Milestone 10: Ethical, Legal, and Security Considerations¶
Your team will write that a set of wiki pages in which you describe possible ethical, legal, and security ramifications of your app. The goal is to identify problems or issues that might arise as a result of people using your app and develop an initial plan for either preventing these problems or for handling them as they arise.
The software you write, the decisions you make while coding, can all have real and sometimes unexpected repercussions in the real world. The world notices. For confirmation, simply browse the “Policy” section of any tech blog, for examples see: Policy@The Verge, Cybersecurity@The Verge, Privacy@The Verge, Policy@Ars Technica.
You will address each of the following questions separately in your wiki page:
Identify any ethical issues raised by your software. For example:
- Are users’ privacy expectations met by your software?
- Could the use of your software result in racial, gender, religious, or any other type of discrimination? How does your software try to mitigate this problem?
- Can your software by abused by some users to cause harm to other users? or to the public at large? How do you mitigate it?
Identify any legal issues raised by your software. For example:
- Is your software violating any licensing agreements? List all third-party software you plan to use and ensure that you have the right to use as you plan.
- Are there any intellectual property constraints placed by your client? or by the owner of some dataset you need to use? List them.
- Can your users use your app to break the law? post copyright works on your webapp? steal information? etc.
Identify any security issues raised by your software. For example:
- Identify sensitive information kept by your software. Explain how you plan to protect it.
- Identify possible attack vectors, that is, ways malicious users could try to use your software to escalate their privileges. This includes root access to your server, access to other user’s sensitive information (say via XSS attacks), root access to your database, etc. Explain protection plan.
Write the above paragraphs in your wiki, in three pages called
Legal Issues, and
Security Issues, respectively.
|Ethical Issues||Incapacity to recognize ethical issues.||Recognizes main ethical issues||Recognizes and addresses most ethical issues|
|Legal Issues||Does not recognize core legal issues||Recognizes main legal issues||Recognizes legal issues and has plan to satisfy them all|
|Security Issues||Ignores security problems||Identifies major security issues||Has comprehensive security plan|