Embed Size (px)
Citation preview
Why EthicsThe exercise of power always raises
ethical issuesPower stems from
position knowledge credentials “information is power”
Ethical issues arise for IS professionals because of their role in the production and distribution of information
Perspectives on Ethical IssuesEthical issues need to be considered on 2 levels
the context - how the information system and its products fit, and are used, in the organisation and/or the broader community
the object - how the information system is designed and constructed
These two levels are interdependent and both need to be addressed.
Ethics and MoralityMorality - human conduct and values
Ethics - the study of conduct and values
Common usage is that the terms are interchangable
Ethics as Standards
Etiquette Laws ProfessionalCodes
Ethics
The continuum of standards:
Moral Standards Independent of religion Societal differences are not significant when
considered at a meta-level Apply to both individuals and society in the
sense that of how individuals perceives that society or their ideals, values and aspirations for that society.
The central issue is whether an ethical principle can be justified rather than concern with where and how the principle was formed.
Characteristics of Moral Standards
Behaviour can have serious consequences for human welfare, either to profundly injure or benefit people
Takes priority over other standards
Dependent on the adequacy of the reasons that support or justify the standard
Etiquette Social code of behaviour
Generally non-moral
transgression results in social isolation ( a person is considered uncivilised, ill-mannered)
can have moral implications eg sexism, racism
Law Codifies customs, ideals, beliefs and
society’s moral values conformity with the law is not sufficient
for moral conduct but the law provides some minimum standards of moral conduct and social behaviour
non-conformity is not necessarily immoral
Types of Law Statutes - legislation passed by
legislative bodies Regulations - administrative rules
formulated by statutory bodies Common law- accumulated legal
decisions which form a body of legal principles (only in English speaking countries
Constitutional - compatibility of any law with the relevant constitution
Professional Codes Rules that govern the conduct of members Members assume a moral obligation to
conform Conformity is a condition of membership Violation can result in exclusion Are incomplete and inadequate as a guide for
individual ethical behaviour
Structure of Ethical Theories
Universalism Relativism
Consequentialism Deontologism
Utilitarianism Non-Utilitarianism
Egoism
Kant Prima Facia
Ethical Theories
Relativism • no absolute or universal right and wrong• moral standards as a function of societal believes• undermines criticism both within and between societies• negates the possibility of (ethical) progress
Universalism • what is right/wrong applies to all
Consequentialism • considers the outcome of behaviour
Deontologism • considers the behaviour itself
Ethical Theories (cont)
Utilitarianism • outcome is the greatest good over
bad for all affected by the action• linked to cost/benefits and risk
management
Egoism - everyone should act out of self interestAdam Smith argued that egoism is utilitarianism because it is through self interest that society benefits; the idea of the “hidden hand”
Influences on ethical judgement
Environment influenceIndividual family, peer censureSociety social norms, etiquetteBelief system religious, “living with oneself”Legal environment lawsProfessional environment code of conduct - enforced or
guideline
(Kreie & Cronan, 1998)
Element of Ethical BehaviourAccountability - to onself and to
ones idealsObligations - to act morally in
relation to others affected by that act
Responsibility - both social and moral
Intentionality - to act consistently with moral standards
Role of Ethical Training To make defensible moral judgement
To reflect critically on the moral principles and ideals involved in a particular situation
To have a framework for critical analysis
Making Ethical Judgement Judgements need to be:
logical based on facts based on acceptable principles
Presumes rational actors good will mutual desire for judgement ability to communicate clearly
Ethical Decision Making Evaluate the factual claim and determine
what are the relevant facts Challenge the moral standard and identify
what ethical principles are involved Defend the moral standard and determine
which principle has primacy Revise and modify the moral standard to
determine if there is another way see the situation
My interpretation of the Ethical Decision Making process
Determine the relevant factsIdentify the ethical principles involved
Which standards are at risk?What are the “consequences” of the action?
Determine which principle is most importantCheck whether there are other ways see the situation
employer’s view (as a society as well as power)profession’s view, society’s view
The Professional Dilema Professional duties and responsibilities
(sometimes) conflict with organisational goals and outcomes.
Ethical behaviour can conflict with legal statutes and/or contractual obligations
The professional needs knowledge and skills to resolve these conflicts by themselves as the situations arise in particular contexts.
Dr. Jekyll and Mr. Hyde The organisational dilema is:“... the structure and function of organisations in
general, and corporate organisations in particular, require that members adhere to the organisational norms and, in fact, force commitment and conformity to them.” (Shaw, 1991; p22)
Raises the discrepancy between individual and corporate ethics and the resolution of the conflict between the two.
A Practical Ethical Test
“Before you act, be sure you will be comfortable with an [The Australian / The Age ] story, tomorrow morning, reporting what you did.”
(Oz, 1994; p11)
Survey of Ethics
Many surveys of ethical viewpoints have been conducted. A recent one is:
Kreie, J & Cronan, T.P. (1998). “How men and women view ethics”, Communications of the ACM, vol 41, no 9, pp70-76 (Sept).
Scenario 1: Making unauthorised program modifications
A programmer modifies a bank’s accounting system to hide his overdrawn account and avoid the overdraft charge. After making a deposit, the programmer corrects his modification.
Q1. Is this behaviour acceptable or unacceptable?Q2. What factors influence your decision?
(Kreie & Cronan, 1998)
Scenario 1: the survey results
A programmer modifies a bank’s accounting system to hide his overdrawn account and avoid the overdraft charge.
Unacceptable Acceptable
Men
82% 18%
93% 7%
Women
(Kreie & Cronan, 1998)
Scenario 2: Is it OK to keep something you didn’t pay for?
A person received software ordered from a mail-order company but also finds another software package sent in error. The extra software was not listed on the invoice. The person keeps the program and does not pay for it.
Q1. Is this behaviour acceptable or unacceptable?Q2. What factors influence your decision?
(Kreie & Cronan, 1998)
Scenario 2: the survey results
A person received software ordered from a mail-order company but also finds another software package sent in error.
Unacceptable Acceptable
Men
55% 45%
68% 32%
Women
(Kreie & Cronan, 1998)
Scenario 3: Can I use company resources on my own time?
A programmer uses company equipment to write programs for his friends on his own time on weekends.
Q1. Is this behaviour acceptable or unacceptable?Q2. What factors influence your decision?
(Kreie & Cronan, 1998)
Scenario 3: the survey results
A programmer uses company equipment to write programs for his friends on his own time.
Unacceptable Acceptable
Men
11% 89%
16% 84%
WomenNote: the survey respondents felt the company should have a clear policy. A policy forbidding this use would change their judgement.
Note: the survey respondents felt the company should have a clear policy. A policy forbidding this use would change their judgement. (Kreie & Cronan, 1998)
Scenario 4: Do I have to pay for programs I use?
A person who was inadvertently given access free of charge to a proprietary program uses it without paying the fee.
Q1. Is this behaviour acceptable or unacceptable?Q2. What factors influence your decision?
(Kreie & Cronan, 1998)
Scenario 4: the survey results
A person who was inadvertently given access free of charge to a proprietary program uses it without paying the fee.
Unacceptable Acceptable
Men
66% 34%
71% 29%
Women
(Kreie & Cronan, 1998)
Scenario 5: I have a copy of the data, can’t I use it as I wish?
A company employee contracts with a government agency to process data involving information about children and their parents. The employee copies the data at the boss’s request. The job contract does not prohibit this.
Q1. Is this behaviour acceptable or unacceptable?Q2. What factors influence your decision?
(Kreie & Cronan, 1998)
Scenario 5: the survey results
The employee copies the data at the boss’s request. The job contract does not prohibit this.
Unacceptable Acceptable
Men
51% 49%
72% 28%
Women
(Kreie & Cronan, 1998)
Levels of Control
Control
SocialControls
Technical Controls
Professional behaviour is guided by: social controls technical controls
Ethical Issues in the Design of Information Systems
Privacy What information about one’s self or one’s associations must a
person reveal to others, under what conditions and with what safeguards?
What things can people keep to themselves and not be forced to reveal to others?
Accuracy Who is responsible for the authenticity, fidelity and accuracy of
information? Who is held accountable for errors in information?
How is the injured party to be made whole? (Mason, 1986)
Ethical Issues in the Design of Information Systems
Property Who owns information? What are the just and fair prices for its exchange? Who owns the channels, especially the airways, through
which the information is transmitted? How should access to this scarce resource be allocated?
Accessibility What information does a person or an organisation have a
right or privilege to obtain, under what conditions and with what safeguards?
(Mason, 1986)
Role of Computers in Ethical Issues
repositories and processors of information• unauthorised use of otherwise unused computer services• unauthorised use of information stores in computers
producers of new forms and types of assets• computer programs are new types of assets, subject to the same
concepts of ownership as other assets;
instruments of acts• to what degree must computer services and users of computers,
data and programs be responsible for the integrity and appropriateness of computer output?
• symbols of intimidation and deception• computers are often seen as thinking machines, absolute truth
products, infallible, replacements for human errors, anthropomorphic.
from Couger (1989)
Design for Privacy
Ensure controls are in place to restrict access to the data to those who need to know. • How do you determine who needs to know? • How do you ensure that only those who need to
know are given access in future?• How do you ensure that programs won’t be written
in future that invade privacy of a database? Include only the data that is necessary - don’t include
data just because you think it might be needed.
Control
SocialControls
Technical Controls
Use passwords to limit access to authorised people;
Design different levels of access for different user groups;
Identify a position of responsibility for ensuring privacy, allocating new passwords, checking logs for unauthorised access (e.g. data administrator - non-technical role)
Design for PrivacyControl
SocialControls
Technical Controls
Design for Accuracy
Ensure that data entered in to the system is accurate:
• use appropriate verification and validation;• where possible give the task of collecting the data
to those who will use it later;• where possible, ensure that the subject of the data
checks the validity of the data. data is stored securely and cannot be changed without
authorisation; data is processed correctly (include cross-checking
routines); data is reported in the correct context;
Control
SocialControls
Technical Controls
Validation and Input Controls
monitor the number of input transactions;• log all transactions to an audit file;• reconcile numbers of transactions at different stages of
processing. validate data:
• check transactions are complete (i.e. all required fields entered - but you may choose to process transactions with missing fields);
• apply limit, range and picture checks to individual fields (but make sure you know what those limits etc really are!);
• apply checks on combinations of fields known to be related;• use check digits as part of primary key fields to identify
transcription errors;• use meaningful data to identify people and objects to avoid
error.
Control
SocialControls
Technical Controls
Database Integrity Controls
simultaneous processing• if two users access the same record at the same time and one
updates before the other, the database may become corrupt - usual to lock files to avoid this.
• controls over maintenance• provide a daily update report to ensure that all updates were
properly performed and that there were no unauthorised updates.
redundancy in the database• redundancy may be a useful technique for ensuring that data
is not lost, e.g., a data item storing the total cost of an order is redundant if the cost of each line of the order is stored, however, it can act as a check that an order line has not been lost.
Control
SocialControls
Technical Controls
Design for Property Rights
Property rights that may be significant: ownership of data you may wish to include; ownership of software you may wish to use; ownership of ideas you may wish to apply; ownership of knowledge you may wish to
incorporate (particularly in intelligent software).
Control
SocialControls
Technical Controls
Remember that data, programs, ideas and knowledge are all valuable assets to the owner. Unauthorised access, loss or corruption may cause significant loss.
Example: The tax file number is owned by the Commonwealth and its use as a primary key is forbidden by law.
Design for Property RightsControl
SocialControls
Technical Controls
Backup and Recovery
... a standard system of controls that should be built into all systems (including private ones!)
Principles: data can be reconstructed in the event of loss or corruption; application and system software can be reinstated in the
event of loss or corruption.
Loss or corruption may be deliberate or accidental - controls are essentially the same.
Control
SocialControls
Technical Controls
Design for Access
While this is more of a social economics issue ... who needs access to the data provided by the system how may they be able to access the data.
That is, when planning the system architecture and the data design, consider all the possible users and include their needs in the design, ensuring that they have both physical and logical access to the data they require.
Control
SocialControls
Technical Controls
The Ten Commandments of Computer Ethics
1. Thou shalt not use a computer to harm other people.
2. Thou shalt not interfere with other people’s computer work.
3. Thou shalt not snoop around in other people’s computer files.
4. Thou shalt not use a computer to steal.
5. Thou shalt not use a computer to bear false witness.
6. Thou shalt not copy or use proprietary software for which you have not paid.
7. Thou shalt not use other people’s computer resources without authorisation or proper compensation.
8. Thou shalt not appropriate other people’s intellectual output.
9. Thou shalt think about the social consequences of the program you are writing or the system you are designing.
10. Thou shalt always use a computer in ways that ensure consideration and respect for your fellow humans.
(http://ei.cs.vt.edu/~cs3604/spring.95/10.commandment.htm)
Topic References
Couger, J.D. (1989). “Preparing IS Students to Deal with Ethical Issues”. MIS Quarterly, vol.13, no.2 (June).
Dejoie, R., Fowler, G. and Paradice, D. (eds.) (1991).Ethical Issues in Information Systems, Boyd and Fraser, Boston, MA.
Mason, R.O. (1986). “Four Ethical Issues of the Information Age”, MIS Quarterly, vol.10, no.1 (March) reprinted in Dejoie, Fowler and Paradice (eds.) (1991).
