Report:
Draft
Recommendation for a Policy of Ethics
Author :
Farisai Mabvudza (699M1325)
3.1. The Need for a Policy of Ethics
3.2. Areas of concern when devising a code of ethics
3.2.1 The Internet and privacy
3.2.2. Hacking and security
3.2.3. Piracy
3.2.4. Computer Sabotage
Technology and, in particular, computers are influencing society at large ever increasingly. This has impacted the lives of many people and businesses. Organisations are becoming more IT orientated knowing that this can give them breakthroughs which would never have been dreamed about thirty or forty years ago. The rapid rise in technology has caused basic ethical and moral values to be forgotten. There has been an alarming increase in computer crimes recently and the judicial systems of most countries have not been dealing with these crimes as fast as they should be. There is definitely a need for computer technology to be used in an ethical manner and thus these ethical issues need to be addressed with urgency.
There has been a great deal of work done on the subject of ethics in the IT industry. D Gotterbarn (1999) looked at the area of Software engineering code of ethics and professional practice. He (Gotterbarn) provides reasons why a code of ethics is important for a software engineering firm and these reasons can easily be applied to any IT profession. Similarly D G Johnson (1999) has done extensive research on the topic of ethics. He provides some of his own reasons as to why there is a need for code of ethics. E Turban, E McLean E and J Wetherbe (1999) highlight the legal implications of not adhering to a code of ethics.
A Mujica and E Petry (1999) have conducted surveys in the United States and they have found that a good number of employees engage themselves in some sort of unethical behaviour. They (Mujica and Petry) also provided a list of ten ethical commandments which could serve as guidelines for devising a code of ethics.
S Rogerson (1998) discusses the issue of privacy and how it relates to employees in any organisation. K Lauden and J Lauden (1998) then apply privacy to the Internet and then indicate how the Internet is not as safe as it should be. Finally M Wright and J Kakalik (1997) provide some examples of privacy being violated.
H Tavani (2000) covers computer sabotage and software piracy both of which are serious issues affecting many companies today. E H Spafford (1991) then examines why hackers think their actions are ethical and the consequences of allowing them to continue with their actions.
S Rogerson (1998:563) acknowledges the fact that computer and information ethics arose because of the fact that as computer technology advanced, people became more aware of the pitfalls which would cancel out the potential benefits of this resource. New sets of problems were appearing such as computer fraud and computer generated human disasters. H Tavani (2000:5) notes that computers create “new possibilities” and new situations which, in turn give rise to ethical and social issues that are not easily anticipated and that cannot always be subsumed under existing policies and laws. Because of this Tavani (2000) suggests that we are left with “policy vacuums”. In order to instil a sense of responsibility and integrity among the IT professionals a code of ethics needs to be devised according to D G Johnson (1999:1). Johnson (1999) states that many IT organisations have adopted a code of ethics such is the Association for Computing Machinery (ACM), in New York and the Institute of Electrical and Electronics Engineers (IEEE), in Washington DC (see Section 4).
Johnson (1999:1) defines a code of ethics as being a promise by a business to be ethical when using its specialised knowledge and exercising its professional skills. According to Johnson (1999) an ethical code gives customers and other people in the community an idea that members of the company or profession have certain ideals and values, and adhere to certain standards. D Gotterbarn (1999:13) supports this idea. Using an example of a software engineering code of ethics, he (Gotterbarn) is of the opinion that a sufficiently detailed code of ethics will help to educate the IT business’s clients as well as society about what can be expected from the software engineers and their products.
Johnson (1999:1) concludes that a code of ethics that is well designed can make a profession stronger by providing guidelines to refer to, in case employers ask their employees to do things which violate the code. It also provides a means of transferring knowledge since a code represents the wisdom that the profession has gathered over the years. According to Johnson (1999:2), a code of ethics which is sponsored by a professional organisation promotes the concepts of membership and shared responsibility.
All in all when a business devises a code of ethics the IT employees benefit from this creation process. Johnson (1999:3) reckons that when employees talk about their work then it helps them understand it better. It also makes them more aware of the ethical issues concerning the company. Most importantly, Johnson (1999:3) emphasises that participation in the development of the ethical code will mean that it is more likely that the employees will abide by the code of ethics. Similarly Gotterbarn (1999:13) believes that the public’s knowledge of correct or acceptable practice will lure the developer away from taking short cuts. Anderson concludes that a code of ethics helps to reinforce professional identity and allegiance as well as commonly held group values.
Turban et al (1999:3) suggest that there is a strong need for organisations to have a code of ethics because it helps them avoid legal problems. If a company was to collect information on employees, clients and customers unethically, then this act was punishable by law – though the extent may vary depending on which country is concerned.
Mujica and Petry (1999) bring to light the fact that new technologies have made a huge impact on both large and small organisations. In today’s world it is inconceivable to think of a business running without computers, fax machines and cellular phones. For this reason it is imperative that organisations ensure that there are guidelines, support and direction for the appropriate usage of these technological tools.
There are numerous issues to be considered when devising a code of ethics. Mujica and Petry (1999) have conducted a survey and their studies have revealed these issues, in short, as :
1) Software Piracy.
2) Illegal access of computer files and systems (hacking).
3) Use of office equipment for visiting pornographic websites.
4) Sabotage of systems of employer (both current and former).
These issues are discussed below with reference to various authors :
Rogerson (1998:564) considers privacy to be a fundamental right because it is an important condition for the exercise of self-determination. He (Rogerson) notes that trying to balance the rights and interests of different parties in a free society is a difficult task. There may be times when individuals are forced to give up some of their privacy in order to receive some sort of benefit from society.
The rapid growth of the Internet has meant that users of the Internet have found that their privacy has been compromised. Lauden et al (1998:160) indicates that when a person browses the Internet they are inevitably being observed. Tools to monitor visits to websites have been developed by organisations to help them determine how to better target their offerings. There is a chance that the website can gather personal information about the browser. Lauden (1998:160) poses the question : what if you do not volunteer personal information at a site? The question of whether your personal information can be gathered by the site without consent is answered quite simply – yes, with the assistance of Internet technology.
Lauden et al (1998:160) also mentions that web search engines are another means of privacy invasion. It is noted by him (Lauden) that the search engines monitor and store information about who searches for what and this information is being made public. The user of the search engine may not want this information to be released to the public. Lauden (1998:160) indicates that the user may be a member of a political newsgroup, who wants this information to be kept confidential. The sad fact is that this information will be available to others and may even be sold to interested parties, according to Lauden (1998).
Those who break into computer systems or who write vandal ware usually use one of a few rationalizations for their actions. Spafford maintains the fact that many hackers argue that they follow an ethic which guides their behaviour and justifies their break-ins. In part, this hackers’ ethic states that all information is supposed to be free. In other words all information belongs to everyone and there should be no boundaries or restraints to stop people from examining or viewing this information.
Spafford indicates that there are various implications and consequences of such a policy. It gives rise to a number of disturbing questions regarding privacy. If all information is (or should be) free, then privacy is no longer possible. For information to be free, Spafford reckons that anyone may access the information as they please and it is no longer the property of any individual. Because of this it means that anyone can alter the information. Things like bank balances, medical records, credit card information, employment records and defence information all cease to be controlled. Spafford reckons that if all information were to be freely available and modifiable then much damage and chaos would be caused by such a philosophy.
A common argument used by virus and worm writers is that such programs are used to illustrate security problems to a community that will otherwise not note the problems (Spafford). Generally this security argument is also without merit. Although some system administrators may have been complacent about the security of their systems, most computer vendors and system administrators have been attentive to reports of security problems. According to Spafford, people wishing to report a problem with the security of a system must not exploit it to report it. Spafford illustrates this point by way of analogy – one does not set fire to a building in order to bring attention to a fire hazard in the building and then try to justify the act by claiming that firemen would otherwise never listen to reports of hazards.
Spafford concludes that computer break-ins, even when no obvious damage results are unethical. This must be the considered conclusion even if the result is an improvement in security. Spafford argues that this is because the activity itself is disruptive and immoral.
Tavani (2000:7) describes piracy as the use of computer technology to make one or more unauthorised copies of proprietary software. He (Tavani) also extends this definition to cover the distribution of unauthorised software over a computer network. Tavani (2000:7) notes that the distribution of MP3 files over the Internet (e.g. the Napster case) falls under this category.
Tavani (2000:7) describes computer sabotage as being the use of computer technology to unleash one or more programs that disrupt the flow of electronic information across one or more computer networks (including the Internet). Also included is destroying or damaging of data and computer system resources (hacking as discussed in 3.2.2). A much publicised example is illustrated – the “love bug” virus of May 2000 which disrupted e-commerce activities throughout the US, Europe and Asia.
The survey conducted by Mujica and Petry (1999) provided some interesting statistics which clearly illustrate the need for a code of ethics in the IT organisation. Following their study it was found that almost half (45%) of workers in the United States engaged in an unethical act involving technology. (get the year). The unethical acts relevant to IT are illustrated in the following Table 1 below:
|
Act |
Percentage of Respondents |
|
Created a potentially dangerous situation by using technology while driving (e.g. laptops or cellular phones) |
19% |
|
Wrongly blamed an error on a technological glitch |
14% |
|
Copied the company’s software for personal or home use. |
13% |
|
Used office equipment to shop on the Internet for personal reasons |
13% |
|
Used office equipment to search for other jobs on the Internet |
11% |
|
Accessed private computer files without permission |
6% |
Used new technologies to unnecessarily intrude on
co-workers' privacy (such as paging during dinner) |
5% |
|
Visited pornographic websites using office equipment |
5% |
|
Sabotaged systems/data of former employer |
4% |
Sabotaged systems/data of current co-worker or
Employer |
4% |
Table 1 : Adopted from Mujica and Petry (1999)
Shockingly enough Mujica and Petry (1999) note that more than one-quarter (27%) engaged in one or more of the above activities. Though the percentages appear to be low for the actions considered to be most unethical, Mujica and Petry (1999) strongly emphasize that the potential serious consequences coupled with the extremely high percentage who believed these actions to be highly unethical, makes even these low percentages quite significant.
Wright and Kakalik (1997:24) also provide some examples regarding the violation of privacy:
Wright and Kakalik (1997:24) emphasise that it would have been much better if the business community had enacted more effective self-policing standards in order to prevent the resulting attack from the users.
Judging from the literature discussed earlier it is quite evident that technology has given rise to new ethical issues. It is now fairly easy to commit an unethical act using technology and there is a reasonable chance that one will not get caught. Computers are remarkable and powerful tools but there is a need for the users of these machines to adhere to certain rules to ensure that they remain tools and not weapons. Such a code of ethics will help to promote basic values and ensure that computers are used in a professional manner. This in turn will enhance the IT organisation’s reputation within society and even in the eyes of its competitors.
Having a code of ethics is obviously not the solution to all the problems facing an IT organisation. Instead it just provides guidelines as to how its employees should act. Petry and Mujica (1999) provide a list of ten commandments for computer ethics which the author feels could serve as a guide for the construction of a code of ethics for any IT organisation:
Another useful guide could be the IEEE’s code of ethics (approved in August 1990 by their board of directors) (http://onlineethics.org/code/IEEEcode.html?text) quoted verbatim:
We, the members of the IEEE, in recognition of the importance of our technologies in affecting the quality of life throughout the world, and in accepting a personal obligation to our profession, its members and the communities we serve, do hereby commit ourselves to the highest ethical and professional conduct and agree:
1. to accept responsibility in making engineering decisions consistent with the safety, health and welfare of the public, and to disclose promptly factors that might endanger the public or the environment;
2. to avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected parties when they do exist;
3. to be honest and realistic in stating claims or estimates based on available data;
4. to reject bribery in all its forms;
5. to improve the understanding of technology, its appropriate application, and potential consequences;
6. to maintain and improve our technical competence and to undertake technological tasks for others only if qualified by training or experience, or after full disclosure of pertinent limitations;
7. to seek, accept, and offer honest criticism of technical work, to acknowledge and correct errors, and to credit properly the contributions of others;
8. to treat fairly all persons regardless of such factors as race, religion, gender, disability, age, or national origin;
9. to avoid injuring others, their property, reputation, or employment by false or malicious action;
10. to assist colleagues and co-workers in their professional development and to support them in following this code of ethics.
The author feels that the above two codes of ethics will have been developed after much deliberation and effort and therefore will definitely serve as a useful basis for devising a code of ethics. In addition to these guidelines, some of the authors mentioned previously give their own ideas:
Gotterbarn (1999 : 13) mentions that a code of ethics should consist of both aspirations and details. A lack of detail can lead to the high sounding aspirations being empty, whilst a lack of aspiration can make the details legalistic and tedious.
Johnson (1999 : 2) indicates that some people may view a code of ethics as a set of laws which need to be followed, and as such will set minimum standards on their ethical behaviours which they will not improve upon.
Linderman (2000 : 3) suggests that the process of writing a code can be uncomfortable and scary. This is so because it has the potential to uncover the reality of the ethical problem at hand. The follow-up sessions to a code will most like be expensive, but developing a thoroughly workable code can prevent a major catastrophe in the future, which could cost far more.
|
Gotterbarn, D (1999) |
“Specifying the standard – Make it right: A Software Engineering Code of Ethics and Professional Practice” Computers and Society, Volume 29 #3, p.13-16 |
|
Johnson, D (1999) |
“Do IT Professionals Need a Code of Ethics?” Beyond Computing Magazine [Online]. Available: http://www.beyondcomputingmag.com |
|
Lauden, K and Lauden J (1998) |
“Ethical and Social Impact of Information Systems” Management Information Systems, 5th Edition. Prentice Hall Publishing. p. 160-169 |
|
Linderman, J (2000) |
“Auditing and Assessing your Ethics Policies” Beyond Computing Magazine [Online]. Available: http://www.beyondcomputingmag.com |
|
Mujica, A and Petry, E (1999) |
“Workers Engaged in Unethical Activities” [Online]. Available: http://ehostvgw3.epnet.com/ehost.asp?key=204.179.122.141_8000_-1560537690&site=ehost&return=y&user=s8408540&password=password |
|
Rogerson, S (1998) |
“Computer and Information Ethics” Encyclopaedia of Applied Ethics, Volume 1, p. 563-570 |
|
Tavani, H T (2000) |
“Defining the Boundaries of Computer Crime: Piracy, Break-ins and Sabotage in Cyberspace” Computers and Society, Volume 30 #3, p. 3-8 |
|
Turban, E; McClean, E and Wetherbe, J (1999) |
Information Technology for Management – Making Connecitons for Strategic Advantage. John Wiley and Sons, Inc. New York |
|
Unknown (1990) |
“Institute of Electrical and Electronics Engineers Code of Ethics” [Online]. Available: http://onlineethics.org/code/IEEEcode.html?text |
|
Wright, M A and Kakalik J S (1997) |
“The Erosion of Privacy” Computers and Society, Volume 27 #4, p. 22-24 |