Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security

When Ethics and IT Collide 414

jcatcw writes "IT workers have access to confidential data, and they can see what other employees are doing on their computers or the networks. This can put a good worker in a bad predicament. Bryan, the IT director for the U.S. division of German company, discovered an employee using a company computer to view pornography of Asian women and of children. He reported it but the company ignored it. Subsequently the employee was promoted and moved to China to run a manufacturing plant. That was six years ago but Bryan still regrets not going to the FBI. Other IT workers admit using their admin passwords to snoop through company systems. In a Ponemon Institute poll of more than 16,000 U.S. IT practitioners, 62% said they had accessed another person's computer without permission, 50% read confidential or sensitive information without a legitimate reason, and 42% said they had knowingly violated their company's privacy, security or IT policies. But in the absence of a professional code of ethics, companies struggle to keep corporate policies up to date."
This discussion has been archived. No new comments can be posted.

When Ethics and IT Collide

Comments Filter:
  • by Eric Smith ( 4379 ) * on Wednesday September 12, 2007 @10:51AM (#20573825) Homepage Journal

    and 42% said they had knowingly violated their company's privacy, security or IT policies. But in the absence of a professional code of ethics, companies struggle to keep corporate policies up to date."
    If 42% are willing to violate the existing policies and risk termination or worse, how would adding a professional code of ethics or keeping corporate policies up to date help? Those same 42% would likely ignore the code of ethics and violate newer policies as well.
    • by Stormcrow309 ( 590240 ) on Wednesday September 12, 2007 @11:00AM (#20573987) Journal

      If it was like the PMP, CMA, CPA or other professional certifications/licensure that industry requires for certain jobs, then code of ethics violations would mean loss of certifications/licensure. That would weed out all those unethical assholes in IT.

      • by Nerdfest ( 867930 ) on Wednesday September 12, 2007 @11:07AM (#20574135)

        That would weed out all those unethical assholes in IT.

        ... and send them back to management and marketing where they belong!
        • by ePhil_One ( 634771 ) on Wednesday September 12, 2007 @01:04PM (#20576359) Journal
          and send them back to management and marketing

          Perhaps you know different IT folks than I do. Most of the IT guys I know would do very poorly in both of these roles.

          I think the point of a "Professional Association" is that it would raise the risk of unethical behavior. Right now you get caught with your fingers in the cookie jar & lose your job, you'll have a new one in a few months, and the old job will likely only "confirm employment" because of HR policy. If there was a professional society companies could refer to, they might able to inflict a more serious punishment. Of course, given the lack of success with similar professional organizations in Law & Medicine in policing their memberships, my confidence level is low.

      • It would also weed out anyone who has an idea the guild doesn't want to see implemented, or who wants to enter to field to compete with whoever's excessively paid.
        • Re: (Score:3, Insightful)

          who wants to enter to field to compete with whoever's excessively paid.

          If they were able to negotiate that salary from the corporate management, then they aren't excessively paid. Companies pay people according to their perceived worth. If you are willing to do the same job at the same quality level for less money, then not only are you being foolish in the personal financial realm, but you are devaluing the IT skill set for everyone else as well. Part of what a professional licensing organization would d
      • by Colin Smith ( 2679 ) on Wednesday September 12, 2007 @11:29AM (#20574583)
        Because there are already professional certifications available for IT people. Speaking from personal experience they currently make bugger all difference to fees or salaries. If you were to require such certifications then the reduction in supply of IT personnel would cause the salaries of the certified to rocket... As it has for lawyers, doctors, accountants etc.

        No? Not willing to pay up? Oh well then, you can't really complain.
         
      • by pegr ( 46683 ) on Wednesday September 12, 2007 @11:32AM (#20574643) Homepage Journal
        That would weed out all those unethical assholes in IT.
         
        Sticks and stones may break my bones, but I can read your email...
      • Re: (Score:3, Interesting)

        by rtechie ( 244489 )
        And there are no crooked accountants? Haven't the very largest accounting firms in the USA, regulated and certified, been responsible for most of the recent multi-billion dollar corporate scandals? They just found ways to work around the "ethical rules" imposed on them.

        It's about culture. Most IT guys are "techies" not money-grubbing bastards (aka business executives, accountants, etc.) Most IT professionals have a sense of integrity, understand their power within the organization, and act reasonably respon
    • Right on. Look at doctors and lawyers. Their respective codes of ethics are not fool proof either. The person in the article made a conscious choice not to report the possible illegal activities to the local authorities. It would still be up to the moral compass/situation of the individual.
    • by gillbates ( 106458 ) on Wednesday September 12, 2007 @12:20PM (#20575543) Homepage Journal

      Because it:

      1. keeps corporate policymakers and HR people employed, and
      2. Gives them the ability to fire someone who violates the policy, and
      3. Allows them the leeway to fire someone whom they don't like, by so narrowly defining the Acceptable Use Policy to the point where the average employee has violated at least one of its provisions.

      That's why. Whenever you don't understand a corporate decision, just ask yourself, "Who benefits from this?", and soon the reason will become obvious. It's not that corporations make non-sensical decisions; rather, that corporate decisions are often motivated more by internal politics and the need to maintain a semblance of professionalism than anything else.

  • by Anonymous Coward on Wednesday September 12, 2007 @10:51AM (#20573829)
    The ACM has done at least one thing right:

    http://www.acm.org/about/code-of-ethics [acm.org]
    • by BobMcD ( 601576 ) on Wednesday September 12, 2007 @11:04AM (#20574069)
      I'm not a member, and so do not know the code very well, but looking at the lines of text tells me that this DOES NOT HELP with the moral delema.

      Choose one of these two, and break the code both ways:

      1.3 Be honest and trustworthy.
      1.7 Respect the privacy of others.
      1.8 Honor confidentiality.
      2.6 Honor contracts, agreements, and assigned responsibilities.
      2.8 Access computing and communication resources only when authorized to do so.
      3.1 Articulate social responsibilities of members of an organizational unit and encourage full acceptance of those responsibilities.
      3.5 Articulate and support policies that protect the dignity of users and others affected by a computing system.
      OR

      1.1 Contribute to society and human well-being.
      1.2 Avoid harm to others.
      2.1 Strive to achieve the highest quality, effectiveness and dignity in both the process and products of professional work.
      2.3 Know and respect existing laws pertaining to professional work.
      3.2 Manage personnel and resources to design and build information systems that enhance the quality of working life.
      3.3 Acknowledge and support proper and authorized uses of an organization's computing and communication resources.
      Even with this code, you now still have a lose/lose situation...
      • by beheaderaswp ( 549877 ) * on Wednesday September 12, 2007 @11:21AM (#20574431)
        Nice try.

        It has been posited by my legal department that IT workers are "mandatory reporters" in cases of cyber crime, child abuse, and terrorism.

        This opinion, which I have not seen tested in court, seems exceptionally relevant considering that like teachers (who are often the first to see child abuse), nurses/doctors (the first to treat physical abuse), and police (the first to intervene in domestic abuse) IT people are a first detector for a myriad of crimes.

        Thus, based on legal advice, my employees are instructed to notify law enforcement *before* notifying management. (In some states this may actually be law now)

        So yes, this code of ethics, as well as the LOPSA Code I linked below- do apply. Assuming of course the IT director isn't one of those management monkeys who likes to bury things "for the good of the company".
        • by Anonymous Coward on Wednesday September 12, 2007 @11:47AM (#20574935)
          "Thus, based on legal advice, my employees are instructed to notify law enforcement *before* notifying management"

          And who wants to fuss with that. My advice would be to (a) never look at anything that would cause you to be forced to report anything (b) if you do, make sure no one else knows and pretend it never happened (c) if caught in a dilemma, tell your boss anyway and say you weren't sure if this applied and you need his/her guidance.

          That's the only sensible thing to do, but I realize you can't give that as official advice.
  • by R2.0 ( 532027 ) on Wednesday September 12, 2007 @10:52AM (#20573839)
    1) Not reporting something illegal when discovered in the normal course of business, i.e. whistleblowing. Fear for job safety or simple moral cowardice?

    2) Actively doing things that the employee knows are illegal/immoral/unethical. Come on - does a "profession" really need a code of ethics to tell its members not to seek information to which they are not entitled? Maybe they need to reevaluate calling themselves "professionals".
    • Re: (Score:3, Interesting)

      by Billosaur ( 927319 ) *

      Theoretically, ethics start with your parents. You get your original ethics template from them by watching what they do. You can try to overlay a code of ethics over that, and if the individual is flexible enough it might help reinforce the need for security or override a natural tendency to want to violate the rules, but more often than not a code of ethics is just so many words. It's up to the individual to determine right from wrong in their own mind, based on personal and societal cues. If someone is go

    • Re: (Score:3, Interesting)

      by krotkruton ( 967718 )
      Although this isn't quite related to the article, I think following the ethical policy all the time isn't always a good thing (of course, always doing anything will rarely be the right course of action).

      At my university, they recently sent out an email to a couple thousand students that included an attachment containing personal information about every student in the engineering department, including GPA, phone numbers, and addresses. Instead of calling up the IT guys and deleting the emails from the acc
  • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Wednesday September 12, 2007 @10:53AM (#20573881)
    You see the logs of some guy looking a kiddie porn and you report it to your HR department.

    Where's the ethical dilemma?

    If HR does nothing about it, you report it to the FBI.

    Where's the ethical dilemma?

    And ethical dilemma would be where there were two ethically valid choices with different consequences. If you have two kids and they're both drowning, which one do you save first?
    • Re: (Score:2, Insightful)

      by athdemo ( 1153305 )
      The ethical dilemma is that you shouldn't, ethically, be invading someone's privacy.

      We're assuming, of course, that the information was gained through means not allowed by company policy, and that you were just snooping. This is why police have to get warrants to bust into peoples houses and all that.
      • by WebHostingGuy ( 825421 ) on Wednesday September 12, 2007 @11:11AM (#20574215) Homepage Journal
        That's where you are incorrect. There was never any privacy when someone was using their "work" computer for "personal" use. If you think you have any privacy using a computer provided by your employer, using your employer's resources to access the porn, you are mistaken. Courts have held numerous times employers own the equipment and have the right to view (i.e., spy) on your usage.

        There was no privacy here, therefore no ethical issue.
        • Re: (Score:3, Interesting)

          by cerberusss ( 660701 )
          I don't know where you live, but in my country the employer has to state in advance that usage of PC equipment and internet resources can be spied upon. Otherwise viewing porn at work is not a firing offense.
          • by bkr1_2k ( 237627 )
            Please give examples of companies that don't state this in their employee introduction sessions that also give routine computer access to their employees. I have yet to see any employer who didn't have specific written policies about this.
        • Re: (Score:3, Interesting)

          by King_TJ ( 85913 )
          I follow your logic, but I still disagree.

          Privacy is a rather "slippery" thing. The U.S. Constitution never specifically guarantees anyone a "right" to privacy. Neither to any of the Constitutional amendments. It's more of an "implied" individual right, subject to interpretation. (Just being defined as a "figure in the public eye" can drastically change your ability to sue someone for publishing photos taken of you without your permission, for example.)

          Ultimately, I think people only retain the amount o
        • Re: (Score:3, Interesting)

          by plague3106 ( 71849 )
          Except of course that you're wrong. Courts have upheld the right to use company phones for occasional personal use. Recently, they have ruled simillary for the web or email (I can't remember which). I also don't ever recall a court allowing a company to spy on telephone call, even though they owned the equipment.

          You don't lose your rights when you enter a workplace.
        • Re: (Score:3, Insightful)

          by cellocgw ( 617879 )
          Yes, there is no personal privacy for junk on corporate computers. The more interesting issue is when IT accesses machines that are limited-access. For example, take the Personnel Dept (I refuse to use the insulting term HR) and its database of employees' salaries, home addresses, background checks, etc. That info clearly is not for view by IT members, regardless of their root privs. The difference here is that an employee gives info to Personnel with the understanding that it is not for general dissemin
    • Re: (Score:3, Interesting)

      by arivanov ( 12034 )
      The article is missing some bits that are of interest here.

      Was the employee German or it was all happening in the USA? If the employee was German, was the policy compliant to German privacy legislation and were the employees correctly informed about it and warned about its enforcement as required by German (and EU) legislation?

      Based on personal experience with Americans rolling out nannyware around Y2K I somehow suspect that none of that was done and if the employee was not in the USA and not American the l
  • There is no Absence! (Score:5, Informative)

    by beheaderaswp ( 549877 ) * on Wednesday September 12, 2007 @10:54AM (#20573905)
    There is a professional organization, of which I happen to be a member, Called "LOPSA"- "League of Professional System Administrators".

    The code of ethics is found here:

    http://lopsa.org/CodeOfEthics [lopsa.org]

    While my IT department does not require membership in this organization, these rules of ethics are *posted* and violations of those rules are a fireable offense!
    • Re: (Score:3, Insightful)

      by eln ( 21727 ) *
      What kind of soulless bastard needs a written code of ethics to know what's right and wrong? Who really thinks that snooping around other peoples' data is the right thing to do?

      Unless you were raised by wolves, you already know the difference between right and wrong. Looking through someone's email is just as wrong as looking through their postal mail or peeping through their windows. You don't need to take any ethics classes to know that it's wrong.
      • Re: (Score:3, Informative)

        Agreed.

        But adopting a code like this as departmental "law" does two important things:

        1. It puts employees we serve at ease because they have a measuring stick for our conduct. (A copy of the LOPSA code is included in the new employee materials)

        2. It gives the IT director leverage to cleanly and efficiently fire workers when ethical mis-steps occur.

        You're right: "I" don't need the "code"- but it has good uses.
      • by archen ( 447353 ) on Wednesday September 12, 2007 @11:42AM (#20574853)
        What kind of soulless bastard needs a written code of ethics to know what's right and wrong? Who really thinks that snooping around other peoples' data is the right thing to do?

        Most of us do. But then again a LOT of us have lapses and moments of weakness. I mean if you know there is some really good dirt being shot back and forth via email and you log all email it's really tempting to just snoop through it to kill some boredom. Sometimes just reading a piece of paper on the wall can help you keep your focus.

        I'm an I.T. Manager and it's sort of tough sometimes. For me personally I'm having a bad time in my life and I have this vicious streak that emerges many times a day - and that isn't helping. I have the ability to see every website they visit, everything they do on their PC, and can see every email received and sent. I can also access pretty much every file on every machine in the company. That's a LOT of responsibility. And I honestly don't snoop through any of it - it's kept for security/legal reasons. Monthly I wrap it up an 256bit AES encryption on a DVD and that's it. I think most I.T. people are actually pretty honest as well as far as the ones I've met. I mean I'd hate to see what the assholes in sales would do if they had as much power over the company as I had. heh, I actually just cringed.
    • by GreggBz ( 777373 )
      Thanks for that. It's very helpful.

      I think my biggest beef in this business, morality wise, is those that pretend. The whole cocky, know it all, Nick Burns malarkey. I vowed about 6 years ago, that If I didn't know something, I'd admit to it. If I'm not sure what the consequence will be regarding a technical decision, I lay that out for management. It's impossible to know everything.

      BS in the IT field is easily perpetrated. Most of what I know is specialty knowledge. It would be easy to make believable stuf
  • by cavehobbit ( 652751 ) on Wednesday September 12, 2007 @10:55AM (#20573923)
    I have an ethics problem every time I get a paycheck for 40 hours of work when I actually worked 60.

    Using company systems for your own needs? heck, the company is alreaady getting 40 grand worth of free overtime. Is that ethical?

    Never mind legal, is is ETHICAL?
    • by mark-t ( 151149 ) <marktNO@SPAMnerdflat.com> on Wednesday September 12, 2007 @11:08AM (#20574155) Journal

      If you have an ethics issue with your current job, you should quit, and find a new job. The last thing you should ever want is to be thought of as a person who will compromise his principles for money.

      ... OR... you really don't have any sort of ethical problem with being exploited at work and you just wanted to whine about something that you figured people might be sympathetic to.

      • Re: (Score:3, Interesting)

        by Surt ( 22457 )
        It's not uncommon to have a higher ethical obligation to provide food, for, say, a child, which takes precedence over your ethical obligation to quit rather than work unpaid overtime. If the OP is basically incompetent, he may not have any additional job choices which would allow him to fulfill the first obligation in order to satisfy the second.
      • Surely you jest!? (Score:3, Insightful)

        by tanveer1979 ( 530624 )
        I count myself to be fortunate in a job where I don't have to slog 60-80 hours a week. But many people are not that lucky. "Take another job". Very easy to say. Do you even realize that almost everywhere in the software field the engineers are "expected" to put in 60 hours or more a week. In some good companies, at the end of the project you are allowed to take couple of weeks paid vacation, but its rare. Not everybody has the luxury to walk out, and money does not grow on trees. People don't like to be exp
    • I'm curious, since I really do not know your situation. Why would you work for 20 unpaid hours? If they force you, can't you find a better job?

      There are either hourly workers or salaried workers, if you're salaried, did not you agree to being paid a fixed amount?

      Not sure how your point relates to ethics. It seems as you are doing the compromise in accepting such a situation.

      If your argument is that "salaried" situations are unfair, I can agree but I don't know if that is really an issue of ethics eith
    • If I had mod points I'd cite this as insightful. You raise a good point. Salaried employees are paid for 40 hour work week, but average much more office time. Do those employees receive a discount (comptime?) at the end of the year? Most likely not so it is an ethical question to post to the employer.

      Now, the other side to that discussion is understanding the that typical salaried employee is not *working* eight hours in the day. Even removing 10 minute breaks and lunch the average time spent actually
      • You're not required to find work if you have none to do (for whatever reason). You're required to do work which is assigned to you. That may mean only 10 mins of productive work per day.
         
      • Obviously? Just as the very definition of "child porn" varies greatly even among the individuals of a geographic community, this whole thing about the ethics of overtime is a problem of our own doing. Why do salaried employees feel the need to work 60 or more hours per week? Because all the other salaried employees feel the need to work 60 hours per week and one has to compete to keep one's job. And don't come back with that nonsense about all the time IT people "waste" doing things unrelated to their work;
    • Did they tell you that you would be working a 40 hour work week when they hired you? If you think that your compensation(pay plus benefits) is inadequate for the work you do, look for another job. There are lots of companies willing to pay value for good people.
  • Yeah, like Lawyers have.

    And Doctors, the same who diagnose bogus psychological diseases in children just so they get kickbacks from the drug companies.

    Riiiiiiiiiiiiiiiiiiight. At least most of the IT people aren't DOING anything with the data they collect. Just being nosy.
  • by HaeMaker ( 221642 ) on Wednesday September 12, 2007 @10:59AM (#20573975) Homepage
    I think these numbers are bogus.

    I know of people instantly fired for doing such things. There is an unwritten IT code and the vast majority of IT people I have known or ever come in contact with follow it.
    • by jimicus ( 737525 )
      There is an unwritten IT code and the vast majority of IT people I have known or ever come in contact with follow it.

      Had you RTFA, you'd know that the whole problem is that the code is unwritten, and therefore everyone has a different interpretation of what is and what isn't acceptable.

      Nobody in IT (at least, nobody with half a brain) will openly admit to abusing their privileges. But ask them anonymously and you may well see a different picture.
    • I thought 83.243% of all stats were made up on the spot?
    • Re: (Score:3, Interesting)

      Many years ago I worked as a temp in a helpdesk situation. The position included tons of down-time, and one day I filled in the gaps by browsing what available resources I had been granted access to. I assumed that as a temp, I would have almost no access at all as any such access was not required in order to open a ticket.

      Much to the contrary, I was able to access the entire salary list for the organization, and detailed networking topography and connections for all the remote offices. I reported thi

  • I faced a quandry (Score:2, Interesting)

    by Anonymous Coward
    When I was sysadmin for a small company years ago, I discovered shortly after installing ProxyServer in our Exchange machine that the boss (or someone???) had been surfing porn on his machine. I was delicate, mentioning in a private moment that we (sysops) could see exactly what sites had been visited, on which machine, and who was logged in at the time. We never spoke of it again. I later left the company voluntarily, under no duress.

    Probably a million stories similar to mine...
  • I would like to say that I -never- looked at anyone's data, all of the times I maintained accounts for people. But I did only once, when I suspected that someone had shared their password with a non-employee and that person was logging into the company (which turned out to be correct). So I guess I can justify my snooping by -their- breach of trust. But I still wish that I had not marred my perfect record, although nobody cares about it but me.
  • "62% said they had accessed another person's computer without permission, 50% read confidential or sensitive information without a legitimate reason"

    I find it worrisome that such a large percentage of out IT workforce is so cavalier about ethics and privacy. I'll ignore the intentional violations of
    security policy because much of they MIGHT be attributed to one-off circumventions in order to get a necessary job done. It is curious that so many would
    find snooping such a permissible activity. A professiona
    • by swv3752 ( 187722 )
      I have to go through DB tables on an SMSC to troubleshoot issues with SMS. Now I could setup an SQL query not to show the Message text, the row has about 18 fields and it is a lot easier to just type select * instead. And this presumes I don't have a valid reason to view the message contents, which sometimes there is a valid reason.

      So technically I violated privacy, but if you complained about an email problem, it would be reasonable to expect that the sysadmin will end up seeing your email message.
  • Permission? (Score:3, Insightful)

    by peipas ( 809350 ) on Wednesday September 12, 2007 @11:07AM (#20574141)
    Violating company policies and snooping is one thing, but employees do not own their computers and staff administering machines do not need permission to access systems.
    • Violating company policies and snooping is one thing, but employees do not own their computers and staff administering machines do not need permission to access systems.

      IT staff are employees too... They don't own the machines either. Not to mention that if you work for a company that handles personal information, you may be breaking the law if you go acessing systems/data without permission and the proper controls.

      Your posting is a stark illustration of why the field needs a code of ethics.

  • "Business ethics" is an oxymoron. You're either there to earn money and out-compete everyone else, or there to act ethically. The two don't mix. If you try, someone else will cut that ethics corner and out-compete you, and then the people who own your stock will sue you.
  • Just because a company has a code of ethics, that does not mean that other people will follow it. It just means you can fire them if they don't follow the code.

    It's a sad state of affairs, that like gossip, confidential information is always the most interesting. No ethics code is going to stop unscrupulous (AKA dishonest) people from snooping in other people's private affairs.

  • by PontifexPrimus ( 576159 ) on Wednesday September 12, 2007 @11:09AM (#20574177)
    That is an example of what I like to call "conflation of evils". An action can be
    • morally wrong (going against your own personal conscience)
    • legally wrong (going against codified law)or
    • sinful (going against your religious beliefs)
    Watching child pornography is illegal in all relevant legal systems, and not reporting someone to the authorities could be considered a crime of omission or obstruction of justice. It might be sinful, depending on your religion. It is probably considered morally wrong by the majority of people.
    The problem I see with the dilemma posed by the article is that he tries to conflate these areas and to get a mental map that divides things neatly into The Right Thing(TM) and The Wrong Thing(TM). I think this approach vastly over-simplifies things; take file-sharing, for instance: many instances are illegal since they break copyright law. Yet I wouldn't think it is immoral, since the laws appear to be unjustly slanted against consumers. I couldn't say how religions see the issue (the closest I could find was a quote from the Bible: "go thy way, sell whatsoever thou hast, and give to the poor" which seems to speak out against hoarding property), so I won't make a qualified judgement on that.
    But it should be clear that this is a complex issue, and people trying to frame it in terms of "right" and "wrong" without specifying the framework they're using makes a good answer almost impossible.
    • by Surt ( 22457 ) on Wednesday September 12, 2007 @11:20AM (#20574405) Homepage Journal
      There's also:
              * ethically wrong (violating a codified system to which you have agreed, but which is not backed by threat of physical force)

      People get that one confused with the other 3 as well.
      Ethical can be thought of as polar from legal: You don't agree to abide by the legal system, but you're threatened by physical force if you don't comply.
  • There has to be somebody with the keys to the Kingdom....even if it's RBAC'd. And sometimes those powers are abused or misused.

    What's the next topic for /., people sometimes break laws?
  • Not me. (Score:5, Insightful)

    by Zero_DgZ ( 1047348 ) on Wednesday September 12, 2007 @11:11AM (#20574209)
    Sure, I have unmitigated access to everything that comes, goes, or happens in my company. And if I don't have access to some particular facet of the boss's operation it's pretty trivial to give myself access. But do I snoop through other employees' email or documents or browsing records or whatever? No. But, admittedly, not because of any particular integrity or high moral standards on my part.

    I just don't care. Yeah, it might be nice to intercept early the memo that says I'm going to get canned tomorrow (or whatever) but I have more than enough things on my plate and no time, motivation, or incentive to play Secret Squirrel with other people's stuff. I have news for you: 99.9999% of what happens on a business network is mind numbingly boring. Memos. Transmittals. Materials lists. Spreadsheets. Schedules. Business correspondence so packed with legalese and ass-kissing and meaningless paradigm shifting buzzword bullshit it makes my brain hurt just thinking about it.

    If I want to abuse my authority and misappropriate company time and network access, it's easier and less mind-frazzling to just delegate the job to somebody else and go read Slashdot.
  • Comment removed (Score:3, Interesting)

    by account_deleted ( 4530225 ) on Wednesday September 12, 2007 @11:14AM (#20574289)
    Comment removed based on user account deletion
  • > But in the absence of a professional code of ethics, companies struggle to keep corporate policies up to date."

    How hard is that? Every large company I've seen policies for has blanket statements saying something like "don't access stuff you're not authorized to access".
    What is not being kept up to date? How much more complicated does it need to get?
  • The IT guy was accessing the content of transactions, presumably without authorization. The Porn fiend was using company equipment for, again presuambly, unauthorized and perhaps illegal purposes.

    Some companies don't feel the need to actually lay out a code of ethics, but I can't think of a single boss that doesn't understand the importance of "improper use of company equipment". This isn't a technology issue. This is exactly what it sounds like, an ethics and conduct issue. If the mail room clerks wer

  • by JustShootMe ( 122551 ) <rmiller@duskglow.com> on Wednesday September 12, 2007 @11:19AM (#20574387) Homepage Journal
    I can understand the kiddie stuff. But what's wrong with asian women? Last I checked, asian women were beautiful, and there is nothing illegal about viewing them. It may be against company policy, but THAT is not worth calling the FBI over.

    I know what the author was trying to get across, and there was plenty of cause to call the FBI, but lumping the asian women with children is just demeaning to the women.
    • Re: (Score:3, Insightful)

      by Knara ( 9377 )

      In the eyes of the law, women are often equated to be as helpless (and as unable to make reasonable decisions) as children.

      Just throwin that out there.

  • It's not just IT (Score:3, Interesting)

    by Merenth ( 935752 ) on Wednesday September 12, 2007 @11:21AM (#20574429)
    This isn't specific to IT, but it happens a lot.
    Most newbie Admins poke around in places they shouldn't soon after getting heightened access to the systems.

    Almost anyone, in any career where they have access to sensitive information end up abusing it to some degree.
    Doctors, Nurses and medical records people read the files of friends or relatives all the time, and that's certainly illegal.

    Also, if you come across that kind of stuff in your routine work, you are actually required by law to report it to the police.

    After 15+ years in IT, all data looks the same to me.
    I can help someone adjust the font on a document and not even notice what it says.

  • by UncHellMatt ( 790153 ) on Wednesday September 12, 2007 @11:26AM (#20574533)
    Not too many years ago I worked for a "web startup" (i.e. small company founded by Harvard MBA who smoked lots of weed, drove a VW, and was out to "save the world") as IT manager. As the market tanked, the CEO became more and more concerned for the future of the company and with good reason! We'd gone from regular upper 6 figures per month to less than half that, with three locations whittled down to essentially one and a half. Many employees left for greener pastures. When things REALLY started to go down hill, the CEO asked me to intercept any emails between current and former employees, and then "hinted" that since so many of our clients had their email hosted on our email server, couldn't I do the same with them. I know that, legally, he had the right to get access to current employee email, and any former employee whom he had granted continued use of our email system (not sure on that last bit, IANAL). But asking me to, or suggesting I should allow him to, read client emails was a final straw. While he may have the "legal right" to read employee emails, it left a very bad taste in my mouth. Suggesting I allow him to read client's emails? It was like licking a rat. At the end of the day I had to go home and see myself in the mirror, and I knew that reading other people's personal, private emails was something so abhorrent. (Rimmer: "Lister, that is my private, personal, private diary; full of my personal, private, personal things." Cat: "It's gone public.") Now all that said, at another job, myself and some other IT workers suspected one of the devs of possibly being a pedo. We didn't read his emails, we didn't pour through his computer (which we could easily have done), but we did put google to good use, and at one point we did packet sniff where he was browsing. Was I proud of that? Well, actually yes. If he HAD been looking at kiddie porn, if he HAD been a sexual predator, being a father how could I stand back and not try to do something? It turned out he wasn't a diddler, just... Really really really really creepy. It is a very fine line between "ethical" and "non-ethical", it can be very hard to judge which is which, and everyone will have their own opinions. But in the end you have to live with yourself, and certainly I'm not qualified to decide right and wrong, nor pass judgment. If I had my way, anyone who sold a poorly made curry would be strung up and boiled in oil.
    • by mgblst ( 80109 ) on Wednesday September 12, 2007 @12:51PM (#20576095) Homepage

      If he HAD been looking at kiddie porn, if he HAD been a sexual predator, being a father how could I stand back and not try to do something? It turned out he wasn't a diddler, just... Really really really really creepy.


      This is why it is so scary to let certain people, delusional paranoids such as yourself, to have this power. It boggles the mind what someone would have done to convince you that they were a kiddy fiddler, wearing black clothes, taling quietly, maybe they just weren't that social - i am pretty sure that they didn't have disturbing pictures around the cubical. I guess he is just glad that you weren't so convinced that you dropped a few extra files onto his machine - all in order to protect your children from the non-existant menace. Congratulations, I am sure your witch hunting will be put to better use next time.
      • Re: (Score:3, Informative)

        by Just Some Guy ( 3352 )

        I guess he is just glad that you weren't so convinced that you dropped a few extra files onto his machine - all in order to protect your children from the non-existant menace. Congratulations, I am sure your witch hunting will be put to better use next time.

        I tend to be of the same opinion, but I also recognize that there's such a thing as probable cause. Sometimes people act creepy just because they're eccentric. Other people act creepy because they really are doing creepy things.

        There's a huge difference between looking more closely at someone who's drawn attention to themselves and framing that person. Most rational adults are quite capable of doing the former without stooping to the latter. The alternative is deliberately looking the other way rega

    • Re: (Score:3, Funny)

      If I had my way, anyone who sold a poorly made curry would be strung up and boiled in oil.
      Thereby creating yet another poorly made curry?
  • by jafiwam ( 310805 ) on Wednesday September 12, 2007 @11:34AM (#20574685) Homepage Journal

    view pornography of Asian women and of children.
    Does it mean;

    - Asian women, men in porn
    - Asian children in porn

    Or, does it mean;

    - generic Asian porn
    - generic pictures of kids in NON porn situations like one might run across if one were looking into culture of the far east.

    You can like Asian women and seek out that sort of porn without liking Asian children in porn.

    There is a HUGE difference between porn at work (a common thing) and KIDDIE porn at work. One is just something you can get fired for. The other is a felony.

    The phrasing in the summary seems to imply the latter is what is going on, in which case you need to check your morals at the door and adopt whatever the company says is OK. (And that seems to be that a bit o-boobies searching is fine since the HR department didn't do anything about it.)

    Just because YOU don't like porn of adults, doesn't mean you need to be bugging the FBI about it. If it was real child porn YOU ALREADY COMMITTED A CRIME and acted immorally by not going to the cops with the information.
  • The previous Sr. SysAdmin at my current employer was indiscreet when he found objectionable material. Such that, not only did the person with the objectionable material go away, but so did the SysAdmin. Rule of thumb: if management *does* respond appropriately, DON'T SHOW IT TO ANYONE ELSE.

    Of course, that being said, he's gone, and I got pulled in. So I'm happy.
  • 1. join the consipiracy, or
    2. quit

    Blowing the whistle makes you a big target. Ignoring the problem makes you guilty.
  • by PPH ( 736903 ) on Thursday September 13, 2007 @12:08AM (#20583843)
    So, lets say you are an employee who works for a company and:
    • You discover child porn among the company documents brought back from an overseas business trip by a vice president. You report it and corporate decides to hide the discovery from law enforcement and allow the v.p. to retire 'quietly'.
    • You monitor the web mail accessed by employees at work. This reveals that he is having an affair. You report it and the board of directors ask for his immediate resignation, publicly.
    • You are a vendor that handles photo developing for a number of companies, including a major defense contractor. Upon developing several rolls of personal photos for a high ranking manager, you spot a number of them that have been taken on board a nuclear missile sub and (based upon your past experience in the Navy) know that some of these contain highly classified information. You contact the FBI. Nothing happens, other than the company drops your firm from its list of approved vendors. Nothing happens to the manager who took the photos.
    • You expose a whistle-blower downloading documents that could show a pattern of fraud within the company involving its dealing with federal regulators. The fines against the company could be from $5 billion dollars to as much as $15 billion (if Rico damages apply). The company has the police arrest the whistle-blower and charge him with theft of company IP/
    • As an IT employee, you ask your supervisor why a particular vendor was chosen for a project. In spite of a clear written corporate policy forbidding conflicts of interest or the appearance of such conflicts, he doesn't even hesitate to reply, "Because I get stock options from them".

    This all involves the same company. As an employee, what can I conclude about my company's ethical standards? What should I do if I discover something 'unethical'?

"How do I love thee? My accumulator overflows."

Working...