Ethics and ICT

Does ICT have an ethical dimension? From using free and open source software to ensuring you have paid for your software licences, from using resources appropriately to having the right policies and procedures and protecting your staff, where does ethics start and end?

Moral judgements

“Ethics is a code or set of principles by which people live.”

Ethics and ICT is a new field. The internet has been a force for bad as well as good and generated a whole new set of issues. It’s rarely clear what is ‘right’ and what is ‘wrong’ and we shouldn’t let issues of personal taste cloud our judgement. But we do have a duty of care to protect our employees (either as voluntary organisations or IT suppliers).

Is it any of our business?

What you get up to in your own time is your business. What you get up to in your organisation’s time is your boss’s business. Unless you’re breaking the law… and even then you might perceive grey areas.

When the technician at PC World found offensive material on Gary Glitter’s computer, the police were called and the offender later dispatched to jail. If any of your employees had illegal pornography on your system, we think you would want to know about it.

If your expensive ICT infrastructure is running at 65% efficiency because Joe Bloggs and his team are listening to internet radio, do you simply increase the bandwidth or stop him listening to the radio? If you let him carry on, which funder is paying for the inefficiency?

What are the obligations of your IT manager, your technical support provider or even someone called in via Yellow Pages? 

Do you as a senior manager or trustee, want to know if something unethical is going on?

Software licences

Is all your software appropriately licenced? Do you have a licence for every PC running Windows and Office? Not sure?

The most common issue arising from an IT audit in a small organisation is that there are often more copies of a particular piece of software (MS Office is a good example) installed on the computers then there are legitimate licences. This puts IT professionals and circuit riders in a difficult position. Yes, we can advise you to purchase more but do we follow it up? Do we say “you should” but whisper off the record “but we know you don’t have the funds so it’s OK to wait a bit”? Do we steer you in the direction of open source alternatives (Open Office – free to download and use for example)? Or do we simply forget about it?

The importance of policies and procedures

Where does HR end and ICT begin? You wouldn’t tolerate someone looking at porn magazines in your office so why should you tolerate someone looking at porn on a computer screen in the furthest corner of the office? Does it do any harm if you don’t know about it? What is porn anyway? What if you access a website and get a dodgy popup (probably means your security software isn’t doing its job either)?

All organisations should have an acceptable use policy and a process for referring and managing issues as they arise. This would also cover abuse of resources (using too much bandwidth for internet radio, spending too much time booking holidays or concert tickets, accessing inappropriate material).

Multimedia nightmares – misuse of resources

I once worked in an office where someone sent a copy of a Star War movie trailer (all 25MB of it  down a 56k line. It delayed all the emails for a couple of hours but the Managing Director didn’t know any different until a client started nagging down the phone (good job they had more than one line). No one got hurt although the ears of the employee took a verbal bashing.

Lots of us enjoy internet radio or video at home. It’s great entertainment, relaxing and surely no harm to use as ‘background noise’ in a busy office. However, if you think what’s its doing to your broadband costs (not to mention squeezing bandwidth and slowing down emails and web traffic), is it still acceptable? The implications of filesharing media (often illegal anyway) and internet media can have significant negative impacts on how effectively your ICT system works and how productive your staff are.

Creative accounting

Don’t you love the first three months of the year? Money to spend quickly and easily. Few IT professionals or providers have been immune to being asked for products and services in a hurry. Even better is the creative accounting ‘can you charge me for X now and provide me with Y later’. Yes, it happens. Organisations know, funders know, consultants/suppliers know. It always will whilst the ridiculous restrictions on end of year spending continue – spend it now or give it back. Hmmm… Do we ‘go with the flow’ or say no, you can only spend your money appropriately and you’ll have to give back what we can’t spend sensibly this month?

The ethical dilemma

If, as your ICT adviser, I keep nagging you as a small, underfunded organisation to buy licences for those ‘extra’ copies of Microsoft Office on your computers, how long before you get fed up and start working with someone else? Does it change the nature of our relationship? Do I have a moral duty to report you for copyright theft? In the eyes of the law, you are a thief. Should I turn a blind eye and say “I shouldn’t really but I will install this copy onto another three PCs”? (Actually I’m too belligerent to do that – I’ll help go and find the funding to pay for the licences instead.)

Should you let your staff use their internet connection in their breaks to book holidays, order goods online, read the news etc.? Why not? Who is it harming as long as the material isn’t offensive and resources aren’t being used for harm? What’s the balance between a member of staff spending 20% of their day on personal activities and being 20% more effective the rest of the time they’re in the office?

Advice for IT professionals (with some thoughts for senior management)

This is a developing issue and there is no clear guidance available but here are a few guiding thoughts:

1. Remember your first duty is to inform and educate and help organisations make an informed choice and take ownership of decisions. (As a senior manager you need to make that choice/decision.)
2. You should always promote good practice and act in the best interests of the organisation and its mission so highlighting misuse of resources to senior management is sensible.
3. Ask yourself if it’s any of your business or whether you’re being driven by nosiness rather than a desire to help the organisation (your client) or their clients.
4. Ensure you have a clear contract and description of your responsibilities (as a senior manager of a voluntary organisation, just what do you expect from your IT staff?)
5. Ensure you’re clear what your legal responsibilities are (you might want to take formal advice on this) and what process you will follow. This would include reporting illegal pornography, money laundering, hacking and evidence or terrorism or bomb-making instructions. You would almost certainly report these issues to the client first. Senior managers would typically dismiss the employee concerned but would be unwise to do so without legal advice.
6. Be aware of privacy implications (and the individuals right to privacy). How hard do you want to dig? Finding an image of someone in a bikini in a web cache does not make the user a pervert.
7. Be careful about making false accusations without any evidence. What if the material reached the system accidentally (a dodgy link on a webpage, a virus, a pop up).
8. If you find material which is distasteful (but not illegal), check the internet use policy. You might just have to accept it’s none of your business.
9. Document what happened and cover yourself in writing
10. Respect confidentiality but escalate to your manager (or a trusted colleague if you don’t have a manager)
11. Having a good relationship with your client is a big help – discussing concerns informally is much easier than having to commit to writing in first instance (you should commit to writing at some stage)

As IT professionals, we need to be clearly informed what we can and can’t do and where to go for help. This article is a step in that process to highlighting the legal ramifications and developing support networks.

As managers in voluntary organisations, we need to be clear what we do and why and where the limits of our responsibilities lie.

Does the VCS need a set of moral rules to guide ICT?

The VCS is an admirable entity, populated by highly ethical individuals doing their best to support and enable society. There will always be a few people behaving inappropriately (some may not even know they are doing it) and a very few behaving illegally.

Some things to watch out for

1. Your computers or servers are working very slowly – it could be a number of things but too much internet radio or video is a possible cause (old, badly maintained computers is another one!)
2. You’ve been hit by a significant viral outbreak but all your emails are screened – has one of your members of staff been surfing where they shouldn’t?
3. You (or someone else) finds porn on your computer – are you covered for this? Is it in your acceptable use policy? Do you even have a policy? Now’s the time to check…
4. Someone in your office always has their screen turned away and has a habit of closing down browsers/applications or turning their screen off when someone approaches.

Conclusion

Ethics always generates debate but please don’t get paranoid over all this. The vast majority of staff are law abiding and even so, some users will ‘stretch the point’ now and again without causing undue harm. If you have an unlicenced copy of computer software you can buy the licence or stop using it and move onto free and open source software. Whilst ‘software theft’ is taken seriously, you’re unlikely to be frogmarched into a police cell for one extra copy of Microsoft Office without the documentation (it doesn’t make it right though and we have a legal duty to tell you to licence it right now!)

If there are to be a set of ethical guidelines they will need to be clear, simple and concise. They will need to focus on the best interests of the organisation and the individuals within (and without). But how will it be administered and what will it include? Those are thoughts for another day…

Helpful resources

• Acceptable Use Policies – http://www.icthubknowledgebase.org.uk/acceptableusepolicy
• British Computer Society Professional Code of Conduct – http://www.bcs.org/server.php?show=conWebDoc.1587
• Crime and Security issues in ICT - http://www.out-law.com/page-358
• Ethical considerations to using open source software in the third sector - http://www.openitup.org/downloads/Ethical_Considerations_of_FOSS.pdf
• Ethics Forum - http://www.bcs.org/server.php?show=ConWebDoc.10329
• Ethics of ICT in Business - http://www.ccsr.cse.dmu.ac.uk/resources/general/ethicol/Ecv8no2.html
• Metropolitan Police Computer Crime Unit - http://www.met.police.uk/computercrime/ Includes advice on procedures and obligations
• Social, ethical, moral and legal aspects of ICT - http://alia.org.au/~rhorton/it/module5.html
• Summit Collaborate Provider Principles (for consultants/suppliers working with voluntary organisations) - http://www.summitcollaborative.com/providerprinciples.html

Footnote

The author makes no moral judgements on what you get up in your own time but advises you to licence all your software properly and reminds you that clean and guilt-free living makes you happier!

Acknowledgements

Thanks to Pauline Baker for kicking off this idea and to Ian Runeckles and the attendees at the Circuit Rider 2007 conference for a stimulating debate.

Simon Davey, preponderate.net

More Articles