270 likes | 620 Views
IT Ethics. Questions, Quandaries, and Random Thoughts Laura E. Hunter http://www.laurahcomputing.com. Agenda. “IT Ethics” What is this thing of which you speak? The Internet Changes Everything? Ethics as Information Security? Ethics as Compliance? How do you teach Ethical Behavior?
E N D
IT Ethics Questions, Quandaries, and Random Thoughts Laura E. Hunter http://www.laurahcomputing.com
Agenda • “IT Ethics” What is this thing of which you speak? • The Internet Changes Everything? • Ethics as Information Security? • Ethics as Compliance? • How do you teach Ethical Behavior? • How do you Mandate Ethical Behavior? • Resources
What’s in a word? • What does “ethics” mean to you? • “What my feelings tell me is right and wrong”? • “Ethics has to do with my religious beliefs”? • “Doing what the law requires”? • “Behaving according to societal norms”? • What about “business ethics”? • If a company’s goal is to seek profit, is it “unethical” of them to do otherwise? • Corporate Social Responsibility (CSR) – ongoing debates about the relationship between companies and society
Why “IT” Ethics? • Do computers create new problems? • Or just new vehicles for old problems? • Stealing is still stealing • Stalking is still stalking • Plagiarism is still… • Does the Internet change everything, or just increase the speed at which things happen? • Can you think of “IT-specific” ethical issues? • I.e., is the Internet too open? • Does the response to perceived IT ethics issues create issues in and of themselves? • Or does IT just provide a different vehicle?
What do we mean by “IT Ethics”? • US DoJ: “Cyberethics” refers to a code of safe and responsible behavior for the Internet community • Wikipedia: “Computer ethics” is a branch of practical philosophy which deals with how computing professionals should make decisions regarding professional and social conduct. • James H. Moor: “Computer ethics” is the analysis of the nature and social impact of computer technology and the corresponding formulation and justification of policies for the ethical use of such technology.
“Don't be mean. We don't have to be mean because, remember, no matter where you go, there you are.” - ????????
IT Ethics Can Span a Broad Range of Concerns • Information Security • “Ethical hacking”? • Assumptions of Information Privacy • Regulatory compliance • Ethics as Information Security • When do you say “No” to a customer? • Admin Rights as Ethical Quandary • “Just because you can do a thing…”
The Challenge for IT Professionals • IT Professionals are largely unregulated • No licensing • No professional certifying board • American Medical Association (AMA) • How effective is self-regulation? • The Internet rears its ugly head again – the challenge of anonymity
Sample IT Ethics Issues - I • A software company introduces a tracing mechanism into its software. • What if it’s spyware? • (Even spyware can have a EULA!) • What if it’s a corporation monitoring corporate-owned computers? • (What if the corporation didn’t tell its employees?)
Sample IT Ethics Issues - II • Using a company computer to send personal email • What about using a company computer to run a personal business? • Is Internet censorship a matter of “IT Ethics”? • Equal access to information? • Network sniffing/traffic analysis • Who owns the data? Who owns the network?
Live in such a way that you would not be ashamed to sell your parrot to the town gossip. -- Will Rogers
Let’s Have a Show of Hands • Does your organization currently have a code of ethics? • Yes • No • Beats the heck out of me • What was the biggest barrier you faced in creating/evangelizing a code of ethics? • Apathy • Lack of know-how • Legal worries
Drafting a Code of Ethics for Your Organization • Start with a question: “Why have a code of ethics?” • Defining acceptable behaviors • Promote high professional standards • Establish a framework for professional behavior • Tailor the Code to meet the needs of your organization • Consider the process of creating the code • Who will create the code? Who will ratify the code? • How will you implement/enforce the code? http://www.ethicsweb.ca/codes/
A Sample Code of IT Ethics • I will strive to know myself and be honest about my capability. • I will conduct my business in a manner that assures the IT profession is considered one of integrity and professionalism • I respect privacy and confidentiality SANS Code of IT Ethics, drafted April 24 2004
Related Documents • Code of Conduct • Your “Code of Ethics in action” • How you deal with vendors • How you deal with customers • How you deal with competitors • Acceptable Computer Use Policy • Where ethics and Information Security intersect? • “Use implies consent to monitoring” • Privacy Policy
Computer Ethics Training • Can IT Ethics (or any kind of ethics, really) be taught? • What mechanisms can be used? • What is your goal in providing Ethics training? • Why is this harder for IT people?
Can Ethics be Enforced? • I would argue “no” – you can enforce behavior, you can’t enforce ideas • “There are seldom good technological solutions to behavioral problems” -- Ed Crowley (Philosopher, Microsoft Exchange Genius)
Resources • Case Studies in Information Technology Ethics (2nd Edition), Richard A. Spinello (pub. 2002) • Ethics for the Information Age (3rd Edition), Mike Quinn (pub. 2008) • International Review of Information Ethics (http://www.i-r-i-e.net) • SANS/GIAC IT in Ethics Courseware: http://www.sans.org/training/description.php?mid=14 • Department of Justice Cyberethics site: http://www.usdoj.gov/criminal/cybercrime/cyberethics.htm • http://www.ethicsweb.ca • Institute of Business Ethics: http://www.ibe.org.uk/codesofconduct.html
“But we must remember that good laws, if they are not obeyed, do not constitute good government. Hence there are two parts of good government; one is the actual obedience of citizens to the laws, the other part is the goodness of the laws which they obey.” --Aristotle
Thank you! Laura E. Hunter http://www.shutuplaura.com