Next week, I’ll be speaking in a class about ethics in IT. I’ve done many guest lectures on various topics in IT, but this will be the first time specifically on ethics. So I had to sit down to think about what I’ll talk about, and think about ethics situations that I’ve had to deal with. Then, I realised I’ve been really lucky to have not been involved in any tricky situations.
Part of it has got to do with clear rules and regulations that have been defined. We respect those rules and regulations, and dutifully operate within them. That certainly helps guide us a lot in our work.
End-users may see IT administrators as all powerful, because they hold the key to all their data. Whatever permissions or access controls there may be, they mean little, or nothing, when you are root on a Unix server. Network traffic can be easily sniffed, diverted, and spoofed when you control an Internet router. It’s easy to see that IT administrators can do plenty of bad things.
Being able to do those things, doesn’t mean they do any of those things. Now, while most IT administrators don’t want to do those things, it doesn’t mean they wouldn’t be made to do those things.
Let me try to explain. Spying on email is, surprisingly, fairly routine in some types of companies. Bosses want to spy on employees’ corporate email activity. There could be all sorts of legitimate reasons for wanting to, but most people would probably consider “spying on email” to be wrong. The technology is there to make such spying easy. IT administrators can be instructed by their bosses to set up such a mechanism.
Would you consider it ethically wrong for IT administrators to set up such spying mechanisms?
IT administrators could take the view that they are peons, simply executing the instructions of the business owners. IT administrators can just concern themselves with technical decisions. All other non-technical matters can simply be turned over to business owners to handle.
Of course, this is all very much easier said than done.
It’s all good when something is clearly covered by laws or corporate policies. (Of course, if you disagree with corporate policy of your organisation, you should just quit.) What about professional ethics? If they are spelt out in some well defined code of conduct, that may help give clarity.
The fuzziness sets in when you have something that concerns morals and/or personal judgement. You see, something I consider to be wrong, you may not find it so. I’m talking about things that are not illegal per se, but we could be strongly divided over whether they are right or wrong. That’s why the world is so much in conflict with itself.
There’s much renewed interest in these computer ethics issues partly because of the recent case of Edward Snowden’s NSA leaks. Was it ethical for Snowden to do what he had done? Now, I probably don’t have enough of all the facts to intelligently take and defend a position. I would like to say, however, that if Snowden didn’t like what the NSA was doing, he should have just quit. (But of course, having said that, it seems like I’ve already chosen sides, though that’s not really my point.)
Things get much more tricky when you start to question the law and authority. You know, something could be legal, yet you might consider morally or ethically wrong. What the NSA was doing might have been legal and they may have the proper authority to do what it did, yet that could still be ethically wrong to some people.
Snowden felt strongly that he had to do what he did, and he believed he did the right thing.
I can appreciate that it is very difficult to be in a situation where everything is perfectly legal, yet you fundamentally feel it is wrong. You could run away, avoiding the situation altogether. Or, maybe you’ll feel the obligation to expose the wrong-doing (which, of course, ironically is legal here, just something you disagree about). Life is sometimes filled with such contradictions.
I spoke about codes of conduct earlier. Are there established examples in IT? Unlike professions like medicine and engineering, IT is mostly an unregulated profession. There are various professional IT bodies, but of course what they say don’t count for a lot. But there are some code of conduct examples to refer to.
SANS’ IT Code of Ethics are as follows:
- I will strive to know myself and be honest about my capability.
- I will conduct my business in a manner that assures the IT profession is considered one of integrity and professionalism.
- I respect privacy and confidentiality.
(ISC)2‘s Code of Ethics canons:
- Protect society, the common good, necessary public trust and confidence, and the infrastructure.
- Act honourably, honestly, justly, responsibly, and legally.
- Provide diligent and competent service to principals.
- Advance and protect the profession.
I can see how some of these codes actually support Snowden’s actions. But of course, one has to consider the context of the case, and that’s what makes it complicated.
There is not going to be a straight forward answer to any ethical dilemma. You are going to have to work it out on your own, and live with your conscience thereafter. Stop and think about what you will stand for, and you will hopefully find some light to guide you forward.