Ethics In IT

chiefloko writes "I am presently taking a Business Ethics class while earning my MBA. For my final paper topic I have chosen 'Ethics within the Information Technology realm.' Over the past 13 years I have worked for three corporations and have seen everything from the typical BOFH to ungodly pirated software use. I also bore witness to a remote user logging in to a poorly administrated Sun station, finding out s/he was root, and then reading co-workers' emails. I am interested in what the norm is for ethics in the IT world and some of the stories and outcomes."

You need to clarify your question

[arivanov]

Whose ehics are you talking about?

The Ethics of an MBA giving IT orders, the ethics of a BOFH doing his job, the ethics of a developer?

Let's not speak of Joe Average consumer of IT as he actually has no IT Ethics, he applies his Ethical viewpoint to IT so his inclusion will only muddle up the concepts.

Each of these communities (PHB, BOFH, Developers) has their own ethical codes (or lack of). While there is a great difference between them, there are not that many differences between members of a particular caste.

Re:You need to clarify your question

[MindKata]

You also have to add in the ethics of other departments within a company. I've found often to my surprise, the ethics of sales people & marketing people are at times very different from that of programmers and other workers in a company.

Many sales people are not scientifically minded people. I'm a programmer and I worked in one company where the programmers were on one side of a desk divider and the other side had the sales people. We were killing ourselves laughing at then kinds of statements sale people were making about the products we were creating!. Often it wasn't based on fact at all. Ignorance or ethics? ... call it what you will, but to a sales person, its also part of the game they play.

They talk with complete conviction on a subject and it sounds like they know what they are saying (to anyone who doesn't know the subject), but with programmers I've found we often add disclaimers, because we see there are gaps in our knowledge and gaps in areas where we want to carry out more tests etc... Sales people's eyes often glaze over and they loose interest after telling them details for more than a few seconds. They don't what to know the details. They want to push a certain version of the truth (to me that's not truth at all and its ethically wrong, yet to sales people, its part of their way of communicating).

Also the ethics of high up bosses are often even worse than sales people. But they often do have one personality trait that helps them deal with sales people, as bosses I have found are often very distrustful people, even though on the surface they give a good image of confidence, deep down they show their insecurity and distrust of others. (Many even have recognisable personality disorders like NPD). They approach dealing with others, in a very different way to e.g. how programmers would work together.

The whole subject of ethics especially in big business like IT is very subjective depending on what people you ask.

Re:You need to clarify your question

[smittyoneeach]

Nah, you just need to paraphrase Gandhi:
"I think ethics in IT would be a wonderful idea."

Re:You need to clarify your question

[jcnnghm]

For a company to survive it is sometimes necessary to make decisions that aren't beneficial to some people in the company. Being able to make these decisions rationally without being unnecessarily swayed by emotion is the trait that is favored.

Re:You need to clarify your question

[apt142]

. But to big business, I have been shocked at times at how the law is treated at times more like for example, the rules in Formula 1 racing cars, where they can twist and exploit the definitions of the law to suit themselves and how the government plays the same games back at them.

I think the reason that big business tends to view laws as more flexible than the average person does is because of the penalty of those laws on big business in relation to the rewards.

For example:

If I as an individual, go out and set fire to somebody's car, I'm likely to spend a good deal of time in jail. I would possibly lose years off of my life and get a criminal record that would hurt the ability to provide for myself in the future. Knowing that trade off would deter me.

If a big businesses made a car that burst into flames then their likely punishment will all be in dollars and cents. So, any deterrent to them would be to not lose money. But sometimes, it's more profitable to make an unsafe car than it is to make a safe one. If that causes a violation of the law for them, then so be it. Even after the punishment is dealt out, they can come out better than before. As long as they can avoid the public action and boycotting that happened to Firestone, then there really isn't any punishment.

I think there needs to be a better punishment system for big business. Perhaps prosecution of CEO's, or forced closing (short term or permanent), maybe a fine to the shareholders.... I don't know.

Re:You need to clarify your question

[knarf]

One little thing I'd like to comment on:

To most people (I hope!) the law is an uncrossable line. A solid boundary of ethical and moral behaviour.

Really? I'd wager that this is a serious exaggeration. The law in itself is not more than the codification of morals and ethics. It is those morals and ethics which most people abide by, not the letter of the law. There are many laws which stray from common morals and ethics. This being slashdot it should be sufficient to point out the DMCA or the current implementation of patent law to show examples of law which often are not seen as moral or ethical.

So assuming that people in general try to stay on the right side of morals and ethics they tend to be law-abiding as a consequence of that. In business (big or small, does not matter) morals and ethics often seem to take a back seat to the pursuit of financial gain. As success in business is often defined by the amount of money made it should not be surprising that those who are emotionally capable to push morals and ethics aside for financial gain tend to rise above those who are less inclined to do so.

Re:You need to clarify your question

[MindKata]

"For a company to survive it is sometimes necessary to make decisions that aren't beneficial to some people in the company"

That's what some bosses tell us. While there are times a company can be in trouble, in reality some bosses are sometimes more concerned with their share price. We have got into a world where some companies want to return a greater profit each year and this idea becomes more important to them, than providing a steady living for people. Its not just about company survival, as some bosses say. Some bosses would sooner loose staff that take a pay cut and some would even laugh at having the power to do so. You need to recognise the kinds of personality that can dominate in business. Its not always as clear cut as they say.

Not all bosses are like this just as not all companies are like this, but some are. The subject of ethics isn't as absolute as it would at first appear, but to work with these kinds of people, you need to see what some people are capable of doing and in big business such as IT, there are a lot of these kinds of people.

Re:You need to clarify your question

[morgan_greywolf]

If I as an individual, go out and set fire to somebody's car, I'm likely to spend a good deal of time in jail. I would possibly lose years off of my life and get a criminal record that would hurt the ability to provide for myself in the future. Knowing that trade off would deter me.

If a big businesses made a car that burst into flames then their likely punishment will all be in dollars and cents. Bad analogy. Your first example is a matter of criminal law and your second example is a matter of civil law (product liability). Here's a better example:

The mechanic down the street fixes your car and due to a short cut he takes (say, not replacing a gasket or a seal that should have been replaced), your car bursts into flames, what happens? Well, first the mechanic is subject to civil liability law, where his repair work was the direct cause of the flamage. Secondly, the mechanic may be subject to to criminal law, since the injuries you sustained may be proven to be an act of gross negligence or possibly reckless endangerment.

The CEO that makes the decision to make a car that has a risk of bursting into flame carries almost no personal liability whatsoever. He's protected by the corporate veil. Now, even the mechanic down the street might be protected by a corporate veil (anyone can incorporate), except that to be a mechanic in most states you must be personally licensed and insured, so you assume some personal liability risk for sure.

But in reality, the big difference is that the corporate CEO has enough money to buy the best lawyers to ensure that the corporate veil isn't pierced, while the mechanic down the street probably does not.

So in the end, it's all about the Golden Rule: Those with the gold get to make the rules.

I think there needs to be a better punishment system for big business. Perhaps prosecution of CEO's, or forced closing (short term or permanent), maybe a fine to the shareholders.... I don't know. In the end, the market does decide. A company that becomes known for repeatedly making bad products will eventually find that they will lose customers. What's happened to Mattel's stock price since they announced the lead paint recall last August? Down, down, down. Maybe if Mattel gets their act together, things will improve for the company. But if they continue to have product liability issues, I guarantee you their stock price will probably never recover.

Re:You need to clarify your question

[Anonymous+Brave+Guy]

To most people (I hope!) the law is an uncrossable line. A solid boundary of ethical and moral behaviour.

Confusing ethics and the law is a dangerous thing in itself.

To put things very simplistically, ethics is theory and the law is practice. Ideally, someone living a good, honest life according to fair, ethical principles would always find their behaviour falls within the law, but sometimes a bad law comes into conflict with those ethics. Whether someone chooses to obey the letter of the law or to follow their own ethics at that point says a lot about them.

To give a concrete, IT-related example that is relevant in my country today: the UK government is currently planning to introduce identity cards and the National Identity Register database. I know that some surveys in the past have found a majority of the sample population in favour of these measures. I also believe that introducing these measures is not in the interests of the people, and that the government policy would not be so widely supported if people understood the implications for access to personal information, security, reliability, and the like. I know that I am far from alone in these beliefs, because there are campaign groups with many thousands of people supporting them who express the same concerns. However, the law has already been passed to make these measures possible, though it was passed by a government for which only a small minority of the people actually voted; substantially more people voted for parties that oppose the scheme. So, when the government attempts to roll the ID cards and database out to the population, should I be a good little citizen and accept my fate, or should I join the radical law-breakers promising civil disobedience by refusing to participate? Are those who choose to follow their beliefs to the point of breaking a law they believe to be unjust really unethical, or are those who accept without challenge a dangerous law passed by an unrepresentative government the unethical ones?

Re:You need to clarify your question

[EnglishSteve]

This is why I now refuse to do work for public companies (I am self-employed). Once a company becomes a public entity, all motives except the profit motive go by the wayside. Employees and suppliers become numbers on a balance sheet.

Private companies, on the other hand, are free to have other motives in addition to profit such as providing employment etc. In my experience, private companies are much more likely to actually give a shit about their employees and suppliers. Of course there are private companies out there that are purely profit motivated, but it's not all of them.

Re:You need to clarify your question

[apt142]

Bad analogy. Your first example is a matter of criminal law and your second example is a matter of civil law (product liability).

I know my analogy is bad. It's bad because there is no apples to apples law comparisons for individual crimes and corporate crimes even if the outcomes of both crimes are the same. Which was my point.

The other point I was trying to make is that the punishment rarely makes any lasting impression to the company. Sure Mattel took a dive, but check out the stock today. It's on the incline. Though to be fair, lousy Barbie sales in 2006 sent the stock much lower in January 2006 than the lead paint did in January 2008. Last I checked, making Barbies isn't a crime.

But according to the systems of currency we have for good and bad behaviors, lousy Barbie sales and lead paint in the toys are about the same level of badness for the company. With Barbies FTW. So, the next time the company is presented with the choice, sell more barbies or not poison children, which do they have the most incentive for?

Re:You need to clarify your question

[dpilot]

Once upon a time, the CEO of a very successful company had a simple 3-step recipe:

1: Take care of your customers.
2: Take care of your employees.
3: PROFIT!!

Actually, Step 3 was really, "The profits will take care of themselves." But it's worth noting that this was Step 3, not Step 4 with some sort of "???" for Step 3. It was also a long-term attitude, in that you were building the foundations of long-term success, and perhaps sacrificing higher short-term profits in exchange for that long term.

This too, has passed.
But then again, that company isn't now considered as successful as it was when it was run by those 3 steps.

IMHO, the "maximize profits" attitude in US corporations is a fundamental problem. Let's phrase it this way... You want to buy a car, and you have to choose between Car Company A and Car Company B.

Car Company A's guiding principles are to "maximize profits" and "maximize shareholder return", and they happen to make cars.

Car Company B's guiding principles are to make the best cars that they can, and so far by selling those cars at a competitive price they have remained profitable and in business.

Who would you want to buy your car from?

CYA

[Hognoxious]

Cover Your Ass. That's it, that's all.

Re:CYA

[maczealot]

To expand this thought a bit (because it is pretty accurate imho) there is a direct link between an IT worker's behavior and the culture from which they come. I have worked in everything from infrastructure to development (solo and team) as well as security. From my observation IT workers have tremendous amounts of access to information and normally do not violate this "trust" if they think they will get caught.

This, as I said, is probably more to do with what kind of culture they are from (I am American) and the social norms they were taught (or not taught) than any commonality of ethic due to corporate department (just because you are classified as IT). The email example will show the classic "Yes, I CAN read all your emails, but I don't. Not because I think it would be wrong for ME to do so necessarily, but because I am too busy to care what you wrote." This is the only unique Ethical constraint I see in IT, where those of us who manage the information and the resources to access it choose an "ethical" path on a daily basis by choosing to solve OTHER PEOPLE's info problems rather than our own with a given block of time. Most IT workers will "feel" ethical if they are doing something useful for those in power over them (i.e. paycheck signers) rather than bending the resources at their disposal to their own amusement/education (i.e. displaying ten different will-it-blend's on different LCD's to see how cool it is).

Ultimately, this behavior is altruistic because upper management, given enough time from which to sample, can tell if an IT worker is "useful" or not and thus reward or punish them. America has a very minimalistic ethic of "if it isn't hurting anyone else.." so unless there are other cultural factors they can lose out to those from other cultures (see: Indians).

Ethics is eithics

[clickclickdrone]

Irrespective of if it's IT related. You shouldn't do anything you wouldn't want done to yourself or is likely to hurt people. Just be a decent honest person.

Re:Ethics is eithics

Why should it?

do unto others?

[wall0159]

I think a better approach is do unto others as you think they would want done to them

That helps avoid the "well, I'd want to be killed if I was gay" rationale...

Re:Unix syndrome

[value_added]

Anything that isn't prohibited is not only allowed, but also ethical.

There may be some truth in that, but I don't see how that applies to interpersonal behaviour. My own preference is to defer to what my grandmother taught me: ethics is insisting on doing what's right even when no one is looking.

She also taught me to the principle of keeping things simple, both from a moral perspective and practical one. I never asked, but I'm sure she preferred vi to emacs.

This is actually untrue

[Kupfernigk]

The posts here suggesting the "business ethics" is an oxymoron are from people who obviously have no real experience of business. Real world businesses know that they have to keep both customers and suppliers happy, and the best way to do this is still to be ethical where it counts. If I treat my suppliers honestly and you try to diddle them, you may save a percent or so now, but what will happen when there is a shortage? Who will get priority?

When I was a general manager, one of my policies was always to pay the small suppliers promptly, because they need it most. That's not only ethics, it is simple common sense.

It is interesting that one of the most developed business environments in the world -that little region that includes Northern Italy, Switzerland, parts of South Germany and South-East France - relies heavily on networks of trust. I have sealed the deal there more than once with no paperwork and a handshake. I suspect that the reason that "Business ethics" needs to be taught in an MBA class is because many new graduates have fantasies of the ruthless corporate world based on Hollywood and computer games, and they need to be made a little safer before they can get out and cause their companies serious damage.

The fact that some CEOs are psychopaths should not blind us to the fact that most are not.

Re:This is actually untrue

[Kjella]

The posts here suggesting the "business ethics" is an oxymoron are from people who obviously have no real experience of business. Real world businesses know that they have to keep both customers and suppliers happy, and the best way to do this is still to be ethical where it counts. If by "where it counts" you mean "with those who can screw you back", that's hardly ethics it's just basic self-preservation that even psychopaths engage in. The first rule of anyone unethical starting with the schoolyard bully up to the boardroom is to always pick on those that can't or won't fight back.

Audit is more important than access

[Kjella]

Access are for the things that you never should be able to touch. Audit seems to be working quite well for the rest. This doesn't work quite well in the sysadmin example where he can go in and read the files directly, but it's very effective in most systems where you have to go through a regular interface. I know for example banks have used that for operators that like to peek at famous people's bank accounts. Another example that I know personally is passing through project gates - the access controls are quite loose, but of course you're supposed to go up to a review meeting and actually pass the gate. There's an audit log to tell who said they had passed the gate and when, and it's not going to be pretty if they find you're bluffing.

People don't handle temptation all that well. If you put a normally honest person in a position where he could very easily and with little risk where he could do something wrong, he might do it. If it looks hard, he'll think long and hard before doing anything. If it requires a conspiracy, he almost certainly won't do it. So I'd say the solution isn't to try to limit everything up front, just make them fear that someone will peek them in the cards later.

Cultural & Legal

[Aceticon]

Ethics in IT is just a reflection of ethics in the world at large - what people tend to do or not to do is usually a reflection of what they believe that others expect them to do or not to do.

Often this is for cultural or even legal reasons: for example, in Holland it's forbidden by law in a company to check the web access logs for an employee unless there is reason to believe that employee is misusing the company resources or doing something illegal, while in the UK an employee can expect that anything done via the company network will be watched.

The main differences that affect the actions of people in a position of power in an IT environment and in an equivalent non-IT environment are:

• Anonymity: the belief that "nobody will know who i really am" means that some will do online certain actions that are shunned by society at large. While acting behind an alias which cannot be traced back to the real world persona many, free of social pressures and/or direct repercussions for their actions, will act online in ways that they would not act offline (I suggest you study MMORPGs for this).
• Decoupling from reality: often one's actions do not have a visible component in the "real" world. At it's most basically, it's easier to be unpleasant when the target is somebody you've never met personally.
• The lower likelihood of being caught: the risk of being caught is a strong factor when considering whether or not to act in a way which might be perceived as unethical, illegal or socially unacceptable. In the "virtual" world it's easier to do some actions without being caught. For example, consider the workers in the mail room in a company vs the e-mail server administrators in that company: for whom would it be easier to read somebody else's messages without leaving a trace ...

"ungodly" and "pirated" on Slashdot?

[mi]

Sorry, we do not believe in Imaginary Property here. There is nothing "ungodly" about "pirated", because pirating is not exactly the same as stealing.

Ethics

One of the interesting ethics issues I have seen at most of the places I have worked is how the typical person is treated versus how the executive is treated.

The typical person calls the Help Desk, gets a level 1 person who reads scripts and then if they can't help it gets escalated. If the problem is severe they might try to remote control the computer, etc. It is also, in most places I have worked, expressly forbidden to work on home machines due to liability factors (if you destroy their data for instance, catch porn on a personal computer, etc).

However, with executives they generally have a special number or person to call, they frequently have non-standard hardware/software, have people going to their house for support, etc.

In general they can get away with abusing the system and its resources. The interesting thing here is that if you talk to a lot of people in IT they have split views on whether this is ok or not. Some think that it is an executive perk. Others think it is an abuse of system resources. Others, like myself, think it gives executives a flawed view of IT (even if the typical user is getting horrid service, the executives don't see it and do not correct the issue - because it is working perfectly for them).

I think an issue like this is not as clear cut, but I'm curious to see what other people think of the same sort of thing in their company.

Re:Ethics

[Kryptic+Knight]

One process to rule them all, One lockdown to mind them, One email system to bring them all and in the darkness bind them.

In other words, what applies to the filing clerk, also applies to the Director/CEO.

Admittedly you sometimes have to visit home locations of directors to setup company equipment, this cannot be avoided, but you don't work on their home computer equipment.

If you're going to lockdown then lockdown. If you're going to make any exceptions then you may as well not bother in the first place.

sudo

[k2r]

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:

                #1) Respect the privacy of others.
                #2) Think before you type.
                #3) With great power comes great responsibility.

---
That's about the ethics my teachers had when I started to learning system administration 15 years ago and this is what I'm still educating people new to this about. I never met a good admin who wouldn't passionately subscribe to this.

k2r

Yeah, business ethics..

[Serhei]

Far too often, companies consider business ethics to == "not doing things that will get the company into trouble."

Re:It's a people thing, not an IT thing

[base3]

Particularly with the advent of outsourcing, those who work in IT are selling trust more than skill. That's why abuse of power by IT folks should be dealt with harshly and swiftly when detected.

Re:Yes, but it's not always simple

[Miseph]

As another student of ethics (although my my course in religious ethics was extremely one-sided, I've taken intro to ethics and am currently taking an environmental ethics course), I agree completely. One of our biggest problems as a society is that we overwhelmingly tend toward dogmatism, and dogmatism is a Bad Thing no matter what side you're on because it prevents everyone involved from actually thinking or coming to rational decisions; stem cells are a great example of everybody involved simply failing to listen at all, choosing instead to call each other baby-killers or idiots respectively (and not respectfully), and both sides have done a great disservice to their cause by letting it come to that.

The key is (as parent I'm sure already knows) is to ACTUALLY THINK ABOUT IT. On virtually every issue, two moral, ethical individuals can come to well reasoned and ethically defensible positions which are completely opposed to one another, and neither of them actually has to be wrong; but if they are both honest, then they could have a serious and possibly even productive discussion about what can be done to make both of them happy. A symptom of our culture of dogmatism is that the word "compromise" has become a synonym for "selling out" or "giving up", and that politicians and activists receive criticism if they actually do it.

Re:Unix syndrome

[sumdumass]

Lol.. You shouldn't have posted this as AC.

I think too many people dwell on the word nigger which in and of itself has no power outside what people give it. Also, according to the definitions I was raised with, nigger doesn't really mean black, but a type of person who does certain things.

Few people realize that the word nigger is more or less a bastardization of the word Niger which is a territory/country in Africa that exists to this day. When the slave trade was coming to the US, the tribes had chased all the other tribe back past the Nigerian and Niger rivers into a french territory called Niger before capturing them. When you ship property, there is a point of origin and destination on the bill of lading and some dumbfuck hooked on phonics southerner pronounced niger as nigger and because most communications were oral, it stuck.

but regardless of it's origin, the fact that people let words define who they are is amazing when it comes to this. The racists use the word because they know it pisses people off. It is really no different then juveniles taking up swear words in an effort to piss their elders off. Unfortunately, instead of dealing with it as a word with many meaning, we have concentrated on the negatives associated with it and placed it off limits because of how we have reinforced the negetive meaning. To a racist, it has no meaning other then pissing blacks off, we gave that to them and let them define it's value by teaching the youths to react in a certain way to it. Racist on the other side have tried to do the same with creating words like Cracker and honky but unlike nigger, it only holds a specific meaning in their circle so it doesn't have the impact that nigger does.

Anyways, the point of chiming in, is to mention that the AC is right in that nigger doesn't mean black people, the modern definition doesn't even seem to mention them. And the only reason it has any power is because we let it have it. Either as a society who has tagged it as the "ultimate offense" or as a people who will let it trigger emotions and actions and in effect playing into the users motives. Hate often is designed to hurt others, when they can do it arbitrarily with words, those that hate become very effective. That's why "hate crimes" is a joke. It empowers those that hate.

Re:ethics require education

[dfetter]

Why didn't you give a rationale along with the instruction? A lot of people will do stuff when they know why.

a wise man once said...

[t35t0r]

"There's no such thing as business ethics. There are only ethics, you either have them or you don't."

Survival of the fittest

[phorm]

And in the business world, the "fittest" is often whomever is most willing to do whatever it takes, and stop over whomever they can, to achieve the goal.