Home
Search
Login
<mosaic.cnfolio.com>
Management and the Technology Professional – B302

Case study answer 1



As the lead developer of the rootkit software the most compelling reason for not developing the software lies with my understanding of what a rootkit actually is and that fact that it has the potential to be exploited in an extremely destructive way by Virus and Malware coders. I know that the application would be distributed on CD's used, and trusted, by Song BMG Music Entertainment customers, thereby subjecting those individuals to a security threat that they would not expect due to the backing of such a large and well know company.

I would have had an ethical responsibility to ensure that the public were protected from this threat, as laid down by the British Computer Society Codes of Conduct and Association for Computing Machinery Code of Ethics. Not only would I have had the responsibilities of these codes of conduct, but these codes also pertain to my duty to ensure that all legislative proceedings are followed. This rootkit by definition is a method of attack as it performs actions on an individual’s computer against their will.

Beyond the most compelling reason are the legal implications of this software. In the United Kingdom, section 3 of the Computer Misuse Act states "A person is guilty of an offence if— (a) he does any act which causes an unauthorised modification of the contents of any computer". Whilst the user is aware of the installation of the XCP2 software, they are certainly unaware of the 'cloaking' software that is installed as well to mask the existence of the XCP2 software. It is likely that Sony will say that in accepting the EULA of XCP2 software you are agreeing to install all the necessary files to allow this software to run. The UK Data Protection act also protects against the collection and transmission of unauthorised data about an individual. The XCP2 application is claimed to perform a small amount of data collection that is send on. This is in explicit contradiction to the EULA.

From an ethical standpoint, those who have the ability to do something have the responsibility to do something. In this situation, as the lead developer, the most compelling reason not to develop the rootkit lies with my inherit understanding of what it is I am being asked to do and the knowledge that my actions could lead the infection of peoples computers, and whilst I may be protected legally, ethically I will be breaking several codes of conduct and breaching my duty to the general public. The initial decision to implement a form of DRM (Digital Rights Management) was just, however the consequence of the way Sony went about doing this will have ultimately lead to distrust by customers and perhaps a desire to illegally download the music instead.
Page revised 2008-03-01 12:56 • ©2009 University of Portsmouth • This website uses wikkawiki.org software.