ETHICOMP1999 – Rome, Italy

ETHICOMP99logo

LOCATION
LUISS Guido Carli University, Rome, Italy

DATE:
6th to 8th October 1999

HOSTED BY:
Research Centre in Information Systems LUISS Guido Carli University, Rome, Italy
Centro di Ricerca sui Sistemi Informativi della LUISS Guido Carli V.le Pola, 12, I-00198 ROMA

IN ASSOCIATION WITH:
Centre for Computing and Social Responsibility, De Montfort University, UK
Research Center on Computing and Society, Southern Connecticut State University, USA

CONFERENCE DIRECTORS:
Professor Terrell Ward Bynum, Southern Connecticut University, USA
Professor Alessandro D’Atri, LUISS Guido Carli University, Rome, Italy
Dr Antonio Marturano, LUISS Guido Carli University, Rome, Italy
Simon Rogerson, De Montfort University, UK

Continue reading “ETHICOMP1999 – Rome, Italy”

Email, Voicemail, and Privacy: What Policy is Ethical?

AUTHOR
Marsha Woodbury

ABSTRACT

“What should we do about our employees and their email?” That is the question that business people repeatedly asked Computer Professionals for Social Responsibility (CPSR). After many such requests to our organization, we attempted to construct guidelines that we could endorse. This paper will outline the guidelines that we proposed and will discuss the public reaction to them. Are they practical? Do they follow ethical strictures? What has happened since CPSR stepped into the fray? This paper will try to answer those questions.

There is obviously a tension between the employee’s right to privacy and the business’ right to control what goes on in the workplace. Also, before digging into the topic, I would like to emphasize that you as a company should endeavor to change your overall policy as little as possible. As Scott Adams has written, the person doing the work of the company-the hands-on person-is central to the company, and creating policies is one step removed. The policy, in short, should get out of the way of the worker. (The Dilbert Principle, Scott Adams, NY: Harper Business, 1996, p. 317) The average person is only mentally productive a few hours a day no matter how many hours are “worked,” and your email and voicemail policy should endeavor not to kill happiness and creativity.

And now, to the discussion of policy. The original guidelines that we proposed are: CPSR’s Sample Electronic Mail and Voice Mail Use Guideline

Email and Vmail are corporate assets and critical components of communication systems. The Email and Vmail systems are provided by the company for employees to facilitate the performance of company work and their contents are the property of. Although the company does not make a practice of monitoring these systems, management reserves the right to retrieve the contents for legitimate reasons, such as to find lost messages, to comply with investigations of wrongful acts or to recover from system failure.

Personal use of Email or Vmail by employees is allowable but should not interfere with or conflict with business use. Employees should exercise good judgment regarding the reasonableness of personal use. A junkmail group and other ad-hoc mail groups are available for employees to exchange information or post personal notices (i.e. “for sale”, “for rent”, “looking to buy”, etc.). Employees may sell items or post messages on junkmail or other ad-hoc mail groups as long as they do not violate the law or company policies.

Use of Email and Vmail is limited to employees and authorized vendors, temporaries, or contractors. Employees and authorized users are responsible to maintain the security of their account and their password. They should change their password quarterly and take precautions to prevent unauthorized access to their mailbox by logging off when possible if their terminal is unattended. (Unauthorized entry to an individual’s account or mailbox poses system security issues for other users.) Email and Vmail passwords should be at least 6 alphanumeric characters including at least one numeric character for Email.

  1. Efficient Usage
  2. Efficient use of the Email and Vmail systems suggests that messages should be concise and directed to individuals with an interest or need to know. General notice bulletins may be sent to public groups, news groups local to , junk mail, or specific work groups. Standards for global mailings can be found in (some location)

    Vmail messages which have been read will expire after seven days. This is a limitation of the disk storage capacity of the voicemail system.

  3. Misuses of Electronic mail and Voicemail Misuse of Email/Vmail can result in disciplinary action up to and including termination
  4. Examples of misuse includes the following:

    Prohibits obscene, profane or offensive material from being transmitted over any company communication system. This includes, for example, accessing erotic materials via news groups. Also, messages, jokes, or forms which violate our harassment policy or create an intimidating or hostile work environment are prohibited. Use of company communications systems to set up personal businesses or send chain letters is prohibited. Company confidential messages should be distributed to personnel only. Forwarding to locations outside is prohibited. Accessing copyrighted information in a way that violates the copyright is prohibited. Breaking into the system or unauthorized use of a password/mailbox is prohibited. Broadcasting unsolicited personal views on social, political, religious or other non-business related matters is prohibited. Solicitation to buy or sell goods or services is prohibited except on junkmail or ad-hoc mail groups.

  5. Responsibility for this policy
  6. “A specified department in the company” is responsible to ensure the efficient use of systems according to this policy. Where issues arise, the department will deal directly with the employee (and notify their manager where appropriate). The interpretation of appropriate use and future revisions of this policy are the responsibility of “a committee”or an appointed official.

    As soon as we published our guidelines electrically, our members proposed amendments. (David Levinger and Carl Page, http://www.cpsr.org/dox/program/emailpolicy.html, Sept. 19, 1997) Basically, they suggested three things:

    1. The level of email monitoring should be made clear. For example, the company ought to state that email will not be monitored or reviewed for the purposes of enforcing managerial authority.
    2. The language of “efficiency” bothered some of our members. They wanted companies to orient their policy to more human values and individual rights.
    3. Proper disclaimers on external postings are important.

    Also soon after our proposal was made public, we also received a post from a labor union representative, who urged that “prohibitions against political opinions should be amended to allow for messages of interest to the members of a unionized workforce.” (Gary E. Schoenfeldt, http://www.cpsr.org/dox/program/emailpolicy.html, Sept. 19, 1997)

    Had CPSR overlooked anything else? Indeed, we had neglected a rather large area concerning the nature of the communications themselves. As one respondent put it, “Its more important aspects are related to its role in recording the on-going business of the organization and legal risks associated with its use and abuse. One of the most important aspects of email, vmail and other electronic documents, is that they constitute organizational records in many if not most cases. Where I have done studies of email usage and policy in organizational settings, I have found that the large percentage of employees do not have a clue what is and is not a record, least of all with respect to email/vmail. And they have little or no understanding of what their responsibilities are in this respect.” (Rick Barry, http://www.cpsr.org/dox/program/addition.html, Sept. 19, 1997). Barry also recommended that the the policy should say that the author of any email be promptly notified after the fact if an email message has been accessed, and told why.

In sum, the subject of handling email and vmail in the workplace became a deeper and more complicated issue than our organization had initially appreciated. We wandered from privacy into freedom of information and from pornography to protest. We are still on this journey. My final paper will deal in more detail with each of these separate issues.

The Development of Computer Ethics: Contributions from Business Ethics and Medical Ethics

AUTHOR
Kenman Wong and Gerhard Steinke

ABSTRACT

Computer / Information Technology (IT) ethics is generally considered to be a branch of applied ethics. Although there is an impressive body of literature containing moral reflection on new forms of technology (broadly defined) and their potential impact on society, the more specific area of IT ethics is a relatively new field of inquiry. It is therefore not surprising that, to date, little effort has been made to examine the connections between this area and older, more developed fields of applied moral reflection such as medical ethics and business ethics.

There are several important reasons why this task should be undertaken. Practitioners operating in the field of information technology are faced with challenges which are qualitatively similar to those raised in these other fields. For example, like many dilemmas in medical ethics, the field of IT ethics must also respond to the question: “just because we can, should we?” with respect to new advances in technology. Moreover, since many of the gains in computing have been and are being utilized by corporations to enhance the bottom line, information technology professionals are also faced with business ethics dilemmas which pit the consideration of profit versus other social goods, such as privacy and human well-being. An example of the intersection of these fields is the issue of privacy in genetic testing and medical records management.

Although medical ethics has enjoyed much more success at this endeavor, both it and business ethics have made significant inroads in becoming a part of “the dialog” among professionals in their respective fields. Some professions have a recognized and widely accepted set of prescribed ethical statements. In addition, the educational process in the medical and business fields include a strong component of ethics. IT curricula has yet to develop this common emphasis and content of ethical education.

We highlight specific developments in the fields of medical ethics and business ethics which we believe can make significant contributions to the development of IT ethics. We have issues such as the following in common:

  • Concern with the development of normative stances on professional dilemmas.
  • Concern with developing proper meta-ethical theories and decision making models.
  • Shared goal of becoming a part of the dialog among professionals in their respective fields.
  • Concern with influencing public policy and developing professionally enforced standards of conduct.
  • Shared challenges in speaking to academicians, professionals and the broader public.

We also address possible objections, e.g., medicine is concerned with healing patients, business ethics with profit maximization, and IT ethics with neither. Thus, they are not very useful for one another.

Thus, the field of information technology ethics potentially stands to gain tremendously in understanding how these fields have come to make such strides in development and general acceptance, and in comprehending their respective shortcomings. In this paper, we examine the potential for constructive interaction between these three fields of reflection. We argue that the areas of overlap among the fields have been underestimated, and, as a result, extremely useful resources have been largely ignored in the development of IT ethics.

Going for broke, not brokerage: what the virtual university can ethically bring to the electronic marketplace

AUTHOR
Ian Kennedy White and Rosane Pagano

ABSTRACT

This paper argues that there is an ethical choice to be made when implementing the virtual university. Either the electronic commerce model is adopted, with the necessary consequences for the tutor-learner relationship; or an alternative is sought in the professional pledge that a university requires its members to make, as part of a community. The paper begins by considering the growing importance of electronic commerce as a model to be applied to the extension of distance learning and thence by implication to the notion of a virtual university. What follows from this, as the moral grounds of the professional-client relationship in the virtual university, are then examined. Attempts to ground its legitimacy in the stakeholder model, as a variant of what underlies electronic commerce, are shown to be inadequate. Instead a covenantal model is proposed as the basis for such grounding. It is suggested that, unlike a contractual model, the covenantal model can embody the recognition of the learning process as a transformative act, and one that is fundamentally social, not individual. Only by confronting the ethical choice posed by these two models can the legitimacy of the virtual university in a world of the future be addressed.

Characteristics correlated with an individual’s predisposition to making a computer related ethical judgement

AUTHOR
Cheryl Welch

ABSTRACT

As computer technology is assimilated more and more into society and the business environment the issues of computer fraud, sabotage, illegal software copying, viruses, and hacking will become more empirically measurable. Until that time, these issues must not be shunned just because they do not easily lend themselves to empirical testing. Through the use of the ethical decision making model in identifying the enduring characteristics correlated with decision making we may be able to understand the thought processes of the computer abuser.

The purpose of this study was to identify the inherent characteristics that are correlated with an individual’s predisposition to making a computer-related ethical judgment in accordance with a behavioral model of ethical and unethical decision making developed by Harrington (1992). The inherent characteristics identified were negative-affectivity, other-directedness, moral perspective, locus-of-control, and denial-of-responsibility. Data for this study were gathered using questionnaires. The questionnaires were administered to undergraduate and graduate business students enrolled in a computer course.

They study was helpful in understanding the computer abuser. The data analyzed seemed to suggest the enduring characteristics of other-directedness, negative-affectivity, locus-of-control, moral perspective, and denial-of-responsibility are significant factors in determining ethical and unethical decision making. The scenarios used on the questionnaire presented situations that were clearly moral in nature, yet participants responded favorably to questions where it would be acceptable to alter behavior. It would seem that individuals place personal wealth and security values above honesty and property rights.

Demographics, in general, had little relationship to the responses in the instrument. Education and job tenure were correlated with locus-of-control and denial-of-responsibility. Higher levels of education would prepare an individual to take control of a situation by devising solutions and evaluating the outcome of each one before implementing. The longer an individual is on a job, the greater the likelihood that he will experience a situation where he could use the organizations resources to his benefit and rationalize the act. These findings suggest continued education programs for employees over the term of employment.

According to the responses to this survey, nearly 93% of the respondents reported never taking a course in computer ethics. Any instructor who wants to install a sense of ethical use of computers in students might address the topics of spreading viruses, sabotage, hacking, fraud, and illegal software copying. The ethical decision making model and its corresponding individual characteristics will prove helpful in getting everyone to see a situation from the same perspective.

Overall, analysis of the data indicated an individual’s intent to perform the computer abuse was found to be a function of negative-affectivity and the interaction of the individual factors of other-directedness, moral perspective and denial-of-responsibility. Negative-affectivity was significant to understanding decision making in different kinds of situations and the degree to which individuals are likely to attribute personal control in the same situation.

People-Centred Information Systems Development

AUTHOR
Julie Ward and Clare Stephenson

ABSTRACT

Our paper was conceived during our undergraduate course, and is continuing to expand with our life and work experiences. We feel our work has close links with the ethical issues in computing today, and this will be examined in detail through our principles of design and two case studies, where our ideas were put into practise. Through the case studies we were able to document how our principles were easily transferrable into “real life” situations and proved highly successful for all involved.

The 14 principles

The main points that influence our principles of systems design are closely linked to Pain et al (1993). Human-Centred Systems Design, they are as follows:

  • The empowerment of people is more important than the efficiency of the organisation.
  • The provision of good information facilitates empowerment.
  • Communication, commitment, co-ordination, and co-operation should permeate any project. Control should not be the primary concern.
  • The organisational context of a problem situation needs to be as fully understood as possible before any systems design can take place.
  • To achieve the above analysts need to become a part of the organisation to fully understand the context.
  • We aim to facilitate participative design, which should also be emancipatory by the inclusion of all groups in the organisation and the breaking up of power groups.
  • The dynamics between people in the organisation need to be analysed and taken into account for any new system to work.
  • There is a need to take a bottom-up and top-down approach simultaneously. This could also be viewed as inside-out and outside-in development.
  • As analysts we need to be sympathetic to the difficulties that occur when raising levels of IT awareness.
  • We need to continue to develop our abilities in alleviating people’s fears surrounding technology.
  • The framework should evolve to suit the context of the problem space; it should bedynamic.
  • As analysts we should not walk away as soon as a system is in place.
  • A technical solution is not always the best answer.
  • The organisation should be left with a sustainable and maintainable system which empowers the people by providing the information they require.

Our working practice places emphasis on qualitative rather than quantitative analysis. This we feel allows for ethical considerations to become part of the solution space. We act as agents of change, while using a “hands-on” approach within the organisations, because we recognised that mainstream formal methods alone are inadequate.

The similarities between the following case studies are that they were both small organisations with very limited IT knowledge. However they were very different in structure and in their levels of available technology.

Case Study One

The Care Forum (TCF) is an umbrella organisation in the voluntary sector who promotes the participation and involvement of voluntary user-led and carer groups in the development and planning of health and social care services.

Within this case study we tackled

  • Practical day to day problems with a bottom up strategy.
  • We set up an IT slot in the weekly staff meetings.
  • We facilitated them in the use of good working practices, which would enhance their image to outside organisations.
  • We repeatedly went back to different users for clarification of their understanding of the use of technology and their organisational needs.
  • We swopped jargon sheets and continually added to these
  • We were committed to being as approachable as possible and not setting ourselves up as ‘the experts in their office’.

Case Study Two

Bristol Friends of the Earth (Bristol FoE) is a very proactive organisation, whose main aim is to campaign on local environmental issues and to support and empower groups and individuals to help provide a sustainable future for the world. Members of Bristol FoE regard themselves primarily as front line campaigners, whose office and fund-raising activities come as secondary.

  • We did not set ourselves up as experts
  • We kept our language jargon-free
  • We identified with the FoE cause
  • We were not afraid to ask them for information
  • We were able to be flexible because we were not restricted by a rigid methodology
  • Our working style is creative, innovative, and adhoc, which mirrors that of the organisation. We are both equally unstructured (in the traditional sense) yet extremely effective
  • We consciously chose to wear casual clothes, being aware that dressing differently would not fit in with the organisational culture and would quite probably put up barriers

We believe that People-centred Information Systems Development is a way of life, it is not something that has been invented but is an evolutionary framework. It needs a philosophical shift in thought and is not something that can just be picked up and used like formal methods. There are no pre-defined sequence of events as it requires experiential and “tacit” knowledge to be successful.