When Ethics and IT Collide 414
jcatcw writes "IT workers have access to confidential data, and they can see what other employees are doing on their computers or the networks. This can put a good worker in a bad predicament. Bryan, the IT director for the U.S. division of German company, discovered an employee using a company computer to view pornography of Asian women and of children. He reported it but the company ignored it. Subsequently the employee was promoted and moved to China to run a manufacturing plant. That was six years ago but Bryan still regrets not going to the FBI. Other IT workers admit using their admin passwords to snoop through company systems. In a Ponemon Institute poll of more than 16,000 U.S. IT practitioners, 62% said they had accessed another person's computer without permission, 50% read confidential or sensitive information without a legitimate reason, and 42% said they had knowingly violated their company's privacy, security or IT policies. But in the absence of a professional code of ethics, companies struggle to keep corporate policies up to date."
Re:Why bother keeping corporate policies up to dat (Score:4, Interesting)
If it was like the PMP, CMA, CPA or other professional certifications/licensure that industry requires for certain jobs, then code of ethics violations would mean loss of certifications/licensure. That would weed out all those unethical assholes in IT.
I faced a quandry (Score:2, Interesting)
Probably a million stories similar to mine...
Re:So where is the "ethical dilemma"? (Score:3, Interesting)
Was the employee German or it was all happening in the USA? If the employee was German, was the policy compliant to German privacy legislation and were the employees correctly informed about it and warned about its enforcement as required by German (and EU) legislation?
Based on personal experience with Americans rolling out nannyware around Y2K I somehow suspect that none of that was done and if the employee was not in the USA and not American the logs were inadmissible as evidence for an employee tribunal. This was the general state of the industry around Y2K and is still the state in many USA companies operating abroad.
Further to this, I am a great fan of the maxima: do not start a fight unless you bloody well want to finish it. So if the guy raised the alarm at all he should have followed it through. The excuse about slump seems pretty lame to me. A settlement in a constructive dismissal for leaving due to company accepting child porn as normal behaviour would have probably net him more money than his salary all the way through the slump. So I suspect he simply did not have the evidence correctly untainted to be used in Germany in the first place.
Comment removed (Score:3, Interesting)
Re:When my pay is ethical, I'll worry about the re (Score:3, Interesting)
Re:Summary has 2 different ethical problems (Score:3, Interesting)
Theoretically, ethics start with your parents. You get your original ethics template from them by watching what they do. You can try to overlay a code of ethics over that, and if the individual is flexible enough it might help reinforce the need for security or override a natural tendency to want to violate the rules, but more often than not a code of ethics is just so many words. It's up to the individual to determine right from wrong in their own mind, based on personal and societal cues. If someone is going to snoop through company data, they're probably going to do it. If they discover something illegal in their snooping, they're going to have to weigh their ethics against the ethics of those perpetrating the illegal action.
It's not just IT (Score:3, Interesting)
Most newbie Admins poke around in places they shouldn't soon after getting heightened access to the systems.
Almost anyone, in any career where they have access to sensitive information end up abusing it to some degree.
Doctors, Nurses and medical records people read the files of friends or relatives all the time, and that's certainly illegal.
Also, if you come across that kind of stuff in your routine work, you are actually required by law to report it to the police.
After 15+ years in IT, all data looks the same to me.
I can help someone adjust the font on a document and not even notice what it says.
Re:What privacy? There is no privacy at work. (Score:3, Interesting)
At the end of the day, it's your reflection. (Score:4, Interesting)
Re:What privacy? There is no privacy at work. (Score:3, Interesting)
Privacy is a rather "slippery" thing. The U.S. Constitution never specifically guarantees anyone a "right" to privacy. Neither to any of the Constitutional amendments. It's more of an "implied" individual right, subject to interpretation. (Just being defined as a "figure in the public eye" can drastically change your ability to sue someone for publishing photos taken of you without your permission, for example.)
Ultimately, I think people only retain the amount of privacy they're willing to fight to maintain.
So yes, in the workplace it's understood that legally, when push comes to shove, the employer will prevail in the courts if they decide to snoop around on the computer assigned to you. That doesn't mean the I.T. staff should go around disrespecting people's privacy on a regular basis, just because "the law lets me do it".
The law says it's ok for me to sit on our mail server and start opening up people's mailboxes, reading the contents of all their email too. As an employee, would you really be ok with that, knowing I was doing that all the time at your business?
I know, as an I.T. admin myself, I'm constantly trying to do my job, while still respecting people's privacy (whether it's legally protected or not). To me, it absolutely comes down to "ethics". I understand that despite what the *law* says, people still feel like the company property assigned to them for their use during the workday is *generally* not subject to snooping. That's why we have logins with passwords on them, and email isn't just collectively sent out under a heading of the company's name. (The Internet connection and mail servers might be owned by your employer, but they don't really own your thoughts, put into writing, in individual emails, right?)
Sort of depends on what this means... (Score:3, Interesting)
- Asian women, men in porn
- Asian children in porn
Or, does it mean;
- generic Asian porn
- generic pictures of kids in NON porn situations like one might run across if one were looking into culture of the far east.
You can like Asian women and seek out that sort of porn without liking Asian children in porn.
There is a HUGE difference between porn at work (a common thing) and KIDDIE porn at work. One is just something you can get fired for. The other is a felony.
The phrasing in the summary seems to imply the latter is what is going on, in which case you need to check your morals at the door and adopt whatever the company says is OK. (And that seems to be that a bit o-boobies searching is fine since the HR department didn't do anything about it.)
Just because YOU don't like porn of adults, doesn't mean you need to be bugging the FBI about it. If it was real child porn YOU ALREADY COMMITTED A CRIME and acted immorally by not going to the cops with the information.
Re:What privacy? There is no privacy at work. (Score:3, Interesting)
You don't lose your rights when you enter a workplace.
Re:There is no Absence! (Score:4, Interesting)
Most of us do. But then again a LOT of us have lapses and moments of weakness. I mean if you know there is some really good dirt being shot back and forth via email and you log all email it's really tempting to just snoop through it to kill some boredom. Sometimes just reading a piece of paper on the wall can help you keep your focus.
I'm an I.T. Manager and it's sort of tough sometimes. For me personally I'm having a bad time in my life and I have this vicious streak that emerges many times a day - and that isn't helping. I have the ability to see every website they visit, everything they do on their PC, and can see every email received and sent. I can also access pretty much every file on every machine in the company. That's a LOT of responsibility. And I honestly don't snoop through any of it - it's kept for security/legal reasons. Monthly I wrap it up an 256bit AES encryption on a DVD and that's it. I think most I.T. people are actually pretty honest as well as far as the ones I've met. I mean I'd hate to see what the assholes in sales would do if they had as much power over the company as I had. heh, I actually just cringed.
Re:It's simple (Score:3, Interesting)
What you are confusing is the Adam Smith style capitalism with the Monopolist practices of modern upper managment.
Capitalism isn't war, it's more like a race. Even though you are trying to win, there must be other competetors for there to be a race. Imagine Lance Armstrong tried to have a bike race where he was the only entrant. What would be the point?
That said, reading Sun Tzu would help you play the game of "Risk", but no-one would confuse a game with a real war.
We don't live in a Democracy, but we realize that Democracy is a good idea. (I'm talking about the US's Federalism) We don't live in a truely Capitalist system, but we realize Capitalism is a good idea.
As far as dropping out, go for it. Read Don Lancaster's "Incredible Secret Money Machine" for a method of dropping out while staying in the system, read old issues of "The Mother Earth News" for descriptions of people who have truely gone off grid and "dropped out".
Re:Not entirely ethics (Score:1, Interesting)
Sure, coworkers may do it, but do you really think that makes it alright? Not saying I have anything personally against porn, but it still doesn't make it alright. I don't see why it's so hard to understand that from the perspective of the company, they're paying you to do work, nothing else, and certainly not to look at porn.
Re:75% of all stats are made up on the spot... (Score:3, Interesting)
Many years ago I worked as a temp in a helpdesk situation. The position included tons of down-time, and one day I filled in the gaps by browsing what available resources I had been granted access to. I assumed that as a temp, I would have almost no access at all as any such access was not required in order to open a ticket.
Much to the contrary, I was able to access the entire salary list for the organization, and detailed networking topography and connections for all the remote offices. I reported this immediately and was thanked, not discouraged in any way, for what I did. However, a week or so later at the stroke of 5pm after all of the techs had left, I got a call from a remote office that could not access some resource... I tried to help troubleshoot the issue, and again looked around on the network for info that might help. I found an IP address I could ping. I pinged it and was able to at least report the results to the tech when I called them. I was terminated the next day, much to my surprise since I was completely honest and upfront with them at all times, and I was only trying to help (as opposed to the first time, when I was snooping intentionally and was not scolded).
I'm a believer in the idea that if you give me access to something, I'm free to utilize it... Controlling access is the admins responsibility. Yes, I'll state that again... If you give me access to the HR drive, I have every right to view the spreadsheets inside. The company has every right to fire you for screwing up and giving me that access, and every right to fire me if I publish it or do something other than keep it to myself.
Re:Why bother keeping corporate policies up to dat (Score:3, Interesting)
It's about culture. Most IT guys are "techies" not money-grubbing bastards (aka business executives, accountants, etc.) Most IT professionals have a sense of integrity, understand their power within the organization, and act reasonably responsibly. Some do not. Lots download stuff they shouldn't at work and read the HR department's email. Annoying, but not a big deal. What they don't do is copy the records from the accounting department and sell them to brokerage firms. They don't create bogus POs for themselves. The don't sell proprietary information to competitors.
I guess I'm saying that their are DEGREES of corruption, and in the grand scheme of things IT workers aren't anywhere near the realm of "the money people" when it comes to corruption.
Re:Summary has 2 different ethical problems (Score:3, Interesting)
At my university, they recently sent out an email to a couple thousand students that included an attachment containing personal information about every student in the engineering department, including GPA, phone numbers, and addresses. Instead of calling up the IT guys and deleting the emails from the accounts that received them, the university sent out emails asking students to manually delete the emails. I'm not sure if they did this because they didn't want to invade the student's privacy, but if that's the case, then I think they went too far in following their code of ethics. Sometimes you have to bend the rules to fix a problem.
Re:Why bother keeping corporate policies up to dat (Score:3, Interesting)
Re #1: Its only an ethical problem if you think its an ethical problem. Most of it is pretty harmless/lame/stupid, so why not let people spend a few minutes once in a while looking at something they find easy on the eyes. Better than looking at this [trolltalk.com].
Re #3: He didn't report the kiddie porn to the police ... they're the ones who you report kiddie porn to, not your boss.
I can understand his frustration to a certain extent. Ever try to report child abuse? You'd better have a squeeky-clean past, because you can be sure that whoever you report is going to try to smear you. Its the same with accusing someone of holding kiddie porn. "Invasion of privacy" "You planted it - that's how come you knew where to look" etc.
Ambiguity over ethics (Score:3, Interesting)
This all involves the same company. As an employee, what can I conclude about my company's ethical standards? What should I do if I discover something 'unethical'?
Re:Why bother keeping corporate policies up to dat (Score:3, Interesting)
I'm sorry, but that is exactly what I am saying. I am replacing a guy who lost his position because he was an unethical boob without an education. Each one of the managers in my division that have lost their job or have been forced into retirement in the last 10 years just happen to have an associates only or no degree. By the end of the year, we will have only one manager without a bachelors and they are sweating bullets right now. It has become so endemic within my organization, a hospital, that we starting to require a bachelors for any supervisory position. Most nurse manager positions in the market require a minimum amount of business education in addition to a nursing degree. Director or above require an MBA or MHA plus a nursing degree.
I am sorry that it seems unfair, but I spend the last seven years in school while working in a salaried position. I work 60+ hours a week normally and am taking a full load of graduate classes. I have gotten some significant payraised, but it has been hard. One point, I was making the federally minimum salary for exempt, 23k. If you can't swing a night class or two while working, maybe you need to look at your lifestyle/career mix. My wife and I didn't go out and eat for two years so I could go back to school.