Ethics In IT

chiefloko writes "I am presently taking a Business Ethics class while earning my MBA. For my final paper topic I have chosen 'Ethics within the Information Technology realm.' Over the past 13 years I have worked for three corporations and have seen everything from the typical BOFH to ungodly pirated software use. I also bore witness to a remote user logging in to a poorly administrated Sun station, finding out s/he was root, and then reading co-workers' emails. I am interested in what the norm is for ethics in the IT world and some of the stories and outcomes."

You need to clarify your question

[arivanov]

Whose ehics are you talking about?

The Ethics of an MBA giving IT orders, the ethics of a BOFH doing his job, the ethics of a developer?

Let's not speak of Joe Average consumer of IT as he actually has no IT Ethics, he applies his Ethical viewpoint to IT so his inclusion will only muddle up the concepts.

Each of these communities (PHB, BOFH, Developers) has their own ethical codes (or lack of). While there is a great difference between them, there are not that many differences between members of a particular caste.

Re:You need to clarify your question

[MindKata]

You also have to add in the ethics of other departments within a company. I've found often to my surprise, the ethics of sales people & marketing people are at times very different from that of programmers and other workers in a company.

Many sales people are not scientifically minded people. I'm a programmer and I worked in one company where the programmers were on one side of a desk divider and the other side had the sales people. We were killing ourselves laughing at then kinds of statements sale people were making about the products we were creating!. Often it wasn't based on fact at all. Ignorance or ethics? ... call it what you will, but to a sales person, its also part of the game they play.

They talk with complete conviction on a subject and it sounds like they know what they are saying (to anyone who doesn't know the subject), but with programmers I've found we often add disclaimers, because we see there are gaps in our knowledge and gaps in areas where we want to carry out more tests etc... Sales people's eyes often glaze over and they loose interest after telling them details for more than a few seconds. They don't what to know the details. They want to push a certain version of the truth (to me that's not truth at all and its ethically wrong, yet to sales people, its part of their way of communicating).

Also the ethics of high up bosses are often even worse than sales people. But they often do have one personality trait that helps them deal with sales people, as bosses I have found are often very distrustful people, even though on the surface they give a good image of confidence, deep down they show their insecurity and distrust of others. (Many even have recognisable personality disorders like NPD). They approach dealing with others, in a very different way to e.g. how programmers would work together.

The whole subject of ethics especially in big business like IT is very subjective depending on what people you ask.

Re:

[clickclickdrone]

I read a study recently that indicated a very high % of senior execs are actually psychopathic (as in total lack of empathy) noting that it is actually a desirable trait to get to the very top. Being able to make hard decisions by looking at the bigger picture despite the decision hurting some people along the way is something most people have trouble with so someone with said trait is likely to do well and often does. Psychopaths also tend to have charisma in spades which helps.

Re:You need to clarify your question

[pdwalker]

That's sociopaths [caltech.edu], not psychopaths [wikipedia.org].

Think of it as the difference between a politician and a serial killer.

Re:

[clickclickdrone]

Thank you for the correction - an important difference it would seem although I'll wager there's a few of both in senior positions!

Re:You need to clarify your question

[MindKata]

Yes unfortunately there are many high up bosses who go beyond even NPD. (Its an interesting sliding scale, as even NPD's lack a great deal of empathy. The higher up in this form of disorder, the more they lack empathy ... but often the more they perfect their image of being a good confident even moral person ... this suppression of empathy towards others is ironically why we have a world with such extreme behaviours ... even terrorists fit high up on this scale, as their self-righteousness blinds them from the horror of their actions. Scary world we live in thanks to these kinds of people. Thankfully most people in the world are not like them).

The whole subject of ethics in IT needs to be considered in a wider context with the ethics/morality of the other staff that make up the companies. Also even the whole of society and even at a given time in history affect interpretations of ethics. Each aspect of the context, can vary the interpretation.

The irony is most employees are far more trusting people than bosses or sales people. If we were more distrusting, we would seek out and learn to spot more examples of the gaps in what the bosses say, compared with what they do, and therefore be less easy to be exploited by some bosses. Its why some people are not called "business minded". What some bosses are actually describing as business minded, is a behaviour that is at times so twisted and lacking empathy, that I don't want to be like them. But I want to be successful in business, so it helps to learn to understand their behaviours, because once you learn to see these personality types, it gives a way of predicting their behaviours. Once you learn to see these personality types, its actually far easier to deal with them.

Ethics in big business like IT is a fascinating subject, as even their way of interpreting the law is at times different from most people. To most people (I hope!) the law is an uncrossable line. A solid boundary of ethical and moral behaviour. But to big business, I have been shocked at times at how the law is treated at times more like for example, the rules in Formula 1 racing cars, where they can twist and exploit the definitions of the law to suit themselves and how the government plays the same games back at them. For example government will say something like, "if you big company A do that now, to get around this law, then next time around, when we alter the wording of the laws, we will make it tighter still on you and all companies like you, so don't get around this law now". Its all political power biasing. The law at that level, isn't an absolute line, the way most of us interpret it. That kind of thinking in big business, I find, really puts the ethical worries of programmers into perspective.

Re:You need to clarify your question

[clickclickdrone]

Interesting stuff. What doesn't help is that by and large, we, as a society, reward the kind of errant behaviour you describe whilst wringing our hands and muttering about how unpalatable it is. As a species we're our own worst enemy in many respects.

Re:

[jcnnghm]

For a company to survive it is sometimes necessary to make decisions that aren't beneficial to some people in the company. Being able to make these decisions rationally without being unnecessarily swayed by emotion is the trait that is favored.

Re:You need to clarify your question

[MindKata]

"For a company to survive it is sometimes necessary to make decisions that aren't beneficial to some people in the company"

That's what some bosses tell us. While there are times a company can be in trouble, in reality some bosses are sometimes more concerned with their share price. We have got into a world where some companies want to return a greater profit each year and this idea becomes more important to them, than providing a steady living for people. Its not just about company survival, as some bosses say. Some bosses would sooner loose staff that take a pay cut and some would even laugh at having the power to do so. You need to recognise the kinds of personality that can dominate in business. Its not always as clear cut as they say.

Not all bosses are like this just as not all companies are like this, but some are. The subject of ethics isn't as absolute as it would at first appear, but to work with these kinds of people, you need to see what some people are capable of doing and in big business such as IT, there are a lot of these kinds of people.

Re:

[Z34107]

We have got into a world where some companies want to return a greater profit each year and this idea becomes more important to them, than providing a steady living for people.

Businesses aren't welfare programs. Nobody started Microsoft or Proctor & Gamble or big evil entity name here thinking "Hmm, maybe I could employ 400,000 people if only I worked 80 hour weeks for the next ten years or so on the off-chance I might be successful?"

Businesses are supposed to make money. Period. We have laws t

Re:You need to clarify your question

[Tony Hoyle]

That's where we go wrong (it appears to be a very US centric view also - I've never heard that from a european company & I've spoken to more than a few over the years).

A company is part of the social fabric.. it doesn't stand alone. It provides employment, which gives its employees a certain standard of living. It also generates wealth that improves the economy. The employees use their pay to give money to other companies, thus helping them also.

If a company mistreats its employees it breaks part of that. It may make more profit, but at a cost to the rest of society. That's why most countries have strict employment laws.

Re:You need to clarify your question

[EnglishSteve]

This is why I now refuse to do work for public companies (I am self-employed). Once a company becomes a public entity, all motives except the profit motive go by the wayside. Employees and suppliers become numbers on a balance sheet.

Private companies, on the other hand, are free to have other motives in addition to profit such as providing employment etc. In my experience, private companies are much more likely to actually give a shit about their employees and suppliers. Of course there are private companies out there that are purely profit motivated, but it's not all of them.

Re:You need to clarify your question

[dpilot]

Once upon a time, the CEO of a very successful company had a simple 3-step recipe:

1: Take care of your customers.
2: Take care of your employees.
3: PROFIT!!

Actually, Step 3 was really, "The profits will take care of themselves." But it's worth noting that this was Step 3, not Step 4 with some sort of "???" for Step 3. It was also a long-term attitude, in that you were building the foundations of long-term success, and perhaps sacrificing higher short-term profits in exchange for that long term.

This too, has passed.
But then again, that company isn't now considered as successful as it was when it was run by those 3 steps.

IMHO, the "maximize profits" attitude in US corporations is a fundamental problem. Let's phrase it this way... You want to buy a car, and you have to choose between Car Company A and Car Company B.

Car Company A's guiding principles are to "maximize profits" and "maximize shareholder return", and they happen to make cars.

Car Company B's guiding principles are to make the best cars that they can, and so far by selling those cars at a competitive price they have remained profitable and in business.

Who would you want to buy your car from?

Re:

[Repton]

The free-market economist would say: you buy your car from the company that makes the best cars that you can afford.

The companies, realising that they need to sell cars in order to achieve their goal (making money), set about making their cars better or cheaper.

A better example might be: You are choosing between Car Company A and Car Company B. Both companies make good cars -- you can't choose between them on technical grounds. Car Company A's cars are about 10% cheaper than Car Company B's. Car Compan

Survival of the fittest

[phorm]

And in the business world, the "fittest" is often whomever is most willing to do whatever it takes, and stop over whomever they can, to achieve the goal.

Re:You need to clarify your question

[apt142]

. But to big business, I have been shocked at times at how the law is treated at times more like for example, the rules in Formula 1 racing cars, where they can twist and exploit the definitions of the law to suit themselves and how the government plays the same games back at them.

I think the reason that big business tends to view laws as more flexible than the average person does is because of the penalty of those laws on big business in relation to the rewards.

For example:

If I as an individual, go out and set fire to somebody's car, I'm likely to spend a good deal of time in jail. I would possibly lose years off of my life and get a criminal record that would hurt the ability to provide for myself in the future. Knowing that trade off would deter me.

If a big businesses made a car that burst into flames then their likely punishment will all be in dollars and cents. So, any deterrent to them would be to not lose money. But sometimes, it's more profitable to make an unsafe car than it is to make a safe one. If that causes a violation of the law for them, then so be it. Even after the punishment is dealt out, they can come out better than before. As long as they can avoid the public action and boycotting that happened to Firestone, then there really isn't any punishment.

I think there needs to be a better punishment system for big business. Perhaps prosecution of CEO's, or forced closing (short term or permanent), maybe a fine to the shareholders.... I don't know.

Re:

[morgan_greywolf]

If I as an individual, go out and set fire to somebody's car, I'm likely to spend a good deal of time in jail. I would possibly lose years off of my life and get a criminal record that would hurt the ability to provide for myself in the future. Knowing that trade off would deter me.

If a big businesses made a car that burst into flames then their likely punishment will all be in dollars and cents.

Bad analogy. Your first example is a matter of criminal law and your second example is a matter of civil law (product liability). Here's a better example:

The mechanic down the street fixes your car and due to a short cut he takes (say, not replacing a gasket or a seal that should have been replaced), your car bursts into flames, what happens? Well, first the mechanic is subject to civil liability law, where his repair work was the direct cause of the flamage. Secondly, the mechanic may be subject to to

Re:You need to clarify your question

[apt142]

Bad analogy. Your first example is a matter of criminal law and your second example is a matter of civil law (product liability).

I know my analogy is bad. It's bad because there is no apples to apples law comparisons for individual crimes and corporate crimes even if the outcomes of both crimes are the same. Which was my point.

The other point I was trying to make is that the punishment rarely makes any lasting impression to the company. Sure Mattel took a dive, but check out the stock today. It's on the incline. Though to be fair, lousy Barbie sales in 2006 sent the stock much lower in January 2006 than the lead paint did in January 2008. Last I checked, making Barbies isn't a crime.

But according to the systems of currency we have for good and bad behaviors, lousy Barbie sales and lead paint in the toys are about the same level of badness for the company. With Barbies FTW. So, the next time the company is presented with the choice, sell more barbies or not poison children, which do they have the most incentive for?

Re:You need to clarify your question

[knarf]

One little thing I'd like to comment on:

To most people (I hope!) the law is an uncrossable line. A solid boundary of ethical and moral behaviour.

Really? I'd wager that this is a serious exaggeration. The law in itself is not more than the codification of morals and ethics. It is those morals and ethics which most people abide by, not the letter of the law. There are many laws which stray from common morals and ethics. This being slashdot it should be sufficient to point out the DMCA or the current implementation of patent law to show examples of law which often are not seen as moral or ethical.

So assuming that people in general try to stay on the right side of morals and ethics they tend to be law-abiding as a consequence of that. In business (big or small, does not matter) morals and ethics often seem to take a back seat to the pursuit of financial gain. As success in business is often defined by the amount of money made it should not be surprising that those who are emotionally capable to push morals and ethics aside for financial gain tend to rise above those who are less inclined to do so.

Re:You need to clarify your question

[Anonymous Brave Guy]

To most people (I hope!) the law is an uncrossable line. A solid boundary of ethical and moral behaviour.

Confusing ethics and the law is a dangerous thing in itself.

To put things very simplistically, ethics is theory and the law is practice. Ideally, someone living a good, honest life according to fair, ethical principles would always find their behaviour falls within the law, but sometimes a bad law comes into conflict with those ethics. Whether someone chooses to obey the letter of the law or to follow their own ethics at that point says a lot about them.

To give a concrete, IT-related example that is relevant in my country today: the UK government is currently planning to introduce identity cards and the National Identity Register database. I know that some surveys in the past have found a majority of the sample population in favour of these measures. I also believe that introducing these measures is not in the interests of the people, and that the government policy would not be so widely supported if people understood the implications for access to personal information, security, reliability, and the like. I know that I am far from alone in these beliefs, because there are campaign groups with many thousands of people supporting them who express the same concerns. However, the law has already been passed to make these measures possible, though it was passed by a government for which only a small minority of the people actually voted; substantially more people voted for parties that oppose the scheme. So, when the government attempts to roll the ID cards and database out to the population, should I be a good little citizen and accept my fate, or should I join the radical law-breakers promising civil disobedience by refusing to participate? Are those who choose to follow their beliefs to the point of breaking a law they believe to be unjust really unethical, or are those who accept without challenge a dangerous law passed by an unrepresentative government the unethical ones?

Re:

[cabazorro]

I equate ethics with moral character. You do what you consider to be right. Furthermore, you must support your actions by displaying great expertise and knowledge and overall, good will. At the core of the divergent paths between business ethics and technology ethics, lies the concept of what we consider to be good and bad.
To make myself clear let us recall a Simpsons Tree of Horrors episode where Homer is buying a "Crusty the Clown Toy at a strange shop in China Town"

Owner: We sell forbidden objects from

Re:You need to clarify your question

[lorenzino]

Think of it as the difference between a politician and a serial killer.

Sorry, what difference again ?

Re:

[frodo from middle ea]

Serial Killers are selective about who they kill.

Re:

[arivanov]

Actually not true. They are being less effective at whom they kill.

As the ancient saying goes: If you steal a penny they will hang you at the dawn, if you steel a million you will become a banker.

Re:You need to clarify your question

[mux2000]

You didn't read your own links, did you? From your Wikipedia link:

Psychopathy is a psychological construct describing immoral and antisocial behavior.[1] The term is often used interchangeably with sociopathy[2].

Actually, the difference between a politician and a serial killer is the amplitude of the mental disorder, not its type. Politicians obviously have it much harder.

Re:

[syousef]

Think of it as the difference between a politician and a serial killer.

What if the politician IS a serial killer. Like Hitler. Oh shit wait. I just invoked Godwin! I'm meeelllltttinngggg!!!!!!

Re:

[smittyoneeach]

Nah, you just need to paraphrase Gandhi:
"I think ethics in IT would be a wonderful idea."

Re:

[Hal_Porter]

sudo rm -rf /home/gandhi/

CYA

[Hognoxious]

Cover Your Ass. That's it, that's all.

Re:CYA

[maczealot]

To expand this thought a bit (because it is pretty accurate imho) there is a direct link between an IT worker's behavior and the culture from which they come. I have worked in everything from infrastructure to development (solo and team) as well as security. From my observation IT workers have tremendous amounts of access to information and normally do not violate this "trust" if they think they will get caught.

This, as I said, is probably more to do with what kind of culture they are from (I am American) and the social norms they were taught (or not taught) than any commonality of ethic due to corporate department (just because you are classified as IT). The email example will show the classic "Yes, I CAN read all your emails, but I don't. Not because I think it would be wrong for ME to do so necessarily, but because I am too busy to care what you wrote." This is the only unique Ethical constraint I see in IT, where those of us who manage the information and the resources to access it choose an "ethical" path on a daily basis by choosing to solve OTHER PEOPLE's info problems rather than our own with a given block of time. Most IT workers will "feel" ethical if they are doing something useful for those in power over them (i.e. paycheck signers) rather than bending the resources at their disposal to their own amusement/education (i.e. displaying ten different will-it-blend's on different LCD's to see how cool it is).

Ultimately, this behavior is altruistic because upper management, given enough time from which to sample, can tell if an IT worker is "useful" or not and thus reward or punish them. America has a very minimalistic ethic of "if it isn't hurting anyone else.." so unless there are other cultural factors they can lose out to those from other cultures (see: Indians).

Re:

[nr1]

Reminds me of something a friend said:

"Management is like using toilet paper. In the end, the only thing that matters is that your ass is clean."
http://www.conspirito.de/2007/09/management-weiheit-der-woche.html [conspirito.de]

ethics require education

[rucs_hack]

Someone who has no understanding of ethical implications regrading IT will do things they wouldn't dream of if they understood what it meant in terms of invasion of privacy..

Alas many people who use computers regularly are in this category.

I have access to the email of almost everyone I know presonally. Do I read it? Nope.

However, the reason I have access to one persons email is because they needed help stopping another person who knew their password reading every email they sent and received. In spite of my urging they have yet to change their password anew to also lock me out.

You can lead a horse to water, and if you Duct Tape a hose to its mouth, you can make it drink too.

Oh wait...

Re:

[Anonymous Coward]

Do I read it? Nope.

...

they have yet to change their password anew to also lock me out.

And how do you know they haven't changed their password yet? :)

Re:

[19thNervousBreakdown]

Is there a reason you can't require a password change on first login?

Doing this job well? Always!

[Gazzonyx]

Actually, I've been at the place for 3 years (1 year full time while I took 2 semesters off from school to get my head straight), and I can easily say that it was worth it.

I spent a year of straight "heads down" time, doing network administration, database administration (we use Access 2000, but it's exposure nonetheless), writing a backup tool (and porting it 3 times "...it's only temporary, you know." - yeah, right), and learning RHEL during the day. At night I was writing a win32 application, bash sc

Re:

[dfetter]

Why didn't you give a rationale along with the instruction? A lot of people will do stuff when they know why.

Reading users email?

[MichaelSmith]

Anyone who has time to read peoples email obviously isn't busy enough (and is easily amused).

Re:

[ozmanjusri]

Anyone who has time to read peoples email obviously isn't busy enough (and is easily amused).

You clearly need to read the canonical guide [iinet.net.au] to sysadmin ethics.

Ethics is eithics

[clickclickdrone]

Irrespective of if it's IT related. You shouldn't do anything you wouldn't want done to yourself or is likely to hurt people. Just be a decent honest person.

do unto others?

[wall0159]

I think a better approach is do unto others as you think they would want done to them

That helps avoid the "well, I'd want to be killed if I was gay" rationale...

Re:

[Aladrin]

Or perhaps he was right. There are some people that would actually think that dying is better than being gay. In that case, you aren't hurting them to kill them, you're giving them a gift. NOT killing them would be hurting them.

It's a truly fsck'd up way of thinking, but there -are- those who think that way. It is indeed much better to think in terms of the other person instead of terms of yourself, for this situation and others.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Miseph]

As another student of ethics (although my my course in religious ethics was extremely one-sided, I've taken intro to ethics and am currently taking an environmental ethics course), I agree completely. One of our biggest problems as a society is that we overwhelmingly tend toward dogmatism, and dogmatism is a Bad Thing no matter what side you're on because it prevents everyone involved from actually thinking or coming to rational decisions; stem cells are a great example of everybody involved simply failing

Unix syndrome

[QuantumG]

Anything that isn't prohibited is not only allowed, but also ethical.

Re:Unix syndrome

[value_added]

Anything that isn't prohibited is not only allowed, but also ethical.

There may be some truth in that, but I don't see how that applies to interpersonal behaviour. My own preference is to defer to what my grandmother taught me: ethics is insisting on doing what's right even when no one is looking.

She also taught me to the principle of keeping things simple, both from a moral perspective and practical one. I never asked, but I'm sure she preferred vi to emacs.

Re:

[QuantumG]

When you spend your life in a perfectly enforced world you rarely have to make ethical decisions. You don't have to think "gee, should I take a look at Bob's files or not?" Because the system stops you from doing it - unlike the real world, where you have the choice of obeying the law or not, and are better off for thinking about what is right what is wrong. So when you are presented with an ethical choice.. usually as a result of some temporary granting of power.. you don't know what to do.. and it's ea

Re:Unix syndrome

[sumdumass]

Lol.. You shouldn't have posted this as AC.

I think too many people dwell on the word nigger which in and of itself has no power outside what people give it. Also, according to the definitions I was raised with, nigger doesn't really mean black, but a type of person who does certain things.

Few people realize that the word nigger is more or less a bastardization of the word Niger which is a territory/country in Africa that exists to this day. When the slave trade was coming to the US, the tribes had chased all the other tribe back past the Nigerian and Niger rivers into a french territory called Niger before capturing them. When you ship property, there is a point of origin and destination on the bill of lading and some dumbfuck hooked on phonics southerner pronounced niger as nigger and because most communications were oral, it stuck.

but regardless of it's origin, the fact that people let words define who they are is amazing when it comes to this. The racists use the word because they know it pisses people off. It is really no different then juveniles taking up swear words in an effort to piss their elders off. Unfortunately, instead of dealing with it as a word with many meaning, we have concentrated on the negatives associated with it and placed it off limits because of how we have reinforced the negetive meaning. To a racist, it has no meaning other then pissing blacks off, we gave that to them and let them define it's value by teaching the youths to react in a certain way to it. Racist on the other side have tried to do the same with creating words like Cracker and honky but unlike nigger, it only holds a specific meaning in their circle so it doesn't have the impact that nigger does.

Anyways, the point of chiming in, is to mention that the AC is right in that nigger doesn't mean black people, the modern definition doesn't even seem to mention them. And the only reason it has any power is because we let it have it. Either as a society who has tagged it as the "ultimate offense" or as a people who will let it trigger emotions and actions and in effect playing into the users motives. Hate often is designed to hurt others, when they can do it arbitrarily with words, those that hate become very effective. That's why "hate crimes" is a joke. It empowers those that hate.

Ethics on an MBA?

[edittard]

Ethics on an MBA - do the marks from this module get subtracted from your overall score?

Re:

[mwvdlee]

"Business Ethics"

Does this joke need explaining?

Re:

[Bastard of Subhumani]

"Business Ethics" Does this joke need explaining?

None of my colleagues here in military intelligence got it...

Re:

[clickclickdrone]

Oh man, just had a choking fit caused by laughing whilst eating an sandwich. Don't breath in crumbs - it's a bitch.

Do something useful or something popular

[JohnnyKlunk]

While it's not strictly related to IT, I can spend a whole week doing any number of things that are really useful in the long-term to the business from an IT perspective. Or I can do something that will make the boss happy. Like a flashy widget on the intranet or a set of graphs that prove nothing. One gets me a better bonus and the favour of all those above me. One makes me a good tech. What's the norm here? Balance I guess, depends on the job. This year I'm going to spend a lot more time on the latter. Hopefully get the bonus and pay off the mortgage - most people trade ethics for a mortgage eventually.

Ethics on MBA?

[nagora]

This is window-dressing. Ethics are irrelevant to business and if you try to be ethical you'll be screwed in no time.

TWW

Re:

[mwvdlee]

"Ethics" is relevant to business in that is is a great marketing word that makes your business look like it actually gives a crap. Ethics in business only exist unless more money can be made by not having ethics.

This is actually untrue

[Kupfernigk]

The posts here suggesting the "business ethics" is an oxymoron are from people who obviously have no real experience of business. Real world businesses know that they have to keep both customers and suppliers happy, and the best way to do this is still to be ethical where it counts. If I treat my suppliers honestly and you try to diddle them, you may save a percent or so now, but what will happen when there is a shortage? Who will get priority?

When I was a general manager, one of my policies was always to pay the small suppliers promptly, because they need it most. That's not only ethics, it is simple common sense.

It is interesting that one of the most developed business environments in the world -that little region that includes Northern Italy, Switzerland, parts of South Germany and South-East France - relies heavily on networks of trust. I have sealed the deal there more than once with no paperwork and a handshake. I suspect that the reason that "Business ethics" needs to be taught in an MBA class is because many new graduates have fantasies of the ruthless corporate world based on Hollywood and computer games, and they need to be made a little safer before they can get out and cause their companies serious damage.

The fact that some CEOs are psychopaths should not blind us to the fact that most are not.

Re:

[nbert]

Mod parent up - this is the most insightful post so far.

On a related note I'm wondering since a few years if a more down-to-earth terminology in this field could help to gain more acceptance in the non-business world. Why do we have to call it "business ethics", if it's mostly about sound business practices? In similar vein terms like "corporate culture" sound pretty bold if you think about their actual meaning. It's not about managers performing a ritual dance before every meeting.

late payment

[pbhj]

Kupfernigk >>> "When I was a general manager, one of my policies was always to pay the small suppliers promptly, because they need it most."

Well, most companies don't hold to that.

Oft repeated rhetoric here is that a companies only purpose is to make money. You're actually depriving your shareholders of a small amount of capital by paying on time if it's possible to avoid.

I find that (as a director in a small business) we get paid late by big businesses and government organisations. They can pay late, we can't afford to sue and we need them more than they need us. We've been paid over a month late by a local council (!) for an amount equal to about 50% of our wages bill ... that doesn't help cash flow much!

Inspired by Google's early ethical policy of "do no evil" ours is "be nice". We've many times checked our behaviour, and adapted it (sometimes to our financial detriment), by following this code.

Re:

[nagora]

Real world businesses know that they have to keep both customers and suppliers happy

In chess terms, you are not looking enough plys ahead. In the real world all businesses are striving to eliminate all competition so that they can then treat suppliers and customers as cash-cows to be milked dry. Before you reach that blessed state, of course, you may need to pay lip-service to ethics and customer-relations but ethics that are forced on you are not really ethics, they're either regulation or market-forces.

Re:

[mwvdlee]

As soon as a company is tradable on a stock exchange, it's essentially a money-making machine where all ethics, core business and other terminology are of lower priority than making money.
The only reason any ethics exist in tradable companies is because they'd probably make less profit in the long term if they didn't.

Re:

[Lally Singh]

Thank you for saying it.

Trustworthiness is a real business asset. I'm amazed at how opaque /.-ers are over this, considering that so much of the culture here is based on trust, 'doing no evil' (for real), etc.

Actually, when you screw up, it's an opportunity to show your customer how far you'll go to fix it. A great way to build trust. You know, as long as you're not doing them any actual damage in the process.

Re:

[Kjella]

The posts here suggesting the "business ethics" is an oxymoron are from people who obviously have no real experience of business. Real world businesses know that they have to keep both customers and suppliers happy, and the best way to do this is still to be ethical where it counts.

If by "where it counts" you mean "with those who can screw you back", that's hardly ethics it's just basic self-preservation that even psychopaths engage in. The first rule of anyone unethical starting with the schoolyard bully up to the boardroom is to always pick on those that can't or won't fight back.

Trust simulation and purpose-blindness

[Frater 219]

The point of authorization systems (like user permissions on a Unix system) is to simulate and thereby enforce the trust relationships that people have with regards to data. You aren't allowed to read my email, so you don't have read access. You're allowed to use a certain amount of disk space, so there's a quota.

But here's a problem: Technology is purpose-blind. It doesn't know for what purpose you're trying to do a particular thing -- only whether you've got access to do it. However, in the real world, we frequently want to trust someone with a particular resource, but only for certain purposes.

You're allowed to drive Daddy's T-bird to the library, but not to the hamburger stand. But the ignition system doesn't know that; it just knows you put the right key in. Your sysadmin is allowed to read your email files if she thinks something's wrong with the mail server, but not just because she thinks you're cute and wants to stalk you. But the permissions bits don't know that.

You're allowed to access Scientology's Web page to read it, but not to repeatedly reload it just to put load on their server and run up their bandwidth bill. But neither your browser (or wget) nor their server necessarily understand that.

So there's an ethical problem: you frequently have access to things for only certain purposes. How are those purposes defined and agreed on? Is it possible to make authorization systems more purpose-aware? Would that even be desirable, or would it just cause problems with unexpected situations?

Suppose Daddy's T-bird only allows you to drive to the library, by shutting off the engine if you try to go somewhere else ... and Daddy has a heart attack and you need to get him to the hospital. Down that road lie DRM and other systems that decrease the value of technology by getting in the way of legitimate uses.

Audit is more important than access

[Kjella]

Access are for the things that you never should be able to touch. Audit seems to be working quite well for the rest. This doesn't work quite well in the sysadmin example where he can go in and read the files directly, but it's very effective in most systems where you have to go through a regular interface. I know for example banks have used that for operators that like to peek at famous people's bank accounts. Another example that I know personally is passing through project gates - the access controls are

Re:

[QuantumG]

Access control systems just take away the need for ethical consideration. People don't think "should I read my friend's email", they think "do I have access to read my friend's email". If they can, they assume they should.

Re:

[Chrononium]

I think that you've hit upon the great crux with any technology: it doesn't enforce a purpose (or ethical behavior), it just performs a certain function given certain input and initial conditions. In my view, technology merely allows the sphere of the user to extend. If that person wants to do bad, then the technology will be used for bad purposes. If that person wants to do good, then the technology will be used for good purposes. While this sounds like an undesirable trait, I claim it is a very desirable

Re:

[jamesh]

You're allowed to access Scientology's Web page to read it, but not to repeatedly reload it just to put load on their server and run up their bandwidth bill. But neither your browser (or wget) nor their server necessarily understand that.

URL?

Snooping

[Spad]

Reading through someone's emails or documents without permission is job suicide - nobody is going to hire someone who was fired for snooping through other peoples' stuff. Of course, this relies on there being some degree of auditing in place to catch you, but you shouldn't do it anyway, on principle.

Re:

[gbobeck]

...nobody is going to hire someone who was fired for snooping through other peoples' stuff.

Tell that to the NSA or CIA.

Depends on Company Policy

[gsslay]

Most of what defines IT 'Ethics' (or at least those that relate to purely IT issues) are defined by company policy. Some company policies state that users have no right to any privacy on email. Some companies practice complete lock-down of computers and teach users that the IT Administers really are god.

So the first point of reference is company policy. The only place "ethics" come it to it is the ask if these policies are written down (rather than made up as you go along to suit the situation) and do th

The difference between IT and other professions

[Yvanhoe]

One of the key difference between IT-related ethics and other fields like medicine or law is that there is no official body emitting guidelines and no rights and duties recognized by the law.

When a doctor is asked by an employer to give him medical informations about his employees, he can point out that this would be illegal.
When a sysadmin is asked by his company to monitor users' web access, there are a lot of privacy issues that are raised but never addressed in the law. I mean, it can be part of the sysadmin job to prevent company computers from accessing porn sites but knowing which users access gay websites and which are ordering viagra online is something that should never be forwarded to upper management. He cannont prevent knowing this, but there should be something akin to medical secret regarding these data.

Re:

[Anonymous Coward]

Hmm.. the closest that I know of is that developers/programmers can join IEEE and/or ACM, and those organisations do have codes of ethics they expect their members to adhere to.

(It's helpful if you're ever asked to do something you consider unethical, and you can state your professional organisation membership's code of ethics forbids such behaviour. It helps you stick to your ethics because it backs you up.)

i read your e-mail

[Tribbin]

http://www.thinkgeek.com/tshirts/frustrations/31fb/ [thinkgeek.com]

ACM Code of Ethics

[floki]

The Association for Computer Machinery (ACM) [acm.org] has a Code of Ethics [acm.org]. Have a look at it. It gives quite a lot of guidance converning professional conduct in IT.

SAGE: System Administrators' Code of Ethics

[ukh]

And so does SAGE (for system administrators), more to the point: http://www.sage.org/ethics/ethics.html [sage.org]

Hacker Ethics

[gbobeck]

Steven Levy wrote a basic set of rules commonly called the hacker ethic [wikipedia.org].

In case you don't feel like clicking on the link, the Hacker Ethic is the following:

* Access to computers -- and anything which might teach you something about the way the world works -- should be unlimited and total. Always yield to the Hands-on Imperative!
* All information should be free.
* Mistrust authority -- promote decentralization.

IT Ethics is Different from Business Ethics

[Starky]

The fundamental focus of ethics is different between general business and IT issues.

In many business programs, students are exhorted to compete from day one. Many students take away the message that they should maximize profits (or market share or whatever they use as a metric of success) by any means necessary.

(I have worked on a number of antitrust regulatory issues, and you would be astonished at the number of e-mails that have been unearthed in which executives send each other messages to the effect, "Let's use unfair competitive practices to squash the little guy!" I'm paraphrasing, of course, but not by much.)

In IT, on the other hand, the issues pertain more to privacy and intellectual property rights. If a system administrator reads someone's e-mail, it may be for personal gain or just out of curiosity, but it's not due to any sort of overriding business objective. Competition in IT is to build the best product, not to "get" the other guy. And the ethics reflect that.

By the way, I've also worked at a company where an admin, who reported to a manager I worked beside, was reading e-mails. The manager let him know that he knew, and that if anything came of it, it would come back to bite him, but also let it slide because (1) someone has to have access, and whoever it is will probably take a peek from time to time, and (2) he was relatively discrete about it, and others may not be. Was he unethical in letting the behavior persist?

What ethics?

[sr8outtalotech]

Maximizing shareholder value > anything else. Seriously, ethics? I'm in the SMB consulting industry. I sign NDA's on a regular basis with consulting companies so when the consulting company violates an ethical obligation to a client I'm contractually bound not to say anything. 13 passwords all the same for 13 company's but they (not me) billed their managed services as following best practices. PPTP VPN instead of LT2P/IPSEC (a stand alone certificate server = $), no account auditing(disk space = $), no logon failure limits(disrupted users = lost $), no port security at the switch (network admin = $), etc... I've yet to run across a salesperson that didn't upsell/oversell. I think most techs realize what's ethical behavior and what's not but they get pressured into not saying anything by management and sales.

Here's a scenario that happened to me in 2006. I had a contract terminated with no reason given. 4 days before the contract was terminated I sent a memo to the CEO (I reported to him) about sending bulk email without an opt-out option and without the companies physical address. I included relevant state and federal laws regarding the issue, mainly the Can Spam Act. 3 days before the contract was terminated the CEO confronts me in front of the whole office about how they were the following the law. I flatly told him I wouldn't send them or train anyone to send them until they added physical contact information and a way to opt-out. This was in front of his entire office staff. I wanted to discuss it in private and he wanted to discuss it in front of everyone. Friday, my contract got terminated, no reason given. Take a guess as to why it was terminated?

Cultural & Legal

[Aceticon]

Ethics in IT is just a reflection of ethics in the world at large - what people tend to do or not to do is usually a reflection of what they believe that others expect them to do or not to do.

Often this is for cultural or even legal reasons: for example, in Holland it's forbidden by law in a company to check the web access logs for an employee unless there is reason to believe that employee is misusing the company resources or doing something illegal, while in the UK an employee can expect that anything done via the company network will be watched.

The main differences that affect the actions of people in a position of power in an IT environment and in an equivalent non-IT environment are:

• Anonymity: the belief that "nobody will know who i really am" means that some will do online certain actions that are shunned by society at large. While acting behind an alias which cannot be traced back to the real world persona many, free of social pressures and/or direct repercussions for their actions, will act online in ways that they would not act offline (I suggest you study MMORPGs for this).
• Decoupling from reality: often one's actions do not have a visible component in the "real" world. At it's most basically, it's easier to be unpleasant when the target is somebody you've never met personally.
• The lower likelihood of being caught: the risk of being caught is a strong factor when considering whether or not to act in a way which might be perceived as unethical, illegal or socially unacceptable. In the "virtual" world it's easier to do some actions without being caught. For example, consider the workers in the mail room in a company vs the e-mail server administrators in that company: for whom would it be easier to read somebody else's messages without leaving a trace ...

"ungodly" and "pirated" on Slashdot?

[mi]

Sorry, we do not believe in Imaginary Property here. There is nothing "ungodly" about "pirated", because pirating is not exactly the same as stealing.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Ethics

[Anonymous Coward]

One of the interesting ethics issues I have seen at most of the places I have worked is how the typical person is treated versus how the executive is treated.

The typical person calls the Help Desk, gets a level 1 person who reads scripts and then if they can't help it gets escalated. If the problem is severe they might try to remote control the computer, etc. It is also, in most places I have worked, expressly forbidden to work on home machines due to liability factors (if you destroy their data for insta

Re:

[Kryptic Knight]

One process to rule them all, One lockdown to mind them, One email system to bring them all and in the darkness bind them.

In other words, what applies to the filing clerk, also applies to the Director/CEO.

Admittedly you sometimes have to visit home locations of directors to setup company equipment, this cannot be avoided, but you don't work on their home computer equipment.

If you're going to lockdown then lockdown. If you're going to make any exceptions then you may as well not bother in the first place.

sudo

[k2r]

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:

                #1) Respect the privacy of others.
                #2) Think before you type.
                #3) With great power comes great responsibility.

---
That's about the ethics my teachers had when I started to learning system administration 15 years ago and this is what I'm still educating people new to this about. I never met a good admin who wouldn't passionately subscribe to this.

k2r

Re:sudo

[ideonode]

It usually boils down to these two things:
                                #1) Respect the privacy of others.
                                #2) Think before you type.
                                #3) With great power comes great responsibility.

Talking of reading other people's emails...

[adrianmsmith]

A friend of a friend was working in IT as a Windows administrator. He was called to fix someone's computer, who then went out to lunch leaving the friend alone with the computer. He saw a mail on the computer that he found interesting, so he forwarded it to himself.

This is surely a bad thing to do, and the end of the story is that he got fired, but he probably would have got away with it apart from the mistake he made....

He managed to spell his own name wrong in his email address. So when the guy got back from lunch, there was a bounce mail waiting for him in his inbox....

Re:

[ContractualObligatio]

As Heinlein said, "stupidity is the only universal capital crime; the sentence is death, there is no appeal, and execution is carried out automatically and without pity."

Ethics is a personal attribute, not a rule set..

[Anonymous Coward]

From what I've seen in 25 years, the difference is simple personal committment. I have been put under pressure to charge clients for hours I didn't work, for being 'creative' with the truth so the real facts wouldn't show (i.e. readers would be mislead), for 'accidentally' overlooking problems because it would be politically convenient and for coming to a pre-determined conclusion by a biased look at the facts.

You have in each case two options: do what's right or do what is convenient. I prefered to do wh

There is no norm for ethics in IT I think

[oldbamboo]

I've had to familiarise myself with Sarbanes Oxley (which applies only to US listed companies anyway) and that is the only piece of legislation which I am aware of which requires regular sign off of ethical conduct, and that only applies to the board I belive. Elsewhere, for IT workers, both the CISSP and CISA certifications require that a standard of ethical conduct is maintained, and a declaration of such is made by the applicant. I think ethics are only defined in this way, as a requirement for membership of specific professional organisations or for the holding of certain credentials, but these are the only ones I'm aware of. Beyond that, and this is the point, having conducted audits and reviews of a number of companies and the governance of their IT, I think this topic is universally ignored for IT staff specifically. I can not recall once seeing the discreet topic of "Ethics" enshrined within the IT policies and standards of any major company I have inspected. The best thing you can do is collect and review a number of general "End User" policies from different places and see to what degree promises to not view porn, sell secrets, access stuff you shouldn't, etc, etc, are reflected, and quantify them against the ethical requirements being taught on your MBA. IT User policies can be dredged up from the Internet ten a penny, and they should allow you to gather sufficient of them to launch an academic argument as to the provisions for ethical conduct they establish within companies or public bodies in general. The degree to which they are obeyed is impossible to measure, but you can certainly speculate on the need for regular training on ethics.

It's a people thing, not an IT thing

[petes_PoV]

It's the people who are either ethical (do you really mean honest?) or not. There's no attribute of working in an IT environment that would change people's ethics.

Now,a more interesting question might be:

Does IT attract more or fewer honest people? The answer I'd say os that IT people are generally more honest. We are often presented with opportunities to do unethical or dishonest things and not get caught but I think the proportion of IT staff who would go down this route is lower than in the general po

Re:

[base3]

Particularly with the advent of outsourcing, those who work in IT are selling trust more than skill. That's why abuse of power by IT folks should be dealt with harshly and swiftly when detected.

Yeah, business ethics..

[Serhei]

Far too often, companies consider business ethics to == "not doing things that will get the company into trouble."

Programmer Ethics

[sticks_us]

There are at least a few different angles here, and I suggest that management (bad management, at least) is largely to blame for a special, invisible, type of ethics violation in the IT world.

Let me begin by reviewing three modalities of ethical behavior:

1) How the IT worker functions vis-a-vis their co-workers: the usual stuff--office politics, gossip, backstabbing, etc. and has been well-covered elsewhere.

2) How the "visible" IT worker functions in relation to his/her job: Email snoops, BOFHs, yeah, yea

As a fellow MBA Student Ill give some insight.

[jellomizer]

What ethics in is NOT: Choosing Open Source or Closed Source Software, Choosing one Hardware/Software over the other, wether you code you produce is open sourced or closed source, open Spec or Closed Spec ( Although I think they should put more effort in Open Spec vs Open Source) Those are Business decisions and have no real morality issues.

What are Ethical issues:
Finding loop holes in software to avoid paying extra license fee (lets make sure that everyone loges onto this server as this name)
Knowing there has been a security breach and possible data has gotten lost wether to tell the company or not
Change the ways hours for projects are recorded to put more hours in one project and less in an other.
Contracting consultants to replace your current work force just because they are billed from a different source and makes you look good.
Not contracting consultants when your project really needs more people or skills. or a new set of skills for the job for a project.
Changing a project from Fixed Priced to Time and material or vice versa because it just suits your needs.
Expecting Free Quotes or Specs for a new project then going to a different group to do the work.
Work with a third party reseller to get the design you need then go to to the source just because they can give you a better deal.
If you have third party resellers choosing to undercut them after they have done all the relationship building and advertising for your projects.

Ethis is an issue of trust. If your actions shows that you cannot be trusted then things really backfire. Any one ethic violation may not hurt anyone but a combination will generally get the company of employees and venders shit lists and you will get less quality and service and value over time.

Islamic angle

[mapkinase]

"ungodly pirated software": From this blog entry: [wordpress.com]:

A group of contemporary scholars does not approve the concept of "intellectual property"....

and

On the other hand, some contemporary scholars take the concept of "intellectual property" as acceptable in Shariah....

First group arguments:

* concept of ownership in Shariah is confined to the tangible objects only
* no precedent in religious practice where an intangible object has been subjected to private ownership or to sale and purchase
* concept of "intellectual property" leads to monopoly of some individuals over knowledge, which can never be accepted by Islam

Second group arguments:
* there is no express provision in the Holy Qur'an or in the Sunnah which restricts the ownership to the tangible objects only
* there are several instances in Shariah where such intangible rights have been transferred to others for some monetary considerations
* concept of "intellectual property" does in no way restrict the scope of knowledge

Read more of it through the reference. I know there are tons of Muslims from subcontinent in IT industry and (inevitably) on /., so this should be interesting at least to them.

"reading co-workers' emails":
1. Sahih Bukhari is book number 2 for Muslims:

Hadith - Sahih Bukhari 9:38.2, Narrated Sahl bin Sa'd As-Sa'idi
A man peeped through a hole in the door of Allah's Apostle's house , and at that time, Allah's Apostle had a Midri (an iron comb or bar) with which he was rubbing his head. So when Allah's Apostle saw him, he said (to him), "If I had been sure that you were looking at me (through the door), I would have poked your eye with this (sharp iron bar)." Allah's Apostle added, "The asking for permission to enter has been enjoined so that one may not look unlawfully (at what there is in the house without the permission of its people)."

2. Less solid hadeeth (has somewhat flawed chain of narrators)

Hadith - Mishkat, Narrated AbuDharr , Tirmidhi transmitted it, saying this is a gharib tradition

Allah's Messenger said, "If anyone removes a curtain and looks into a house before receiving permission and sees anything in these which should not be seen, he has committed an offence which it is not lawful for him to commit. If a man confronted him when he looked in and put out his eye, I should not blame him. But if a man passes a door which has no curtain and is not shut and looks in, he has committed no sin, for the sin pertains only to the people inside."

I guess second part of the second hadeeth does not apply to BOFH.

the worst thing I ever did as a sysadmin

[Anonymous Coward]

The worst thing I ever did as a sysadmin: a coworker of mine attempted to apply for a job somewhere else, and accidentally sent the cover letter & resume to our boss. At her request, I deleted that message from his inbox before he'd had the chance to read it.

I know that this is pretty small potatoes, but it still bugs me.

The slimy factor

[griffinme]

Here is an example from my dad. He was an engineer at a manufacturing plant in the 70's that decided they needed to go to CAD. He was given the project. He started working with DEC and they quoted XXX,XXX.00 as the price for a great system. He took that back to his bosses and they agreed. He goes back to DEC and the salesman starts mentioning things like, "Would you like an OS with that? It will cost XX,XXX.00 more." and "Would you like the special power cord? It will cost an extra XXX.00" They kept this up until the price was now one and a half times the original quote. Dad was getting embarrassed at going back to his bosses over and over asking for more money and finally got mad and started threatening to kill the deal. At this point the salesman mentions that it includes a Rainbow computer (their version of a PC and rather pricey at that) that wouldn't show up on the invoice and could be shipped to any address. That was about the point were Dad exploded.

Crazy thing is he loved DEC computers and still does. He wistfully talks about their ability to multi-task and better file system.

Years later I was caught in an ethical bind and asked him what to do. "You can do the easy thing or you can do the right thing. Doing the right thing might be bad for you in the short term, but you will be able to look back later and feel good about yourself instead of feeling slimy every time your reminded about it."

I took a business ethics class taught by a retired corporate head of human resources. He gave a good explanation of why this is taught in some business schools. "If you think about this now when you have no pressure on you, you stand a much better chance of making the best decision when under pressure and you have to make a snap decision. Don't kid yourself and think these things won't happen to you. They will, and most of the time you will have no time to do any soul searching."

a wise man once said...

[t35t0r]

"There's no such thing as business ethics. There are only ethics, you either have them or you don't."

Re:

[khallow]

No, it's ok as long as you hump their corpse respectfully.

Re:Ethically speaking

[TheVelvetFlamebait]

I never read slshdot.

...or at least its title.

Re:

[gbobeck]

Do what you like, just don't get caught.

...And remember kids, if the Cop didn't see it, you didn't do it.