Slashdot Mirror
When Ethics and IT Collide
jcatcw writes "IT workers have access to confidential data, and they can see what other employees are doing on their computers or the networks. This can put a good worker in a bad predicament. Bryan, the IT director for the U.S. division of German company, discovered an employee using a company computer to view pornography of Asian women and of children. He reported it but the company ignored it. Subsequently the employee was promoted and moved to China to run a manufacturing plant. That was six years ago but Bryan still regrets not going to the FBI. Other IT workers admit using their admin passwords to snoop through company systems. In a Ponemon Institute poll of more than 16,000 U.S. IT practitioners, 62% said they had accessed another person's computer without permission, 50% read confidential or sensitive information without a legitimate reason, and 42% said they had knowingly violated their company's privacy, security or IT policies. But in the absence of a professional code of ethics, companies struggle to keep corporate policies up to date."
The ACM has done at least one thing right:
http://www.acm.org/about/code-of-ethics
1) Not reporting something illegal when discovered in the normal course of business, i.e. whistleblowing. Fear for job safety or simple moral cowardice?
2) Actively doing things that the employee knows are illegal/immoral/unethical. Come on - does a "profession" really need a code of ethics to tell its members not to seek information to which they are not entitled? Maybe they need to reevaluate calling themselves "professionals".
"As God is my witness, I thought turkeys could fly." A. Carlson
You see the logs of some guy looking a kiddie porn and you report it to your HR department.
Where's the ethical dilemma?
If HR does nothing about it, you report it to the FBI.
Where's the ethical dilemma?
And ethical dilemma would be where there were two ethically valid choices with different consequences. If you have two kids and they're both drowning, which one do you save first?
There is a professional organization, of which I happen to be a member, Called "LOPSA"- "League of Professional System Administrators".
The code of ethics is found here:
http://lopsa.org/CodeOfEthics
While my IT department does not require membership in this organization, these rules of ethics are *posted* and violations of those rules are a fireable offense!
Another consultant who stuck it out.
"We are the Priests, of the Temples of Syrinx..."
A poll? What's the point of that???
5% of us would vote randomly
6% will definitely be stuffing the ballot box
7% Might be stuffing the ballot box
Or worse yet:
17% will choose the Cowboy Neal option
Do not meddle in the affairs of dragons, For you are crunchy and go well with ketchup.
I have an ethics problem every time I get a paycheck for 40 hours of work when I actually worked 60.
Using company systems for your own needs? heck, the company is alreaady getting 40 grand worth of free overtime. Is that ethical?
Never mind legal, is is ETHICAL?
I think these numbers are bogus.
I know of people instantly fired for doing such things. There is an unwritten IT code and the vast majority of IT people I have known or ever come in contact with follow it.
If it was like the PMP, CMA, CPA or other professional certifications/licensure that industry requires for certain jobs, then code of ethics violations would mean loss of certifications/licensure. That would weed out all those unethical assholes in IT.
In God we trust, all others require data.
Violating company policies and snooping is one thing, but employees do not own their computers and staff administering machines do not need permission to access systems.
If you have an ethics issue with your current job, you should quit, and find a new job. The last thing you should ever want is to be thought of as a person who will compromise his principles for money.
File under 'M' for 'Manic ranting'
- morally wrong (going against your own personal conscience)
- legally wrong (going against codified law)or
- sinful (going against your religious beliefs)
Watching child pornography is illegal in all relevant legal systems, and not reporting someone to the authorities could be considered a crime of omission or obstruction of justice. It might be sinful, depending on your religion. It is probably considered morally wrong by the majority of people.The problem I see with the dilemma posed by the article is that he tries to conflate these areas and to get a mental map that divides things neatly into The Right Thing(TM) and The Wrong Thing(TM). I think this approach vastly over-simplifies things; take file-sharing, for instance: many instances are illegal since they break copyright law. Yet I wouldn't think it is immoral, since the laws appear to be unjustly slanted against consumers. I couldn't say how religions see the issue (the closest I could find was a quote from the Bible: "go thy way, sell whatsoever thou hast, and give to the poor" which seems to speak out against hoarding property), so I won't make a qualified judgement on that.
But it should be clear that this is a complex issue, and people trying to frame it in terms of "right" and "wrong" without specifying the framework they're using makes a good answer almost impossible.
-- Language is a virus from outer space.
Sure, I have unmitigated access to everything that comes, goes, or happens in my company. And if I don't have access to some particular facet of the boss's operation it's pretty trivial to give myself access. But do I snoop through other employees' email or documents or browsing records or whatever? No. But, admittedly, not because of any particular integrity or high moral standards on my part.
I just don't care. Yeah, it might be nice to intercept early the memo that says I'm going to get canned tomorrow (or whatever) but I have more than enough things on my plate and no time, motivation, or incentive to play Secret Squirrel with other people's stuff. I have news for you: 99.9999% of what happens on a business network is mind numbingly boring. Memos. Transmittals. Materials lists. Spreadsheets. Schedules. Business correspondence so packed with legalese and ass-kissing and meaningless paradigm shifting buzzword bullshit it makes my brain hurt just thinking about it.
If I want to abuse my authority and misappropriate company time and network access, it's easier and less mind-frazzling to just delegate the job to somebody else and go read Slashdot.
That's where you are incorrect. There was never any privacy when someone was using their "work" computer for "personal" use. If you think you have any privacy using a computer provided by your employer, using your employer's resources to access the porn, you are mistaken. Courts have held numerous times employers own the equipment and have the right to view (i.e., spy) on your usage.
There was no privacy here, therefore no ethical issue.
Quality Hosting e3 Servers
I can understand the kiddie stuff. But what's wrong with asian women? Last I checked, asian women were beautiful, and there is nothing illegal about viewing them. It may be against company policy, but THAT is not worth calling the FBI over.
I know what the author was trying to get across, and there was plenty of cause to call the FBI, but lumping the asian women with children is just demeaning to the women.
For linux tips: http://www.linuxtipsblog.com
This isn't specific to IT, but it happens a lot.
Most newbie Admins poke around in places they shouldn't soon after getting heightened access to the systems.
Almost anyone, in any career where they have access to sensitive information end up abusing it to some degree.
Doctors, Nurses and medical records people read the files of friends or relatives all the time, and that's certainly illegal.
Also, if you come across that kind of stuff in your routine work, you are actually required by law to report it to the police.
After 15+ years in IT, all data looks the same to me.
I can help someone adjust the font on a document and not even notice what it says.
Not too many years ago I worked for a "web startup" (i.e. small company founded by Harvard MBA who smoked lots of weed, drove a VW, and was out to "save the world") as IT manager. As the market tanked, the CEO became more and more concerned for the future of the company and with good reason! We'd gone from regular upper 6 figures per month to less than half that, with three locations whittled down to essentially one and a half. Many employees left for greener pastures. When things REALLY started to go down hill, the CEO asked me to intercept any emails between current and former employees, and then "hinted" that since so many of our clients had their email hosted on our email server, couldn't I do the same with them. I know that, legally, he had the right to get access to current employee email, and any former employee whom he had granted continued use of our email system (not sure on that last bit, IANAL). But asking me to, or suggesting I should allow him to, read client emails was a final straw. While he may have the "legal right" to read employee emails, it left a very bad taste in my mouth. Suggesting I allow him to read client's emails? It was like licking a rat. At the end of the day I had to go home and see myself in the mirror, and I knew that reading other people's personal, private emails was something so abhorrent. (Rimmer: "Lister, that is my private, personal, private diary; full of my personal, private, personal things." Cat: "It's gone public.") Now all that said, at another job, myself and some other IT workers suspected one of the devs of possibly being a pedo. We didn't read his emails, we didn't pour through his computer (which we could easily have done), but we did put google to good use, and at one point we did packet sniff where he was browsing. Was I proud of that? Well, actually yes. If he HAD been looking at kiddie porn, if he HAD been a sexual predator, being a father how could I stand back and not try to do something? It turned out he wasn't a diddler, just... Really really really really creepy. It is a very fine line between "ethical" and "non-ethical", it can be very hard to judge which is which, and everyone will have their own opinions. But in the end you have to live with yourself, and certainly I'm not qualified to decide right and wrong, nor pass judgment. If I had my way, anyone who sold a poorly made curry would be strung up and boiled in oil.
Because there are already professional certifications available for IT people. Speaking from personal experience they currently make bugger all difference to fees or salaries. If you were to require such certifications then the reduction in supply of IT personnel would cause the salaries of the certified to rocket... As it has for lawyers, doctors, accountants etc.
No? Not willing to pay up? Oh well then, you can't really complain.
Deleted
That would weed out all those unethical assholes in IT.
Sticks and stones may break my bones, but I can read your email...
Except of course that you're wrong. Courts have upheld the right to use company phones for occasional personal use. Recently, they have ruled simillary for the web or email (I can't remember which). I also don't ever recall a court allowing a company to spy on telephone call, even though they owned the equipment.
You don't lose your rights when you enter a workplace.
"Bryan, the IT director for the U.S. division of German company, discovered an employee using a company computer to view pornography of Asian women and of children."
And how did he know this, if he wasn't LOOKING at the damned stuff himself?
1. Someone looking at adult porn is not an "ethical problem", unless you got your ethics from the bible belt.
2. Someone looking at kiddie porn isn't an "ethical problem" either - its a legal problem! Like in "against the law".
3. Not reporting it because you would have to admit you were snooping on other people - priceless AND retarded.
Kevin Smith on Prince
Come off it ... 70% of ALL porn-viewing is during working hours.
Your boss does it. Your coworkers do it. Get over it.
As long as you get your work done, who gives a shit? Better they look at pr0n than some site that advocates that "Jebus is comiong soon" and they start putting bible tracts on your keyboard ... THAT is a real invasion of a person's "space".
Kevin Smith on Prince
"Thus, based on legal advice, my employees are instructed to notify law enforcement *before* notifying management"
And who wants to fuss with that. My advice would be to (a) never look at anything that would cause you to be forced to report anything (b) if you do, make sure no one else knows and pretend it never happened (c) if caught in a dilemma, tell your boss anyway and say you weren't sure if this applied and you need his/her guidance.
That's the only sensible thing to do, but I realize you can't give that as official advice.
Because it:
That's why. Whenever you don't understand a corporate decision, just ask yourself, "Who benefits from this?", and soon the reason will become obvious. It's not that corporations make non-sensical decisions; rather, that corporate decisions are often motivated more by internal politics and the need to maintain a semblance of professionalism than anything else.
The society for a thought-free internet welcomes you.
Well reporting it to upper management is possibly one of the worst things you can do. In the example he said he knew about the kiddy porn and report it to upper managment. Well, that was your first mistake. First thing you did was single yourself out as a trouble maker and a snitch. People don't like snitches, even if it is for a good reason.
Well he reported the shit and nothing happened. Well possibly nobody believed him so he outed himself for no good reason. Then most upper management blokes tend to run in packs. So odds are he outed his mark to a friend of his mark. The person he outed and the person he outed to could have booth been trading kiddy porn or the person he outed just simply said he wasn't to his frined. Who would you believe? So the only thing he did was paint a fat ass target on his ass.
I would have anonymously figure out a way to rig his computer to send all his kiddy porn to a "public" printer. The biggest fucking color printer in the place. Maybe one of those big ass HP with paper rolls on it. For extra kick I would have set it to go off when the office prude or church lady was standing next to it. Then I would fire the bitch off and stand back and watch the fun.
Mr Kiddy porn gets what's coming to him. I'm not on anyone elses shit list and I have a good laugh at someone elses expense. Of course the whole fuckign thing can backfire. I might not be as good as I think I am and the whole barking mess could fall right back in to my lap with a fat ass thund follwed by a clang.
but I'm that good.. so no worries...
Supporting World Peace Through Nuclear Pacification
Oh, but they were *Asian*. And then he moved to *China*. He might start interacting with Asian women there. The horror! The horror! The horror!
Seriously -- why even bring up the Asian aspect at all, as though that's somehow relevant? I can understand being worried about children, but worried about Asian women? Give me a break.
Then the winter came, and the Grasshopper died. And the Octopus ate all his acorns. Also, he got a racecar.
Perhaps you know different IT folks than I do. Most of the IT guys I know would do very poorly in both of these roles.
I think the point of a "Professional Association" is that it would raise the risk of unethical behavior. Right now you get caught with your fingers in the cookie jar & lose your job, you'll have a new one in a few months, and the old job will likely only "confirm employment" because of HR policy. If there was a professional society companies could refer to, they might able to inflict a more serious punishment. Of course, given the lack of success with similar professional organizations in Law & Medicine in policing their memberships, my confidence level is low.
You are in a maze of twisted little posts, all alike.
A lot of the IT professionals I've encountered that had certifications, it seemed to me, went through the motions to earn them, to prove that they knew something -- almost as if to compensate for their lack of instinct and knowledge, because they weren't very good. They didn't have that "computer intuition" that separates good IT professionals from the average-to-shitty.
Most of the good IT professionals I know don't have certifications, they let their work and references speak for themselves.
evil adrian
Competition for labor drives down the wages of those paid above what is required to get someone to do it, and pushes up the wages where there are labor shortages.
I agree with you that it is how it should work. I hope you don't think that's how upper management pay scale works in the real world. Given that the people in charge of the large organizations don't play by those rules, it makes little sense for the people that work for the large organizations to play by those rules.
From my own personal experience: I'm a stagehand, I used to work Off-Broadway on for-profit commercial shows (multi-million dollars budgets). Most of the stagehands that work in those venues have college degrees in stagecraft. The pay scale works out to a lower lower middle class lifestyle in NYC. $20 an hour doesn't go far in NYC. Forget raising a family on that here. Forget health insurance. There was a high attrition rate, but there was always a new batch of college grads that would fill the ranks. Then I moved on to Broadway. Broadway stagehands are union. The job is really the same, but we make twice as much money as Off-Broadway. The attrition rate is pretty low. People have insurance and can afford to have kids. The tickets cost twice as much for the consumer. Yet strangely, Broadway is thriving, while the Commercial Off-Broadway scene is slowly vanishing, so your theoretical "blight on consumers" doesn't seem to be happening. Granted there are unions out there who don't honestly factor in profits (or lack there of) when they are making demands in a contract negotiation. Not only do those unions give other unions a bad name, but they destroy their own industry. However, there is plenty of room between "destroying the industry" and "the minimum that someone will accept for the job" It's that difference that keeps the attrition rate low and allows for stagehands with decades of high level experience, those experienced stagehands are well worth the price of two or three fresh from college employees. In the non-union Off-Broadway scene those experienced workers never emerge because of attrition, but there is always someone willing to do the job. Now be it a union or a professional licensing organization, keeping the labor cost/value above the bare minimum, but within what the industry will bear, results a healthier more sustainable work culture. As for end-consumer costs, those are always as high as the market will bear, the only difference is the internal distribution of the cash flow. By doing any job for less than the guy who was doing the job yesterday, are you really going to save the consumer money or are you just increasing the year-end bonus for someone already in the highest tax bracket? You seem to have some sort of pride in your willingness to do-more-for-less, as though that will somehow make life better for the common man or will earn you the love and respect of the company you work for. From my perspective: you are the common man, make life better for yourself by attaching a (carefully considered) high price to your labor. A paycheck that supports a high standard of living is how companies show respect.
We are all just people.
2. Someone looking at kiddie porn isn't an "ethical problem" either - its a legal problem! Like in "against the law". Yes, indeed.
3. Not reporting it because you would have to admit you were snooping on other people - priceless AND retarded. He did report it. It says so in the summary that you quoted.
So this professional association might be "Professional Information Technologists Association"? PITA, right?
Diebold will release the ethics poll results tonight at 20:05 when the polls close on the west coast. You don't need to vote, Diebold has already totaled your ballot.