Information Technology and Ethics/Ethics for IT Professionals

From Wikibooks, open books for an open world
Jump to navigation Jump to search


What is an IT Professional?[edit | edit source]

IT Professional Defined[edit | edit source]

A profession is “a calling requiring specialized knowledge and often long and intensive academic preparation.”[1] Therefore, a profession such as a doctor or a lawyer is different than an “ordinary occupation” because they often require intensive higher academic education. Similarly, an Information Technology (IT) worker, such as an Administrator, Engineer, Developer, Analyst, or Architect most often gain their initial knowledge through intensive higher academic education, although it’s also possible to gain this knowledge exclusively through self-study, in combination with applied experience.

A professional is “characterized by or conforming to the technical or ethical standards of a profession.”[2] A professional such as a doctor (belonging to the American Medical Association) or a lawyer (belonging to the American Bar Association) have codes of ethical standards.[3][4] Similarly, most IT professionals have codes of ethical standards, such as the Association for Computing Machinery (ACM),[5] and the Electrical and Electronics Engineers Computer Society (IEEE-CS),[6] and many others.

Additionally, professionals must use personal discretion and exercise judgment in their work. Their work cannot be standardized, or made into an “assembly-line,” so to speak. Typically, professionals are expected to participate in a career-long training program, consisting of both informal and formal training, and to keep themselves informed of the latest developments in their fields of expertise, and to the potential impacts of those developments to their profession, and on their business or employer.[7]

Thus, an IT professional is an employee working in an IT profession, and following a set of technical and ethical standards such as those defined by a formal IT professional organization, and performing work that is discretionary, judgmental, non-standardized, and that requires them to maintain their technical expertise and education in light of technical and industry developments.

Moral Distinction[edit | edit source]

Some believe that IT professionals have distinct moral obligations that separate them from other IT workers and further distinguish them as professionals. Don Gotterbarn believes that software engineers and their teams develop safety-critical systems because they:

  • Do good or cause harm.
  • Enable others to do good or cause harm.
  • Influence others to do good or cause harm.[8]

And thus, differentiates them from other IT professionals. Examples of safety-critical software applications include:

  • Aircraft and air traffic control systems
  • Mass transportation systems
  • Nuclear reactors
  • Missile systems
  • Medical treatment systems
  • Design of bridges and buildings
  • Selection of water disposal sites
  • Development of analytical models for medical treatment[9]

Some IT professionals have the same ability to do good or cause harm to non-safety-critical systems, such as financial & banking systems, health & insurance systems, technology services, and others. While not safety-critical, these systems are more economic-critical, and IT professionals in these industries (and others) can do harm, or prevent others from doing harm, or enable or influence others to do the same, to the tune of potentially millions, or even billions of dollars lost (or saved) on a national or global scale. Again, these capabilities separate them from other IT workers and differentiates them from other IT professionals.

Legal Distinction[edit | edit source]

One distinction between doctors, lawyers, and IT professionals is that while doctors and lawyers are required to be licensed by the state in which they practice, no such requirement is present for IT professionals.[10][11] Since they are not licensed by a government authority, many courts have said that IT workers do not meet the legal definition of a professional, and thus not liable for malpractice.[7] It can also be argued that not every IT occupation requires advanced knowledge, and thus not every IT worker can be considered an IT professional.[7]

However, it’s interesting to note that “computer employees” as defined by the U.S. Code of Regulations are eligible for “exemption as professionals” for salary purposes:

"(a) Computer systems analysts, computer programmers, software engineers or other similarly skilled workers in the computer field are eligible for exemption as professionals under section 13(a)(1) of the Act and under section 13(a)(17) of the Act. Because job titles vary widely and change quickly in the computer industry, job titles are not determinative of the applicability of this exemption."[12]

Ethical Issues faced by IT Professionals[edit | edit source]

Personal Privacy[edit | edit source]

Privacy has become a massive point of discussion among the common public, bringing significant attention to how companies access and use their personal data. Most people have their personal data all over the digital world, whether it be their social media profiles, website logins, or even email IDs. As an IT professional, you teeter on a fine line trying to determine what is a breach of privacy. For example, is the IT department of a company monitoring their employee's email activity a breach of confidentiality if the purpose is to ensure that the company's sensitive information is not being leaked? It is the responsibility of IT professionals to maintain people's right to privacy using their technology. They are responsible for connecting people to the servers of their service and collecting and storing the data they provide.

Harmful Actions[edit | edit source]

Harmful Actions refer to the damage that IT can bring about, such as loss of critical data, loss of property, loss of ownership, destruction of property, and substantial undesirable impacts. In recent times, this can be seen in the form of the spread of misinformation on social media websites, creating a massive rift in political discussions around the world. It also includes the spread of viruses through files being distributed of websites thought to be secure. There has been a rise in cases of hidden crypto miners being installed on user systems through software and files that are downloaded from such websites. This becomes the IT professional's responsibility to monitor the files being published and prevent such damage from spreading. A famous recent case is of the ESEA client for competitive video games being used to install a hidden crypto miner on the users' PCs, which ended up damaging a lot of the systems that they were installed on. The IT specialist failed to recognize that such a system had been programmed in by a rogue developer for their software.

Digital Ownership[edit | edit source]

Digital Ownership refers to copyright or patent-protected data being distributed through these devices. Copyright protection works as a powerful legal tool in protecting software and data being published online. A typical example of the breach of copyright-protected data is piracy, which is still prevalent and an issue that takes a long time to resolve if it can be fixed. On the other side of the coin, we have companies that can abuse copyright protection to harm smaller users and steal the revenue they generate from the content they produce. A relevant example of that is the abuse of DMCA protection by large publishing companies to copyright strike content made by smaller creators on websites like YouTube. The inability of these creators to fight these strikes in court stifles creating such homegrown content online. In this case, it falls on the IT professional to prevent the abuse of their copyright protection system on YouTube by these large companies, but that is incredibly hard to do.

Developer Liability[edit | edit source]

IT professionals need to be aware of the liability issues that can arise from making ethical decisions regarding the programs they publish. Developers make promises to the user regarding the nature of their program and what that program can deliver. Failing to deliver on these promises can not only harm their image and cause nuisance to the user but opens them up to legal retaliation. They need to be practical and honest about the assurances they make about their program and keep in mind the ethical considerations they need to make while delivering the product to their clients. A well-worded and accurate disclaimer can free a developer from being responsible for informal, speculative statements made by a user against their software.

Access Costs[edit | edit source]

With the increase in awareness about net neutrality, IT professionals have to keep in mind the access costs for every service they publish online. The vast majority of people favor maintaining net neutrality, ensuring that everyone gets fair access to every website and service. This raises the ethical question about whether internet usage and access to the data on the internet are now a universal right that needs to be protected. IT professionals will be the ones who pave the way on this discussion, setting a precedent for future generations and deciding the path that internet usage takes. The access cost to a website will determine the traffic a website gets and how widely it is used. This decision affects the users who may or may not be able to use the website and the developers of the website since it affects how widely used their website or service is.

IT Professionals and Their Relationship[edit | edit source]

Contractor from Outsourcing service provider[edit | edit source]

IT Professional, just like other industries, there are all different types of outsourcing service, such as Structured cabling system to application development. Due to the essential nature of, IT industry’s complicated architecture, there are different IT professionals, networks, support desk, hardware, system services, security, infrastructure, internet, and so on. All need to work together just like an orchestra.[13] Enterprises owners are more likely to hire contractors from service providers to save money. However, Contractors are not the employee of the Enterprises, due to different company culture or working habit, there are a lot of ethical problems would arise:

SLA[edit | edit source]

A lot of service providers just provide on-site professional services. However, there is no detailed SLA or service level agreement. For example, the typical on-site service will charge clients per man day. A project should be finished in 100 Man Day. But the service provider may charge the client 200 Man-Day or even more. At the same time, the client may always adjust their project expectation so as to deny pay the service fee. One of my company’s service providers did a project which is not supported by the vendor, Oracle 11g. All these contradictions were caused by no clear SLA. both client and vendor, or service provider, may lose a lot of profits. Some clients want to terminate the SLA or the contract but have no appropriate execution, so the client will give a lot of difficult tasks to the contractors to finish, or refuse the contractor to use the Internet connection, which is very important to their jobs. Some client even asks the contractor to log what he did every minute, such as the following form :

Time Morning | What


9:00 to 9:15 | Job activity debrief

9:15 to 9:30 | Job activity debrief

9:30 to 9:45 | Job activity debrief


Just like a slave or labor.

Service Termination[edit | edit source]

Service Termination is caused by the project finished, which is expected. Another is caused by a client's financial problem. If the contractor from the service provider has no other client, the contractor may lose his job. Big IT service providers such as TATA, HP or IBM, have a lot of projects, this kind of problem does not exist. Small businesses may be closed due to service Termination. To the side of the client, no need to pay a compensative salary to the contractor, it is not good, ethically. But transfer the cost to the service provider.

Security[edit | edit source]

Every company has its security policy, such as access card, server account, database access. I remember many years ago, I went to a client’s server room to install the software. The client’s boss asked a staff member to open the door and let me in. Then he left. I found the door in the server room can not open inside. I refused to work and asked whether the client provides me a temporary visitor access card or a staff member accompanies me. It is very dangerous to be locked in the server room. Once on fire, all the doors will be locked and the automatic fire extinguishing device will release a kind of toxic gas. Meanwhile, some contractors changed jobs whereas not returning the access card or the client did not lock the contractor’s account timely, which will lead to information security problems.

Internal cross-department[edit | edit source]

IT professions also work with colleagues from other departments. Different business units have different KPI, the same project may have different expectations. Here are some decennia for cross-department CASE 1. As a support engineer, my job is to install software for clients and provide a platinum service for clients for free. Another team from my company, the sales team, committed to the client that the platinum service will be handed over to the client. So the sales asked me to provide the password to the client for the platinum service. I denied the request. Very simply, I can not violate the company’s security policy.

CASE 2. The software we installed has a bug which leads to the server rebooting again and again. The sales consultant noticed the bug will be released next week from the internal website. The sales manager asked me to apply the patch for the client. How can I apply a patch which is not released? I also denied the request.

CASE 3: There is a project manager who will manage the project which may be involved with different teams or business units. Another IT engineer just finished the software installation. The PM asked me to take over his job and it is first priority. After talking to the department manager, I denied the PM’s request. The PM is not my boss.

To sum up, every IT professional should not violate the policy and let his direct boss coordinate with others in the project.[14]

Change job to competitions[edit | edit source]

Due to financial problems, an employee may experience no salary increase. He may change his job for a better salary. It is a very common thing to switch jobs to a competitor’s company for IT professions. For a freshman, just graduating from college without any experience, his buddy or senior staff or his boss may teach him a lot of things. The company may demand him a high expectation. Unfortunately, he changed his job and the new employer is the competition of the old employer, even though it is legal does not mean it is ethical. For example, if the employee masters the core technology, the old company may fail in the market.[15]

Xiaolang Zhang who worked for Apple, was arrested by the FBI in 2019, when he was ready to board the flight to China, got the offer of Xiao Peng Car, Xiaolang had the key hardware and software of auto-piloting core technology.[16]

To sum up, this kind of situation should find a solution from a legal perspective. Ethically we can not stop it.

How Certifications Affect The Ethical Behavior of IT Professionals[edit | edit source]

Ethics is a very important concept to IT professionals as well as IT workers. There are many different ways to push proper ethical behavior and propel unethical ones. One example is certification in IT.

What Is a Certification[edit | edit source]

Certifications are defined as “the action or process of providing someone or something with an official document attesting to a status or level of achievement,”.[17] Examples of certifications include: CompTIA’s A+, CISCO’s CCNA, and Red Hat’s RHCE. Certifications are also typically given out by a non-governmental organizations (IEEE, ACM, CompTIA, CISCO, and Red Hat).[18]

Ethical Code Of Conduct Example[edit | edit source]

Below are examples from IEEE code of ethics/conduct. Excerpts from their code of ethics state:

  • To uphold the highest standards of integrity, responsible behavior, and ethical conduct in professional activities. 
    • Unethical practices such as bribery and illegality
  • To treat all persons fairly and with respect, to not engage in harassment or discrimination and to avoid injuring others.
    • Unethical practices such as discrimination and defamation
  • To strive to ensure this code is upheld by colleagues and co-workers.
    • Adhering to code of conduct and ethical standards[19]

Standardization And Measurable Metrics[edit | edit source]

Certifications tend to have definitive as well as non-definitive codes of conduct and ethics. As such it makes sense to argue that since the more people who have these certifications should at the very least know of more ethical behavior than those who haven’t gotten any. If you were to take two IT workers with the only difference being the certifications they have, you could assume that the worker with certifications from the likes of IEEE and ACM[20] has knowledge of and partakes in their ethical practices. For instance, after taking a IEEE administered exam you must agree to IEEE Code of Ethics.

Many of the ethics and code of conduct feels fairly standard and self-explanatory. However, if it must be stated chances are that it isn’t common knowledge. As well as having a standard and measurable metric of ethics should prove useful. Violation of these ethical concepts results in actions which are not limited to: rejection of certification, revocation of certification, losing ability to apply for certification, and other legal actions and other remedies. Yet, it is important to remember IEEE isn’t the only association which pushes ethics for their certifications as CISCO[21] and Red Hat[22] are just a few of the names that do it as well. The code of ethics and code of conduct in modern certificates granting organizations  are written differently but basically contain the same content and context. Essentially fair competition, integrity, compliance, and conflicts of interest are written between all conducts and are pretty comparable. As well as many accredited technical certifications were written with ethics in mind to not only protect the business but also the workers inside and out of that workplace.

How Compliance Promotes Correct Ethical Behavior[edit | edit source]

Compliance entails conforming to a policy, rule, standard or law and regulations governing a given organization. IT Professional's ethics compliance encourages ethical behaviors, which aids IT professionals in handling any moral dispute that might arise in the workplace. Code of ethics helps us understand if a given principle is right or wrong based on issues relating to the development of electronic technologies.[23] The main objective of ethics compliance is to promote a work culture where all people are treated with dignity and respect; additionally, they reinforce ethical behavior in information technology professionalism.

Promotes Correct Ethical Behavior[edit | edit source]

The aspect of compliance plays a significant role in promoting correct ethical behaviors for IT Professionals. When IT Professionals adhere to respect and confidentiality, maintain professional competence, respect property rights, embrace integrity, honesty and fairness, this goes a long way towards creating a conducive working environment. Additionally, compliance promotes desirable ethical behaviors by uniting all parties involved by subjecting them under similar guidelines.[24] Compliance promotes fair play and competition in the IT sector. Trust and integrity among the parties involved are guaranteed since there is a compliance code of ethics. When ethics are adhered to, illegal conducts are eliminated, and thus IT professional ethical behaviors are promoted.

Prevents Undesirable Ethical Behavior[edit | edit source]

On the other hand, apart from promoting correct ethical behavior, compliance also prevents undesirable IT professional ethical behaviors. This is possible by adhering to the set guidelines and policies—compliance models ethical behaviors and integrity by incorporating the organization's values. Additionally, providing development opportunities for ethical behaviors and implementing best practices prevents undesirable behaviors.[23] Addressing the legal aspects to comply with the local, state, and federal business laws is key to effective, ethical behavior promotion. Adhering to insurance policies that improve safety and reduce insurance claims is another way of preventing undesirable ethical behaviors. Workplace rules and regulations governing all employees such as dress code, attendance, theft, fraud, behavior, sick and personal day policies, record keeping, when adequately implemented, prevent undesirable IT professional ethical behavior.

A good relationship between employees and the management plays a major role in preventing undesirable behavior. This is possible through encouraging unionization to represent workplace issues to the management. When the management gives employees some privileges, they become motivated and more productive, which shuns any unethical behavior. Compliance entails good communication among the employees, the management and the government. Workplace rules should be accurate, equitable, and assist in achieving your objectives by communicating them.[23] If an organization doesn't require workers to read and sign a copy of the corporate rules, they will later assert ignorance, putting you in more legal danger if you try to enforce them. Therefore, it is prudent to present the rules in a company meeting and solicit input, explaining that the company will regularly review and change the rules. Notably, IT professional ethics should not focus on controlling the IT professionals. Promoting compliance to IT ethics motivates and improves the creativity of the IT professionals. To sum up, if all IT Professional ethics are compiled, all the undesirable behaviors will be eliminated.

References[edit | edit source]

  1. Merriam-Webster (n.d.). [Retrieved April 26, 2021, from https://www.merriam-webster.com/dictionary/profession "Profession"]. Merriam-Webster.com. Retrieved April 26, 2021, from https://www.merriam-webster.com/dictionary/profession. 
  2. Merriam-Webster (n.d.). [Retrieved April 26, 2021, from https://www.merriam-webster.com/dictionary/professional "Professional"]. Merriam-Webster.com. Retrieved April 26, 2021, from https://www.merriam-webster.com/dictionary/professional. 
  3. American Medical Association (n.d.). [Retrieved April 26, 2021, from https://www.ama-assn.org/delivering-care/ethics/code-medical-ethics-overview "Code of Medical Ethics Overview"]. American Medical Association. Retrieved April 26, 2021, from https://www.ama-assn.org/delivering-care/ethics/code-medical-ethics-overview. 
  4. American Bar Association (n.d.). [Retrieved April 26, 2021, from https://www.americanbar.org/groups/professional_responsibility/resources/lawyer_ethics_regulation "Lawyer ethics & regulation"]. American Bar Association. Retrieved April 26, 2021, from https://www.americanbar.org/groups/professional_responsibility/resources/lawyer_ethics_regulation. 
  5. Association for Computing Machinery (n.d.). [Retrieved April 26, 2021, from https://www.acm.org/code-of-ethics "ACM code of ethics and professional conduct"]. Association for Computing Machinery. Retrieved April 26, 2021, from https://www.acm.org/code-of-ethics. 
  6. IEEE (n.d.). [Retrieved April 26, 2021, from https://www.ieee.org/about/corporate/governance/p7-8.html "IEEE code of ethics"]. IEEE. Retrieved April 26, 2021, from https://www.ieee.org/about/corporate/governance/p7-8.html. 
  7. a b c Reynolds, George (2015). Ethics in Information Technology (Fifth ed.). Cengage Learning. p. 44. ISBN 978-1-285-19715-9. 
  8. Gotterbarn, Don (2001) (in K. W. Bowyer, ed. Ethics and Computing: Living Responsibly in a Computerized World. 2nd ed). The Ethical Software Engineer. New York: IEEE Press. p. 67. 
  9. Bowyer, Kevin (2001). Ethics and Computing: Living Responsibly in a Computerized World (2nd ed.). New York: IEEE Press. p. 165. 
  10. Kocher, Bob (2014, February 18). [Retrieved April 26, 2021, from https://www.healthaffairs.org/do/10.1377/hblog20140218.036973/full/ "Doctors Without State Borders: Practicing Across State Lines"]. Health Affairs. Retrieved April 26, 2021, from https://www.healthaffairs.org/do/10.1377/hblog20140218.036973/full/. 
  11. CareerOneStop (2018, November 9). [Retrieved April 26, 2021, from https://www.careeronestop.org/toolkit/training/find-licenses.aspx "License Finder"]. CareerOneStop. Retrieved April 26, 2021, from https://www.careeronestop.org/toolkit/training/find-licenses.aspx. 
  12. Code of Federal Regulations. [Retrieved April 26, 2021, from https://www.ecfr.gov/cgi-bin/retrieveECFR?gp=1&SID=f6501c36bed811887d84b7d0e16d5dab&ty=HTML&h=L&mc=true&n=sp29.3.541.e&r=SUBPART "General rule for computer employees"]. p. 29 C.F.R. § 541.400 (2021). Retrieved April 26, 2021, from https://www.ecfr.gov/cgi-bin/retrieveECFR?gp=1&SID=f6501c36bed811887d84b7d0e16d5dab&ty=HTML&h=L&mc=true&n=sp29.3.541.e&r=SUBPART. 
  13. American Speech-Language-Hearing Association. (n.d.). Issues in Ethics: Competition in Professional Practice. https://www.asha.org/practice/ethics/competition-in-professional-practice/
  14. The Code affirms an obligation of computing professionals to use their skills for the benefit of society. (n.d.). Https://Www.Acm.Org/Code-of-Ethics. https://www.acm.org/code-of-ethics
  15. Gardner, T. M., Stansbury, J., & Hart, D. (2010). The Ethics of Lateral Hiring. Business Ethics Quarterly, 20(3), 341–369. https://doi.org/10.5840/beq201020326
  16. An ex-Apple employee has been charged with stealing autonomous vehicle secrets. (2018, July 10). Business Insider. https://www.businessinsider.com/xiaolang-zhang-apple-autonomous-vehicle-secrets-2018-7?international=true&r=US&IR=T
  17. Certification. (n.d.). In Oxford Language. Google. Retrieved April 28, 2021, from https://www.google.com/search?q=define+certification&oq=define+certification&aqs=chrome..69i57.4936j0j1&sourceid=chrome&ie=UTF-8
  18. Reynolds, G. W. (2014). Ethics in Information Technology (5th ed.) [E-book].54-60. CengageLearning.https://repository.dinus.ac.id/docs/ajar/ethics_in_information_technology2c_5th_ed._0_.pdf
  19. IEEE. (2020, June). IEEE Code of Ethics. Institute of Electrical and Electronics Engineers. https://www.ieee.org/about/corporate/governance/p7-8.html
  20. ACM. (2018). ACM Code of ethics. Association for Computing Machinery. https://www.acm.org/code-of-ethics
  21. Code of Certifications Ethics. (2013). CISCO. https://www.cisco.com/c/dam/en_us/training-events/downloads/Cisco_Code_of_Certification_Ethics.pdf
  22. Red Hat. (2019, November 22). Red Hat Partner Code of Conduct. https://www.redhat.com/cms/managed-files/Red_Hat_Partner_Code_of_Conduct_(Final).pdf
  23. a b c Gotterbarn, D. (2017). Computer Ethics, 249-258. https://doi.org/10.4324/9781315259697-27
  24. Stoodley, I., Bruce, C., & Edwards, S. (2013). Experiential ethics education for IT professionals. Professionalism in the Information and Communication Technology Industry. https://doi.org/10.22459/picti.10.2013.12