680 likes | 1.72k Views
Why Ethics. The exercise of power always raises ethical issues Power stems from position knowledge credentials “information is power” Ethical issues arise for IS professionals because of their role in the production and distribution of information. Perspectives on Ethical Issues.
E N D
Why Ethics The exercise of power always raises ethical issues Power stems from position knowledge credentials “information is power” Ethical issues arise for IS professionals because of their role in the production and distribution of information
Perspectives on Ethical Issues • Ethical issues need to be considered on 2 levels the context - how the information system and its products fit, and are used, in the organisation and/or the broader community the object - how the information system is designed and constructed • These two levels are interdependent and both need to be addressed.
Ethics and Morality Morality - human conduct and values Ethics - the study of conduct and values • Common usage is that the terms are interchangable
Etiquette Laws Professional Codes Ethics Ethics as Standards The continuum of standards:
Moral Standards • Independent of religion • Societal differences are not significant when considered at a meta-level • Apply to both individuals and society in the sense that of how individuals perceives that society or their ideals, values and aspirations for that society. • The central issue is whether an ethical principle can be justified rather than concern with where and how the principle was formed.
Characteristics of Moral Standards • Behaviour can have serious consequences for human welfare, either to profundly injure or benefit people • Takes priority over other standards • Dependent on the adequacy of the reasons that support or justify the standard
Etiquette • Social code of behaviour • Generally non-moral • transgression results in social isolation ( a person is considered uncivilised, ill-mannered) • can have moral implications eg sexism, racism
Law • Codifies customs, ideals, beliefs and society’s moral values • conformity with the law is not sufficient for moral conduct but the law provides some minimum standards of moral conduct and social behaviour • non-conformity is not necessarily immoral
Types of Law • Statutes - legislation passed by legislative bodies • Regulations - administrative rules formulated by statutory bodies • Common law- accumulated legal decisions which form a body of legal principles (only in English speaking countries • Constitutional - compatibility of any law with the relevant constitution
Professional Codes • Rules that govern the conduct of members • Members assume a moral obligation to conform • Conformity is a condition of membership • Violation can result in exclusion • Are incomplete and inadequate as a guide for individual ethical behaviour
Structure of Ethical Theories Universalism Relativism Consequentialism Deontologism Utilitarianism Non-Utilitarianism Kant Prima Facia Egoism
Ethical Theories • Relativism • no absolute or universal right and wrong • moral standards as a function of societal believes • undermines criticism both within and between societies • negates the possibility of (ethical) progress • Universalism • what is right/wrong applies to all • Consequentialism • considers the outcome of behaviour • Deontologism • considers the behaviour itself
Ethical Theories (cont) • Utilitarianism • outcome is the greatest good over bad for all affected by the action • linked to cost/benefits and risk management • Egoism - everyone should act out of self interest Adam Smith argued that egoism is utilitarianism because it is through self interest that society benefits; the idea of the “hidden hand”
Influences on ethical judgement Environment influence Individual family, peer censure Society social norms, etiquette Belief system religious, “living with oneself” Legal environment laws Professional environment code of conduct - enforced or guideline (Kreie & Cronan, 1998)
Element of Ethical Behaviour Accountability - to onself and to ones ideals Obligations - to act morally in relation to others affected by that act Responsibility - both social and moral Intentionality - to act consistently with moral standards
Role of Ethical Training • To make defensible moral judgement • To reflect critically on the moral principles and ideals involved in a particular situation • To have a framework for critical analysis
Making Ethical Judgement • Judgements need to be: • logical • based on facts • based on acceptable principles • Presumes • rational actors • good will • mutual desire for judgement • ability to communicate clearly
Ethical Decision Making • Evaluate the factual claim and determine what are the relevant facts • Challenge the moral standard and identify what ethical principles are involved • Defend the moral standard and determine which principle has primacy • Revise and modify the moral standard to determine if there is another way see the situation
My interpretation of the Ethical Decision Making process • Determine the relevant facts • Identify the ethical principles involved • Which standards are at risk? • What are the “consequences” of the action? • Determine which principle is most important • Check whether there are other ways see the situation • employer’s view (as a society as well as power) • profession’s view, • society’s view
The Professional Dilema • Professional duties and responsibilities (sometimes) conflict with organisational goals and outcomes. • Ethical behaviour can conflict with legal statutes and/or contractual obligations • The professional needs knowledge and skills to resolve these conflicts by themselves as the situations arise in particular contexts.
Dr. Jekyll and Mr. Hyde • The organisational dilema is: “... the structure and function of organisations in general, and corporate organisations in particular, require that members adhere to the organisational norms and, in fact, force commitment and conformity to them.” (Shaw, 1991; p22) • Raises the discrepancy between individual and corporate ethics and the resolution of the conflict between the two.
A Practical Ethical Test • “Before you act, be sure you will be comfortable with an [The Australian / The Age ] story, tomorrow morning, reporting what you did.” (Oz, 1994; p11)
Survey of Ethics • Many surveys of ethical viewpoints have been conducted. A recent one is: Kreie, J & Cronan, T.P. (1998). “How men and women view ethics”, Communications of the ACM, vol 41, no 9, pp70-76 (Sept).
Q1. Is this behaviour acceptable or unacceptable? Q2. What factors influence your decision? Scenario 1: Making unauthorised program modifications • A programmer modifies a bank’s accounting system to hide his overdrawn account and avoid the overdraft charge. • After making a deposit, the programmer corrects his modification. (Kreie & Cronan, 1998)
Scenario 1: the survey results Unacceptable Acceptable • A programmer modifies a bank’s accounting system to hide his overdrawn account and avoid the overdraft charge. Men 82% 18% Women 93% 7% (Kreie & Cronan, 1998)
Q1. Is this behaviour acceptable or unacceptable? Q2. What factors influence your decision? Scenario 2: Is it OK to keep something you didn’t pay for? • A person received software ordered from a mail-order company but also finds another software package sent in error. The extra software was not listed on the invoice. The person keeps the program and does not pay for it. (Kreie & Cronan, 1998)
Scenario 2: the survey results Unacceptable Acceptable • A person received software ordered from a mail-order company but also finds another software package sent in error. Men 55% 45% Women 68% 32% (Kreie & Cronan, 1998)
Q1. Is this behaviour acceptable or unacceptable? Q2. What factors influence your decision? Scenario 3: Can I use company resources on my own time? • A programmer uses company equipment to write programs for his friends on his own time on weekends. (Kreie & Cronan, 1998)
Scenario 3: the survey results Unacceptable Acceptable • A programmer uses company equipment to write programs for his friends on his own time. Men 11% 89% Women Note: the survey respondents felt the company should have a clear policy. A policy forbidding this use would change their judgement. 16% 84% (Kreie & Cronan, 1998)
Q1. Is this behaviour acceptable or unacceptable? Q2. What factors influence your decision? Scenario 4: Do I have to pay for programs I use? • A person who was inadvertently given access free of charge to a proprietary program uses it without paying the fee. (Kreie & Cronan, 1998)
Scenario 4: the survey results Unacceptable Acceptable • A person who was inadvertently given access free of charge to a proprietary program uses it without paying the fee. Men 66% 34% Women 71% 29% (Kreie & Cronan, 1998)
Q1. Is this behaviour acceptable or unacceptable? Q2. What factors influence your decision? Scenario 5: I have a copy of the data, can’t I use it as I wish? • A company employee contracts with a government agency to process data involving information about children and their parents. The employee copies the data at the boss’s request. The job contract does not prohibit this. (Kreie & Cronan, 1998)
Scenario 5: the survey results Unacceptable Acceptable • The employee copies the data at the boss’s request. The job contract does not prohibit this. Men 51% 49% Women 72% 28% (Kreie & Cronan, 1998)
Control SocialControls Technical Controls Levels of Control • Professional behaviour is guided by: • social controls • technical controls
Ethical Issues in the Design of Information Systems • Privacy • What information about one’s self or one’s associations must a person reveal to others, under what conditions and with what safeguards? • What things can people keep to themselves and not be forced to reveal to others? • Accuracy • Who is responsible for the authenticity, fidelity and accuracy of information? • Who is held accountable for errors in information?How is the injured party to be made whole? • (Mason, 1986)
Ethical Issues in the Design of Information Systems • Property • Who owns information? • What are the just and fair prices for its exchange? • Who owns the channels, especially the airways, through which the information is transmitted? • How should access to this scarce resource be allocated? • Accessibility • What information does a person or an organisation have a right or privilege to obtain, under what conditions and with what safeguards? • (Mason, 1986)
Role of Computers in Ethical Issues from Couger (1989) • repositories and processors of information • unauthorised use of otherwise unused computer services • unauthorised use of information stores in computers • producers of new forms and types of assets • computer programs are new types of assets, subject to the same concepts of ownership as other assets; • instruments of acts • to what degree must computer services and users of computers, data and programs be responsible for the integrity and appropriateness of computer output? • symbols of intimidation and deception • computers are often seen as thinking machines, absolute truth products, infallible, replacements for human errors, anthropomorphic.
Control SocialControls Technical Controls Design for Privacy • Ensure controls are in place to restrict access to the data to those who need to know. • How do you determine who needs to know? • How do you ensure that only those who need to know are given access in future? • How do you ensure that programs won’t be written in future that invade privacy of a database? • Include only the data that is necessary - don’t include data just because you think it might be needed.
Control SocialControls Technical Controls Design for Privacy • Use passwords to limit access to authorised people; • Design different levels of access for different user groups; • Identify a position of responsibility for ensuring privacy, allocating new passwords, checking logs for unauthorised access (e.g. data administrator - non-technical role)
Control SocialControls Technical Controls Design for Accuracy • Ensure that • data entered in to the system is accurate: • use appropriate verification and validation; • where possible give the task of collecting the data to those who will use it later; • where possible, ensure that the subject of the data checks the validity of the data. • data is stored securely and cannot be changed without authorisation; • data is processed correctly (include cross-checking routines); • data is reported in the correct context;
Control SocialControls Technical Controls Validation and Input Controls • monitor the number of input transactions; • log all transactions to an audit file; • reconcile numbers of transactions at different stages of processing. • validate data: • check transactions are complete (i.e. all required fields entered - but you may choose to process transactions with missing fields); • apply limit, range and picture checks to individual fields (but make sure you know what those limits etc really are!); • apply checks on combinations of fields known to be related; • use check digits as part of primary key fields to identify transcription errors; • use meaningful data to identify people and objects to avoid error.
Control SocialControls Technical Controls Database Integrity Controls • simultaneous processing • if two users access the same record at the same time and one updates before the other, the database may become corrupt - usual to lock files to avoid this. • controls over maintenance • provide a daily update report to ensure that all updates were properly performed and that there were no unauthorised updates. • redundancy in the database • redundancy may be a useful technique for ensuring that data is not lost, e.g., a data item storing the total cost of an order is redundant if the cost of each line of the order is stored, however, it can act as a check that an order line has not been lost.
Control SocialControls Technical Controls Design for Property Rights • Property rights that may be significant: • ownership of data you may wish to include; • ownership of software you may wish to use; • ownership of ideas you may wish to apply; • ownership of knowledge you may wish to incorporate (particularly in intelligent software).
Control SocialControls Technical Controls Design for Property Rights • Remember that data, programs, ideas and knowledge are all valuable assets to the owner. Unauthorised access, loss or corruption may cause significant loss. • Example: The tax file number is owned by the Commonwealth and its use as a primary key is forbidden by law.
Control SocialControls Technical Controls Backup and Recovery • ... a standard system of controls that should be built into all systems (including private ones!) • Principles: • data can be reconstructed in the event of loss or corruption; • application and system software can be reinstated in the event of loss or corruption. • Loss or corruption may be deliberate or accidental - controls are essentially the same.
Control SocialControls Technical Controls Design for Access • While this is more of a social economics issue ... • who needs access to the data provided by the system • how may they be able to access the data. • That is, when planning the system architecture and the data design, consider all the possible users and include their needs in the design, ensuring that they have both physical and logical access to the data they require.
The Ten Commandments of Computer Ethics • 1. Thou shalt not use a computer to harm other people. • 2. Thou shalt not interfere with other people’s computer work.
3. Thou shalt not snoop around in other people’s computer files. • 4. Thou shalt not use a computer to steal.
5. Thou shalt not use a computer to bear false witness. • 6. Thou shalt not copy or use proprietary software for which you have not paid.
7. Thou shalt not use other people’s computer resources without authorisation or proper compensation. • 8. Thou shalt not appropriate other people’s intellectual output.