Digital Society and Computer Ethics
Digital Society
- Integration of information and communication technologies.
- Impacts home, work, education, and recreation.
- Digital innovations reshaping society, economy, industries.
- Technologies like mobile, cloud, Big Data, IoT transforming various sectors.
- Opportunities for growth, citizen welfare, efficiency.
- Improves health, transportation, energy, agriculture, manufacturing, and more.
- Enhances governance, policy-making, citizen engagement.
- Internet’s potential for democracy, diversity, human rights.
- Need to understand impact on consumers, users, citizens, workers.
- Impact on private life, education, science, government, democracy, business.
Stakeholder of Digital Society
- Society
- Technologies
- Content
Challenges of Digital Society
- Privacy concerns due to increased data collection and surveillance.
- Growing cybersecurity threats and risks of cyberattacks.
- Unequal access to technology and the internet, creating a digital divide.
- Rapid spread of misinformation and false information online.
- Rise of online harassment and cyberbullying.
- Over-reliance on digital interactions leading to social isolation.
- Job displacement caused by automation in certain sectors.
- Health issues arising from digital addiction and excessive screen time.
- Ethical dilemmas posed by AI, automation, and data usage.
- Challenges in regulating the rapidly evolving digital landscape.
Computer Ethics
- Involves moral principles guiding computer use.
- Includes intellectual property rights, privacy, societal impact.
- Ensures ethical implementation and use of computing resources.
- Addresses copyright, trademarks, unauthorized distribution.
- Encompasses human behavior, workplace ethics, compliance.
- Focuses on Internet-related issues like privacy and content publication.
Importance of Computer ethics
- Protect personal and commercial information.
- Control plagiarism, identity fraud, copyrighted material misuse.
- Ensure ICT accessibility for all, including disabled and deprived.
- Prevent dishonest business practices and promote fair competition.
- Promote moral and social values in society.
Concept of Information Security
- More than just preventing unauthorized access.
- Prevents unauthorized access, use, disclosure, disruption, etc.
- Applies to physical and electronic information.
- Encompasses various data types, including personal details.
- Spans research areas like Cryptography, Mobile Computing, etc.
Information Security vs. Cyber Security
-
-
- Information Security: Primarily concerned with safeguarding data from unauthorized access, disclosure, and modification, ensuring confidentiality, integrity, and availability.
- Cyber Security: Focuses on protecting computer systems, networks, and digital assets from cyber threats, including attacks and breaches.
-
-
- Information Security: Encompasses physical and digital data across various forms.
- Cyber Security: Centers on digital assets, online threats, and vulnerabilities in the cyber realm.
-
-
- Information Security: Involves policies, procedures, access controls, data classification, and risk management.
- Cyber Security: Includes firewalls, intrusion detection systems, antivirus software, encryption, and incident response.
-
-
- Information Security: Stresses confidentiality, integrity, and availability of information.
- Cyber Security: Emphasizes protection from cyberattacks, data breaches, and maintaining system functionality.
-
-
- Information Security: Relevant to all aspects of data handling, storage, and transmission.
- Cyber Security: Specifically addresses online threats and digital systems.
-
-
- Information Security: Securing physical documents, complying with regulations, data disposal.
- Cyber Security: Preventing malware infections, DDoS attacks, and unauthorized network access.
-
-
- Both fields are closely related and often overlap due to the digital nature of modern information management.
-
-
- Effective protection often requires collaboration between information security and cyber security experts.
-
-
- Both fields evolve to adapt to new technologies and emerging threats in the digital landscape.
-
- The principles of both fields contribute to a comprehensive approach to overall organizational security.
Information security principles
- Basic principles/component of Information Security are CIA:
Confidentiality:
- Prevents unauthorized disclosure of information.
- Example: Password seen during login, compromise occurred.
- Breach of confidentiality when unauthorized individuals access information.
Integrity:
- Ensures accuracy and completeness of data.
- Prevents unauthorized editing or tampering.
- Example: Employee leaves, data updated across departments.
- Only authorized personnel are allowed to edit data.
Availability:
- Information accessible when needed.
- Collaboration across organizational teams.
- Example: Checking employee’s leave status.
- Denial of service attacks can disrupt availability.
Information Security Policy
- To prevent and mitigate security breaches.
- To make security policy truly effective.
- To change the company, new threats, conclusions drawn from previous breaches.
- Make information security policy practice and enforceable.
Information security measures
- Technical Measures
- Organizational Measures
- Human Measures
- Physical Measures
Concept of Cybercrime
- Crime committed using network-connected devices.
- Perpetrators called cyber criminals or cyber crooks.
- Growing digitization leads to increased cybercrime.
- Attack computer networks or devices using IT skills.
- Aims: Obtain business information, break accounts, identity theft.
- Include revenge porn, cyber-stalking, harassment, bullying.
- Also involve child sexual exploitation.
Types of Cybercrime:
-
-
- Intended to cause harm or disruption to system or network.
- Use malicious code, viruses, worms, Trojans, and other forms of malware to carry out active attack
- Attackers take direct and intentional action that causes harm.
-
-
- Attacker intercepts and monitors data transmissions without altering or affecting the target system or data.
- Aims to gather sensitive information, such as passwords, financial data, or confidential communications, without the victim’s knowledge.
- Designed to be discreet and undetectable, making it challenging for the victim to realize that their data is being compromised.
-
-
- Unauthorized access to personal information for illegal gain.
- Include unauthorized access, data theft, service disruption, and more.
- Hacking techniques evolve, requiring ongoing security measures to counteract attempts.
- DDoS (Distributed Denial of service) Attacks:
-
-
- Overwhelm target with traffic to render it inaccessible.
- Utilize compromised devices in a botnet for traffic generation.
- Detection involves monitoring traffic patterns and spikes.
-
-
- Stealing personal information for financial fraud.
- Unauthorized acquisition and use of someone’s personal information.
- To assume the victim’s identity for financial gain or fraudulent activities.
-
-
- Unauthorized use of credit card information for financial gain.
- To make fraudulent transactions using stolen card details.
- Personal data like credit card numbers and CVVs are targeted.
-
-
- Harassment or stalking using digital communication and online platforms.
- Involves persistent and unwanted online attention towards a victim.
- Uses technology to intimidate, control, and cause fear in victims.
-
-
- Demanding money or something of value through online threats or attacks.
- Impact on victims’ finances, reputation, and operational continuity.
- Can lead to financial losses, data exposure, and damage to brand image.
-
-
- Illegitimate use of others’ computing resources to mine cryptocurrencies.
- To generate digital currency for the attacker’s benefit.
- Methods involve infecting devices with malware to mine cryptocurrencies.
-
-
- Insulting, harassing, or threatening via the internet.
- Harassing, intimidating, or targeting individuals using digital communication.
- Involves repetitive and harmful behavior through online platforms.
-
-
- Covert and unauthorized gathering of sensitive information through digital means.
- Aim is to obtain valuable data for political, economic, or military advantage.
- Can lead to compromised diplomatic relations, financial losses, and weakened defense.
-
-
- Cybercriminals make contact through calls, emails, or in person.
- Pretend as legitimate entities to gain trust.
- Aim: Obtain personal and important information.
Malicious Software and Spam
Malicious Software
- Malware stands for malicious software, targeting computers and networks.
- It encompasses harmful programs intended to delete, modify, block, or copy data without authorization.
- Coined by Yisrael Radai in 1990, but examples of malware date back to earlier times.
- One of the earliest instances is the Creeper virus in 1971, an experiment by Robert Thomas.
Different Types of Malware
- Computer Virus:
- Malicious software that self-replicates and attaches to other files.
- Activates secretly when the host program is run.
- Types: Memory-Resident, Program File, Boot Sector, Stealth, Macro, Email Viruses.
- The example of computer virus include
- Install the operating system, stay in RAM from boot to shutdown.
- Rare due to modern OS security and Internet precautions.
- Infects executable files (e.g., .EXE, .COM) to increase chances of execution.
- Distributed through email messages, activated when attachments or links are interacted with.
- Encoded as macros embedded in documents, often in applications like Word and Excel.
- Worm:
- Malicious software that self-replicates like viruses.
- Automatically executes itself, unlike viruses that need a host program.
- Spreads over networks quickly, capable of causing substantial damage rapidly.
- Trojan Horse:
- Non-replicating program.
- Appears legitimate but contains malicious code.
- Gains trust and performs harmful activities when executed.
- Used by hackers for stealing passwords, data destruction, and more.
- Difficult to detect due to its deceptive nature.
- Logic Bomb:
- Malicious code triggered by specific events or conditions.
- Remains dormant until triggered.
- Used for unauthorized access, data destruction, or harm.
- Hidden within legitimate software.
- Difficult to detect until activation.
- Causes damage or disruption at a specific time/event.
- Zombies:
- Compromised computers/devices controlled by remote attackers.
- Part of a botnet network for malicious activities.
- Used for DDoS attacks, malware spreading, and data theft.
- Devices include computers, smartphones, IoT devices, etc.
- Users may not be aware of their devices being used.
- Prevention requires security measures and updates.
- Phishing:
- Phishing is a cyberattack that tricks users into revealing sensitive information or performing actions.
- Attackers use deceptive emails, websites, or messages to appear legitimate.
- Goals include stealing passwords, financial data, or installing malware.
- Phishing preys on human psychology and social engineering techniques.
- Users should be cautious and verify the authenticity of requests before sharing information.
- Spyware:
- Secretly records user information.
- Sends collected data to third parties.
- Information can include accessed files, online activities, and keystrokes.
- Adware:
- Displays advertising banners during program execution.
- Can function like spyware, collecting confidential information.
- Aims to gather data from victim’s computer for various purposes.
- Ransomware:
- Ransom malware that blocks user access to files/programs.
- Demands ransom payment through online methods.
- Paid ransom allows user to regain access to their system
- Rootkit:
- Malicious software altering OS functionality stealthily.
- Enables hacker to gain complete control as system administrator.
- Designed to hide their presence on the victim’s system.
- Botnet:
- Compromised computer/device networks under remote control.
- Used for various malicious activities.
- DDoS attacks, spam distribution, data theft, etc.
- Infected devices become “bots” or “zombies.”
- Central control by operators for coordinated attacks.
- Prevention requires security practices and updates.
- Spam:
- Unsolicited and often mass emails sent to numerous recipients.
- Promotes products, services, scams, or fraudulent schemes.
- Can include email, SEO, social networking, mobile, and messaging spam.
- Aims to manipulate search results, exploit social platforms, and target mobile users.
- Clogs inboxes, distracts from legitimate emails, and can be ignorable.
- Spreads across various digital communication channels.
- Adverse effects include annoyance, deception, and potential security risks.
Symptoms of Malware attack:
- Unexpected Crashes
- Slow System
- Excessive Hard Drive Activity
- Strange Windows
- Peculiar Messages
- Bad Program Activity
- Random Network Activity
- Erratic Email
- Blacklisting IP Address
- Unexpected Antivirus Disabling
Protection from Cybercrime
- Keep your computer and software updated:
-
-
- Regularly apply patches and software updates to prevent vulnerabilities.
- Use a non-administrator account whenever possible:
-
-
- limiting the privileges of the user, reducing the potential impact of security breaches or malicious activities.
- Think twice before clicking links or downloading anything:
-
-
- When clicking links or downloading files is essential to prevent potential exposure to malware, phishing, and other online threats.
- Be careful about opening email attachments or images:
-
-
- When opening email attachments or images is important to avoid potential risks of malware infection, phishing attempts, and other malicious activities.
- Don’t trust pop-up windows that ask you to download software:
-
-
- Being sceptical of pop-up windows that prompt you to download software is important to prevent unwittingly installing malicious or unwanted programs on your device.
- Limit your files-sharing:
-
-
- Limiting file sharing helps control the exposure of sensitive information and reduces the risk of unauthorized access or sharing of confidential data.
- Use antivirus/antimalware software:
-
-
- Utilizing antivirus and antimalware software enhances your device’s protection by identifying and mitigating potential threats, ensuring a safer online experience.
-
-
- To prevent unauthorized access, data breaches, and cyberattacks by implementing strong passwords, encryption, and proper network configuration.
-
-
- Regularly backing up your files ensures that important data is not lost in case of hardware failure, malware attacks, or other unforeseen events.
- Use Multiple Strong Passwords:
-
-
- Avoid repeating passwords on different sites.
- Create complex passwords with letters, numbers, and symbols.
- Consider using a password management application.
- Keep Your Social Media Accounts Private:
-
-
- Set privacy settings on social networking profiles.
- Be cautious about sharing personal information online.
Intellectual Property Right (IPR)
- Legal rights safeguarding intellectual creations like inventions, artistic works, and more.
- Provides exclusive use of intangible assets for a specific period.
- Encompasses copyrights, patents, trademarks, and trade secrets.
Types of Intellectual Property Right
Copyright and related rights:
- Copyright is an IPR that safeguards literary, artistic, and technological creations, including writings, music, fine arts, computer programs, and databases.
Patents:
- Patent is an exclusive right granted to inventors to prevent unauthorized commercial use of their invention for a limited time, in exchange for public disclosure of the invention’s details.
Trademarks:
- Trademark is a distinguishing sign that identifies goods or services of one entity from others. It has historical roots in artisans’ marks and serves to establish brand identity.
Industrial designs:
- Industrial design pertains to the aesthetic aspects of an article, encompassing both three-dimensional features like shape and surface, as well as two-dimensional elements like patterns and colors.
Geographical indications:
- Geographical indications and appellations of origin are signs used on goods with a specific geographical origin, indicating qualities and characteristics linked to that place of origin, often identified by the name of the place.
Trade secrets:
- Trade secrets are confidential and exclusive information such as procedures, systems, formulas, etc., that provide a competitive advantage to a company, contributing to its success.
Why should we promote and protect intellectual property?
- Encourages innovation and creativity.
- Drives economic growth and job creation.
- Preserves cultural heritage and traditional knowledge.
- Ensures fair competition and prevents unauthorized use.
- Attracts investment and foreign direct investment.
- Supports research and development activities.
- Facilitates global collaboration and knowledge sharing.
- Benefits consumers by ensuring product quality and origin.
- Fosters cultural and artistic expression.
Intellectual property rights (IPRs)
- Legal rights protecting intellectual creations.
- Encompass inventions, art, products, and more.
- Types include copyrights, patents, trademarks, trade secrets.
- Encourage innovation, creativity, and economic growth.
- Foster fair competition and prevent unauthorized use.
- Attract investment and support research.
- Preserve cultural heritage and traditional knowledge.
- Ensure product quality and origin for consumers.
- Facilitate global collaboration and partnerships.
Digital Signature
- Electronic form of signature to authenticate sender’s identity or document signer.
- Ensures original content integrity and prevents tampering.
- Transportable and not easily imitated.
- Provides non-repudiation, authentication, and message integrity.
- The Government of Nepal adopted digital signatures officially on December 2, 2015.
- Utilizes cryptographic measures for authenticity, non-repudiation, and integrity.
Working mechanism of digital signature

- Two keys are generated : Private key and Public key.
- Private key kept by signer and kept securely.
- Public key owned by the receiver to decrypt the message.
Hash function:
- Hash function generates a fixed-length string from data using a mathematical algorithm.
- It works for files of any size, like emails, documents, or images.
- The generated hash is unique to the input data.
- Hashing is a one-way process; you can’t reverse it to find the original data.
- Even a small change in input data produces a significantly different hash.
- Used in data integrity verification, password storage, digital signatures, etc.
Public Key Infrastructure (PKI):
- PKI facilitates digital signatures and more.
- It involves a private-public key pair for each transaction.
- Private key is kept secret and used for signing.
- Public key is used for validating signatures.
- Ensures secure key generation, usage, and storage.
- Involves a trusted Certificate Authority (CA).
Certificate Authority (CA):
- Digital signatures rely on public-private key pairs.
- Assurance of secure key creation and usage is vital.
- CAs are trusted third-party organizations.
- CAs ensure key security and provide digital certificates.
- CAs validate identities before issuing certificates.
- Digital certificates are digitally signed by CAs.
Digital Certificate:
- Issued by a Certificate Authority (CA).
- Contains public key and associated identity.
- Used to confirm the key’s ownership.
- CA acts as a guarantor of authenticity.
- Valid for a specified time.
- Necessary for creating a digital signature.
Advantage and Disadvantages of Digital Signature:
Advantage of Digital Signature:
- Enhanced security and resistance to forgery.
- Authenticates sender’s identity.
- Ensures data integrity.
- Provides non-repudiation.
- Saves costs and time.
- Increases efficiency in workflows.
- Globally accepted for legal purposes.
- Positive environmental impact.
- Simplifies audit trail creation.
- Integrates well with digital workflows.
Disadvantage of Digital Signature:
- Dependence on technology and digital infrastructure.
- Complex implementation and management.
- Key management challenges.
- Variability in legal recognition.
- Infrastructure requirements for both parties.
- Initial costs for implementation.
- User acceptance and familiarity concerns.
- Potential for misuse or fraudulent activities.
- Complex revocation processes.
- Risk of sensitive data exposure during transfer.
Cyber Law in Nepal
- Governs legal matters related to computers, internet, data, software, and networks.
- Encompasses legal issues in cyberspace.
- Pertains to preventing internet-related crimes.
Area of Cyber Law
- Electronic and Digital Signature:
- Computer Crime:
- Intellectual Property:
- Data Protection and Privacy:
- Telecommunication Laws:
Cyber law in Nepal
- Cyber Law covers diverse issues tied to the internet and technology.
- Encompasses intellectual property, privacy, expression, and jurisdiction.
- Nepal’s first cyber law is the Electronic Transaction Act, 2063.
- Responds to the increasing internet use in Nepal.
- Addresses commercial, private sector, and criminal aspects.
- Covers digital signatures, intellectual property, and cybercrime.
- Consists of 12 sections and 80 clauses.
- Focuses on computer networks and cybercrime.
- Brings cybercriminals to court and imposes penalties like other crimes.
Provisions included in the laws:
- Comprehensive coverage of cyber activities.
- Key legislation for Nepal’s IT industry development.
- Criminal and civil consequences for hacking, data theft, and more.
- Penalties include imprisonment up to 5 years or fines.
- Focus on severity and repetition of the crime.
- Enhanced security for electronic banking transactions.
- Boosts economic activities over the internet in Nepal.
- Legal recognition for government websites and digital signatures.
- Applies to e-banking, e-commerce, and more electronic media.
ICT Policy in Nepal
- ICTs are essential for sustainable development and economic growth worldwide.
- They transform social interactions and public service delivery.
- Nepal considers ICTs crucial for poverty reduction and development goals.
- Efficiency is a key indicator of competitiveness, and ICTs contribute to efficiency.
- ICTs play a role in better governance, education access, healthcare outreach, and economic growth.
- Challenges arise from the fast-paced nature of ICT innovation and evolving policy needs.
- Policy formulation needs to adapt to technological trends, including cybersecurity, data protection, privacy, and intellectual property rights.
- Addressing challenges of technological convergence and regulatory governance is important.
- As telecom connectivity expands, focus shifts to strengthening demand-side fundamentals.
- ICTs offer a tool to bridge development gaps and improve citizens’ quality of life.
Vision
- Goal to transform Nepal into an information and knowledge-based society and economy.
Mission
- To create conditions for the intensified development and growth of ICT sector as a key driver for
- Nepal’s sustainable development and poverty reduction
Major Objectives
- Make ICT accessible and affordable to all citizens.
- Develop and expand ICT infrastructure.
- To promote good governance through the use of ICT.
- Achieve sustainable and inclusive socio-economic development through the use of ICT
- Create the opportunities of human resources development through the use of ICT.
Policy:
- Promote a stable, fair and competitive investment climate.
- Facilitate the development of e-Trade and E-Commerce activities.
- Enhance competitiveness of farmers through ICT in agriculture.
- Improve communication systems for tourism development.
- Support e-Government planning and strategies.
- Develop ICT services to bridge the digital divide.
- Ensure efficient use of ICT infrastructure for resilience.
- Enhance institutional capacity for ICT education in educational institutions.
- Increase enrollment and output of students in key ICT-related skills.
- Deploy ICTs in education for better outcomes and expanded access.
- Facilitate youth and women’s participation in ICT, media, and content development.
- Address gender-based inequalities in ICT initiatives.
- Promote use of free and open source software in government.
- Develop a competitive and regulated ICT industry through innovation and partnership.
- Attract ICT-related foreign investments, especially in the IT-ITES/BPO sector.
- Utilized ICT for social and economic development.
- Expand broadband services through national telecommunications infrastructure.
- Utilize regional and international telecom infrastructure for economic integration.
- Safeguard public sector information and investments from negative ICT impacts.
- Facilitate e-Trade and E-Commerce with a stable investment climate.