Question 1

Some computer system failures can lead to significant economic problems. For example, there have been numerous cases in which payment processing systems have been compromised and credit card information is stolen. Should the vendors of these systems be held liable for the financial losses when their systems failed? Why?

Question 2

Scenario: You work for a relatively small software development company. The company was hired by a marketing firm to develop a custom software system that will be used for mass data collection and analysis. The system has already been designed and is into the implementation stage. The former project manager left the company and you have recently been assigned to the team to take their place. The purpose of the system is to facilitate targeted marketing by collecting data about consumer’s purchasing behavior and connecting it with information about their identifying information, demographics, income, hobbies, interests, group affiliations, etc.

While getting up to speed on the project you become concerned that the system’s security is inadequate. A breach of the system would not necessarily include extremely sensitive information such as credit cards, social security numbers or passwords the system is not explicitly designed for such purposes, but they could be stored in the system. A breach of the system would almost certainly result in a large amount of personal data being inadvertently released and this might cause problems for the consumers or other parties involved (e.g. the marketing firm, their customers, your employer, etc.).

A redesign of the system is still possible, but it would delay the project and/or raise costs. You are concerned about the problem but are also concerned about the consequences of proposing the necessary changes.

What options do you have? How would you choose to proceed?

Hint: Think about what kinds of information might be stored and what types of things might be deduced or inferred. For example, group affiliations might include things like political groups or religious organizations, whereas consumer purchasing behavior could include things like items purchased over-the-counter at a pharmacy. Consider what private information someone might not want made public, what the consequences might be, and what actions they might take in the case of a breach.