When Ethics and IT Collide

jcatcw writes "IT workers have access to confidential data, and they can see what other employees are doing on their computers or the networks. This can put a good worker in a bad predicament. Bryan, the IT director for the U.S. division of German company, discovered an employee using a company computer to view pornography of Asian women and of children. He reported it but the company ignored it. Subsequently the employee was promoted and moved to China to run a manufacturing plant. That was six years ago but Bryan still regrets not going to the FBI. Other IT workers admit using their admin passwords to snoop through company systems. In a Ponemon Institute poll of more than 16,000 U.S. IT practitioners, 62% said they had accessed another person's computer without permission, 50% read confidential or sensitive information without a legitimate reason, and 42% said they had knowingly violated their company's privacy, security or IT policies. But in the absence of a professional code of ethics, companies struggle to keep corporate policies up to date."

Why bother keeping corporate policies up to date?

[Eric Smith]

and 42% said they had knowingly violated their company's privacy, security or IT policies. But in the absence of a professional code of ethics, companies struggle to keep corporate policies up to date."

If 42% are willing to violate the existing policies and risk termination or worse, how would adding a professional code of ethics or keeping corporate policies up to date help? Those same 42% would likely ignore the code of ethics and violate newer policies as well.

Re:Why bother keeping corporate policies up to dat

[Stormcrow309]

If it was like the PMP, CMA, CPA or other professional certifications/licensure that industry requires for certain jobs, then code of ethics violations would mean loss of certifications/licensure. That would weed out all those unethical assholes in IT.

Re:Why bother keeping corporate policies up to dat

[Nerdfest]

That would weed out all those unethical assholes in IT.

... and send them back to management and marketing where they belong!

Re:Why bother keeping corporate policies up to dat

[ePhil_One]

and send them back to management and marketing

Perhaps you know different IT folks than I do. Most of the IT guys I know would do very poorly in both of these roles.

I think the point of a "Professional Association" is that it would raise the risk of unethical behavior. Right now you get caught with your fingers in the cookie jar & lose your job, you'll have a new one in a few months, and the old job will likely only "confirm employment" because of HR policy. If there was a professional society companies could refer to, they might able to inflict a more serious punishment. Of course, given the lack of success with similar professional organizations in Law & Medicine in policing their memberships, my confidence level is low.

Re:Why bother keeping corporate policies up to dat

[ucla74]

So this professional association might be "Professional Information Technologists Association"? PITA, right?

Re:

[Stormcrow309]

I'm sorry, but that is exactly what I am saying. I am replacing a guy who lost his position because he was an unethical boob without an education. Each one of the managers in my division that have lost their job or have been forced into retirement in the last 10 years just happen to have an associates only or no degree. By the end of the year, we will have only one manager without a bachelors and they are sweating bullets right now. It has become so endemic within my organization, a hospital, that we starti

Re:

[UbuntuDupe]

It would also weed out anyone who has an idea the guild doesn't want to see implemented, or who wants to enter to field to compete with whoever's excessively paid.

Re:

[Original Replica]

who wants to enter to field to compete with whoever's excessively paid.

If they were able to negotiate that salary from the corporate management, then they aren't excessively paid. Companies pay people according to their perceived worth. If you are willing to do the same job at the same quality level for less money, then not only are you being foolish in the personal financial realm, but you are devaluing the IT skill set for everyone else as well. Part of what a professional licensing organization would d

Re:Why bother keeping corporate policies up to dat

[Original Replica]

Competition for labor drives down the wages of those paid above what is required to get someone to do it, and pushes up the wages where there are labor shortages.

I agree with you that it is how it should work. I hope you don't think that's how upper management pay scale works in the real world. Given that the people in charge of the large organizations don't play by those rules, it makes little sense for the people that work for the large organizations to play by those rules.
From my own personal experience: I'm a stagehand, I used to work Off-Broadway on for-profit commercial shows (multi-million dollars budgets). Most of the stagehands that work in those venues have college degrees in stagecraft. The pay scale works out to a lower lower middle class lifestyle in NYC. $20 an hour doesn't go far in NYC. Forget raising a family on that here. Forget health insurance. There was a high attrition rate, but there was always a new batch of college grads that would fill the ranks. Then I moved on to Broadway. Broadway stagehands are union. The job is really the same, but we make twice as much money as Off-Broadway. The attrition rate is pretty low. People have insurance and can afford to have kids. The tickets cost twice as much for the consumer. Yet strangely, Broadway is thriving, while the Commercial Off-Broadway scene is slowly vanishing, so your theoretical "blight on consumers" doesn't seem to be happening. Granted there are unions out there who don't honestly factor in profits (or lack there of) when they are making demands in a contract negotiation. Not only do those unions give other unions a bad name, but they destroy their own industry. However, there is plenty of room between "destroying the industry" and "the minimum that someone will accept for the job" It's that difference that keeps the attrition rate low and allows for stagehands with decades of high level experience, those experienced stagehands are well worth the price of two or three fresh from college employees. In the non-union Off-Broadway scene those experienced workers never emerge because of attrition, but there is always someone willing to do the job. Now be it a union or a professional licensing organization, keeping the labor cost/value above the bare minimum, but within what the industry will bear, results a healthier more sustainable work culture. As for end-consumer costs, those are always as high as the market will bear, the only difference is the internal distribution of the cash flow. By doing any job for less than the guy who was doing the job yesterday, are you really going to save the consumer money or are you just increasing the year-end bonus for someone already in the highest tax bracket? You seem to have some sort of pride in your willingness to do-more-for-less, as though that will somehow make life better for the common man or will earn you the love and respect of the company you work for. From my perspective: you are the common man, make life better for yourself by attaching a (carefully considered) high price to your labor. A paycheck that supports a high standard of living is how companies show respect.

Are you willing to pay the increasing salaries?

[Colin Smith]

Because there are already professional certifications available for IT people. Speaking from personal experience they currently make bugger all difference to fees or salaries. If you were to require such certifications then the reduction in supply of IT personnel would cause the salaries of the certified to rocket... As it has for lawyers, doctors, accountants etc.

No? Not willing to pay up? Oh well then, you can't really complain.
 

Re:Why bother keeping corporate policies up to dat

[pegr]

That would weed out all those unethical assholes in IT.
 
Sticks and stones may break my bones, but I can read your email...

Re:

[rtechie]

And there are no crooked accountants? Haven't the very largest accounting firms in the USA, regulated and certified, been responsible for most of the recent multi-billion dollar corporate scandals? They just found ways to work around the "ethical rules" imposed on them.

It's about culture. Most IT guys are "techies" not money-grubbing bastards (aka business executives, accountants, etc.) Most IT professionals have a sense of integrity, understand their power within the organization, and act reasonably respon

Re:

[Evil Adrian]

A lot of the IT professionals I've encountered that had certifications, it seemed to me, went through the motions to earn them, to prove that they knew something -- almost as if to compensate for their lack of instinct and knowledge, because they weren't very good. They didn't have that "computer intuition" that separates good IT professionals from the average-to-shitty.

Most of the good IT professionals I know don't have certifications, they let their work and references speak for themselves.

Re:

[The One and Only]

Depends. Am I hiring someone to program, or to chase shiny certificates? Degrees and certs are great, but if you have other ways of proving you have the necessary knowledge and expertise, that's good too.

Re:Why bother keeping corporate policies up to dat

[AbbyNormal]

Right on. Look at doctors and lawyers. Their respective codes of ethics are not fool proof either. The person in the article made a conscious choice not to report the possible illegal activities to the local authorities. It would still be up to the moral compass/situation of the individual.

Re:Why bother keeping corporate policies up to dat

[gillbates]

Because it:

1. keeps corporate policymakers and HR people employed, and
2. Gives them the ability to fire someone who violates the policy, and
3. Allows them the leeway to fire someone whom they don't like, by so narrowly defining the Acceptable Use Policy to the point where the average employee has violated at least one of its provisions.

That's why. Whenever you don't understand a corporate decision, just ask yourself, "Who benefits from this?", and soon the reason will become obvious. It's not that corporations make non-sensical decisions; rather, that corporate decisions are often motivated more by internal politics and the need to maintain a semblance of professionalism than anything else.

Re:Why bother keeping corporate policies up to dat

[trolltalk.com]

"Bryan, the IT director for the U.S. division of German company, discovered an employee using a company computer to view pornography of Asian women and of children."

And how did he know this, if he wasn't LOOKING at the damned stuff himself?

1. Someone looking at adult porn is not an "ethical problem", unless you got your ethics from the bible belt.

2. Someone looking at kiddie porn isn't an "ethical problem" either - its a legal problem! Like in "against the law".

3. Not reporting it because you would have to admit you were snooping on other people - priceless AND retarded.

Re:Why bother keeping corporate policies up to dat

[Rei]

Oh, but they were *Asian*. And then he moved to *China*. He might start interacting with Asian women there. The horror! The horror! The horror!

Seriously -- why even bring up the Asian aspect at all, as though that's somehow relevant? I can understand being worried about children, but worried about Asian women? Give me a break.

Re:

[colinbrash]

1. Someone looking at adult porn is not an "ethical problem", unless you got your ethics from the bible belt.

Someone looking at adult porn on company computers is an "ethical problem."

2. Someone looking at kiddie porn isn't an "ethical problem" either - its a legal problem! Like in "against the law".

Yes, indeed.

3. Not reporting it because you would have to admit you were snooping on other people - priceless AND retarded.

He did report it. It says so in the summary that you quoted.

Re:

[trolltalk.com]

Re #1: Its only an ethical problem if you think its an ethical problem. Most of it is pretty harmless/lame/stupid, so why not let people spend a few minutes once in a while looking at something they find easy on the eyes. Better than looking at this [trolltalk.com].

Re #3: He didn't report the kiddie porn to the police ... they're the ones who you report kiddie porn to, not your boss.

I can understand his frustration to a certain extent. Ever try to report child abuse? You'd better have a squeeky-clean past, because yo

Re:

[psmears]

2. Someone looking at kiddie porn isn't an "ethical problem" either - its a legal problem! Like in "against the law".

Sure it's an ethical problem! That's why it's against the law.

Re:Why bother keeping corporate policies up to dat

[Lord Apathy]

Well reporting it to upper management is possibly one of the worst things you can do. In the example he said he knew about the kiddy porn and report it to upper managment. Well, that was your first mistake. First thing you did was single yourself out as a trouble maker and a snitch. People don't like snitches, even if it is for a good reason.

Well he reported the shit and nothing happened. Well possibly nobody believed him so he outed himself for no good reason. Then most upper management blokes tend to run in packs. So odds are he outed his mark to a friend of his mark. The person he outed and the person he outed to could have booth been trading kiddy porn or the person he outed just simply said he wasn't to his frined. Who would you believe? So the only thing he did was paint a fat ass target on his ass.

I would have anonymously figure out a way to rig his computer to send all his kiddy porn to a "public" printer. The biggest fucking color printer in the place. Maybe one of those big ass HP with paper rolls on it. For extra kick I would have set it to go off when the office prude or church lady was standing next to it. Then I would fire the bitch off and stand back and watch the fun.

Mr Kiddy porn gets what's coming to him. I'm not on anyone elses shit list and I have a good laugh at someone elses expense. Of course the whole fuckign thing can backfire. I might not be as good as I think I am and the whole barking mess could fall right back in to my lap with a fat ass thund follwed by a clang.

but I'm that good.. so no worries...

There *is* a code of ethics

[Anonymous Coward]

The ACM has done at least one thing right:

http://www.acm.org/about/code-of-ethics [acm.org]

Re:There *is* a code of ethics

[BobMcD]

I'm not a member, and so do not know the code very well, but looking at the lines of text tells me that this DOES NOT HELP with the moral delema.

Choose one of these two, and break the code both ways:

1.3 Be honest and trustworthy.
1.7 Respect the privacy of others.
1.8 Honor confidentiality.
2.6 Honor contracts, agreements, and assigned responsibilities.
2.8 Access computing and communication resources only when authorized to do so.
3.1 Articulate social responsibilities of members of an organizational unit and encourage full acceptance of those responsibilities.
3.5 Articulate and support policies that protect the dignity of users and others affected by a computing system.

OR

1.1 Contribute to society and human well-being.
1.2 Avoid harm to others.
2.1 Strive to achieve the highest quality, effectiveness and dignity in both the process and products of professional work.
2.3 Know and respect existing laws pertaining to professional work.
3.2 Manage personnel and resources to design and build information systems that enhance the quality of working life.
3.3 Acknowledge and support proper and authorized uses of an organization's computing and communication resources.

Even with this code, you now still have a lose/lose situation...

Re:There *is* a code of ethics

[beheaderaswp]

Nice try.

It has been posited by my legal department that IT workers are "mandatory reporters" in cases of cyber crime, child abuse, and terrorism.

This opinion, which I have not seen tested in court, seems exceptionally relevant considering that like teachers (who are often the first to see child abuse), nurses/doctors (the first to treat physical abuse), and police (the first to intervene in domestic abuse) IT people are a first detector for a myriad of crimes.

Thus, based on legal advice, my employees are instructed to notify law enforcement *before* notifying management. (In some states this may actually be law now)

So yes, this code of ethics, as well as the LOPSA Code I linked below- do apply. Assuming of course the IT director isn't one of those management monkeys who likes to bury things "for the good of the company".

Actually, the most sensible thing is

[Anonymous Coward]

"Thus, based on legal advice, my employees are instructed to notify law enforcement *before* notifying management"

And who wants to fuss with that. My advice would be to (a) never look at anything that would cause you to be forced to report anything (b) if you do, make sure no one else knows and pretend it never happened (c) if caught in a dilemma, tell your boss anyway and say you weren't sure if this applied and you need his/her guidance.

That's the only sensible thing to do, but I realize you can't give that as official advice.

Re:

[NMerriam]

Not sure about in the US but in Canada EVERYONE is legally required to report any child abuse they have evidence of.

The difference for "mandatory reporters" is that they are legally required to report even suspicions of abuse, not just cases where they have evidence or knowledge. Abuse is usually very hard to recognize with any certainty.

Summary has 2 different ethical problems

[R2.0]

1) Not reporting something illegal when discovered in the normal course of business, i.e. whistleblowing. Fear for job safety or simple moral cowardice?

2) Actively doing things that the employee knows are illegal/immoral/unethical. Come on - does a "profession" really need a code of ethics to tell its members not to seek information to which they are not entitled? Maybe they need to reevaluate calling themselves "professionals".

Re:

[Billosaur]

Theoretically, ethics start with your parents. You get your original ethics template from them by watching what they do. You can try to overlay a code of ethics over that, and if the individual is flexible enough it might help reinforce the need for security or override a natural tendency to want to violate the rules, but more often than not a code of ethics is just so many words. It's up to the individual to determine right from wrong in their own mind, based on personal and societal cues. If someone is go

Re:

[krotkruton]

Although this isn't quite related to the article, I think following the ethical policy all the time isn't always a good thing (of course, always doing anything will rarely be the right course of action).

At my university, they recently sent out an email to a couple thousand students that included an attachment containing personal information about every student in the engineering department, including GPA, phone numbers, and addresses. Instead of calling up the IT guys and deleting the emails from the acc

Re:Summary has 2 different ethical problems

[NDPTAL85]

You think your so much better than a plumber or electrician don't you?

I bet you they have codes of ethics too concerning not stealing things in their clients homes and such.

A jerk is a jerk no matter what industry they're in.

So where is the "ethical dilemma"?

[khasim]

You see the logs of some guy looking a kiddie porn and you report it to your HR department.

Where's the ethical dilemma?

If HR does nothing about it, you report it to the FBI.

Where's the ethical dilemma?

And ethical dilemma would be where there were two ethically valid choices with different consequences. If you have two kids and they're both drowning, which one do you save first?

Re:

[athdemo]

The ethical dilemma is that you shouldn't, ethically, be invading someone's privacy.

We're assuming, of course, that the information was gained through means not allowed by company policy, and that you were just snooping. This is why police have to get warrants to bust into peoples houses and all that.

What privacy? There is no privacy at work.

[WebHostingGuy]

That's where you are incorrect. There was never any privacy when someone was using their "work" computer for "personal" use. If you think you have any privacy using a computer provided by your employer, using your employer's resources to access the porn, you are mistaken. Courts have held numerous times employers own the equipment and have the right to view (i.e., spy) on your usage.

There was no privacy here, therefore no ethical issue.

Re:

[cerberusss]

I don't know where you live, but in my country the employer has to state in advance that usage of PC equipment and internet resources can be spied upon. Otherwise viewing porn at work is not a firing offense.

Re:

[bkr1_2k]

Please give examples of companies that don't state this in their employee introduction sessions that also give routine computer access to their employees. I have yet to see any employer who didn't have specific written policies about this.

Re:

[King_TJ]

I follow your logic, but I still disagree.

Privacy is a rather "slippery" thing. The U.S. Constitution never specifically guarantees anyone a "right" to privacy. Neither to any of the Constitutional amendments. It's more of an "implied" individual right, subject to interpretation. (Just being defined as a "figure in the public eye" can drastically change your ability to sue someone for publishing photos taken of you without your permission, for example.)

Ultimately, I think people only retain the amount o

Re:

[plague3106]

Except of course that you're wrong. Courts have upheld the right to use company phones for occasional personal use. Recently, they have ruled simillary for the web or email (I can't remember which). I also don't ever recall a court allowing a company to spy on telephone call, even though they owned the equipment.

You don't lose your rights when you enter a workplace.

Re:

[cellocgw]

Yes, there is no personal privacy for junk on corporate computers. The more interesting issue is when IT accesses machines that are limited-access. For example, take the Personnel Dept (I refuse to use the insulting term HR) and its database of employees' salaries, home addresses, background checks, etc. That info clearly is not for view by IT members, regardless of their root privs. The difference here is that an employee gives info to Personnel with the understanding that it is not for general dissemin

Re:

[arivanov]

The article is missing some bits that are of interest here.

Was the employee German or it was all happening in the USA? If the employee was German, was the policy compliant to German privacy legislation and were the employees correctly informed about it and warned about its enforcement as required by German (and EU) legislation?

Based on personal experience with Americans rolling out nannyware around Y2K I somehow suspect that none of that was done and if the employee was not in the USA and not American the l

There is no Absence!

[beheaderaswp]

There is a professional organization, of which I happen to be a member, Called "LOPSA"- "League of Professional System Administrators".

The code of ethics is found here:

http://lopsa.org/CodeOfEthics [lopsa.org]

While my IT department does not require membership in this organization, these rules of ethics are *posted* and violations of those rules are a fireable offense!

Re:

[eln]

What kind of soulless bastard needs a written code of ethics to know what's right and wrong? Who really thinks that snooping around other peoples' data is the right thing to do?

Unless you were raised by wolves, you already know the difference between right and wrong. Looking through someone's email is just as wrong as looking through their postal mail or peeping through their windows. You don't need to take any ethics classes to know that it's wrong.

Re:

[beheaderaswp]

Agreed.

But adopting a code like this as departmental "law" does two important things:

1. It puts employees we serve at ease because they have a measuring stick for our conduct. (A copy of the LOPSA code is included in the new employee materials)

2. It gives the IT director leverage to cleanly and efficiently fire workers when ethical mis-steps occur.

You're right: "I" don't need the "code"- but it has good uses.

Re:There is no Absence!

[archen]

What kind of soulless bastard needs a written code of ethics to know what's right and wrong? Who really thinks that snooping around other peoples' data is the right thing to do?

Most of us do. But then again a LOT of us have lapses and moments of weakness. I mean if you know there is some really good dirt being shot back and forth via email and you log all email it's really tempting to just snoop through it to kill some boredom. Sometimes just reading a piece of paper on the wall can help you keep your focus.

I'm an I.T. Manager and it's sort of tough sometimes. For me personally I'm having a bad time in my life and I have this vicious streak that emerges many times a day - and that isn't helping. I have the ability to see every website they visit, everything they do on their PC, and can see every email received and sent. I can also access pretty much every file on every machine in the company. That's a LOT of responsibility. And I honestly don't snoop through any of it - it's kept for security/legal reasons. Monthly I wrap it up an 256bit AES encryption on a DVD and that's it. I think most I.T. people are actually pretty honest as well as far as the ones I've met. I mean I'd hate to see what the assholes in sales would do if they had as much power over the company as I had. heh, I actually just cringed.

Re:

[GreggBz]

Thanks for that. It's very helpful.

I think my biggest beef in this business, morality wise, is those that pretend. The whole cocky, know it all, Nick Burns malarkey. I vowed about 6 years ago, that If I didn't know something, I'd admit to it. If I'm not sure what the consequence will be regarding a technical decision, I lay that out for management. It's impossible to know everything.

BS in the IT field is easily perpetrated. Most of what I know is specialty knowledge. It would be easy to make believable stuf

When my pay is ethical, I'll worry about the rest

[cavehobbit]

I have an ethics problem every time I get a paycheck for 40 hours of work when I actually worked 60.

Using company systems for your own needs? heck, the company is alreaady getting 40 grand worth of free overtime. Is that ethical?

Never mind legal, is is ETHICAL?

Re:When my pay is ethical, I'll worry about the re

[mark-t]

If you have an ethics issue with your current job, you should quit, and find a new job. The last thing you should ever want is to be thought of as a person who will compromise his principles for money.

... OR... you really don't have any sort of ethical problem with being exploited at work and you just wanted to whine about something that you figured people might be sympathetic to.

Re:

[Surt]

It's not uncommon to have a higher ethical obligation to provide food, for, say, a child, which takes precedence over your ethical obligation to quit rather than work unpaid overtime. If the OP is basically incompetent, he may not have any additional job choices which would allow him to fulfill the first obligation in order to satisfy the second.

Surely you jest!?

[tanveer1979]

I count myself to be fortunate in a job where I don't have to slog 60-80 hours a week. But many people are not that lucky. "Take another job". Very easy to say. Do you even realize that almost everywhere in the software field the engineers are "expected" to put in 60 hours or more a week. In some good companies, at the end of the project you are allowed to take couple of weeks paid vacation, but its rare. Not everybody has the luxury to walk out, and money does not grow on trees. People don't like to be exp

Re:When my pay is ethical, I'll worry about the re

[mauriatm]

I'm curious, since I really do not know your situation. Why would you work for 20 unpaid hours? If they force you, can't you find a better job?

There are either hourly workers or salaried workers, if you're salaried, did not you agree to being paid a fixed amount?

Not sure how your point relates to ethics. It seems as you are doing the compromise in accepting such a situation.

If your argument is that "salaried" situations are unfair, I can agree but I don't know if that is really an issue of ethics eith

Re:When my pay is ethical, I'll worry about the re

[Bucc5062]

If I had mod points I'd cite this as insightful. You raise a good point. Salaried employees are paid for 40 hour work week, but average much more office time. Do those employees receive a discount (comptime?) at the end of the year? Most likely not so it is an ethical question to post to the employer.

Now, the other side to that discussion is understanding the that typical salaried employee is not *working* eight hours in the day. Even removing 10 minute breaks and lunch the average time spent actually

Re:

[Colin Smith]

You're not required to find work if you have none to do (for whatever reason). You're required to do work which is assigned to you. That may mean only 10 mins of productive work per day.
 

ethics is cultural

[poptones]

Obviously? Just as the very definition of "child porn" varies greatly even among the individuals of a geographic community, this whole thing about the ethics of overtime is a problem of our own doing. Why do salaried employees feel the need to work 60 or more hours per week? Because all the other salaried employees feel the need to work 60 hours per week and one has to compete to keep one's job. And don't come back with that nonsense about all the time IT people "waste" doing things unrelated to their work;

Re:When my pay is ethical, I'll worry about the re

[Attila Dimedici]

Did they tell you that you would be working a 40 hour work week when they hired you? If you think that your compensation(pay plus benefits) is inadequate for the work you do, look for another job. There are lots of companies willing to pay value for good people.

Absence of a Professional Code of Ethics

[thegnu]

Yeah, like Lawyers have.

And Doctors, the same who diagnose bogus psychological diseases in children just so they get kickbacks from the drug companies.

Riiiiiiiiiiiiiiiiiiight. At least most of the IT people aren't DOING anything with the data they collect. Just being nosy.

75% of all stats are made up on the spot...

[HaeMaker]

I think these numbers are bogus.

I know of people instantly fired for doing such things. There is an unwritten IT code and the vast majority of IT people I have known or ever come in contact with follow it.

Re:

[jimicus]

There is an unwritten IT code and the vast majority of IT people I have known or ever come in contact with follow it.

Had you RTFA, you'd know that the whole problem is that the code is unwritten, and therefore everyone has a different interpretation of what is and what isn't acceptable.

Nobody in IT (at least, nobody with half a brain) will openly admit to abusing their privileges. But ask them anonymously and you may well see a different picture.

Re:

[Stevecrox]

I thought 83.243% of all stats were made up on the spot?

Re:

[GigaHurtsMyRobot]

Many years ago I worked as a temp in a helpdesk situation. The position included tons of down-time, and one day I filled in the gaps by browsing what available resources I had been granted access to. I assumed that as a temp, I would have almost no access at all as any such access was not required in order to open a ticket.

Much to the contrary, I was able to access the entire salary list for the organization, and detailed networking topography and connections for all the remote offices. I reported thi

I faced a quandry

[Anonymous Coward]

When I was sysadmin for a small company years ago, I discovered shortly after installing ProxyServer in our Exchange machine that the boss (or someone???) had been surfing porn on his machine. I was delicate, mentioning in a private moment that we (sysops) could see exactly what sites had been visited, on which machine, and who was logged in at the time. We never spoke of it again. I later left the company voluntarily, under no duress.

Probably a million stories similar to mine...

Never (almost)

[ishmalius]

I would like to say that I -never- looked at anyone's data, all of the times I maintained accounts for people. But I did only once, when I suspected that someone had shared their password with a non-employee and that person was logging into the company (which turned out to be correct). So I guess I can justify my snooping by -their- breach of trust. But I still wish that I had not marred my perfect record, although nobody cares about it but me.

Worrisome

[rockhome]

"62% said they had accessed another person's computer without permission, 50% read confidential or sensitive information without a legitimate reason"

I find it worrisome that such a large percentage of out IT workforce is so cavalier about ethics and privacy. I'll ignore the intentional violations of
security policy because much of they MIGHT be attributed to one-off circumventions in order to get a necessary job done. It is curious that so many would
find snooping such a permissible activity. A professiona

Re:

[swv3752]

I have to go through DB tables on an SMSC to troubleshoot issues with SMS. Now I could setup an SQL query not to show the Message text, the row has about 18 fields and it is a lot easier to just type select * instead. And this presumes I don't have a valid reason to view the message contents, which sometimes there is a valid reason.

So technically I violated privacy, but if you complained about an email problem, it would be reasonable to expect that the sysadmin will end up seeing your email message.

Permission?

[peipas]

Violating company policies and snooping is one thing, but employees do not own their computers and staff administering machines do not need permission to access systems.

Re:

[DerekLyons]

Violating company policies and snooping is one thing, but employees do not own their computers and staff administering machines do not need permission to access systems.

IT staff are employees too... They don't own the machines either. Not to mention that if you work for a company that handles personal information, you may be breaking the law if you go acessing systems/data without permission and the proper controls.

Your posting is a stark illustration of why the field needs a code of ethics.

Re:

[glwtta]

A DBA needs access to the machine that HR, Payroll or client data sits on, but that doesn't mean he has the right/permission/need to browse through that data at his leisure.

Not what the OP was saying - the TFS mentions "access[ing] another person's computer without permission", unless they are talking about hacking into random people's personal machines (which seems unlikely), they seem to be implying that the IT person would need a user's "permission" to access "their" PC, which is just not true. It's

(Oxy)moronic

[athloi]

"Business ethics" is an oxymoron. You're either there to earn money and out-compete everyone else, or there to act ethically. The two don't mix. If you try, someone else will cut that ethics corner and out-compete you, and then the people who own your stock will sue you.

Code of Ethics

[TheRecklessWanderer]

Just because a company has a code of ethics, that does not mean that other people will follow it. It just means you can fire them if they don't follow the code.

It's a sad state of affairs, that like gossip, confidential information is always the most interesting. No ethics code is going to stop unscrupulous (AKA dishonest) people from snooping in other people's private affairs.

Conflation of different areas

[PontifexPrimus]

That is an example of what I like to call "conflation of evils". An action can be

• morally wrong (going against your own personal conscience)
• legally wrong (going against codified law)or
• sinful (going against your religious beliefs)

Watching child pornography is illegal in all relevant legal systems, and not reporting someone to the authorities could be considered a crime of omission or obstruction of justice. It might be sinful, depending on your religion. It is probably considered morally wrong by the majority of people.
The problem I see with the dilemma posed by the article is that he tries to conflate these areas and to get a mental map that divides things neatly into The Right Thing(TM) and The Wrong Thing(TM). I think this approach vastly over-simplifies things; take file-sharing, for instance: many instances are illegal since they break copyright law. Yet I wouldn't think it is immoral, since the laws appear to be unjustly slanted against consumers. I couldn't say how religions see the issue (the closest I could find was a quote from the Bible: "go thy way, sell whatsoever thou hast, and give to the poor" which seems to speak out against hoarding property), so I won't make a qualified judgement on that.
But it should be clear that this is a complex issue, and people trying to frame it in terms of "right" and "wrong" without specifying the framework they're using makes a good answer almost impossible.

Re:Conflation of different areas

[Surt]

There's also:
        * ethically wrong (violating a codified system to which you have agreed, but which is not backed by threat of physical force)

People get that one confused with the other 3 as well.
Ethical can be thought of as polar from legal: You don't agree to abide by the legal system, but you're threatened by physical force if you don't comply.

What can you say....

[Capt James McCarthy]

There has to be somebody with the keys to the Kingdom....even if it's RBAC'd. And sometimes those powers are abused or misused.

What's the next topic for /., people sometimes break laws?

Not me.

[Zero_DgZ]

Sure, I have unmitigated access to everything that comes, goes, or happens in my company. And if I don't have access to some particular facet of the boss's operation it's pretty trivial to give myself access. But do I snoop through other employees' email or documents or browsing records or whatever? No. But, admittedly, not because of any particular integrity or high moral standards on my part.

I just don't care. Yeah, it might be nice to intercept early the memo that says I'm going to get canned tomorrow (or whatever) but I have more than enough things on my plate and no time, motivation, or incentive to play Secret Squirrel with other people's stuff. I have news for you: 99.9999% of what happens on a business network is mind numbingly boring. Memos. Transmittals. Materials lists. Spreadsheets. Schedules. Business correspondence so packed with legalese and ass-kissing and meaningless paradigm shifting buzzword bullshit it makes my brain hurt just thinking about it.

If I want to abuse my authority and misappropriate company time and network access, it's easier and less mind-frazzling to just delegate the job to somebody else and go read Slashdot.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Trouble keeping plicies up to date?

[TheSkyIsPurple]

> But in the absence of a professional code of ethics, companies struggle to keep corporate policies up to date."

How hard is that? Every large company I've seen policies for has blanket statements saying something like "don't access stuff you're not authorized to access".
What is not being kept up to date? How much more complicated does it need to get?

They should both be fired

[Tiger4]

The IT guy was accessing the content of transactions, presumably without authorization. The Porn fiend was using company equipment for, again presuambly, unauthorized and perhaps illegal purposes.

Some companies don't feel the need to actually lay out a code of ethics, but I can't think of a single boss that doesn't understand the importance of "improper use of company equipment". This isn't a technology issue. This is exactly what it sounds like, an ethics and conduct issue. If the mail room clerks wer

What's wrong with asian women?

[JustShootMe]

I can understand the kiddie stuff. But what's wrong with asian women? Last I checked, asian women were beautiful, and there is nothing illegal about viewing them. It may be against company policy, but THAT is not worth calling the FBI over.

I know what the author was trying to get across, and there was plenty of cause to call the FBI, but lumping the asian women with children is just demeaning to the women.

Re:

[Knara]

In the eyes of the law, women are often equated to be as helpless (and as unable to make reasonable decisions) as children.

Just throwin that out there.

Re:

[JustShootMe]

But at least for the present female porn is not the same as kiddie porn in the eyes of the law.

It's not just IT

[Merenth]

This isn't specific to IT, but it happens a lot.
Most newbie Admins poke around in places they shouldn't soon after getting heightened access to the systems.

Almost anyone, in any career where they have access to sensitive information end up abusing it to some degree.
Doctors, Nurses and medical records people read the files of friends or relatives all the time, and that's certainly illegal.

Also, if you come across that kind of stuff in your routine work, you are actually required by law to report it to the police.

After 15+ years in IT, all data looks the same to me.
I can help someone adjust the font on a document and not even notice what it says.

At the end of the day, it's your reflection.

[UncHellMatt]

Not too many years ago I worked for a "web startup" (i.e. small company founded by Harvard MBA who smoked lots of weed, drove a VW, and was out to "save the world") as IT manager. As the market tanked, the CEO became more and more concerned for the future of the company and with good reason! We'd gone from regular upper 6 figures per month to less than half that, with three locations whittled down to essentially one and a half. Many employees left for greener pastures. When things REALLY started to go down hill, the CEO asked me to intercept any emails between current and former employees, and then "hinted" that since so many of our clients had their email hosted on our email server, couldn't I do the same with them. I know that, legally, he had the right to get access to current employee email, and any former employee whom he had granted continued use of our email system (not sure on that last bit, IANAL). But asking me to, or suggesting I should allow him to, read client emails was a final straw. While he may have the "legal right" to read employee emails, it left a very bad taste in my mouth. Suggesting I allow him to read client's emails? It was like licking a rat. At the end of the day I had to go home and see myself in the mirror, and I knew that reading other people's personal, private emails was something so abhorrent. (Rimmer: "Lister, that is my private, personal, private diary; full of my personal, private, personal things." Cat: "It's gone public.") Now all that said, at another job, myself and some other IT workers suspected one of the devs of possibly being a pedo. We didn't read his emails, we didn't pour through his computer (which we could easily have done), but we did put google to good use, and at one point we did packet sniff where he was browsing. Was I proud of that? Well, actually yes. If he HAD been looking at kiddie porn, if he HAD been a sexual predator, being a father how could I stand back and not try to do something? It turned out he wasn't a diddler, just... Really really really really creepy. It is a very fine line between "ethical" and "non-ethical", it can be very hard to judge which is which, and everyone will have their own opinions. But in the end you have to live with yourself, and certainly I'm not qualified to decide right and wrong, nor pass judgment. If I had my way, anyone who sold a poorly made curry would be strung up and boiled in oil.

Re:At the end of the day, it's your reflection.

[mgblst]

If he HAD been looking at kiddie porn, if he HAD been a sexual predator, being a father how could I stand back and not try to do something? It turned out he wasn't a diddler, just... Really really really really creepy.

This is why it is so scary to let certain people, delusional paranoids such as yourself, to have this power. It boggles the mind what someone would have done to convince you that they were a kiddy fiddler, wearing black clothes, taling quietly, maybe they just weren't that social - i am pretty sure that they didn't have disturbing pictures around the cubical. I guess he is just glad that you weren't so convinced that you dropped a few extra files onto his machine - all in order to protect your children from the non-existant menace. Congratulations, I am sure your witch hunting will be put to better use next time.

Re:

[Just Some Guy]

I guess he is just glad that you weren't so convinced that you dropped a few extra files onto his machine - all in order to protect your children from the non-existant menace. Congratulations, I am sure your witch hunting will be put to better use next time.

I tend to be of the same opinion, but I also recognize that there's such a thing as probable cause. Sometimes people act creepy just because they're eccentric. Other people act creepy because they really are doing creepy things.

There's a huge difference between looking more closely at someone who's drawn attention to themselves and framing that person. Most rational adults are quite capable of doing the former without stooping to the latter. The alternative is deliberately looking the other way rega

Re:

[Swave An deBwoner]

If I had my way, anyone who sold a poorly made curry would be strung up and boiled in oil.

Thereby creating yet another poorly made curry?

Sort of depends on what this means...

[jafiwam]

view pornography of Asian women and of children.

Does it mean;

- Asian women, men in porn
- Asian children in porn

Or, does it mean;

- generic Asian porn
- generic pictures of kids in NON porn situations like one might run across if one were looking into culture of the far east.

You can like Asian women and seek out that sort of porn without liking Asian children in porn.

There is a HUGE difference between porn at work (a common thing) and KIDDIE porn at work. One is just something you can get fired for. The other is a felony.

The phrasing in the summary seems to imply the latter is what is going on, in which case you need to check your morals at the door and adopt whatever the company says is OK. (And that seems to be that a bit o-boobies searching is fine since the HR department didn't do anything about it.)

Just because YOU don't like porn of adults, doesn't mean you need to be bugging the FBI about it. If it was real child porn YOU ALREADY COMMITTED A CRIME and acted immorally by not going to the cops with the information.

It's how I got my job...

[Slartibartfast]

The previous Sr. SysAdmin at my current employer was indiscreet when he found objectionable material. Such that, not only did the person with the objectionable material go away, but so did the SysAdmin. Rule of thumb: if management *does* respond appropriately, DON'T SHOW IT TO ANYONE ELSE.

Of course, that being said, he's gone, and I got pulled in. So I'm happy.

Your choices when presented with criminal actions

[Bill the Cat]

1. join the consipiracy, or
2. quit

Blowing the whistle makes you a big target. Ignoring the problem makes you guilty.

be nice to your IT guy and buy him lots of beer

[peter303]

Get on his/her good side.

Ambiguity over ethics

[PPH]

So, lets say you are an employee who works for a company and:

• You discover child porn among the company documents brought back from an overseas business trip by a vice president. You report it and corporate decides to hide the discovery from law enforcement and allow the v.p. to retire 'quietly'.
• You monitor the web mail accessed by employees at work. This reveals that he is having an affair. You report it and the board of directors ask for his immediate resignation, publicly.
• You are a vendor that handles photo developing for a number of companies, including a major defense contractor. Upon developing several rolls of personal photos for a high ranking manager, you spot a number of them that have been taken on board a nuclear missile sub and (based upon your past experience in the Navy) know that some of these contain highly classified information. You contact the FBI. Nothing happens, other than the company drops your firm from its list of approved vendors. Nothing happens to the manager who took the photos.
• You expose a whistle-blower downloading documents that could show a pattern of fraud within the company involving its dealing with federal regulators. The fines against the company could be from $5 billion dollars to as much as $15 billion (if Rico damages apply). The company has the police arrest the whistle-blower and charge him with theft of company IP/
• As an IT employee, you ask your supervisor why a particular vendor was chosen for a project. In spite of a clear written corporate policy forbidding conflicts of interest or the appearance of such conflicts, he doesn't even hesitate to reply, "Because I get stock options from them".

This all involves the same company. As an employee, what can I conclude about my company's ethical standards? What should I do if I discover something 'unethical'?

Re:Why talk about Ethics

[BiloxiGeek]

A poll [slashdot.org]? What's the point of that???
5% of us would vote randomly
6% will definitely be stuffing the ballot box
7% Might be stuffing the ballot box

Or worse yet:
17% will choose the Cowboy Neal option

Re:

[tengu1sd]

Diebold will release the ethics poll results tonight at 20:05 when the polls close on the west coast. You don't need to vote, Diebold has already totaled your ballot.

Sociopaths.

[C10H14N2]

Sociopaths love being in charge. Arguably, there are quite a few of them in the upper ranks of many organizations.

However, sociopaths do not like competition and the non-sociopaths below them will make quick work of dispensing with any pretenders to the throne. They may not agree with your strategies, but they've read your playbook.

So for the non-megalomaniac, it is probably advisable for success to not be a raging sociopath.

Re:

[Maximum Prophet]

The capitalist economic system, with all its little trappings, is about war. That's why Sun Tzus book is one of the top selling books for executives.

What you are confusing is the Adam Smith style capitalism with the Monopolist practices of modern upper managment.

Capitalism isn't war, it's more like a race. Even though you are trying to win, there must be other competetors for there to be a race. Imagine Lance Armstrong tried to have a bike race where he was the only entrant. What would be the point?

Re:

[ShieldW0lf]

You can trust people over 30. But they look more like RMS.

Re:

[mcpkaaos]

As a salaried software engineer, I am on call basically 24/7 (and that is often exercised when we push code to production). If I am expected to allow work to invade my personal life, then my personal life will have to invade work from time to time. Fair is fair.

Re:

[bkr1_2k]

You aren't expected to allow work to invade your personal time. You have allowed it to do so by not saying no. It's not hard to turn off the pager/cell phone, whatever, when you leave the office. There are literally hundreds of thousands of "salaried software engineers" who aren't on call 24/7.

That's not to say I disagree with you that a reasonable amount of personal activity on company time should be tolerated, just that your excuse sucks.

Re:Not entirely ethics

[trolltalk.com]

Come off it ... 70% of ALL porn-viewing is during working hours.

Your boss does it. Your coworkers do it. Get over it.

As long as you get your work done, who gives a shit? Better they look at pr0n than some site that advocates that "Jebus is comiong soon" and they start putting bible tracts on your keyboard ... THAT is a real invasion of a person's "space".

Re:

[wizardforce]

I don't see why it's so hard to understand that from the perspective of the company, they're paying you to do work, nothing else, and certainly not to look at porn.

If the people you hire dont get any work done you already know this without having to snoop through their browsing habits. If they don't work you fire their lazy ass; you don't snoop on their e-mails. it's none of your fucking business what websites they visit or who, what, why and when they e-mailed someone.

Re:

[Swave An deBwoner]

I think the problem here is that most of these sites get paid for clicks / ad-loads. So you actually are contributing to the financial welfare of the hosting site simply by looking. The result may be increased demand for such images.

Re:

[jimicus]

Sorry to ask, but why simply looking at images of children porn is usually seen as a problem? I'm all for sending to jail those who make such images, those who distribute them for profit, and those who pay for them, since all of these persons are directly or indirectly harming children. But just for looking? This is silly.

Because those who look at them create a demand to produce them.

Re:

[Soko]

As a shortcut, ask yourself, what would the BOFH do?

He'd go for extortion?

The phone rings. It'll be him again, I know. That annoys me. I put on a gruff voice

"HELLO, SALARIES!"

"Oh, I'm sorry, I've got the wrong number"

"YEAH? Well what's your name buddy? Do you know WASTED phone calls cost money? DO YOU? I've got a good mind to subtract your wasted time, my wasted time, and the cost of this call from your weekly wages! IN FACT I WILL! By the time I've finished with you, YOU'LL OWE US money! WHAT'S YOUR NAME - AND DON'T LIE, WE'VE GOT CALLER ID!!"

I hear the ph