In the second post, I will be talking about ethical issues individuals working in the IT sector or IT professionals face in their careers. Although many of these jobs involve ethical issues, they are unaware of it at times. Many of the ethical issues that IT professionals face involve privacy. For example:
- Should you read the private e-mail of your network users just “because you can?”
- Is it okay to read employees’ e-mail as a security measure?
- Is it okay to monitor the Web sites visited by your network users and keep logs of visited sites?
- If employees are being watched, should they be informed that they are being tracked in this way?
- If you find out that employees are indeed engaging in ‘objectionable’ acts, then who and how do you report it?
Although this issue may sound insignificant to some, it actually isn’t. We are faced with this dilemma every single day- as children, teenagers or parents we are unsure whether it is alright to check our family or friends’ hand phones, emails or social networking pages that we do not have access to.
Doctors, lawyers, accountants and other professionals whose job duties affect others’ lives usually have to receive prior education and certification, as part of their formal training and hands-on job experience. IT security personnel often have access to a lot of confidential data and know about individuals’ and companies’ networks and systems. This power can be abused or made good use of.
The case of the Google engineer who stalked underage teens and spied on chats raised concern about the responsibilities of IT professionals. As IT professionals, are we allowed to misuse our position and power just because we have the ability and knowledge to do so? Is it ethical for IT professionals to act in such a manner?
Let’s look at the case of David Barksdale, a Site Reliability Engineer. It was reported that “What motivated Barksdale to snoop on these teens is not entirely clear. Our source said Barksdale’s harassment did not appear to be sexual in nature, although his online communication with the minors (such as inviting underage kids to go to the movies with him) demonstrated extraordinarily questionable judgment on Barksdale’s part. “My gut read on the situation was that there wasn’t any strong sexual predatory behavior, just a lot of violating people’s personal privacy,” our source explained”.
ETHICAL THEORY ANALYSIS – as David’s actions violated people’s personal privacy
- David Barksdale
- Everyone whose privacy was violated
- Google – since David is an employee of the company and any action taken by him would ultimately affect the company too. This was evident as after David’s actions, people were wary of Google and reports stated “We entrust Google with our most private communications because we assume the company takes every precaution to safeguard our data. It doesn’t.”
Using Act Utilitarian analysis, which focuses on the consequences of the act and whether it would bring about overall happiness or unhappiness, there is greater unhappiness to those whose emails were being tapped and the company than the happiness that David achieved through his act. Those whose emails were being tapped would feel insecure and upset, not knowing what the SRE may have spied on and what he may have done with the data. The reputation of the company is also at stake and may cause its profits to fall. There may be a need to retrench some staff which would result in overall greater unhappiness than happiness.
Kantian Theory says that we cannot use people as means to an end, but he used the people whose privacy was violated to achieve his goal. If the rule that it is alright to violate other’s privacy were to be universalized, then there would be no privacy. As individuals, we all need some privacy and do not want everything to be shared. Hence this rule would not be universalized. To add, his intentions were not that of good will.
Under Social Contract and Rights Theory, rights to privacy is a recognized right. Hence to go against this right would go against fundamental human rights.
These help to explain why it is wrong for someone, such as IT personnel to take advantage of their positions as a member of technical group at the organization to access users’ or employees’ accounts and hence violate their privacy.
So what if I know someone is doing something wrong, what should I do?
One should try to solve the problem internally first by reporting to concerned authorities or supervisors. As they say “never wash your dirty linen in public”, external whistleblowing such as to regulators, law enforcement agencies or media should be considered after internal attempts fail. Often, employees, for fear of losing their jobs, are afraid to speak about any malpractices. Or in other instances, they are worried that if they mention any of these issues, they may risk being involved in a legal tussle or on the contrary, if they were to be asked how they found out about such data, they would be accused of intrusion of privacy. Thus companies or the government should set up protection for whistleblowing. Countries like US, UK, Ireland and India have laws for whistle blowing protection, for example The Public Interest Disclosure Act in UK. In Ireland the law covers both private and public sector. A code of conduct and standard operating procedures must be implemented to help employees understand their job roles.
Thus as IT professionals who are mostly granted access to confidential and classified information, we should be firm and make rational decisions that neither go against law or ethics and nor should we take advantage of the skills and knowledge to find out such information. This itself is violation of privacy as we are retrieving data without permission.
Since people and organizations entrust IT professionals with important data, let’s be accountable to the society for our actions- be ethical!
Ethics is more than just the “Golden Rule”.