Document Sample
IT-Ethics Powered By Docstoc
					Questions, Quandaries, and Random Thoughts
                             Laura E. Hunter
 “IT Ethics” What is this thing of which you speak?
 The Internet Changes Everything?
 Ethics as Information Security?
 Ethics as Compliance?
 How do you teach Ethical Behavior?
 How do you Mandate Ethical Behavior?
 Resources
What’s in a word?
 What does “ethics” mean to you?
   “What my feelings tell me is right and wrong”?
   “Ethics has to do with my religious beliefs”?
   “Doing what the law requires”?
   “Behaving according to societal norms”?
 What about “business ethics”?
   If a company’s goal is to seek profit, is it “unethical” of
    them to do otherwise?
   Corporate Social Responsibility (CSR) – ongoing
    debates about the relationship between companies and
Why “IT” Ethics?
 Do computers create new problems?
    Or just new vehicles for old problems?
    Stealing is still stealing
    Stalking is still stalking
    Plagiarism is still…
 Does the Internet change everything, or just increase the
  speed at which things happen?
    Can you think of “IT-specific” ethical issues?
      I.e., is the Internet too open?

    Does the response to perceived IT ethics issues create issues in
     and of themselves?
 Or does IT just provide a different vehicle?
What do we mean by “IT Ethics”?
 US DoJ: “Cyberethics” refers to a code of safe and
  responsible behavior for the Internet community
 Wikipedia: “Computer ethics” is a branch of practical
  philosophy which deals with how computing
  professionals should make decisions regarding
  professional and social conduct.
 James H. Moor: “Computer ethics” is the analysis of
  the nature and social impact of computer technology
  and the corresponding formulation and justification of
  policies for the ethical use of such technology.
“Don't be mean. We don't have to be
 mean because, remember, no matter
 where you go, there you are.”
                               - ????????
IT Ethics Can Span a Broad Range
of Concerns
 Information Security
    “Ethical hacking”?
 Assumptions of Information Privacy
    Regulatory compliance
 Ethics as Information Security
    When do you say “No” to a customer?
 Admin Rights as Ethical Quandary
    “Just because you can do a thing…”
The Challenge for IT Professionals
 IT Professionals are largely unregulated
    No licensing
    No professional certifying board
    American Medical Association (AMA)
 How effective is self-regulation?
    The Internet rears its ugly head again – the challenge of
Sample IT Ethics Issues - I
 A software company introduces a tracing
 mechanism into its software.
   What if it’s spyware?
      (Even spyware can have a EULA!)
   What if it’s a corporation monitoring corporate-
   owned computers?
      (What if the corporation didn’t tell its employees?)
Sample IT Ethics Issues - II
 Using a company computer to send personal email
    What about using a company computer to run a
     personal business?
 Is Internet censorship a matter of “IT Ethics”?
    Equal access to information?
 Network sniffing/traffic analysis
    Who owns the data? Who owns the network?
Live in such a way that you would not be
 ashamed to sell your parrot to the town
                                 -- Will Rogers
Let’s Have a Show of Hands
 Does your organization currently have a code of
   Yes
   No
   Beats the heck out of me
 What was the biggest barrier you faced in
 creating/evangelizing a code of ethics?
   Apathy
   Lack of know-how
   Legal worries
Drafting a Code of Ethics for Your
 Start with a question: “Why have a code of ethics?”
    Defining acceptable behaviors
    Promote high professional standards
    Establish a framework for professional behavior
 Tailor the Code to meet the needs of your organization
 Consider the process of creating the code
    Who will create the code? Who will ratify the code?
 How will you implement/enforce the code?

A Sample Code of IT Ethics
 I will strive to know myself and be honest about my
 I will conduct my business in a manner that assures the
  IT profession is considered one of integrity and
 I respect privacy and confidentiality
              SANS Code of IT Ethics, drafted April 24 2004
Related Documents
 Code of Conduct
    Your “Code of Ethics in action”
    How you deal with vendors
    How you deal with customers
    How you deal with competitors
 Acceptable Computer Use Policy
   Where ethics and Information Security intersect?
   “Use implies consent to monitoring”
 Privacy Policy
Computer Ethics Training
 Can IT Ethics (or any kind of ethics, really) be taught?

 What mechanisms can be used?
   What is your goal in providing Ethics training?

 Why is this harder for IT people?
Can Ethics be Enforced?
 I would argue “no” – you can enforce behavior, you
 can’t enforce ideas

 “There are seldom good technological solutions to
 behavioral problems”
 -- Ed Crowley (Philosopher, Microsoft Exchange Genius)
 Case Studies in Information Technology Ethics (2nd Edition),
    Richard A. Spinello (pub. 2002)
   Ethics for the Information Age (3rd Edition), Mike Quinn (pub.
   International Review of Information Ethics (http://www.i-r-i-
   SANS/GIAC IT in Ethics Courseware:
   Department of Justice Cyberethics site:
   Institute of Business Ethics:
“But we must remember that good laws, if they
  are not obeyed, do not constitute good
  government. Hence there are two parts of
  good government; one is the actual
  obedience of citizens to the laws, the other
  part is the goodness of the laws which they
            Laura E. Hunter

Shared By:
Tags: IT-Et, hics
Description: IT-Ethics