Illustrations of Social Responsibility in Practice

The Information Society offers new ways of undertaking existing activities. The introduction of electronic voting and electronic patient records are two examples of this new order. These are discussed in detail as they serve to illustrate the sorts of societal issues that need to be addressed during the planning, development, and implementation of facilities within the Information Society. Such issues can only be effectively addressed if a social responsibility approach is adopted.

Electronic Voting

Electronic voting offers real advantages, including the possibility of voting from more convenient locations and the chance for disabled voters to vote on equal terms with others. However, voting is one activity where equal access is of vital importance. Robert Mugabe sought to influence the result of the Zimbabwe presidential election by making it easier to vote for those who he thought would vote for him, and more difficult for those he thought would vote against him. Unlike most public services, when it comes to voting, it is not good enough to make voting much easier for some people without making it easier for all. Voting systems cannot rely on a technology that some have easy access to, but a significant proportion is struggling to use. This alone seems to suggest that simply making it possible to vote using home computers will be unfair.

E-voting also raises tough issues of security and secrecy. Virtually no other transaction with government requires the same degree of secrecy, even from other family members. History has shown that if secrecy is not maintained, there will be attempts to buy votes, to coerce voters, and to use undue influence in other ways. It is no good, therefore, if problems are encountered, to go back to receipts as in other electronic transactions: receipts are just what would be needed to buy and sell votes, and make sure coercion has worked.

If voting is allowed away from supervised polling stations, how do we know that there is not someone else in the room coercing the voter? If we get to the stage where systems are routinely supplied with cameras, then it might be possible for there to be checks that the voter is not being coerced, but this in turn will cause worries about privacy, and could be very labor intensive.

There is a clear requirement for the election authorities to know that each person who is submitting a vote is genuinely entitled to submit a vote, and has not already done so. Yet at the same time, the requirement for secrecy means that how the voter has voted should not be revealed to those in authority. This problem does not seem to be logically insoluble: issuing every voter in an election an identity code for that election, but which cannot be improperly linked back to the identity of the individual, is part of the solution.

A fundamental problem for electronic voting, or electronic counting of votes, is: how do we know that we can trust the systems to give us a 'result' that accurately reflects how people have cast their votes? This is not just a case of how we avoid farces like Florida in the U.S. Presidential election. The question of knowing whether we can trust systems goes deeper. If you use ICT to cast a vote, how do you know that when you tell it 'vote for candidate X' it really does so? It might tell you that it has, but how do you know it is not telling lies? Part (but not all) of the problem here is with viruses. If you are using a multipurpose computer with a mainstream operating system, you are wide open to virus attacks. Sure you might have 'virus protection', but virtually all 'virus protection' systems only protect you against viruses that they already know about, and there is no guarantee that it will know about a virus that changes votes as you cast them.

Assuming that all votes that are sent do genuinely reflect the intentions of the voters, how do we know they have been counted accurately? We could ask the computer to count them again, and be amazed when it comes to exactly the same result as last time (unless we are using the punch cards they used in Florida …). But that does not tell us that it has counted them correctly either time. Part of the solution here is for the software that does the counting to be open to inspection by the political parties (or experts they nominate), but that does not tell us that it has been compiled in the way that we expect. So the compiler needs to be open to inspection, and the computer that the compiler runs on, and so on, and so forth. Transparency is therefore essential. Even if we are confident the votes in the database are correctly counted, we also need to know that they were recorded correctly in the first place, and the database has not been improperly modified. It is far from easy to ensure this in the face of people who might be determined to rig an election.

Electronic Patient Records

The Electronic Patient Record (EPR) allows providers, patients, and payers to interact more efficiently and in life-enhancing ways. It offers new methods of storing, manipulating, and communicating medical information of all kinds, including text, images, sound, video, and tactile senses, which are more powerful and flexible than paper-based systems. The policy of governments appears to favor a national healthcare infrastructure with a longitudinal patient record, covering a patient's complete medical history from the cradle to the grave. Such developments raise a number of issues.

EPRs can facilitate the doctor-patient relationship through use of computerized notes that the doctor and patient share and contribute to. However, EPRs can harm the relationship and undermine trust. For example, in the U.S. there are medical data clearinghouses that sell medical patient data to insurance companies, police departments, employers, drug companies, and so on. Consequently, patients are becoming reluctant to tell their doctors everything about their medical symptoms and the causes of them. This is damaging the doctor-patient relationship, which depends heavily upon confidentiality and most importantly threatens to damage quality of care. There is clearly a tension and trade-off between the need-to-know and the right to confidentiality that must be addressed. This is an issue that has been exacerbated by ICT. Violations of medical confidentiality may appear to be easier because of the efficiency of computerized systems. The damage to the patient whose confidentiality is violated may be proportionately greater because of the amount of data held within the EPR.

Electronic access to medical information requires careful scrutiny. A patient's right to informed consent should prevail. A patient should have control over her/his data, preventing casual distribution that might be harmful. A patient should also have the right not to be informed of medical facts, for example, genetic data that might affect self-esteem and the way in which one lives one's life. The ability to invoke only partial access is important. For example, a woman who had had an abortion might visit a surgeon for an unrelated ailment. She should have the right to decide whether or not to allow that physician access to data other than what could be termed as her general health status. Electronic access to patient data can be beneficial. For example, the administering of prescriptions via electronic transactions from doctor to pharmacist to patient with the aid of digital signatures for authorization could improve service significantly.

The movement of EPRs over the Internet, intranets, and extranets raises concern, for the further from the original source, the greater the risk of inaccuracy, falsification, duplication, manipulation, and unauthorized distribution. There is little effective control over data use over computer networks. Ethical practices are not well defined for the vast array of disclosures to secondary users, such as managed care evaluators, insurance companies, and so on. For example, categorizing and profiling patients may engender discriminatory and/or exclusionary effects. Data banks of health maintenance organizations, and drug companies are gathering information and storing it in computerized form. By linking their computers, these organizations can trade information across computer networks. Information has thus become a tradable commodity. The legitimacy of this medical information trading needs to be established and assurance sought that data is completely anonomized.

Practical Considerations

The discussions about electronic voting and electronic patient records illustrate the range of complex social responsibility issues surrounding the application of computer technologies in the Information Society. Democracy and healthcare are fundamental elements of free society. For the Information Society to flourish, key planks such as these need to be effectively and sensitively addressed. Clearly the two examples highlight a range of matters, such as privacy, intellectual property, trust, and access that need to be addressed during planning, development, and implementation. Table 2, based on the three concepts and five issues mentioned earlier, shows how social responsibility factors inculcate the computer-based systems of the Information Society.

Furthermore, a fundamental underlying issue is complexity. Bucy (2000) argues that the systems of the Information Society are, in their current form, too complicated for the many people to use and derive benefit. They require a certain level of cognitive ability to navigate successfully. For this reason he argues, "There is reason to believe that the digital divide will not be completely remedied through universal physical access to computer technology alone." The need to simplify systems radically should form a major design principle for the Information Society.

The attitude of those involved in the planning, development, and implementation of IT systems will greatly influence the nature of the Information Society. Recruitment of people committed to the social responsibly approach is vital. DeCremer and Van Lange (2001) suggest that people can be divided into two categories: those with pro-social orientation and those with pro-self orientation. They explain that, "relative to pro-selfs, pro-socials exhibit greater levels of cooperation in a variety of social dilemmas, seek out greater opportunities to enhance collective outcomes and equality of outcomes, and tend to give social dilemmas a stronger cooperative (rather than competitive) meaning." In other words pro-socials are much more likely to adopt a social responsibility approach. There is thus a compelling argument that profiling done during recruitment of IT personnel should be used to identify this trait in order to increase the chances of engaging staff committed to social responsibility. Ongoing staff development should also promote a pro-social culture and attitude. In this way it is more likely that the wide range of issues and concepts associated with applications such as electronic patient records and electronic voting will be tackled.

These types of practical consideration point to the need for a comprehensive IT management approach that promotes social responsibility. An effective approach is suggested by Erbschloe (2002). He puts forward 10 principles of socially responsible information technology management as follows:

• Appropriately staff IT departments

• Fairly compensate IT workers

• Adequately train computer users

• Provide ergonomic user environments

• Maintain secure and virus-free computer systems

• Safeguard the privacy of information

• Ethically manage intellectual property

• Utilize energy-efficient technology

• Properly recycle used computer equipment

• Support efforts to reduce the digital divide

These principles offer strategic guidance on many issues, including the ones discussed in this chapter, facing those providing systems for the Information Society.