INFORMATION TECHNOLOGY EVOLUTION AND ITS ASSCOCIATED THREATS TO ETHICAL STANDARDS IN UNIVERSITY ADMINSITRATION AS A PROFESSIONAL BY DAVID ‘BUKOLA OYEJIDE
Principal Assistant Registrar, College of Medicine Education Unit, College of Medicine, University of Ibadan, Ibadan
Introduction Information Technology (IT) has remained undoubtedly one of the most talked about phenomenon of the last decade. Its revolutionary power that keeps disrupting every sector of the society cannot be exhaustively enumerated. The major testimonial to human evolution in innovation and creativity are directly linked to the development of IT and we cannot but look into the future from the present to experience more disruption in our world with the power of this revolutionary phenomenon. Many professionals have been largely concerned about how information technology is evolving in workplaces and how more machines and software’s are replacing human efforts. A number of professionals believe that there will be more job loss in the next decade as evidence of technology invasions keeps staring them in the face. However, it should be noted that the little we have seen from the evolution of information technology, it changes roles of professionals and not take their jobs. As much as we are excited about the positively beneficial sides of information technology, we cannot but also explore the new challenges and threats posed by this revolutionary technology. For example, there were no phenomenon such as cyber bullying, wire 1
tapping, hacking and phishing before the evolution of information technology and we get to see new challenges every day. Some of these challenges call for new policies, skills set development and regulations. This paper would address historical perspectives to the evolution of information technology, organizational ethical standards and the implications of information technology on these ethical standards in a university administration while giving a strong consideration to professionals as the focal point of the issue addressed. As the fear of death would not stop a man from sleeping every night, the same way we will continue to experience a progressive evolution of information technology despite all the other negative impacts it could bring. “Information technology� refers to automated systems for storing, processing, and distributing information. Typically, this involves the use of computers and communication networks. The amount of information that can be stored or processed in an information system depends on the technology used. The capacity of the technology has increased rapidly over the past decades, in accordance with Moore's law. These developments have fundamentally changed our practices of information provisioning. The rapid changes have increased the need for careful consideration of the desirability of effects. Some even speak of a digital revolution as a technological leap similar to the industrial revolution, or a digital revolution as a revolution in understanding human nature and the world, similar to the revolutions of Copernicus, Darwin and Freud (Floridi 2008). As connectivity increases access to information, it also increases the possibility for agents to act based on the new sources of information. When these sources contain personal information, risks of harm, inequality, discrimination, and loss of autonomy easily emerge. For example, your enemies may have less difficulty finding out where you are, users may be tempted to give up privacy for perceived benefits in online environments, and employers may use online 2
information to avoid hiring certain groups of people. Furthermore, systems rather than users may decide which information is displayed, thus confronting users only with news that matches their profiles. Although the technology operates on a device level, information technology consists of a complex system of socio-technical practices, and its context of use forms the basis for discussing its role in changing possibilities for accessing information, and thereby impacting privacy. Information Technology Evolution There have been several definitions from various schools of thoughts on what information technology should be. Some schools of thoughts and definitions usually focus mainly on computing in their definitions which is not in itself wrong. However, in this paper, I would like to align my historical belief system with that of Haigh (2010) who stated that looking at the two Constituent words, it suggests that “information technology� should include everything from ancient clay tablets through scrolls and books to communication systems of all kinds, newspapers, street signs, libraries, encyclopedias, and any artifact used for educational purposes. And indeed one sometimes sees such expansive definitions in textbooks of library and information science.
The phrase received its first prominent usage in a Harvard Business Review article (Haigh, 2010b; Leavitt & Whisler, 1958) to promote a technocratic vision for the future of business management. Its initial definition was as the conjunction of computers, operations research methods, and simulation techniques. Having failed initially to gain much traction (unlike related terms of a similar vintage such as information systems, information processing, and information science) it was revived in policy and economic circles in the 1970s with a new 3
meaning. Information Technology now described the expected convergence of the computing, media, and telecommunications industries (and their technologies), understood within the broader context of a wave of enthusiasm for the computer revolution, post-industrial society, information society (Webster, 1995), and other fashionable expressions of the belief that new electronic technologies were brining a profound rupture with the past. As it spread broadly during the 1980s, IT increasingly lost its association with communications (and, alas, any vestigial connection to the idea of anybody actually being informed of anything) to become a new and more pretentious way of saying “computer.”
The final step in this process is the recent surge in references to “information and communication technologies” or ICTs, a coinage which makes sense only if one assumes that a technology can inform without communicating. In the history of information technology, as in other areas defined through reference to “information,” definitions are problematic and categories unstable. As Lionel Fairthorne observed more than forty years ago (Fairthorne, 1965, p. 10), the word’s appeal is often as “a linguistic convenience that saves you the trouble of thinking about what you are talking about.” Valiant attempts have been made to create definitions of information (Capurro & Hjorland, 2003) broad enough to bolster the territorial ambitions of information science and coherent enough to be useful, but as an historian I am impressed more by the enduring lack of consensus around its actual meaning. Information, like other concepts such as progress, freedom, or democracy has become ubiquitous because of, not despite, its impressive degree of interpretative flexibility. Information has been seized upon by many different social groups, each of which has produced hybridized notions such as “information science,” “information worker” and “information system.” 4
Definitions of these terms attempt to demarcate boundaries (Gieryn, 1983) for the authority of particular specialist groups, and so are frequently contested and have evolved haphazardly over time. Such phrases are rarely taken to mean what one would expect by looking up their constituent words in a dictionary. We may however not be thorough enough if we explore the evolution of Information Technology to the point when communication came into it, thereby having Information Communication Technology.
The history of ICT started from humble beginnings, which include the abacus invented about 300 years before the birth of Christ, and later led to the development of the Calculator in 1624 by Wilhelm Schickard at the University of Heidelberg. It was the first function calculatorclock in 1971. Intel Corporation released the 1st micro-processor (the Intel 4004). The computers as we know them today was created by IBM and released during 1981. Apple introduced its version, Macintosh during 1984. The World Wide Web (www) was developed by Tim Lee in 1991. The tools of ICT are obvious from the different definitions. In fact, they are all around us. They include: laptop, modem, printer, flash disk, radio, satellite, MP3 player, mobile phone, ipods, ipads, internet and World Wide Web, e.t.c. These tools can be used in Universities to aid day-to-day activities.
Organizational Ethical Standards World over, every organization runs on some preset ethical standards or codes of conducts. This is important to have a common purpose in achieving the objectives of such organizations. No matter the industry that the operation of an organization falls into, ethics are as
5
important as the vision of the organization itself. In this paper, the industry being addressed is the educational industry, specifically the university system.
However, the International Ethics Standard Coalition (IESC, 2016) released a 10 points generalized ethical standard for every industry. These standards must serve as the general standards on which all industries must run in the delivery of their various responsibilities. The standards are: 1. Accountability: practitioners shall take full responsibility for the services they provide; shall recognize and respect clients, third party and stakeholders rights and interests; and shall give due attention to social and environmental considerations throughout. 2. Confidentiality: practitioners shall not disclose any confidential or proprietary information without prior permission, unless such disclosure is required by applicable laws or regulation. 3. Conflicts of Interest: Practitioners shall make any and all disclosures in a timely manner before and during the performance of a service. If, after disclosure, a conflict cannot be removed or mitigated, the practitioner shall withdraw from the matter unless the parties affected mutually agree that the practitioner should properly continue. 4. Financial Responsibility: Practitioners shall be truthful, transparent and trustworthiness in all their financial dealings. 5. Integrity: Practitioners shall act with honesty and fairness and shall base their professional advice on relevant, valid and objective evidence.
6
6. Lawfulness: Practitioners shall observe the legal requirements applicable to their discipline for the jurisdictions in which they practice, together with any applicable international laws. 7. Reflection: practitioners shall regularly reflect on the standards of their disciplines and shall continually evaluate the services they provide to ensure that their practice is consistent with evolving ethical principles and professional standards. 8. Standard of service: practitioners shall only provide services for which they are competent and qualified; shall ensure that any employees or associates assisting in the provision of services have the necessary competence to do so; and shall provide reliable professional leadership for their colleagues or teams. 9. Transparency: Practitioners shall be open and accessible; shall not mislead or attempt to mislead shall not misinform or withhold information as regards products or terms of service; and shall present relevant documentary or other material in plain and intelligible language. 10. Trust: Practitioners shall uphold their responsibility to promote the reputation of their profession and shall recognize that their practice and conducts bears upon the maintenance of public trusts and confidence in the IESC professional organizations and the professions they represent.
Code of Ethical Standard in University Administration Ethical standards are Code of Conduct created for the benefit of the entire University members for maintaining and promoting University's reputation for excellence and integrity. It exists in addition to the specific policies, procedures, rules and regulations enacted by the 7
University. These principles are often derived from federal, state, and local laws and regulations; University policies and procedures, contractual and grant obligations, and generally accepted principles of ethical conduct. Each member of the University is expected to uphold the standards of the University and to report suspected violations of the Code to either his or her Supervisor, Human Resources or Quality assurance Officer. University officers, managers, and supervisors have a special duty to adhere to the principles of the Code, encourage their subordinates to do so and report suspected violations. Reports of suspected violations will be investigated by authorized University personnel. If it is determined that a violation has occurred, the University reserves the right to take corrective and disciplinary action against any person who was involved in the violation or who allowed it to occur or persist due to a failure to exercise reasonable diligence. Disciplinary actions will be determined on a case-by-case basis and in accordance with the applicable disciplinary codes. The following are codes of ethical standards for Universities:
1. Adherence to the Highest Ethical Standards: Every member of the University shall, at all times, conduct his or her activities in accordance with the highest professional and community ethical standards. 2. Respect For And Compliance With The Law: Every member of the University is expected to become familiar with various laws, regulations, and University rules which are applicable to his or her position and duties, and to comply with both their letter and spirit. 3. Support of the University's Goals and Avoidance of Conflicts of Interest: Staff of the University has a duty to avoid conflicts between his or her personal interests and official responsibilities and to comply with University and applicable codes and guidelines for reporting 8
and reviewing actual and potential conflicts of interest and conflicts of commitment. Additionally, a member may not utilize his or her position with the University for his or her personal benefit. Members are also expected to consider and avoid not only an actual conflict but also, the appearance of a conflict of interest. 4. Maintenance of the Highest Standards of Academic Integrity: Every member of the University involved in teaching and research activities is expected to conform to the highest standards of honesty and integrity. Activities such as plagiarism, misrepresentation, and falsification of data are expressly prohibited. All research at the University must be conducted in strict conformity with the applicable University policies, procedures, and approvals and the requirements of all governmental and private research sponsors. 5. Respect for the Rights and Dignity of Others: Members of the University should be committed to a policy of equal treatment, opportunity, and respect in its relations with its faculty, administrators, staff, students, and others who come into contact with the University. Every member of the University is prohibited from discriminating on the basis of race, colour, religion, gender, marital, citizenship status, veteran or military status, age, disability, and any other legally protected status; physically assaulting, emotionally abusing, or harassing anyone; and depriving anyone of rights in his or her physical or intellectual property, under University policy, or under federal, state, and local laws. 6. Maintenance and Preservation of Accurate Records: Members of the University are expected to create and maintain records and documentation which fully conform to all professional and ethical standards. Every member of the University who is involved, directly or indirectly, in the preparation or submission of records is expected to do it with decorum.
9
7. Conducting Business Practices with Honesty and Integrity: Every member of the University is expected to conduct all University business with, vendors, competitors, and the academic community with honesty and integrity. This duty includes, but is not limited to: adherence to rules in dealing with vendors; adherence to all antitrust laws (such as improper sharing of competitive information); and protecting and preserving University property and assets--including proprietary intellectual property, buildings, equipment, and funds.
The Use of IT in University Administration The university system is one of the most complex organizations that would ever exist. It is very important to employ tools that would simplify the complexities of such an organization. For our benefit, we are to consider the use and application of Information Technology in aiding the performance of our job as administrators in the University. To do this effectively, administrators will consider how we can harness these technologies for better planning, setting standards, effecting change and monitoring results of our activities in the following areas:
General administration
Pay Roll and Financial Accounting
Inventory Management
Personal Records Maintenance
Library System
10
Information Technology and its associated threats to Ethical Standards 1. Information Privacy Threats: While we discussed international ethical standards, we noted confidentiality to be one of the ten ethics in a workplace such as the university system. Although technology has a major impact on the gathering, storage, retrieval and dissemination
of
information
its
main
ethical
impact
relates
to
accessibility/inaccessibility and the manipulation of information. It creates the possibility of wider as well as simultaneous access to information. By implication, it becomes easier to access a person's private information by more people. On the other hand, a person can be excluded from necessary information in electronic format by means of a variety of security measures such as passwords. The impact of the use of technology on the privacy of people manifests itself in a variety of areas. These areas include, inter alia the following: ďƒ˜ The electronic monitoring of people in the workplace: This relates to personal information as discussed earlier. This is done by so-called electronic eyes. The justification by companies for the use of such technology is to increase productivity. Stair (2012), however, in the discussion of this practice, clearly points out the ethical problem pertaining to the use of these technologies. According to him peoples' privacy in the workplace are threatened by these devices. It can also lead to a feeling of fear and of all ways being watched - the so-called panopticon phenomenon.
11
ďƒ˜
The interception and reading of E-mail messages: This poses an ethical problem which relates to the private communication of an individual. It is technically possible to intercept E-mail messages, and the reading thereof is normally justified by companies because they firstly see the technology infrastructure (E-mail) as a resource belonging to the company and not the individual, and secondly messages are intercepted to check on people to see whether they use the facility for private reasons or to do their job.
2. Data Banking Threats: The merging of databases which contains personal information. This is also known as data banking (Frocht & Thomas, 2014). By this is meant the integration of personal information from a variety of databases into one central database. The problem here does not in the first place arise from the integration of the information as such. The main problems include the fact that the individual is not aware of personal information being integrated into a central database, that the individual does not know the purpose/s for which the integration is effected, or by whom or for whose benefit the new database is constructed and whether the information is accurate. In order to counter these problems relating to privacy and the merging of databases, he American Congress passed the Computer Matching and Privacy Protection Act in the 1980s (Benjamin, 1991). 3. Cyber security Threats: According to Universities UK (2013), Universities face a variety of cyber security threats. These include disruption to the functioning of a university network, through to more general and targeted attempts to obtain valuable information from networks and their users. The importance of developing effective approaches to this challenge for universities is commensurate with the importance of 12
digital data to their work. Digital information is at the core of almost all of a university’s activities and the safety and security of this information is important for a number of reasons: Universities produce data as a core intellectual asset that needs to be stored, accessed and used appropriately to fully realize its academic or commercial value. This might include data produced for commercial contractors or which has commercial potential, through to politically sensitive data, such as economic or climate modeling. Universities rely on access to sensitive data from third party organizations, such as patient identifiable data or other clinical data that is provided from medical institutions. Universities may also rely on access to data provided by businesses or other bodies that is considered commercially, operationally or personally sensitive. Universities collect data associated with their enterprise, such as information about students, staff or finances. Data might be considered sensitive by the law, the providers of data or where it informs decision making, such as marketing and recruitment data or, potentially, analytics from virtual learning environments.
As the importance of digital information has grown so has the need to ensure that data is protected from potential corruption, destruction or theft. However, security in all organisations is a trade-off between the likelihood and potential impact of threats and the various costs that are incurred to defend against them. Furthermore, in the case of large, complex organisations like universities, different types of activity may involve different types of risks, management priorities, and associated security measures. The cyber threats facing universities are varied. There are a variety of general threats to a network and its infrastructure, such as through 13
distributed denial of service attacks that may directly or indirectly target an institution’s network. General criminal and fraudulent threats target users in order to obtain personal data for identity fraud. There are also increasingly targeted attempts to obtain potentially sensitive data from organisations. This may include personal data of students or staff held by the institution or certain types of information, such as research, for commercial or political means.
There are two types of cyber threats;
Advanced
state
and
corporate ‘Hacktivist’ and criminal threat
threats 1. Theft of sensitive corporate data
for
1. Disruption of infrastructure – e.g
competitive
advantage
overloading of websites 2. Theft of sensitive personal data for
2. Theft or damage to valuable
fraud or political purposes.
research and data. Source: Universities UK report (2013) The primary risk from the different types of cyber threat is to the business continuity of the institution; that is to say, theft of information or damage to networks may have immediate impacts that prevent the university and its community from going about their work. Institutions or researchers may lose access to essential data or that data may become corrupted. However, information may also be stolen, including without the owner’s knowledge, with eventual costs not realized until later. Recommendation 1. University Management through the ITEMs and MIS to secure data access. 14
2. Software Firewalls can be used to protect networks and ICT systems from unauthorized access. 3. University Administrators need security skills and be prepared to think secure. 4. Safeguards when deleting a file depending on the size it is saved to the recycling bin before it is fully deleted to make sure there is a copy incase it was accidently. 5. Antivirus Software is used to protect ICT System from threats, like viruses, Trojan, spyware. Provides “state-of-the-art” antivirus software to users of its network and also will scan new students’ computers to make sure security software is up to date 6. For the Administrator to be relevant in the University System, training and re-training are therefore inevitable. The University Administrator should key into these developments. 7. Cyber security should be top-of-mind for officials—and what kinds of protections can be 8.
put in place. Hiring and retaining qualified staff, and updating the knowledge and skills of existing technology staff
9. Universities can deploy against cyber-attacks through constant changing of passwords, building ultra secure research facilities that keep the most sensitive computer systems safe from the open range of the Internet. 10. Set policies that control access to computer networks and safeguard the flow of information. For instance, mandate that student records are always encrypted, limit which employees can access information, and bar sensitive from being downloaded to less secure devices like thumb drives. 11. Prohibiting staff from using popular services like Dropbox to transfer student records and other sensitive information.
15
12. Multifactor authentication: More sensitive parts of an institution’s network should require multifactor authentication. A user might have to enter a password, answer a separate question, and verify fingerprints or pass a retinal scan. Users also could be required to have a “token,” such as a USB key or card with a magnetic strip 13. Whereas information technology is typically seen as the cause of privacy problems, there are also several ways in which information technology can help to solve these problems. There are rules, guidelines or best practices that can be used for designing privacypreserving
systems.
Such
possibilities
range
from
ethically-informed
design
methodologies to using encryption to protect personal information from unauthorized use.
References Benjamin, L.M. (1991). Privacy, computers and personal information: Towards equality and equity in an information age. Communications and the Law, 13 (2): 316.
Ethics Standard Coalition (IESC, 2016)
16
Fairthorne, R. A. (1965). 'Use' and 'Mention' in the Information Sciences. In L. B. Heleprin, B. E. Focht, K.T. & Thomas, D.S. (2004). Information compilation and disbursement: moral, legal and ethical considerations. Information Management and Computer Security, 2 (2): 2328. Leavitt, H. J., & Whisler, T. L. (1958). Management in the 1980s. Harvard Business Review, 36(6), 41-48. Markuson & F. L. Goodman (Eds.), Proceedings of the Symposium on Education for Information Science (pp. 9-12). Washington: Spartan Books. Stair, R.M. (2012). Principles of Information Systems. A Managerial Approach. Boston: Boyd & Fraser.
Universities UK (2013)
17