Ethics In IT

chiefloko writes "I am presently taking a Business Ethics class while earning my MBA. For my final paper topic I have chosen 'Ethics within the Information Technology realm.' Over the past 13 years I have worked for three corporations and have seen everything from the typical BOFH to ungodly pirated software use. I also bore witness to a remote user logging in to a poorly administrated Sun station, finding out s/he was root, and then reading co-workers' emails. I am interested in what the norm is for ethics in the IT world and some of the stories and outcomes."

Reading users email?

[MichaelSmith]

Anyone who has time to read peoples email obviously isn't busy enough (and is easily amused).

Do something useful or something popular

[JohnnyKlunk]

While it's not strictly related to IT, I can spend a whole week doing any number of things that are really useful in the long-term to the business from an IT perspective. Or I can do something that will make the boss happy. Like a flashy widget on the intranet or a set of graphs that prove nothing. One gets me a better bonus and the favour of all those above me. One makes me a good tech. What's the norm here? Balance I guess, depends on the job. This year I'm going to spend a lot more time on the latter. Hopefully get the bonus and pay off the mortgage - most people trade ethics for a mortgage eventually.

Trust simulation and purpose-blindness

[Frater 219]

The point of authorization systems (like user permissions on a Unix system) is to simulate and thereby enforce the trust relationships that people have with regards to data. You aren't allowed to read my email, so you don't have read access. You're allowed to use a certain amount of disk space, so there's a quota.

But here's a problem: Technology is purpose-blind. It doesn't know for what purpose you're trying to do a particular thing -- only whether you've got access to do it. However, in the real world, we frequently want to trust someone with a particular resource, but only for certain purposes.

You're allowed to drive Daddy's T-bird to the library, but not to the hamburger stand. But the ignition system doesn't know that; it just knows you put the right key in. Your sysadmin is allowed to read your email files if she thinks something's wrong with the mail server, but not just because she thinks you're cute and wants to stalk you. But the permissions bits don't know that.

You're allowed to access Scientology's Web page to read it, but not to repeatedly reload it just to put load on their server and run up their bandwidth bill. But neither your browser (or wget) nor their server necessarily understand that.

So there's an ethical problem: you frequently have access to things for only certain purposes. How are those purposes defined and agreed on? Is it possible to make authorization systems more purpose-aware? Would that even be desirable, or would it just cause problems with unexpected situations?

Suppose Daddy's T-bird only allows you to drive to the library, by shutting off the engine if you try to go somewhere else ... and Daddy has a heart attack and you need to get him to the hospital. Down that road lie DRM and other systems that decrease the value of technology by getting in the way of legitimate uses.

The difference between IT and other professions

[Yvanhoe]

One of the key difference between IT-related ethics and other fields like medicine or law is that there is no official body emitting guidelines and no rights and duties recognized by the law.

When a doctor is asked by an employer to give him medical informations about his employees, he can point out that this would be illegal.
When a sysadmin is asked by his company to monitor users' web access, there are a lot of privacy issues that are raised but never addressed in the law. I mean, it can be part of the sysadmin job to prevent company computers from accessing porn sites but knowing which users access gay websites and which are ordering viagra online is something that should never be forwarded to upper management. He cannont prevent knowing this, but there should be something akin to medical secret regarding these data.

IT Ethics is Different from Business Ethics

[Starky]

The fundamental focus of ethics is different between general business and IT issues.

In many business programs, students are exhorted to compete from day one. Many students take away the message that they should maximize profits (or market share or whatever they use as a metric of success) by any means necessary.

(I have worked on a number of antitrust regulatory issues, and you would be astonished at the number of e-mails that have been unearthed in which executives send each other messages to the effect, "Let's use unfair competitive practices to squash the little guy!" I'm paraphrasing, of course, but not by much.)

In IT, on the other hand, the issues pertain more to privacy and intellectual property rights. If a system administrator reads someone's e-mail, it may be for personal gain or just out of curiosity, but it's not due to any sort of overriding business objective. Competition in IT is to build the best product, not to "get" the other guy. And the ethics reflect that.

By the way, I've also worked at a company where an admin, who reported to a manager I worked beside, was reading e-mails. The manager let him know that he knew, and that if anything came of it, it would come back to bite him, but also let it slide because (1) someone has to have access, and whoever it is will probably take a peek from time to time, and (2) he was relatively discrete about it, and others may not be. Was he unethical in letting the behavior persist?

Re:You need to clarify your question

[clickclickdrone]

I read a study recently that indicated a very high % of senior execs are actually psychopathic (as in total lack of empathy) noting that it is actually a desirable trait to get to the very top. Being able to make hard decisions by looking at the bigger picture despite the decision hurting some people along the way is something most people have trouble with so someone with said trait is likely to do well and often does. Psychopaths also tend to have charisma in spades which helps.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:You need to clarify your question

[MindKata]

Yes unfortunately there are many high up bosses who go beyond even NPD. (Its an interesting sliding scale, as even NPD's lack a great deal of empathy. The higher up in this form of disorder, the more they lack empathy ... but often the more they perfect their image of being a good confident even moral person ... this suppression of empathy towards others is ironically why we have a world with such extreme behaviours ... even terrorists fit high up on this scale, as their self-righteousness blinds them from the horror of their actions. Scary world we live in thanks to these kinds of people. Thankfully most people in the world are not like them).

The whole subject of ethics in IT needs to be considered in a wider context with the ethics/morality of the other staff that make up the companies. Also even the whole of society and even at a given time in history affect interpretations of ethics. Each aspect of the context, can vary the interpretation.

The irony is most employees are far more trusting people than bosses or sales people. If we were more distrusting, we would seek out and learn to spot more examples of the gaps in what the bosses say, compared with what they do, and therefore be less easy to be exploited by some bosses. Its why some people are not called "business minded". What some bosses are actually describing as business minded, is a behaviour that is at times so twisted and lacking empathy, that I don't want to be like them. But I want to be successful in business, so it helps to learn to understand their behaviours, because once you learn to see these personality types, it gives a way of predicting their behaviours. Once you learn to see these personality types, its actually far easier to deal with them.

Ethics in big business like IT is a fascinating subject, as even their way of interpreting the law is at times different from most people. To most people (I hope!) the law is an uncrossable line. A solid boundary of ethical and moral behaviour. But to big business, I have been shocked at times at how the law is treated at times more like for example, the rules in Formula 1 racing cars, where they can twist and exploit the definitions of the law to suit themselves and how the government plays the same games back at them. For example government will say something like, "if you big company A do that now, to get around this law, then next time around, when we alter the wording of the laws, we will make it tighter still on you and all companies like you, so don't get around this law now". Its all political power biasing. The law at that level, isn't an absolute line, the way most of us interpret it. That kind of thinking in big business, I find, really puts the ethical worries of programmers into perspective.

Re:You need to clarify your question

[clickclickdrone]

Interesting stuff. What doesn't help is that by and large, we, as a society, reward the kind of errant behaviour you describe whilst wringing our hands and muttering about how unpalatable it is. As a species we're our own worst enemy in many respects.

Re:You need to clarify your question

[Tony Hoyle]

That's where we go wrong (it appears to be a very US centric view also - I've never heard that from a european company & I've spoken to more than a few over the years).

A company is part of the social fabric.. it doesn't stand alone. It provides employment, which gives its employees a certain standard of living. It also generates wealth that improves the economy. The employees use their pay to give money to other companies, thus helping them also.

If a company mistreats its employees it breaks part of that. It may make more profit, but at a cost to the rest of society. That's why most countries have strict employment laws.

Re:ethics require education

[19thNervousBreakdown]

Is there a reason you can't require a password change on first login?

The slimy factor

[griffinme]

Here is an example from my dad. He was an engineer at a manufacturing plant in the 70's that decided they needed to go to CAD. He was given the project. He started working with DEC and they quoted XXX,XXX.00 as the price for a great system. He took that back to his bosses and they agreed. He goes back to DEC and the salesman starts mentioning things like, "Would you like an OS with that? It will cost XX,XXX.00 more." and "Would you like the special power cord? It will cost an extra XXX.00" They kept this up until the price was now one and a half times the original quote. Dad was getting embarrassed at going back to his bosses over and over asking for more money and finally got mad and started threatening to kill the deal. At this point the salesman mentions that it includes a Rainbow computer (their version of a PC and rather pricey at that) that wouldn't show up on the invoice and could be shipped to any address. That was about the point were Dad exploded.

Crazy thing is he loved DEC computers and still does. He wistfully talks about their ability to multi-task and better file system.

Years later I was caught in an ethical bind and asked him what to do. "You can do the easy thing or you can do the right thing. Doing the right thing might be bad for you in the short term, but you will be able to look back later and feel good about yourself instead of feeling slimy every time your reminded about it."

I took a business ethics class taught by a retired corporate head of human resources. He gave a good explanation of why this is taught in some business schools. "If you think about this now when you have no pressure on you, you stand a much better chance of making the best decision when under pressure and you have to make a snap decision. Don't kid yourself and think these things won't happen to you. They will, and most of the time you will have no time to do any soul searching."

Re:You need to clarify your question

[cabazorro]

I equate ethics with moral character. You do what you consider to be right. Furthermore, you must support your actions by displaying great expertise and knowledge and overall, good will. At the core of the divergent paths between business ethics and technology ethics, lies the concept of what we consider to be good and bad.
To make myself clear let us recall a Simpsons Tree of Horrors episode where Homer is buying a "Crusty the Clown Toy at a strange shop in China Town"

Owner: We sell forbidden objects from places men fear to tread.
              We also sell frozen yogurt, which I call ``Frogurt''!

Homer tells the owner that he is looking for a present for his son's
birthday. The owner hands to him a talking Krusty doll.

Owner: Take this object, but beware it carries a terrible curse!
Homer: [worried] Ooooh, that's bad.
Owner: But it comes with a free Frogurt!
Homer: [relieved] That's good.
Owner: The Frogurt is also cursed.
Homer: [worried] That's bad.
Owner: But you get your choice of topping!
Homer: [relieved] That's good.
Owner: The toppings contains Potassium Benzoate.
Homer: [stares]
Owner: That's bad.
Homer: Can I go now?

Here we see knowledge, expertise and how they determine what is considered good or bad, hence ethics.
And this exactly why Lawmakers, Artists and Business people in general are unqualified to
exercise good ethics in IT. Due to their lack of expertise and knowledge.

Re:Talking of reading other people's emails...

[ContractualObligatio]

As Heinlein said, "stupidity is the only universal capital crime; the sentence is death, there is no appeal, and execution is carried out automatically and without pity."

Doing this job well? Always!

[Gazzonyx]

Actually, I've been at the place for 3 years (1 year full time while I took 2 semesters off from school to get my head straight), and I can easily say that it was worth it.

I spent a year of straight "heads down" time, doing network administration, database administration (we use Access 2000, but it's exposure nonetheless), writing a backup tool (and porting it 3 times "...it's only temporary, you know." - yeah, right), and learning RHEL during the day. At night I was writing a win32 application, bash scripts, C/C++ code, Java, playing with advanced routing, samba, and kernels in Slackware Linux, and constantly digging in to technical documentation and CS theory. The time has paid off ten fold. The difference between myself and my peers without 'hand-on' experience is simply astounding!

I didn't realize until I took graduate level administration and programming classes last semester and this semester and I breezed through them without cracking a book. My code is cleaner, better documented, and formatted better than when I was taking AP C++ in high school. I look at applications (regardless of platform - I'm running 3 flavors of Linux, a Mac and a Windows box at home, a RHEL box at work, and work on a Solaris box at school) in a completely different way than ever before. I don't see an application any more, but rather layers of abstraction connected via interfaces.

Once I realized that everything is a connecting interface from the backend to the frontend (protocols, devices, GUIs, etc., everything), I found I could do incredibly complex things in both programming and administration - it's just about getting the right interfaces on the right layers. It was a moment of revelation that compares to when I found out in *nix, everything is a file. The light went on! I also found out that C/C++ is almost a completely different language on each platform. GNU, win32, xcode might as well be 3 separate languages. Good documentation is worth its weight in gold. Version control is How It Should Be. And, every bit of knowledge is a tool in your toolbox; the more tools at your disposal, the more elegant your solution and the less forehead dents in your desk. Finally, if your interface layers are concise all the way up, everything falls in to place all the way up to the GUI and troubleshooting and bug fixing become single line fixes instead of full function kludges. That being said, I still write a lot of crap code... but at least I know when I'm doing it now.

Sorry for that rant, but I really had to comment on what the job has taught me.

Re:You need to clarify your question

[Repton]

The free-market economist would say: you buy your car from the company that makes the best cars that you can afford.

The companies, realising that they need to sell cars in order to achieve their goal (making money), set about making their cars better or cheaper.

A better example might be: You are choosing between Car Company A and Car Company B. Both companies make good cars -- you can't choose between them on technical grounds. Car Company A's cars are about 10% cheaper than Car Company B's. Car Company B pays its employees 10% more than Car Company A. Which car do you buy?