Home
Search
Login
<mosaic.cnfolio.com>
Management and the Technology Professional – B302

Case study answer 1



If I were the lead developer in the team, the MOST compelling reason for me to have NOT developed the rootkit would be that I would know in the first instance that in developing the software, the Company would be breaking the law. In creating this software, I would know that it damages a users computer, without the user having any knowledge of the software doing so. For example, section 3 of the the Computer Misuse Act 1990 clearly states:

(1) A person is guilty of an offence if—
(a) he does any act which causes an unauthorized modification of the contents of any computer; and
(b) at the time when he does the act he has the requisite intent and the requisite knowledge.
(2) For the purposes of subsection (1)(b) above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing—
(a) to impair the operation of any computer;
(b) to prevent or hinder access to any program or data held in any computer; or
(c) to impair the operation of any such program or the reliability of any such data.
(3) The intent need not be directed at—
(a) any particular computer;
(b) any particular program or data or a program or data of any particular kind; or
(c) any particular modification or a modification of any particular kind.
(4) For the purposes of subsection (1)(b) above the requisite knowledge is knowledge that any modification he intends to cause is unauthorized.
(5) It is immaterial for the purposes of this section whether an unauthorised modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary.
(6) For the purposes of the [1971 c. 48.] Criminal Damage Act 1971 a modification of the contents of a computer shall not be regarded as damaging any computer or computer storage medium unless its effect on that computer or computer storage medium impairs its physical condition.
(7) A person guilty of an offence under this section shall be liable—
(a) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both; and
(b) on conviction on indictment, to imprisonment for a term not exceeding five years or to a fine or to both.

However, the decision by the development team at First4Internet to release this software is also extremely unprofessional, in the way that it also put Sony BMG in a difficult position from a public relations point of view, once the functionality of the software was scrutinized and made public. Surely this goes against any Professional Code of Conduct that First4Internet has in place?

From a personal standpoint, I completely understand Sony BMG's intentions, which were to protect their copyrighted material from being distributed illegally. Even though they may not have been aware that the software damaged a users computer once installed, (Sony BMG later filed a lawsuit against Amergence/SunnComm, for whom First4Internet provided the software), Sony were still aware that they were installing this software without the users knowledge and this goes against public perception of a company that cares for its customers – hence breaking the Business Ethics principle.

The consequences are simple – by installing the rootkit, without a users prior knowledge, which then subsequently impaired or damaged the users computer or files, Sony BMG and First4Internet succeeded in lowering public opinion (acceptance?) of Digital Rights Management and in all likelihood increased the level of illegal music downloading and peer-to-peer sharing over the internet.
Page revised 2008-03-01 14:00 • ©2009 University of Portsmouth • This website uses wikkawiki.org software.