. However, the copyright owner does not have to grant permission. Furthermore, if they do grant permission, they may request a fee.

In computing, two techniques are used to protect copyright:

  • Digital Rights Management (DRM)
  • licensing.


  • Patents are legal protections over inventions. They cover ideas and concepts rather than intellectual property.
  • Patents can apply to both hardware and software and must be registered.

One of the ongoing criticisms of the CDPA 1988 in the recent years has been the need for modernisation. Since the act was introduced before popularisation of the internet it can be argued that it does not adequately cover online intellectual property.

The Internet makes file sharing very easy, especially using peer-to-peer services.

Digital representation of text, images, audio and video allow for perfect copies to be made.

There is uncertainty over whether or not website hosts are responsible for the illegal content uploaded by their users.

Creative commons licensing


Creative commons licensing (CC) is a common licensing framework. The six main CC licenses are comprised of various combinations of its four conditions:

  1. Attribution (BY): The work can be copied, modified, distributed, displayed, and performed, as long as the content creator/copyright owner is credited.
  2. Non-commercial (NC): The work can be copied, modified, distributed, displayed, and performed, but no profit can be made from it.
  3. No derivative works (ND): The work can be copied, distributed, displayed, and performed, but cannot be modified.
  4. Share-alike (SA): The work can be modified and distributed, but derivative works must be covered by an identical licence to the original.

Other acts


Other acts that are particularly relevant to computing are:

Act Purpose
The Official Secrets Act prevents the disclosure of government data relating to national security
The Defamation Act prevents people from making untrue statements about others which will lead to their reputation being damaged (also known as libel)
The Obscene Publications Act and the Protection of Children Act prevent people from disseminating pornographic or violent images
The Health and Safety (Display Screen Equipment) Regulations provides regulation on the correct use of screens and is a specific addition to the Health and Safety at Work Act, which contains more general regulations on keeping employees safe
The Equality Act makes it illegal to discriminate against anyone on the groups of sex, sexual orientation, ethnicity, religion, disability or age
The Digital Economy Act addresses media policy issues around digital media, especially copyright and use of domain names

Cultural issues


Cultural issues - factors that have an impact on the ways in which we function as a society.

Cultural issues are all factors that influence the beliefs, attitudes and actions of people within society. Common cultural influences are family, the media, politics, economics and religion. These are cultural differences between different groups of people. For example, people from difference countries often have a different culture.

There are elements of computer use that have a cultural impact in that they can change our attitudes, beliefs and actions:

  • over-use of data
  • invasive technologies
  • over-reliance on computers
  • over-reliance on technology companies
  • 'big brother' culture
  • globalisation.


  • We are living through a technological revolution and as computer scientists we must consider the consequences of computing on individuals and society as a whole
  • Computing can bring about massive benefits but can also have a negative effect on individuals and society
  • There are a number of laws relating specifically to computing and other common laws also apply to actions that are undertaken on a computer
  • The Internet and World Wide Web have had a massive influence on our culture and will continue to do so
Exam Questions

The clients under investigation are alleged to have downloaded music files from a file-sharing site.

The ISP wishes the firm of solicitors to investigate whether any laws have been broken.

State the full name of the law which might have been broken by the clients downloading music files.


One of the following laws:

  • Copyright, Designs and Patents Act
  • Digital Economy Act

The firm of solicitors discovers during their investigation that the same clients have been downloading personal data relating to other clients of the ISP without authorisation.

State the full name of the law that may have been broken by the ISP and state the full name of the law that may have been broken by the clients..


The Data Protection Act and the Computer Misuse Act

You have been asked to design and set up a computer work area for the employees of a library.

State the legislation that is concerned with how the work area should be physically set out and state two ways that this legislation will affect the design.



  • Health and Safety (Regulations)
  • Display Screen Equipment Regulations


  • Monitors should be movable/adjustable to alter height/ reduce glare / minimise flicker;
  • A top of screen at eye level;
  • Chairs should be movable/adjustable;
  • Position of mouse/keyboard assessed // keyboard should be separate from screen;
  • Consideration of lighting;
  • Space under desk for legs;
  • Supply a foot-rest / wrist-supports;
  • A feet should be touching flat surface;
  • Set up software to use readable fonts // select colours that are easy on the eye;
  • Cables should not be left loose;
  • Sufficient work-space around computer.

Application software has already been installed onto computers in another room.

State the full name of the law that may be broken by installing the same software onto the new computers.


Copyright, Designs and Patents (Act)

What information should you find out before installing this software to ensure that you will comply with the law identified in the question above.


Any of the following:

  • Number of licenses the library has;
  • If the software needs a license;
  • Type of license the library has;
  • Library has a site-wide license;
  • Check that software can (legally) be used on more than one machine.

As soon as an employee logs onto one of the computers they have to agree to the Code of Conduct relating to their use of the computer system.

What is a Code of Conduct?



  • Contract/rules/regulations that an employee must follow;
  • A member of an organisation is bound by;
  • Contents of a code (may) not be legal requirement;
  • Breaking rules could result in disciplinary action/possibility of losing job.

A company that develops computer software has just taken on a new employee.

The actions of the employee and company are covered by several laws.

Name the law that would be most relevant in each of the following cases:

a) The employee brings into work a copy of a computer game that he has purchased and already installed on his home computer. He installs it on his work computer.

b) The employee gains access to company confidential data by correctly guessing a manager's username and password.

c) The company issues the employee with a voucher once a year for a free eye test.


a) Copyright, Designs and Patents (Act)

b) Computer Misuse (Act)

c) Health and Safety at Work (Act)

The company makes the employee sign a Code of Conduct before he is allowed to start work.

Why does the company have a Code of Conduct rather than just expecting employees to obey the law?


Any of the following:

  • To set out points of good practice for employees//set out rules that are not legal requirements;
  • To ensure employees are aware of legal requirements//as employees may not know what the law is;
  • To relate legal requirements to the work that the employee does;
  • To make clear consequences of breaking the rules.

Imagine that you are a computer programmer in a company that stores personal data. The company must comply with the Data Protection Act.

What is personal data?


Data that relate to a living person//individual who can be identified from that data

You are writing a new program to handle personal data.

State one principle of the Data Protection Act that could be met by the careful design of your program.

Name one feature that you could include in your program and describe how it would help the company comply with the principle stated.


Principle Appropriate Feature
Data must be accurate and up to date Any of the following:
  • Validation/examples of a validation method
  • Verification/example of a verification method
  • Store date when data last updated
  • Alert user when data is older than specified age.
Data must not be kept for longer than is necessary Any of the following:
  • Records deleted automatically after no contact with customer for fixed period
  • Option to delete data
Data must be kept securely // Prevent unauthorised access/disclosure of data Any of the following:
  • Password/card/bio-metric to logon
  • Encryption
  • Backup
  • Different types of user/users have different rights
  • Automatic logoff if left unattended
  • Other appropriate security method
Data must only be processed for registered/lawful purpose Any of the following:
  • Input of data subject preference with regard to use of/transfer of data;
  • Restrictions on exporting data from package;
Data must not be transferred to other countries without adequate protection. Any of the following:
  • Restrictions on exporting data from package
Data must be processed in line with the rights of data subjects Any of the following:
  • Option to flag customer as not accepting direct marketing
  • Option to edit or delete data
  • Option to print copy of all data for customer to see

One principle of the Data Protection Act refers to ‘internal data security’. It states that, ‘Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.’

Imagine you are working for an organisation that uses personal data. Describe three measures you would propose that will contribute to the organisation complying with the above principle of the Data Protection Act.


Any of the following:

  • password-protect files/database;
  • force regular changes of passwords;
  • force strong passwords; or including an example
  • firewall to guard against hackers;
  • run anti-spyware software;
  • backup regularly;
  • keep backups securely stored away from computer system;
  • ensure data can be restored from backups;
  • only allow authorised software to be used on the system;
  • staff training to make them data-aware;
  • appropriate operational procedures;
  • (set up work groups and) give access rights relevant to (groups’) needs;
  • Do not allow unencrypted data to be stored (on portable media)//encrypt data;
  • run anti-virus software.

Government agencies sometimes require that they are given copies of encryption keys. This allows these agencies to decrypt messages encrypted with these keys.

State one reason for and one reason against a government having the ability to decrypt any encrypted messages.


Argument for Argument against
Any of the following:
  • Detection of illegal activities
  • Monitoring of other states / countries
  • Protection of national interests

Any of the following:

  • Invasion of privacy
  • Commercial secrecy

A group of developers are creating a new social networking site for science students that will allow users worldwide to discuss current topics and post messages to each other. The site will be available over the Internet.

Discuss the ethical, legal and cultural issues that the developers will face when setting up and running the service.


Underlying issues Ethical issues Legal issues Cultural issues

Any of the following:

  • protecting the safety of students using a social networking site
  • company has a responsibility to decide how the collected data may be used

Any of the following:

  • what rules should the company develop about the acceptable use of its service?
  • need to have transparent policies to gain trust of users and parents
  • need to consider what harmful purposes users might use the service for
  • need to consider what security measures the developers should use for the service
  • need to consider what data should be collected about each student during registration
  • should the company monitor the messages being posted by students?
  • should the company develop a system for alerting somebody / blocking users if inappropriate material is posted?
  • should the company use the data to target adverts // sell the user data on to marketing companies?
  • what steps should the company take to ensure that the system is not hacked // data lost / damaged?
  • how to deal with copyrighted material that a student might post as part of a discussion

Any of the following:

  • need to comply with legislation
  • worldwide service so need to consider different legal systems
  • where to base the service may be influenced by laws in that country
  • may be conflicts between how users expect company to deal
  • with data / monitor student messages and legal requirements
  • data protection legislation will (probably) apply
  • copyright legislation may be breached if copyright material uploaded / attached to a message

Any of the following:

  • discussion of science topics that go against a culture’s beliefs
  • risk of pushing developer’s values on to other cultures