Ethics in IT — Week 2 · Checkpoint
Week 2 Checkpoint
Three rights. Three legal frameworks. Three cases that show where law and ethics diverge.
13 slides ~15 minutes ETH-08 · The Factionless
By the end of this checkpoint, you will be able to recite the three pillars of Week 2 (privacy, expression, IP), identify the patterns linking Carpenter, Reno, and Waymo, and articulate the recurring gap between legal compliance and ethical practice.
Slide 2 of 13
What You Covered Week 2
Three rights. Three frameworks. Three modern cases that defined the digital era.
ETH-05: Privacy
Four privacy types. US sectoral law. GDPR's extraterritorial reach. Carpenter v. US. Privacy by Design.
ETH-06: Freedom of Expression
First Amendment scope. Section 230's two protections. DMCA abuse pattern. Reno v. ACLU. Four moderation approaches.
ETH-07: Intellectual Property
Four IP mechanisms. Open-source license tiers (MIT → AGPL). Work-for-hire. Waymo v. Uber. Method-not-information line.
The arc of Week 2: Week 1 was foundations; Week 2 is the rights those foundations protect. Privacy from observation. Speech from suppression. Ownership from theft. Every modern IT decision touches at least one.
Slide 3 of 13
Privacy: US Sectoral Map
No single privacy statute. Sector-specific laws stitched together — with significant gaps.
HIPAA
Healthcare. Covered entities + business associates. Breach notification.
COPPA
Children under 13. Verifiable parental consent before collection.
FERPA
Education. Student records private. Consent required for disclosure.
ECPA
Electronic communications. Warrantless interception prohibited.
PATRIOT Act
National security. Section 215 bulk records. NSL gag orders.
GDPR (EU)
All EU resident data. Specific consent. Right to erasure. 72-hr breach.
The 1986 problem: ECPA was written before the cloud. Most US privacy law has not caught up to the data. Privacy by Design and GDPR-by-default fill what statute doesn't.
Slide 4 of 13
Carpenter v. United States: The Doctrine Shift
2018. The third-party doctrine doesn't apply when "sharing" is automatic and reveals everything.
Pre-Carpenter (1979 Smith v. Maryland)
Information voluntarily shared with a third party = no Fourth Amendment protection.
Worked when "sharing" meant pen registers and bank records — deliberate disclosures.
Post-Carpenter (2018, 5-4)
Comprehensive CSLI requires a warrant. Roberts: the data reveals "the privacies of life" in ways the doctrine wasn't designed for.
Recognized that smartphones make all "sharing" effectively involuntary.
The professional implication: when law enforcement requests bulk customer data with a court order (not a warrant), Carpenter is your reference. The legal floor moved up; the ethical ceiling moved up faster.
Slide 5 of 13
Section 230 & DMCA
Two laws that built the modern internet — and the abuse patterns they enabled.
Section 230 (1996)
Two protections: (1) platforms aren't liable for user content, (2) "good faith" moderation doesn't make them publishers.
The challenge: algorithmic amplification = editorial judgment. 1996 BBSes didn't have ranking. The law treats them like neutral pipes; they aren't.
DMCA Section 512
Notice-and-takedown safe harbor for platforms.
The abuse: bad-faith DMCA notices used as a censorship tool. Counter-notice restores content, but the chilling effect already worked.
The "neutral platform" myth: a platform with ranking algorithms has already made an editorial decision. The professional question isn't whether platforms exercise editorial judgment — they do, by definition. It's whether the judgment is visible, explained, and accountable.
Slide 6 of 13
Four IP Mechanisms
Different protections, different durations, different registration requirements. Pick the wrong one and you have nothing.
Copyright
Original expression. Auto at creation. Life + 70 yr / 95 yr work-for-hire. Doesn't protect ideas, only specific expression.
Patent
Novel inventions. USPTO required. 20 yr (utility), 15 yr (design). Software patents contested under Alice Corp.
Trademark
Brand identifiers. Common-law + optional registration. Indefinite with use. Can become generic.
Trade Secret
Confidential biz info. No registration. Indefinite while secret. Lost if disclosed or protections fail.
The strategic choice: Coca-Cola's recipe is a trade secret (indefinite, but if leaked = gone). Your code is auto-copyrighted. Patents publish your invention in exchange for monopoly. Mechanism choice is strategic, not procedural.
Slide 7 of 13
Open Source License Tiers
A spectrum from permissive to maximally copyleft. Each step adds a downstream obligation.
Where commercial deployments land: permissive (MIT/Apache) for components going into proprietary products. GPL when you want public-benefit propagation. AGPL is rare in commercial deployments — the network-use trigger makes it incompatible with closed SaaS.
Slide 8 of 13
The Three Week 2 Cases
Each case shows where the law arrives later than the ethical question demanded.
Carpenter (Privacy)
FBI obtained 6 months of CSLI without a warrant under the third-party doctrine. SCOTUS said no — the data reveals too much.
Lesson: doctrines built for one technology era stop working when the technology changes underneath them.
Reno (Expression)
CDA's indecency provisions criminalized "indecent" online content for minors. SCOTUS struck down 9-0.
Lesson: the internet gets print-level First Amendment protection. Active-seeking media; not invasive broadcast.
Waymo (IP)
Levandowski downloaded 14,000 confidential files before leaving for Uber. $245M civil settlement; criminal conviction.
Lesson: the moment of taking is the ethical line, not the moment of getting caught.
Slide 9 of 13
Pattern: Legal Floor vs. Ethical Ceiling
Every Week 2 chapter showed the same gap. Both contain the answer; the floor is just the lower one.
Pattern across Week 2: in every domain — privacy, expression, IP — the law tells you what's required, and professional ethics tells you what's right. Compliance was never the goal. Compliance is the floor.
Slide 10 of 13
Pattern: Defaults Are Decisions
In every Week 2 chapter, the most consequential ethical decisions weren't single choices. They were design defaults that shaped a million subsequent interactions.
Privacy
Default: location sharing on, ad personalization on, exports buried.
Declares: the user's privacy is for sale.
Expression
Default: algorithmic amplification of engagement, not accuracy.
Declares: outrage is a feature, not a bug.
IP
Default: closed-source until forced. Permissive licenses by exception.
Declares: knowledge belongs to whoever has it.
The professional position: the engineer who picks defaults makes the ethics call. The product manager who ships them ratifies it. "We just gave users a setting" is the deflection — the default was the choice.
Slide 11 of 13
Pattern: Method Matters, Not Information
Across all three Week 2 cases, the same data was legitimate or illegitimate depending on how it moved.
Legitimate
Privacy: data with explicit, specific, informed consent → usable.
Expression: moderation with appeal process → defensible.
IP: reverse engineering for interoperability → permitted.
IP: SEC filing as competitor intel → intelligence.
Illegitimate
Privacy: same data via buried-ToS deception → consent is invalid.
Expression: silent deplatform without notice → censorship.
IP: unauthorized access to source → espionage.
IP: downloading 14,000 files on the way out → theft.
The professional rule: the same artifact (data, content, source code) carries radically different ethical weight depending on the act that produced or moved it. The ethics follows the act, not the artifact.
Slide 12 of 13
Looking Ahead: Week 3
From the rights of users to the obligations of builders. Software ethics, society's burden, the patterns that connect them.
ETH-09: Software Ethics
The "good enough" problem. Safety-critical systems. Therac-25. Methodology ethics. Autonomous vehicles.
ETH-10: IT Impact on Society
The productivity paradox. AI/ML displacement. Healthcare IT. The digital divide. Watson for Oncology.
ETH-r2 + ETH-11
Mid-week reflection (r2) and Week 3 checkpoint (11). The patterns from Weeks 1-3 set up the final-week synthesis.
The shift in framing: Weeks 1-2 asked "what protects the individual?" Week 3 asks "what does the builder owe to the people who never agreed to the system?"
Slide 13 of 13
Week 2 Takeaways
Eight ideas to carry forward.
1Four privacy types: informational, physical, decisional, associational. Each carries distinct IT implications.
2US privacy law is sectoral. Six federal statutes plus state laws. GDPR fills gaps via extraterritoriality.
3Carpenter v. US rewrote the third-party doctrine for the smartphone era. Comprehensive CSLI requires a warrant.
4Section 230 = two protections: no publisher liability, "good faith" moderation. Algorithmic amplification challenges both.
5Reno v. ACLU (1997): the internet gets print-level First Amendment protection. Active-seeking, not broadcast.
6Four IP mechanisms: copyright (auto), patent (USPTO), trademark (use + renewal), trade secret (no registration).
7Open source is a spectrum. MIT/Apache (permissive) → GPL (copyleft) → AGPL (network copyleft).
8Method, not information. SEC filing = intelligence. Unauthorized access = espionage. Same data; different ethics.
Week 2 complete. Take the Week 2 quiz when you've finished this checkpoint. Then move to Week 3: Software Ethics & IT Impact on Society.