=Workplace Monitoring=
The increasing prevalence of monitoring technologies in the workplace poses many ethical concerns. Existing technologies, like sniffers, can provide monitoring of employee actions on workstations and traffic on workplace networks such as email and instant messaging. Employers may also legally monitor phone conversions to a limited extent. While businesses are attempting to make sure their employees do a good job, excessive monitoring may cause harm to employees. Monitoring could be abused if personal information discovered while monitoring employees is used to discriminate against them.

'''Analyze the ethical implications of employers' use of workplace monitoring. Examine a couple new or emerging methods of workplace monitoring technology in detail.'''

==Resources==
===Relevant Class Website Links:===
* [http://ethics.csc.ncsu.edu/social/workplace/monitoring/ http://ethics.csc.ncsu.edu/social/workplace/monitoring/]
* [http://ethics.csc.ncsu.edu/privacy/e-mail/ http://ethics.csc.ncsu.edu/privacy/e-mail/]

==Relevant Outside Website Links:==

==Ethical implications==
More people are using computers , email, and the internet as part of there daily work activity. These tools can be used to increase the amount of work getting done, but they also make it very easy for an employer to track and record every thing you do online or read all the emails you send.

This raises an ethical question of rather this is a invasion of privacy and wrong?

===Arguments for work place monitoring===

*Activity's being done one company equipment.
*Ensure that sensitive information is not posted online.
*Employers have the right to track how employees are using company time and monitoring can increase productivity

===Arguments against work place monitoring===

*Many feel that emails and web surfing are private activities
*Monitoring will create more stress and friction between employees and employers
*That during lunch and other breaks they should be able to use internet and email for private use

A employee should be aware that technology makes it easy to track what web sites they visits, emails are saved and easy to read, and that the companys policy about work place monitoring should be known.

==Methods of workplace monitoring==

The methods used by employers to monitor employees basically fall into two categories, computer surveillance and physical surveillance.

===Computer Surveillance===
Computer surveillance is one of the most popular forms of workplace surveillance due to the prevalence of computers and internet use in business. It utilizes monitoring software to keep track of employees' computer activities. Computer surveillance methods can be divided into two groups: internet surveillance and desktop surveillance.

'''Internet Surveillance'''
Internet surveillance involves monitoring employees' internet activities by watching, and possibly filtering, traffic that is transmitted over the company network. This can be achieved by custom hardware appliances, such as firewalls, monitoring software, or packet sniffing.

'''Desktop Surveillance'''
Desktop surveillance consists of directly monitoring activities on an individual's computer by way of monitoring software that is installed on it. This surveillance potentially allows direct monitoring of the screen, logging of keystrokes, logging of idle time, and logging of browsing habits.

===Physical Surveillance===

http://computer.howstuffworks.com/workplace-surveillance2.htm

CSC 379:Week 4, Group 2

2007-07-28T17:11:22Z

Naprinci: /* Computer Surveillance */

CSC 379:Week 4, Group 2

2007-07-28T15:48:28Z

Naprinci: /* Methods of workplace monitoring */

CSC 379:Week 2, Group 1

2007-07-14T21:30:20Z

Naprinci: /* Ethical considerations of international usage */

=Creative Commons=

==Overview==

===Provisions of Creative Commons License===

Based upon copyright protections, the various forms of the creative commons licenses allow the creator of a work to declare "some rights reserved" instead of the usual "all rights reserved" associated with plain copyright. This allows the creator of the original work to grant certain permissions to those who wish to use the original work without the prospective user having to explicitly ask for permission.

There are 4 conditions that make up the different Creative Commons licenses:
;Attribution: All Creative Commons licenses require attribution as specified by the original work's creator when the work is used, distributed, or modified whether in its original form or as a derivative work.
;Noncommercial: The original work may only be used, distributed, or modified only for noncommercial purposes whether the work is in its original form or as a derivative work.
;No derivative works: The original work may be used or distributed, but may not be used in any form of derivative work.
;Share alike: Derivative works based upon the original work may only be distributed under an identical license to the original work.

These conditions are combined in various forms to make the six main Creative Commons licenses:
# Attribution (by)
# Attribution Non-commerical (by-nc)
# Attribution Non-commercial Share Alike (by-nc-sa)
# Attribution Non-commercial No Derivatives (by-nc-nd)
# Attribution No Derivatives (by-nd)
# Attribution Share Alike (by-sa)

'''Links'''
*[http://creativecommons.org/ Creative Commons]
*[http://creativecommons.org/about/licenses/meet-the-licenses Creative Commons Licenses]
*[http://wiki.creativecommons.org/FAQ Creative Commons FAQ]

===Comparison to other common licenses===

{| border="1" cellspacing="0" cellpadding="2"
! License
! Advantages
! Disadvantages
! Ethical Considerations
|-valign="top"
|Creative Commons
|
*Creator of work can grant specific permissions for re-use of work
*Rights and conditions of others to use work are more clearly laid out
*Based on copyright
|
*Must be careful to choose appropriate license to retain the desired amount of control over the work
*Must specifically designate work as licensed under Creative Commons
*Users of Creative Commons-licensed works must be careful when combining works with different licenses
|
*There is a disclaimer of warranty that the individual granting the license has the right to do so
*Certain provisions of the license change between countries
|-valign="top"
|Copyright
|
*Automatically granted to created works, even without notice
*Reserves all rights for the creator
|
*Can cause confusion, since it applies without notice of copyright
*Those wishing to reuse copyrighted works must seek explicit permission
|
*Easy to violate copyright unintentionally, since notification of copyright is not required
|-valign="top"
|GPL
|
*Requires any modified and released versions to have source code available, and to stay under the GPL
*Maintains free software environment
*Based on copyright
|
*Incompatible with closed-source (commercial) development
*Once something is under the GPL, it essentially must stay under GPL
|
*"Locked-in" to GPL
*Forces ideology behind GPL on users of GPL'd content
|-valign="top"
|Lesser GPL (LGPL)
|
*Allows non-GPL software to link with LGPL'd libraries
*Less restrictive than GPL
*Based on copyright
|
*Largely discouraged by GPL proponents
|
*Allows free software to be used in proprietary projects
|-valign="top"
|BSD-style Licenses
|
*Non-copyleft - modified versions aren't required to be free, more flexible
*Allows modified versions to be released under alternate licenses
*Based on copyright
|
*Modified versions can become incorporated into proprietary projects
*Original BSD license had an annoying "advertisement" clause
|
*Free code can be made proprietary
|-valign="top"
|Public Domain
|
*Work is released from copyright
*Work can be used by anyone else without restriction
|
*Any rights by the creator are forfeited
|
*Creator retains no rights to work
|}

==Discussion Questions==

===Adoption of license===
; The Question : ''Should groups like media outlets who desire their content to be shared adopt licenses like creative commons to clarify and guarantee the protections they want to extend to the public?''

'''nap''': I think there should be an emphasis on how CC licenses clarify what people can do with pages, and that CC licensing must be indicated, whereas copyright requires no notification

Yes the groups should adopt it blah blah blah.

Some more stuff.

Blah blah blah.

'''Links''' (if applicable)
* [http://google.com google]

===Ethical considerations / Obstacles to adoption===
; The Question : ''What ethical advantages and disadvantages are there for adopting Creative Commons licenses? What obstacles exist towards the adoption of Creative Commons licenses within the business community?''

'''nap''': All CC licenses will still allow at the most restrictive verbatim copying with attribution and non-commercial purposes, which is more than just copyright, so there might be resistance to this.

===Ethical considerations of international usage===
; The Question : ''Copyright law differs between countries. Creative Commons has licenses that can be adapted to be compatible with the laws of many nations. What ethical considerations are there to a system of international copyright laws and/or agreements? Are licenses like Creative Commons viable alternatives to international agreements?''

'''nap''': I think that CC is adapted for international use, but there are specific notes about this in the FAQ, I think. Maybe international agreements provide a basis for CC, since it is based in copyright? I'm not sure about this one...

2007-07-14T21:03:39Z

Naprinci: /* Comparison to other common licenses */

CSC 379:Week 2, Group 1

2007-07-14T21:03:24Z

2007-07-07T14:51:14Z

Naprinci: /* The "Goodmail" approach */ Added text for goodmail section

== Internal Use Only ==

Group members:
Nick Principe / naprinci@gmail.com / AIM: mahoubaka <br />
Ken Ganong / kjganong@ncsu.edu / AIM: C4P0droid

*domain authentication
**[http://e-com.ic.gc.ca/epic/site/ecic-ceac.nsf/en/gv00298e.html what canada has to say about it]
**[http://lwn.net/Articles/188685/ seemingly useful article with links to domain authentication related concepts]
*the "goodmail" approach
**[http://www.usatoday.com/tech/news/computersecurity/2006-03-05-goodmail_x.htm goodmail article]
**[http://www.goodmailsystems.com/ goodmail web page]

*client-side filtering

[http://www.spamlaws.com/articles/usf.pdf huge paper on this subject]

== Spam Prevention Techniques ==

=== Comparison of Techniques ===
{| border="1" cellspacing="0" cellpadding="2"
! Technique
! Pros
! Cons
! Authors' Rating
|-valign="top"

|[[#Block_domains_of_.22known.22_spammers|Block domains of "known" spammers]]
|
*Can block a large amount of spam
*Low chance of blocking legitimate email
**Notification sent to blocked senders in some implementations
*Action to take on spam is user-definable
|
*Some spam still can still get through
*Might block individuals running their own mail server
*Requires processing at client/receiver-side for effective blocking
|

{| border="1" cellpadding="1" cellspacing="0" style="border:1px solid white"
|-
| style="background:#00ff00;border:1px solid white" width=2px |  
| style="background:#00ff00;border:1px solid white" width=2px |  
| style="background:#00ff00;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
|}
|-valign="top"

|[[#Require_users_to_request_permission_to_send_mail|Require users to request permission to send you e-mail]]
|
*Blocks all spam
*Robots cannot easily send spam
*Hard to falsify identity
|
*Can introduce large delays in user "seeing" an email
*Impossible to implement correctly and universally at the client side
*Requires significant action on the part of the user to make exceptions
|

{| border="1" cellpadding="1" cellspacing="0" style="border:1px solid white"
|-
| style="background:#00ff00;border:1px solid white" width=2px | 
| style="background:#cccccc;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
|}
|-valign="top"

|[[#Charge_for_email_sent|Charge for email sent]]
|
*Forces targeted selection of spam
|
*Changes the operational paradigm of email
*Lots of supporting infrastructure development necessary
*Might impact users more than spammers
*Where does the money go?
|

{| border="1" cellpadding="1" cellspacing="0" style="border:1px solid white"
|-
| style="background:#00ff00;border:1px solid white" width=2px | 
| style="background:#cccccc;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
|}
|-valign="top"

|[[#Opt-in_for_commercial_email | Opt-in for commercial email]]
|
*Companies can send advertisements without sending spam
*Users can freely restrict the influx of mail from their many online affiliations
|
*Fraudulent emails have an opt-out link that sends you to an unwanted web page.
*Only stops unwanted spam from companies that abide by this rule.
|

{| border="1" cellpadding="1" cellspacing="0" style="border:1px solid white"
|-
| style="background:#00ff00;border:1px solid white" width=2px | 
| style="background:#00ff00;border:1px solid white" width=2px |  
| style="background:#00ff00;border:1px solid white" width=2px |  
| style="background:#00ff00;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
|}
|-valign="top"

|[[#Domain_authentication | Domain authentication]]
|
*Very little spam gets through
*Makes phishing and other identity deceptions very hard
*Easier to track down spammers
|
*Current approaches can break under certain common circumstances
*Requires infrastructure changes
*Multiple standards competing
*Could make it more difficult for individuals with their own mail server
|

{| border="1" cellpadding="1" cellspacing="0" style="border:1px solid white"
|-
| style="background:#00ff00;border:1px solid white" width=2px | 
| style="background:#00ff00;border:1px solid white" width=2px |  
| style="background:#00ff00;border:1px solid white" width=2px |  
| style="background:#00ff00;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
|}
|-valign="top"

|[[#Bounties | Bounties]]
|
*Gets rid of big spammers with incentive
*Possible deterrent
|
*Costs government (tax-payers) money
|

{| border="1" cellpadding="1" cellspacing="0" style="border:1px solid white"
|-
| style="background:#00ff00;border:1px solid white" width=2px | 
| style="background:#00ff00;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
|}
|-valign="top"

|[[#The_.22Goodmail.22_approach | The "Goodmail" approach]]
|
*Mass emails cost money so mass spammers don't work
|
*Companies can bypass the spam filter by paying money
|

{| border="1" cellpadding="1" cellspacing="0" style="border:1px solid white"
|-
| style="background:#00ff00;border:1px solid white" width=2px | 
| style="background:#cccccc;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
|}
|-valign="top"

|[[#Bonds_with_escrow_agencies | Bonds with escrow agencies]]
|
* Whitelisted email accounts don't take out a bond
* Only spammers have to pay.
|
* Lots of infrastructure and processing behind 'micro-payments'
* Somebody has to pay for the escrow agency.
* Users can subvert the system by collecting even when not spam.
|

{| border="1" cellpadding="1" cellspacing="0" style="border:1px solid white"
|-
| style="background:#00ff00;border:1px solid white" width=2px | 
| style="background:#00ff00;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
|}
|-valign="top"

|[[#Client-side_filtering | Client-side filtering]]
|pro
|
*Only as good as user or algorithms/heuristics at identifying spam
*Spam emails are stopped, they are simply not read.
|

{| border="1" cellpadding="1" cellspacing="0" style="border:1px solid white"
|-
| style="background:#00ff00;border:1px solid white" width=2px | 
| style="background:#00ff00;border:1px solid white" width=2px |  
| style="background:#00ff00;border:1px solid white" width=2px |  
| style="background:#00ff00;border:1px solid white" width=2px |  
| style="background:#cccccc;border:1px solid white" width=2px |  
|}
|}

=== Technique Details ===

====Block domains of "known" spammers====
This technique is often implemented by means of a DNS Blacklist (DNSBL) which is a frequently updated list containing IP addresses and ranges of known spammers, though similar systems exist to block domain names or URIs (uniform resource identifiers) associated with spam.

This approach has an advantage over most client-side filtering schemes, since it is better able to block spam that the particular client has never seen before since it is a shared and universal list. Depending on implementation, the DNSBL system could be implemented as a form of client-side filtering. However, it is most efficient if the DNSBL filtering system is implemented at a higher level, such as at the ISP or business. Another advantage of this system is that the action taken when a message is identified as spam is defined by the individual users of the DNSBL system – they can still deliver the message, flag it as spam, or bounce it entirely.

There is the possibility that a DNSBL system could block legitimate email – the likelihood and method of handling this possibility are dependent on the specific implementation. The Spamhaus system sends a message back to each sender of a blocked message indicating why it was bounced to prevent legitimate email from “disappearing” without a trace – however, this approach increases mail and network traffic. A DNSBL system can also make it hard for individuals to set up their own mail servers at home, since residential IPs are blocked in some systems. Also, with minimal processing of incoming messages the percentage of spam blocked is relatively low – for the Spamhaus system, only 15-25%. To get over 90% spam blockage, the headers and body of each message must be analyzed.

=====Links=====
*[http://en.wikipedia.org/wiki/DNSBL Wikipedia DNSBL entry]
*[http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20SBL Spamhaus SBL FAQ]
*[http://www.spamhaus.org/faq/answers.lasso?section=DNSBL%20Technical Spamhaus DNSBL Technical FAQ]

====Require users to request permission to send you mail====
This draconian spam prevention technique, most commonly seen through the use of the Earthlink spamBlocker, delivers only messages from the user’s address book to their inbox – all other mail is put in a separate folder and the sender is sent a reply with information on requesting the user allow them to send the user email.

This technique doesn’t let spam through to the user’s inbox, which is a major advantage. Also, this approach makes it hard or impossible for the sender’s identity to be falsified. When allowing the sender to request the intended recipient to allow their mail through, anti-robot measures prevent the automation and abuse of this system.

There are major disadvantages to this approach. Whenever receiving email from a new person or website, the user must manually add permission to receive from the new sender. Desired or important emails could sit idle for long periods of time in the “Suspect Email” folder before the user reads them. Also, sending a reply to the sender with instructions to request permission from the user to send them mail can cause frustration: first, it is an additional step for the sender, and second, the sender might not check their email again after sending the original message, which introduces further delays.

=====Links=====
*[http://www.earthlink.net/software/free/spamblocker/ Earthlink spamBlocker]

==== Charge for email sent ====
This technique strives to make email more like postal mail, shifting the burden of cost from the recipients to the senders. The goal being reduced spam due to the new costs associated with sending email – requiring more targeted marketing/spamming to be cost-effective. The costs involved could either be monetary – e-postage – or temporal – “hashcash”: requiring a complex computation for each sent email, making sending email very slow if there are many recipients.

The advantage to this technique, if it worked properly, would be reduced spam because spammers would be forced to have a more targeted selection of recipients.

Unfortunately, there are many problems in implementing a system to handle this. Vast amounts of banking infrastructure would need to be established to support an e-postage system, since many checks would have to be done to ensure against fraud. The decentralized mail infrastructure of the internet would have to become more centralized to force the usage and verification of e-postage as well. Using hashcash instead of e-postage would still require mechanisms and infrastructure to enforce the running of the hashcash algorithms. Also, most spammers have vast networks of computers, both legitimately and illegitimately, under their control, so they would have more capacity to solve hashcash problems than individual users.

=====Links=====
*[http://www.taugh.com/epostage.pdf An Overview of E-Postage (currently down)]
*[http://216.239.51.104/search?q=cache:X1_Q1Qii3AkJ:www.taugh.com/epostage.pdf+epostage&hl=en&ct=clnk&cd=2&gl=us Google cache of above article]
*[http://fare.tunes.org/articles/stamps_vs_spam.html Stamps vs. Spam]

==== Opt-in for commercial email ====
Commercial advertisements are often considered spam even when the user has had a previous relationship with the company sending the email.
In order for companies to send such advertisements without causing a lot of unwanted email, a simple opt-in or opt-out system should be
implemented by the company. If an opt-out link or instructions appear in an email, the result of a user following them is that that user
will no longer be sent similar advertisements. This much is required to be CAN-SPAM compliant. The preferred method, however, is an opt-in.
In this way, when a company and a user first achieve contact (usually by the user making a user account with the company), there is a method
for the user to configure which types of email advertisements he or she desires from the company.

Such a system allows a user to decide and configure which companies and which types of advertisements they would like to receive email about
from each company for which they have an online affiliation. However, this requires the company to implement and abide by such a rule. Also,
since this system is so common, many fraudulent spam emails have opt-out options which are fake. By responding to such an opt-out option,
you actually submitting yourself to more spam because the sender knows that your e-mail account is active.

===== Links =====
* [http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm The CAN-SPAM Act]

==== Domain authentication ====
Domain authentication ensures that the domain in a sender’s email is authentic and hasn’t been forged, making phishing and other fraudulent email harder to send. There are two major techniques for accomplishing domain authentication: Sender Policy Framework (SPF) and Domain Keys (DK). Both of these approaches use DNS to authenticate sender domains.

Both approaches add support for domain authentication to the current mail framework in existence, enabling one to be sure that the email originated from the domain specified in the sender’s address. This would effectively filter out a lot of spam.

One problem with both techniques is that they fail under certain conditions: SPF fails under some store-and-forward situations, and DK fails when the message is modified after signing. Also, these techniques do not eliminate the ability of spammers to use temporary domains to send spam – though mail will have to be addressed from that domain, possibly facilitating the tracking of spammers.

=====Links=====
*[http://lwn.net/Articles/188685/ Domain Keys for email sender authentication]
*[http://lwn.net/Articles/187736/ SPF on vger]
*[http://e-com.ic.gc.ca/epic/site/ecic-ceac.nsf/en/gv00298e.html Anti-Spam Technology Overview: Emerging Technologies]

==== Bounties ====

===== Links =====
*[http://www.msnbc.msn.com/id/5326107/%20 FTC's plans to institute bounties]
*[http://www.silicon.com/research/specialreports/thespamreport/0,39025001,39124098,00.htm Will bounties stop spammers?]

==== The "Goodmail" approach ====
This technique provides for accreditation for legitimate senders, allowing their emails to bypass spam and volume mailing filters and folders and get delivered directly to the inbox of users on participating mail systems. The accreditation process costs money and sending the certified messages also costs money. The accreditation process is strict, and the policies for using the service exclude any unsolicited email.

This approach does benefit users in that certified mail is known to be from a trustworthy source and emails from companies using the Goodmail service will not be put in a junk mail folder. This benefits the companies to the same degree, though, ensuring that their messages are delivered straight to the users’ inboxes.

Much maligned when AOL first announced it would use the Goodmail service, it seems most of the criticism was reactionary – the qualifications required by and standards instituted by Goodmail, if they are actually as strict as they appear, mean that users either want the emails sent through this service or can opt-out of them – and they aren’t unsolicited. This service is provided by a for-profit entity, so it is similar to a pay-for-email scheme – it also seems to divide email into two classes which is arguably not in the spirit of the email system. Also, it does require the support of mail hosts and/or ISPs.

==== Bonds with escrow agencies ====
This spam fighting technique works based on whitelists, blacklists, graylists, and a third party (escrow agency) separate from the email sender or receiver.
A whitelisted sender simply sends email and it goes through without the escrow agency intercepting. A blacklisted sender cannot send email to the would-be receiver. The contents of the graylist is essentially everyone on neither of the other lists.

A graylisted sender opens a bond for a small amount of money (one cent) with the escrow agency in order to send email. If the receiver blacklists the sender as a result of the email, the bond is collected and the sender is charged. Thus, only spammers have to pay for their email unlike the [[#Charge_for_email_sent | charge-for-email]] approach.

The escrow agency, however, must be paid. One way of doing this is having the collected spammer money go to the escrow agency. There is a lot of processing for any type of internet payment, so the penny (or so) that is charged to the spammer may not be enough to cover the escrow agency's cost regarding. Also, non-profit groups would possibly often be blacklisted and therefore be forced to pay more than they can afford similar to the Goodmail approach. Since the email cost is mean to deter spammers, Users can subvert the system by blacklisting emails that aren't spam. For example, I could charge my professors for sending me email that they must send for class or users could charge ebay for requested notifications.

===== Links =====
* [http://8stars.org/a/2003/03/13/more-on-fighting-spam/ Summary of escrow spam fighting]

==== Client-side filtering ====