AP CSP Big Idea 5 Impact Of Computing

AP CSP Big Idea 5: Impact of Computing — Complete 2025 Study Guide

Exam Weight: 21–26% • Approximately 15–18 Questions • 2025–2026 AP Exam

What You Will Learn: Big Idea 5 covers the societal, ethical, and legal effects of computing. Questions describe a computing innovation and ask you to evaluate its benefits, harms, privacy implications, or ethical dimensions. BI5 is the second-largest section of the exam. Many questions require selecting two correct answers, so understanding nuance — that innovations can be both beneficial and harmful — is essential.

Table of Contents

Beneficial and Harmful Effects of Computing

Computing innovations change the world in ways that are often both helpful and harmful. The AP exam frequently presents a scenario and asks you to identify both types of effects, or to determine whether a described effect is beneficial or harmful.

Intended vs. Unintended Consequences

Creators of computing innovations often cannot fully predict all the ways their work will be used or what effects it will have. Effects can be:

  • Intended beneficial: GPS was designed to help military navigation — it delivered that benefit
  • Unintended beneficial: GPS unexpectedly transformed civilian transportation, commerce, and mapping
  • Unintended harmful: GPS enables stalking and location-based surveillance
Key Idea: The same innovation can produce beneficial effects for some people and harmful effects for others, or beneficial effects in some contexts and harmful effects in others. The AP exam often presents both sides and asks you to evaluate them together.

Examples of Dual-Effect Innovations

Innovation Beneficial Effects Harmful Effects
Social media Connects people, enables organizing, shares information quickly Spreads misinformation, enables cyberbullying, mental health effects
Facial recognition Unlocks phones, identifies missing persons, helps law enforcement Enables mass surveillance, has high error rates for darker skin tones
E-commerce algorithms Helps shoppers find relevant products, supports small businesses Creates filter bubbles, exploits purchasing psychology
Automated hiring software Processes large applicant pools efficiently, reduces recruiter time Can encode and amplify historical biases against protected groups
AP Tip for Dual-Effect Questions: When a question asks for TWO correct answers, look for one that clearly describes a benefit and one that clearly describes a harm from the same innovation. Avoid answers that are too absolute ("eliminates all errors" or "always harmful") — nuanced answers that acknowledge trade-offs are usually correct.

The Digital Divide

The digital divide is the gap between people who have access to computing technology and the internet and those who do not. This gap falls along lines of income, geography, age, disability, and education.

Causes of the Digital Divide

  • Economic barriers: devices and internet service cost money that many cannot afford
  • Geographic barriers: rural and remote areas often lack reliable broadband infrastructure
  • Age and education barriers: older adults and those without digital training may lack skills to use technology effectively
  • Language barriers: much online content is in English, limiting access for non-English speakers
  • Disability barriers: technology that is not designed accessibly excludes users with visual, hearing, or motor impairments

Consequences of the Digital Divide

As more services, jobs, education, and civic participation move online, those without access are increasingly disadvantaged:

  • Job applications, healthcare, banking, and government services are primarily online
  • Students without home internet access fall behind peers with reliable connectivity
  • Remote work opportunities are unavailable to those without reliable internet
Common Mistake: The digital divide is not simply about whether someone owns a smartphone. It includes the quality of access (broadband vs. mobile data), digital literacy skills, and the accessibility design of technology itself.

Algorithmic Bias

Algorithms make decisions. When those decisions affect people — hiring, lending, criminal sentencing, medical treatment — bias in the algorithm can cause systematic unfairness.

How Algorithmic Bias Occurs

  1. An algorithm is trained on historical data
  2. The historical data reflects past human decisions, which may have been biased
  3. The algorithm learns and replicates those patterns
  4. The biased algorithm then makes biased decisions at scale, affecting many more people than any individual human decision-maker would
Example: A resume-screening algorithm is trained on 10 years of successful hires. If women were historically underrepresented in the industry, the algorithm learns that female-coded signals (graduation from women's colleges, participation in women's professional organizations) correlate with being not hired. It then discriminates against women's resumes even though gender was never an explicit input.

Addressing Algorithmic Bias

  • Audit training data for historical disparities before using it
  • Test the algorithm's outputs across different demographic groups
  • Include diverse teams in the design and testing process
  • Use diverse and representative training data
AP Tip: Questions about algorithmic bias usually describe a scenario where an AI system produces disparate outcomes for different groups. The correct answer will explain that the bias comes from the training data or design choices, not that the computer is inherently untrustworthy or that all AI should be banned.

Privacy and Personally Identifiable Information

Personally identifiable information (PII) is any data that can be used to identify a specific individual. Protecting PII is a core ethical and legal concern in computing.

Examples of PII

Clearly PII PII When Combined
Full name, Social Security Number, home address First name + zip code + date of birth
Email address, phone number Employer + general location + job title
Biometric data (fingerprint, face scan) Purchase history + browsing behavior
Key Idea: Data that seems anonymous can become identifying when combined with other data. This is called re-identification. Releasing a "anonymized" dataset that contains age, zip code, and gender is often enough to uniquely identify most individuals in it.

How Companies Collect and Use PII

  • Cookies track browsing behavior across websites
  • Apps request location, contacts, and camera permissions
  • Search engines log queries and build profiles of user interests
  • Loyalty programs link purchase histories to identifiable individuals
  • Smart devices collect audio, location, and usage data continuously

Privacy Trade-offs

Many services offer genuine value in exchange for personal data. The AP exam often presents these trade-offs and asks you to evaluate them:

  • Free email service in exchange for scanning messages to show targeted ads
  • Personalized recommendations in exchange for tracking viewing and purchase history
  • Faster emergency response in exchange for continuous location tracking

Cybersecurity Threats

Protecting computer systems and data from unauthorized access, theft, and damage is a critical concern. The AP exam tests recognition of common attack types and basic defense strategies.

Threat What It Is Example
Phishing Deceptive messages that trick users into revealing credentials or installing malware An email claiming to be from your bank asking you to verify your password
Malware Malicious software designed to damage, disrupt, or gain unauthorized access A program that encrypts your files and demands a ransom payment
Ransomware A type of malware that locks or encrypts a victim's files and demands payment Hospital systems disabled by ransomware, demanding payment to restore patient records
DDoS attack Distributed Denial of Service; overwhelms a server with traffic from many sources to make it unavailable Thousands of compromised computers simultaneously sending requests to a website until it crashes
SQL injection Inserting malicious code into a database query to gain unauthorized access to data A login form that accepts ' OR '1'='1 to bypass authentication
Rogue access point A fake Wi-Fi network designed to intercept communications A hotspot named "AirportFreeWifi" set up by an attacker in a public location

Defense Strategies

  • Strong passwords and multi-factor authentication reduce account takeover risk
  • Software updates patch vulnerabilities before attackers exploit them
  • Encryption protects data even if it is intercepted or stolen
  • Firewalls filter network traffic to block unauthorized access
  • User training: most successful attacks exploit human error, not technical flaws

Encryption

Encryption transforms readable data (plaintext) into an unreadable form (ciphertext) using a mathematical algorithm and a key. Only someone with the correct key can decrypt it back to plaintext.

Why Encryption Matters

When data is transmitted over a network, it passes through many devices. Encryption ensures that even if someone intercepts the data, they cannot read it without the key.

Symmetric vs. Asymmetric Encryption

Type How It Works Key Characteristic
Symmetric Both sender and receiver use the same key to encrypt and decrypt Fast, but key must be securely shared in advance
Asymmetric (Public Key) Each party has a public key (shared openly) and a private key (kept secret); data encrypted with the public key can only be decrypted with the private key Solves the key distribution problem; used in HTTPS
Key Idea: HTTPS (the padlock in your browser) uses asymmetric encryption to securely establish a shared key, then uses symmetric encryption for the actual data transfer because it is faster. You do not need to know the technical details for the AP exam — just understand that encryption protects data in transit.

Intellectual Property

Intellectual property refers to creative works and inventions that are legally protected. Computing raises unique intellectual property challenges because digital content is trivially copyable.

Type What It Covers AP Relevance
Copyright Protects original creative works (writing, music, code, images) automatically upon creation Using copyrighted material without permission is infringement
Creative Commons A licensing system that lets creators specify what others can and cannot do with their work Some CC licenses allow free use with attribution; others restrict commercial use or modification
Open source Software whose source code is publicly available and can be freely used, modified, and redistributed Not the same as public domain; open source often has license requirements (like crediting the original author)
Patent Protects inventions and new processes for a limited period Prevents others from making, using, or selling the invention without permission
Common Mistake: Students confuse "open source" with "public domain." Open source means the code is available to read and modify, but it is still protected and usually has license conditions. Public domain means copyright has expired or was waived — anyone can use the work for any purpose with no restrictions.

Crowdsourcing and Citizen Science

The internet enables large-scale collaboration between distributed individuals or computers. This creates new opportunities for solving problems that no individual or small team could tackle alone.

Types of Crowdsourcing

  • Knowledge crowdsourcing: Wikipedia collects encyclopedia entries from volunteers worldwide
  • Funding crowdsourcing: Kickstarter pools small contributions from many backers to fund projects
  • Computation crowdsourcing: Folding@home distributes protein folding simulations across volunteers' computers
  • Data crowdsourcing: Weather apps collect GPS and sensor data from millions of phones to improve forecasting

Benefits and Concerns

Benefits: Enables massive data collection at low cost, distributes complex tasks, incorporates diverse perspectives, funds projects that traditional investors might not support.

Concerns: Quality control is difficult, contributors may lack expertise, anonymity enables trolling and misinformation, privacy issues arise when participants share personal data.

Key Vocabulary

Term Definition
Digital divide The gap between those who have access to computing technology and those who do not, along lines of income, geography, age, or education
PII Personally Identifiable Information; data that can be used, alone or in combination, to identify a specific individual
Algorithmic bias Systematic unfairness in an algorithm's outputs, typically caused by biased training data or flawed design choices
Phishing A social engineering attack using deceptive messages to trick users into revealing credentials or installing malware
Malware Malicious software designed to harm, disrupt, or gain unauthorized access to a computer system
DDoS Distributed Denial of Service; overwhelming a server with traffic from many sources to make it unavailable
Encryption The process of transforming data into an unreadable form using a key; only the correct key can decrypt it
Symmetric encryption Encryption where the same key is used for both encrypting and decrypting data
Asymmetric (public key) encryption Encryption using a public key (shared openly) and a private key (kept secret); data encrypted with one key can only be decrypted with the other
Copyright Legal protection for original creative works, automatically granted upon creation
Creative Commons A licensing system that allows creators to specify the conditions under which others may use their work
Open source Software whose source code is publicly available and may be used, modified, and distributed, usually under specific license conditions
Crowdsourcing Obtaining contributions (data, labor, funding, processing power) from large numbers of people via the internet
Re-identification Combining multiple pieces of data to identify an individual, even when each piece was released as "anonymous"

AP Exam-Style Practice Questions

Predict your answer before revealing it.

Question 1 — Select TWO answers

A city government deploys a network of facial recognition cameras in public spaces to identify wanted criminals. Which of the following are valid concerns about this system?

  • (A) Facial recognition systems have documented higher error rates for people with darker skin tones, which could lead to misidentification and wrongful arrest
  • (B) The cameras will reduce tourism because visitors are afraid of outdoor spaces
  • (C) The constant surveillance infrastructure could be used beyond its original purpose to monitor lawful protest activities or track individuals without cause
  • (D) The system is invalid because facial recognition technology does not work outdoors
Show Answer & Explanation

Answers: A and C

(A) is a well-documented concern: studies by MIT and NIST have found that facial recognition has significantly higher error rates for darker-skinned individuals, creating a real risk of false positives and wrongful detention. (C) is a legitimate concern about mission creep — surveillance infrastructure built for one purpose can be repurposed, and public camera networks have historically been used to monitor protected activities. Eliminate (B): while there are privacy advocates, reducing tourism is speculative and not a primary concern. Eliminate (D): this is factually false.

Question 2

A company analyzes customer purchase data and browsing history to show targeted advertisements. The company states that all data is "anonymized" before analysis. A privacy researcher discovers that by combining the anonymized purchase data with publicly available social media posts, 87% of customers can be uniquely identified. Which concept does this best illustrate?

  • (A) Phishing, because the company tricked customers into sharing their browsing data
  • (B) Copyright infringement, because the company used customer data without paying for it
  • (C) Re-identification, because combining seemingly anonymous datasets can expose individual identities
  • (D) A DDoS attack, because the researcher accessed the company's servers without authorization
Show Answer & Explanation

Answer: C

Re-identification is the process of cross-referencing multiple datasets to identify individuals who were not supposed to be identifiable. This scenario is a textbook re-identification case: each dataset alone may seem harmless, but their combination reveals individual identities. This is a major limitation of "anonymization" as a privacy protection. Eliminate (A): phishing involves deceptive messages to steal credentials — not what happened here. Eliminate (B): copyright protects creative works, not personal data. Eliminate (D): the researcher analyzed the data to expose a vulnerability, not attack a server.

Question 3 — I, II, and III format

A student downloads a song file from a website that displays a Creative Commons license saying: "Attribution required, Non-commercial use only." The student wants to use the song as background music in a YouTube video for their school project (no monetization). Which of the following statements are true about this situation?

I. The student may use the song as long as they credit the original creator in the video.
II. The student may sell the video with the song included because the video is educational.
III. The Creative Commons license applies because the student is not monetizing the video.

  • (A) I only
  • (B) II and III only
  • (C) I and III only
  • (D) I, II, and III
Show Answer & Explanation

Answer: C — I and III only

Statement I is true: the license requires attribution, and the student plans to give credit. That condition is met. Statement III is true: the non-commercial restriction is satisfied because the student is not monetizing the video. Statement II is false: the license explicitly prohibits commercial use. Selling the video would violate the license regardless of whether the video is educational. Since II is false, eliminate (B) and (D).

Question 4 — Spot the Error

A student describes encryption: "When you use HTTPS to visit a website, all the data you send is converted to a secret code. Anyone who intercepts the data can read it, but they cannot change it without the website detecting the alteration." Which part of this description is incorrect?

  • (A) The part about data being converted to a code; HTTPS only verifies identity, it does not change the data
  • (B) The claim that interceptors can read the data; encrypted data cannot be read without the decryption key
  • (C) The part about HTTPS preventing changes; encrypted data can be freely modified in transit
  • (D) The description is completely correct; HTTPS works exactly as described
Show Answer & Explanation

Answer: B

The student's error is claiming that interceptors "can read" encrypted data. The entire point of encryption is that intercepted ciphertext is unreadable without the key. The student correctly identified that HTTPS converts data to a secret code and correctly identified that tampering is detectable, but incorrectly said the data is still readable after interception. Eliminate (A): HTTPS does encrypt data, not just verify identity. Eliminate (C): HTTPS does include integrity verification that detects tampering. Eliminate (D): the description contains the specific error noted above.

Question 5

A school district purchases an AI system to identify students at risk of dropping out. The system was trained on historical data from the district going back 20 years. Over time, teachers notice the system flags students from low-income families far more often than students from wealthier families with similar academic records. What is the most likely explanation for this disparity?

  • (A) The AI system is malfunctioning because it was not updated recently enough
  • (B) Students from low-income families are genuinely more likely to drop out, so the system is working correctly
  • (C) The training data reflects historical patterns where economic factors correlated with dropout rates; the model is amplifying systemic inequities present in the historical data
  • (D) The disparity occurred because teachers incorrectly input the students' income data into the system
Show Answer & Explanation

Answer: C

This is algorithmic bias driven by biased training data. If the historical data reflects a society where low-income students had less access to support services, the model learns that income-correlated signals predict dropout — and it then perpetuates and amplifies that pattern, even when applied to two students with similar academic performance. The question specifies "similar academic records," making (B) insufficient as an explanation. Eliminate (A): this is not a software malfunction. Eliminate (D): the problem is in the model's training, not data entry errors.

Continue Studying: Big Idea 5 is the second-largest section at 21–26% of the exam. Focus on recognizing dual effects of innovations, understanding the digital divide, identifying algorithmic bias, and knowing the difference between copyright, Creative Commons, and open source. Many BI5 questions require selecting two correct answers, so practice evaluating both sides of every scenario.
1-on-1 AP CSP Tutoring
Still unsure? Work directly with Tanner before the CPT deadline or exam.
11+ years teaching AP CSP — 34.8% of students score 5s vs. 9.6% nationally.
See Tutoring Options →
← Big Idea 4 Back to CSP Hub →

Get in Touch

Whether you're a student, parent, or teacher — I'd love to hear from you.

Just want free AP CS resources?

Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.

Typically responds within 24 hours

Message Sent!

Thanks for reaching out. I'll get back to you within 24 hours.

🏫 Welcome, fellow educator!

I offer curriculum resources, practice materials, and study guides designed for AP CS teachers. Let me know what you're looking for — whether it's classroom materials, a guest speaker, or Teachers Pay Teachers resources.

Email

[email protected]

📚

Courses

AP CSA, CSP, & Cybersecurity

Response Time

Within 24 hours

Prefer email? Reach me directly at [email protected]