Menu

Tools Submit Materials Pricing About Contact Login Register

Chapter 8: Digital Society and Ethics

Computer Science - Class 11

This chapter delves into the multifaceted world of digital society, exploring the ethical considerations, security challenges, and legal frameworks governing technology use. It covers essential topics from digital citizenship and cybercrime to intellectual property rights and Nepal's specific cyber laws and ICT policies, equipping students with knowledge for responsible and safe digital engagement.

No MCQ questions available for this chapter.

Chapter 8: Digital Society and Ethics

8.1 Digital Society and Computer Ethics

The rapid advancement of technology has fundamentally reshaped human interaction, commerce, and governance, giving rise to what is known as the digital society. This transformation brings with it a unique set of ethical considerations and responsibilities, collectively termed computer ethics.

Digital Society

A digital society is a society where information and communication technologies (ICTs) play a central and pervasive role in all aspects of daily life, including social interactions, economic activities, political processes, and cultural expressions. In such a society, access to information is democratized, services are digitized, and connectivity is paramount. In Nepal, the digital society is rapidly evolving with increasing internet penetration, the rise of mobile banking and digital wallets (e.g., eSewa, Khalti), online government services (e.g., Nagarik App), and the widespread use of social media, transforming how people communicate, transact, and access information.

Computer Ethics

Computer ethics refers to the moral principles and guidelines that govern the use of computers and information technology. It addresses the ethical dilemmas created by the advent of computers, networks, and digital information, ensuring that technology is used responsibly and beneficently. Key areas include privacy, intellectual property, security, and the impact of technology on society.

Digital Citizenship

Digital citizenship is the responsible, ethical, and safe use of technology by individuals within a digital society. It encompasses a range of behaviors and norms that promote positive and productive engagement in the digital world. The core tenets of digital citizenship include respect for others' digital rights, responsibility for one's own online actions, and ensuring personal and communal safety online. In Nepal, promoting digital citizenship is crucial for students and the general public to navigate the internet safely, avoid cyber threats, and contribute positively to online communities.

Ethical Issues

The digital age presents several ethical challenges that individuals and societies must address:

  • Piracy: This involves the unauthorized reproduction, distribution, or use of copyrighted material, such as software, music, movies, or books. In Nepal, software piracy is a common issue, with many individuals and businesses using unlicensed software due to cost or lack of awareness. This not only harms creators but also poses security risks due to lack of updates and support.
  • Plagiarism: The act of taking someone else's work or ideas and passing them off as one's own without proper attribution. In academic and professional settings, digital tools have made plagiarism easier to commit but also easier to detect. It undermines intellectual honesty and the value of original work.
  • Privacy Invasion: This refers to the unauthorized access, collection, use, or disclosure of personal information. With vast amounts of data collected online, concerns about data breaches, surveillance, and the misuse of personal information by companies or governments are paramount. In Nepal, with the increasing use of digital platforms, protecting personal data from unauthorized access or sharing is a growing concern, especially with the absence of a comprehensive data protection law.
  • Cyberbullying: The use of electronic communication to bully a person, typically by sending messages of an intimidating or threatening nature. It can have severe psychological impacts on victims and is a significant problem, particularly among youth. In Nepal, social media platforms are often used for cyberbullying, leading to calls for greater awareness and stricter enforcement against such acts.

8.2 Concept of Information Security

Information security is the practice of protecting information by mitigating information risks. It involves preventing unauthorized access, use, disclosure, disruption, modification, or destruction of information. The fundamental principles of information security are often summarized by the CIA triad.

CIA Triad

The CIA triad is a model designed to guide policies for information security. It consists of:

  • Confidentiality: Ensuring that information is accessible only to those authorized to have access. This prevents sensitive information from falling into the wrong hands. Example: Encrypting personal health records so only doctors and authorized staff can view them.
  • Integrity: Maintaining the accuracy and completeness of data over its entire lifecycle. This prevents unauthorized modification or alteration of data. Example: Ensuring that a financial transaction record remains unchanged from its creation to its archival.
  • Availability: Ensuring that authorized users have timely and uninterrupted access to information and resources when needed. This means systems and data are operational and accessible. Example: A hospital's patient database being accessible 24/7 for emergency situations.

Threats

Information security faces numerous threats, which can compromise the CIA triad:

  • Malware: Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. (See section 8.4 for types).
  • Phishing: A type of social engineering attack where attackers attempt to trick individuals into revealing sensitive information (e.g., usernames, passwords, credit card details) by disguising themselves as a trustworthy entity in an electronic communication.
  • Social Engineering: The psychological manipulation of people into performing actions or divulging confidential information. It relies on human error rather than vulnerabilities in software or systems. Examples: Pretexting (creating a fake scenario), baiting (offering something enticing), quid pro quo (promising a benefit for information).
  • DDoS (Distributed Denial of Service): An attack where multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource. The flood of incoming messages, connection requests, or malformed packets forces the target to slow down or crash, thereby denying service to legitimate users.

In Nepal, individuals and organizations frequently encounter phishing attempts targeting banking credentials and social media accounts, as well as malware infections through pirated software or malicious email attachments.

Security Measures

To counter these threats, various security measures are employed:

  • Passwords: Strong, unique passwords are the first line of defense. They should be complex (combination of uppercase, lowercase, numbers, symbols), long, and changed regularly. Multi-factor authentication (MFA) adds an extra layer of security.
  • Encryption: The process of converting information or data into a code to prevent unauthorized access.
    C = E(P, K)
    Where C is ciphertext, P is plaintext, K is encryption key, and E is the encryption function.
    P = D(C, K')
    Where P is plaintext, C is ciphertext, K' is decryption key, and D is the decryption function.
    Encryption ensures confidentiality.
  • Firewalls: Network security systems that monitor and control incoming and outgoing network traffic based on predetermined security rules. They act as a barrier between a trusted internal network and untrusted external networks (like the internet).
  • Antivirus Software: Programs designed to detect, prevent, and remove malicious software. They scan files and monitor system behavior for known malware signatures and suspicious activities.

Data Backup and Recovery

Data backup involves creating copies of data that can be used to restore the original data in case of data loss or corruption. Data recovery is the process of retrieving inaccessible, lost, corrupted, or formatted data from secondary storage. Regular backups are crucial for business continuity and personal data protection. Strategies include full backups, incremental backups (only data changed since last backup), and differential backups (data changed since last full backup). In Nepal, many small businesses and individuals often neglect regular data backups, making them vulnerable to significant data loss from hardware failure, cyberattacks, or natural disasters.

8.3 Concept of Cybercrime

Cybercrime refers to any criminal activity that involves a computer, networked device, or a network. While most cybercrime is carried out over the internet, some forms can also be carried out using local networks. It leverages technology to commit offenses that can range from minor infractions to serious felonies.

Definition

A cybercrime is an illegal act wherein the computer is either the tool or target, or both. These crimes exploit vulnerabilities in computer systems or networks, causing harm to individuals, organizations, or governments. The nature of cybercrime is borderless, making investigation and prosecution complex.

Types

Cybercrime encompasses a wide range of illegal activities:

  • Identity Theft: Stealing and using someone else's personal identifying information (e.g., name, address, PAN, citizenship number in Nepal) to commit fraud or other crimes.
  • Fraud: Deceiving individuals or organizations for financial gain through digital means, such as online shopping scams, investment fraud, or banking fraud.
  • Hacking: Gaining unauthorized access to a computer system or network. This can be for various purposes, including data theft, system disruption, or simply demonstrating skill.
  • Cyberstalking: Using electronic communication to harass or stalk an individual. This can involve sending threatening messages, monitoring online activity, or spreading rumors.
  • Cyber Terrorism: The use of computer networks and the internet to cause disruption or fear for political or ideological reasons. This can target critical infrastructure (e.g., power grids, financial systems).

In Nepal, common types of cybercrime reported include online fraud (e.g., lottery scams, fake job offers), social media account hacking, and cyberbullying.

Targets

Cybercriminals can target various entities:

  • Individuals: Often targeted for personal information, financial credentials, or identity theft through phishing, malware, or social engineering.
  • Organizations: Businesses and non-profits are targets for intellectual property theft, corporate espionage, ransomware attacks, and data breaches affecting customer or employee information.
  • Governments: Government agencies are targeted for sensitive data, critical infrastructure disruption, or political motives by state-sponsored actors or hacktivists.

Impact

The consequences of cybercrime can be severe and far-reaching:

  • Financial Loss: Direct monetary losses from fraud, theft, or ransomware payments, as well as indirect costs from system downtime, recovery efforts, and legal fees.
  • Reputation Damage: For individuals, cybercrime can lead to personal distress and damage to their online reputation. For organizations, a data breach or cyberattack can erode customer trust and brand image.
  • Data Breach: Unauthorized access to and disclosure of sensitive or confidential data, leading to privacy violations and potential legal liabilities.

8.4 Malicious Software and Spam

Malicious software, commonly known as malware, is a blanket term for any software designed to cause damage, disrupt operations, or gain unauthorized access to a computer system. Spam and phishing are common delivery mechanisms for malware or standalone threats themselves.

Malware Types

  • Virus: A type of malware that attaches itself to legitimate programs or documents and spreads to other computers when those programs are executed or documents are opened. It requires user action to propagate.
  • Worm: Self-replicating malware that spreads across networks without human intervention. Worms can consume network bandwidth and crash systems.
  • Trojan: A malicious program disguised as legitimate software. Users are tricked into installing it, after which it can perform various harmful actions, such as creating backdoors or stealing data.
  • Ransomware: Malware that encrypts a victim's files, making them inaccessible, and then demands a ransom payment (usually in cryptocurrency) for the decryption key.
  • Spyware: Software that secretly gathers information about a user and their activities without their knowledge or consent, often for advertising purposes or to steal credentials.
  • Adware: Software that automatically displays or downloads unwanted advertisements (pop-ups, banners) on a computer, often bundled with free software.

In Nepal, ransomware attacks have targeted organizations, and individuals frequently encounter viruses and Trojans through pirated software and infected USB drives.

Spam

Spam refers to unsolicited bulk messages, typically sent via email but also through SMS or social media. While often just annoying, spam can also be a vector for phishing attacks and malware distribution. It clogs inboxes, wastes bandwidth, and can be a significant productivity drain.

Phishing

Phishing is a deceptive attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Phishing emails often contain malicious links or attachments. Example: An email appearing to be from a bank asking you to "verify your account details" by clicking a suspicious link.

Prevention Methods

  • Use reputable antivirus software: Keep it updated and run regular scans.
  • Employ email filters: Many email services automatically filter spam and suspicious emails.
  • Be cautious with email attachments and links: Never open attachments or click links from unknown or suspicious senders. Verify the sender's identity if unsure.
  • Keep software updated: Apply security patches and updates for operating systems and applications promptly.
  • Educate yourself and others: Awareness of common phishing tactics and malware threats is crucial.

8.5 Protection from Cybercrime

Protecting oneself from cybercrime requires a combination of technological safeguards and responsible digital habits. Proactive measures are always more effective than reactive ones.

Key Protection Strategies

  1. Use Strong Passwords and Change Regularly:
    • Create unique, complex passwords for different accounts, combining uppercase and lowercase letters, numbers, and symbols.
    • Aim for passwords that are at least 12-16 characters long.
    • Consider using a password manager to securely store and generate strong passwords.
    • Change passwords periodically, especially for critical accounts.
  2. Keep Software Updated:
    • Regularly update your operating system (Windows, macOS, Linux) and all installed applications.
    • Updates often include critical security patches that fix vulnerabilities exploited by cybercriminals.
  3. Use Antivirus and Firewall:
    • Install and maintain reputable antivirus software on all your devices. Ensure it's configured for real-time protection and automatic updates.
    • Enable your operating system's built-in firewall or use a third-party firewall to monitor and control network traffic.
  4. Be Cautious with Email Attachments and Links:
    • Exercise extreme caution before opening email attachments or clicking links, especially from unknown senders or if the email seems suspicious.
    • Hover over links to see the actual URL before clicking.
    • Verify the sender's identity through an alternative communication channel if an email requests sensitive information or urgent action.
  5. Regular Data Backup:
    • Implement a routine for backing up your important data to an external hard drive, cloud storage, or network-attached storage (NAS).
    • Ensure backups are tested periodically to verify data integrity.
  6. Report Cybercrime to Authorities:
    • If you become a victim of cybercrime, report it immediately to the relevant authorities. In Nepal, this means contacting the Nepal Police Cyber Bureau or your local police station.
    • Providing timely information can aid in investigation and prevention for others.

8.6 Intellectual Property Rights

Intellectual Property Rights (IPR) are legal rights that protect creations of the mind. They grant creators exclusive rights over their inventions, literary and artistic works, designs, and symbols, names, and images used in commerce. These rights encourage innovation and creativity by allowing creators to benefit from their work.

Types of Intellectual Property Rights

  • Copyright: Protects original literary, dramatic, musical, and artistic works, including software, books, music, films, and paintings. Copyright typically lasts for the life of the author plus a certain number of years (e.g., 50 years in Nepal). In Nepal, the Copyright Act, 2059 (2002) protects original works, benefiting artists, writers, and software developers.
  • Patent: Grants an inventor exclusive rights to make, use, and sell an invention for a limited period (typically 20 years). To be patentable, an invention must be new, useful, and non-obvious. Patents encourage technological advancement. While patent awareness is growing, the number of patents filed in Nepal is relatively low compared to other countries.
  • Trademark: A distinctive sign or indicator used by an individual, business organization, or other legal entity to identify that the products or services to consumers originate from a unique source, and to distinguish its products or services from those of other entities. Trademarks can be names, logos, slogans, or designs. In Nepal, businesses register trademarks to protect their brand identity and prevent counterfeiting.
  • Trade Secret: Confidential business information that provides an enterprise with a competitive edge. Unlike patents, trade secrets are not publicly disclosed and are protected as long as they remain secret. Examples: Manufacturing processes, customer lists, unique algorithms.

Software Piracy and its Consequences

Software piracy is the unauthorized copying, distribution, or use of copyrighted software. It is a significant violation of intellectual property rights. In Nepal, due to various factors including cost and lack of strict enforcement, software piracy remains prevalent.

Consequences of Software Piracy:

  • Legal Penalties: Fines, imprisonment, and civil lawsuits for copyright infringement.
  • Security Risks: Pirated software often comes bundled with malware, viruses, or spyware, compromising system security and data privacy.
  • Lack of Support and Updates: Users of pirated software do not receive official support, patches, or updates, leaving them vulnerable to bugs and security flaws.
  • Economic Impact: Harms legitimate software developers and vendors, leading to job losses and reduced investment in innovation.
  • Ethical Implications: Undermines the principle of fair compensation for creative work and promotes dishonest practices.

8.7 Concept of Digital Signature

A digital signature is a mathematical scheme for demonstrating the authenticity of digital messages or documents. It is a cryptographic mechanism used to verify the sender's identity and ensure that the message has not been altered since it was signed. Digital signatures are the digital equivalent of a handwritten signature or a stamped seal.

Uses Public Key Cryptography

Digital signatures rely on public key cryptography (also known as asymmetric cryptography), which uses a pair of mathematically linked keys: a public key and a private key.

  • The sender uses their private key to create the digital signature.
  • The recipient uses the sender's publicly available public key to verify the signature.

This ensures that only the sender could have created the signature, and anyone can verify it without compromising the sender's private key.

Ensures Authenticity, Integrity, Non-Repudiation

Digital signatures provide three crucial security services:

  • Authenticity: Confirms the identity of the sender, ensuring that the message genuinely came from the claimed source.
  • Integrity: Guarantees that the content of the message has not been altered or tampered with since it was digitally signed. Any change would invalidate the signature.
  • Non-repudiation: Prevents the sender from falsely denying that they sent the message or signed the document. Since only the sender has access to their private key, they cannot later claim that they did not sign the document.

Applications

Digital signatures have widespread applications in the digital world:

  • Online Banking: Securing transactions and verifying customer identities.
  • E-commerce: Authenticating online purchases and ensuring the integrity of transaction details.
  • Legal Documents: Providing legal validity to electronic contracts, agreements, and other official documents, reducing the need for physical paperwork.
  • E-governance: Used in government services for secure submission of forms, applications, and official communications. In Nepal, the Electronic Transaction Act 2008 recognizes digital signatures, paving the way for their use in various government and private sector digital services.

8.8 Concept of Cyber Law in Nepal

Cyber law is a body of law that governs cyberspace and legal issues related to the internet and information technology. It addresses the legal aspects of computer crime, electronic commerce, intellectual property in the digital sphere, data protection, and privacy. In Nepal, cyber law is primarily governed by the Electronic Transaction Act (ETA) and its associated regulations.

Electronic Transaction Act 2008 (ETA)

The Electronic Transaction Act, 2063 (2008) is the primary legislation governing electronic transactions and cybercrime in Nepal. It provides legal recognition to electronic records and digital signatures, aiming to facilitate e-commerce and e-governance while also establishing provisions for offenses related to computers and the internet.

Key Provisions of ETA:

  • Legal validity of electronic records and digital signatures.
  • Provisions for licensing and regulating certifying authorities for digital signatures.
  • Definition of various cyber offenses and their corresponding penalties.
  • Jurisdiction for cybercrime cases.

Provisions Against Cybercrime in Nepal

The ETA explicitly defines and penalizes several cybercrimes:

  • Unauthorized Access (Hacking): Section 47 penalizes unauthorized access to computer material, with fines and imprisonment.
  • Damage to Computer Source Code: Section 48 addresses alteration or destruction of computer source code.
  • Publication of Illegal Materials: Section 47 (c) and 47 (d) cover publishing or displaying illegal materials, including obscene content, content that incites hatred, or content that infringes on others' privacy or reputation.
  • Computer Fraud: Section 47 (e) deals with committing fraud using electronic means.
  • Confidentiality Breach: Section 47 (f) penalizes unauthorized disclosure of confidential data.

Nepal Police Cyber Bureau

The Nepal Police Cyber Bureau, established under the Nepal Police, is the central agency responsible for investigating cybercrimes, providing forensic analysis, and raising awareness about cyber safety. Individuals who are victims of cybercrime are encouraged to report incidents to the Cyber Bureau, which has specialized units to handle digital evidence and investigate complex cyber cases.

Legal Penalties for Cyber Offenses

The ETA prescribes various penalties, including fines and imprisonment, depending on the nature and severity of the cyber offense. For instance, unauthorized access (hacking) can lead to a fine of up to NPR 50,000 or imprisonment for up to two years, or both, for the first offense. Subsequent offenses carry higher penalties. Publication of illegal content can also result in significant fines and imprisonment. These legal frameworks aim to deter cybercriminals and provide recourse for victims in Nepal.

8.9 ICT Policy in Nepal

Information and Communication Technology (ICT) policy refers to the strategic framework developed by a government to guide the development and use of ICTs within a country. These policies aim to leverage technology for socio-economic development, governance, and improving the quality of life. Nepal's ICT policy landscape has evolved to keep pace with global digital transformations.

National ICT Policy

Nepal's National ICT Policy (most recently, the National ICT Policy 2072/2015 and its subsequent updates/frameworks) aims to create an information-rich society by promoting the development and use of ICTs across all sectors. Its objectives include:

  • Expanding ICT infrastructure and access to remote areas.
  • Promoting e-governance and digital service delivery.
  • Developing human resources in the ICT sector.
  • Encouraging research and development in ICT.
  • Ensuring cyber security and data protection.

Digital Nepal Framework

The Digital Nepal Framework is an ambitious national initiative launched by the Government of Nepal to transform the country into a digital economy and society. It outlines eight pillars for digital transformation:

  1. Digital Foundation (e.g., broadband, data centers)
  2. Digital Economy (e.g., fintech, e-commerce)
  3. Digital Society (e.g., digital literacy, health, education)
  4. Digital Government (e.g., e-governance, smart cities)
  5. Digital Agriculture
  6. Digital Urbanization
  7. Digital Infrastructure
  8. Digital Entrepreneurship

This framework provides a roadmap for integrating digital technologies into various sectors to achieve sustainable development goals.

E-governance Initiatives

E-governance involves the use of ICTs to deliver government services, exchange information, communicate transactions, and integrate various stand-alone systems and services. In Nepal, e-governance initiatives include:

  • Nagarik App: A mobile application providing various government services (e.g., PAN registration, police clearance, land tax payment) from a single platform.
  • Online Tax Payment Systems: Facilitating the payment of income tax, VAT, and other government revenues online.
  • Customs Automation: Streamlining import/export processes through digital platforms.
  • Digital Land Registration: Efforts to digitize land records and registration processes.

These initiatives aim to enhance transparency, efficiency, and accessibility of public services.

IT Parks and Technology Zones in Nepal

To foster the growth of the IT industry and attract investment, Nepal has established or proposed IT parks and technology zones. The IT Park in Kavrepalanchok is a notable example, intended to provide infrastructure and facilities for IT companies. Plans for other technology zones in various parts of the country aim to create hubs for innovation, generate employment, and boost the digital economy.

Cyber Safety Awareness Programs

Recognizing the increasing risks in the digital landscape, the Government of Nepal, in collaboration with civil society organizations and educational institutions, conducts cyber safety awareness programs. These programs target students, parents, teachers, and the general public, educating them about common cyber threats (e.g., phishing, cyberbullying, online fraud) and best practices for safe and responsible online behavior. These initiatives are crucial for building a resilient and secure digital society in Nepal.

Previous