Big Brother at Work – So What?

AUTHOR

Mary Prior (UK)

ABSTRACT

Background

The paper will present the findings of the author’s continuing work in the area of workplace surveillance.

There is nothing new in the concept of surveillance in the workplace as Lyon [1994] points out with a brief historical survey of the topic. However the advent of new technologies in recent decades has offered the possibility of monitoring individual employees in ways previously not possible. These include keystroke monitoring; time, place and duration of login; telephone call monitoring; internet, network and software usage logs; email interception; remote viewing of monitors; active badges that track employee whereabouts and closed circuit television [Mohammed, 1999]. It has been claimed that the surveillance of workers is becoming, ‘more widespread, more continuous, more intense and more secretive’ [Ford, 1999] largely due to the widespread use of digital technology and availability of cheap surveillance systems [MSF, 2000]. Moreover, while much surveillance in the past was of manual workers in industrial environments it now can, and has been, extended to include the more professional and supervisory classes of employees.

It can be argued that an employer has the right within certain limits to monitor the performance of his or her employees; however there is considerable ground for disagreement over the extent of those rights and limits and frequently there is an absence of debate and agreement between employer and employee representatives as to what constitute reasonable limits.

It is against this background that the work to be presented in this paper is taking place; it is perfectly aligned with the overall theme of the conference, ‘The Transformation of Organisations in the Information Age: Social and Ethical Implications.’

Methodology

The paper will present a rationale for the methodology used to undertake the research and the procedures involved to ensure that the ethical issues raised by the use of human subjects have been addressed.

The Study

In the spring of 2001 a questionnaire was administered to 300 undergraduate students in the Faculty of Computing Sciences and Engineering at De Montfort University, Leicester U.K. concerning (1) use of closed circuit television (CCTV) in the University and (2) the use of CCTV in the workplace. In the Spring of 2002, the questionnaire is to be repeated with a comparable sample of a further 300 undergraduate students. The responses to the questionnaires will be analysed. It is anticipated that this will yield some useful information about the awareness and attitudes of these particular groups of subjects concerning surveillance of their everyday environment in the University and within the workplace.

The results of the 2001 questionnaire suggested that the students surveyed had an easy acceptance of CCTV as a ‘good idea’ but their awareness of the issues raised with respect to its use in the workplace needs to be enhanced. There was a worrying contradiction in an objection to being monitored yet apparent readiness to monitor others. Nevertheless there were interesting differences of attitude between first and second year students on the one hand, and final year students on the other. In addition to being on average two to three years older than the first and second year students the final year group had undertaken a year of industrial placement experience. Both of these factors might be expected to have some influence on their awareness of social and ethical issues in general and of workplace surveillance in particular.

By administering the questionnaire to comparable groups of students in 2002, it will be possible to determine whether or not the same kind of distinctions in response from the different groups of students is present. It is possible that the 2001 results were a reflection of the attitudes of particular cohorts of students. However, if the same perceptible differences of attitude and awareness between the younger (first and second year) and the older (final year) groups of students is also found in comparable groups of students in 2002, this could be indicative of a trend. There may be other interesting findings in the analysis of the views of a total of 600 undergraduate Computing students.

The final year students will be asked about their experience of surveillance during their industrial placement year and whether they would be willing to take part in further studies. This is an extension to the original survey and will help provide a profile of the extent of workplace surveillance among the organisations with whom the students have spent their industrial placement year. These organisations represent a wide cross-section of the U.K. economy, from multinational corporations to small and medium-sized enterprises, from the public sector and the health service to manufacturing and service industries. The extent of students’ experience of surveillance in the workplace may influence their views and this extension to the survey may provide the basis for further work.

Issues

The paper will examine the social and ethical implications of workplace surveillance arising from the study described above and from an examination of the relevant literature.

A number of authors have identified loss of trust and a deterioration in working relationships as an outcome of workplace surveillance [Ford, 1999; Oz et al, 1999]. Furthermore, it has been suggested that in the ‘knowledge economy’ employee autonomy is vital to organisational success and that to the extent that it reduces worker autonomy, intrusive employee surveillance may therefore be found to be counter-productive [Brey, 1999; Green, 1999; Introna, 1999].

Evidence in the support, or otherwise, of these and other possible effects (for example on the physical or emotional well-being of staff) of workplace surveillance will be discussed. Avenues for further research will be identified.

REFERENCES

Brey, Philip (1999) Worker autonomy and the drama of digital networks in organizations. Journal of Business Ethics, vol. 22 (no. 1), 15-25.

Ford, Michael (1999) Surveillance and Privacy at Work. Institute of Employment Rights.

Green, Stephen (1999) A plague on the Panopticon: surveillance and power in the global information economy. Information, Communication and Society, vol. 2 (no. 1), 26-44.

Introna, Lucas D. (1999) Privacy, Autonomy and Workplace Surveillance. Proceedings of the 4th ETHICOMP International Conference on the Social and Ethical Impacts of Information and Communication Technologies, Rome, 5-8 October 1999.

Lyon, David (1994) The Electronic Eye. Polity Press.

Mohammed, E. (1999). An examination of surveillance technology and their implications for privacy and related issues – the philosophical legal perspective. The Journal of Information, Law and Technology, no. 2.
http://elj.warwick.ac.uk/jilt/99-2/mohammed.html accessed 12.02.2001

MSF (2000) Submission to Data Protection Commissioner in Response to Draft Code of Practice on the Use of Personal Data in Employer/Employee Relationships. Manufacturing, Science and Finance Union, December 2000.

Oz, Effy, Glass, Richard and Behling, Robert. (1999) Electronic workplace monitoring: what employees think. Omega, International Journal of Management Science, vol. 27 (no. 2), 167-177.

Onboard Telematics and the Surveillance of Movement

AUTHOR

Colin J. Bennettt (Canada), Priscilla Regan (USA) and Charles D. Raab (Scotland)

ABSTRACT

One of the most interesting and perhaps ambitious applications of geographic information technologies is the development of Intelligent Transportation Systems (ITS) and mobile telematics. The range of applications for these technologies is extensive, and includes services such as the wireless provision of traffic information to drivers, automatic toll collection, law enforcement, the management of commercial vehicle fleets, environmental regulation and the provision of route and location information to the traveler. The technologies are viewed in many jurisdictions as a means of improving traffic control systems and highway safety, increasing the efficiency of commercial and public transport, and enabling safer and better informed travelers.

The application of these new technologies is therefore playing an increasing part in the relationship between business firms (e.g., car manufacturers, rental firms) and their customers. The use of vehicle telematics was introduced to the consumer market in 1996, when the Ford Motor Company unveiled the RESCU (Remote Emergency Satellite Cellular Unit) system in the Lincoln Continental. General Motors made their telematics system, OnStar, publicly available in 1997, and since then, BMW, Mercedes and Infiniti have introduced telematics devices developed by Motorola that are based on GPS and cellular communications systems. The Magellan Corporation has also developed a telematics system, NeverLost, that is gaining consumer and industry support; other branded systems are also being marketed. Vehicles have ceased to be simply a means of transport. They have become technologies in which a range of work and entertainment functions can be enjoyed, which can also process information about the outside world for the benefit of the consumer, and which can relay information about the vehicle and the driver to public safety and law enforcement agencies..

Although onboard telematics systems have been developed and applied by major vehicle manufacturers for the consumer market, their application to the car rental industry provides a particular fruitful subject for analysis. A well-publicised case involving a small car rental agency in the USA has recently brought these issues to the fore. The Acme car rental company, which used satellite technology to track and fine drivers $150 each time they exceeded a certain speed, was ordered by the state of Connecticut to cease the practice and pay back the fines it had collected.

This relatively minor case helps frame many of the issues that the introduction of global positioning technology to vehicles will raise. With these issues in mind, we begin to analyse the emerging practices of the larger car rental firms in the US, Canada and the UK (including Hertz, Avis, Thrifty, Europcar), which already offer onboard telematics-based ‘concierge services’ in their vehicles. Although there is little evidence that onboard telematic systems are currently being used by major firms for monitoring rental customers’ movements, the systems potentially allow an almost unparalleled level of tracking for commercial and regulatory purposes. The history of technology illustrates the prevalence of the development of new applications beyond the ones initially envisaged. By looking at the services available to car renters, we investigate the extent to which these further purposes are emerging, what sorts of data are currently and prospectively collected, to what extent the data would be of interest to public organisations such as law-enforcement agencies and emergency rescue services, and whether users of these systems could exert some choice or control over them. We consider how far the practice of renting a car, the role of the company, and the relationship between the renter and that company are being re-organised as a result of the introduction of location-based technologies. We also enquire into the way in which ITS and mobile telematics play a role in the re-organisation of some state functions in terms of increased capabilities of tracking physical movement and regulating the behaviour of people on the move. Finally, we examine the components of existing legal regimes in each country affect the deployment and marketing of these technologies.

Car rental companies also appear to be employing location-based systems for fleet management and theft control purposes. The technology augments their control and decreases their risks. We look at how risk categories are determined, asking whether certain customers are deemed riskier than others because of racial, gender, class and other factors. If – as the Acme case has demonstrated -speeding restrictions are included as contract provisions and companies impose fines on rental customers for violations, we consider whether such practices might foreshadow a privatisation of law-enforcement, or at least a closer co-operation between rental companies and the police regarding the surveillance of movement.

Thus, beyond concerns about the collection, use and disclosure of the personally-related information associated with onboard telematics systems, there are range of more theoretical issues that expose the dynamic nature of the relationship that is engaged in when one rents a vehicle. These include the intended and unintended consequences for power relations between public and private agencies, and individuals. On a higher level, we also enquire into the relationship between identity and place. How do these location-based systems mediate between both established and changing representations of individual and group identities, and of places? Our analysis of different companies in three different countries permits us to see whether these telematics developments are driven by larger socio-economic and technological forces that span national jurisdictions, or whether distinctive legal and institutional factors have a bearing on their development and application.

Incorporating Ethics into the Software Process

AUTHOR

Stanislaw Szejko (Poland)

ABSTRACT

There is a wide discussion in the community of software users, information system stakeholders as well as researchers, project managers, and developers, on the reasons of software project failures. The failures are typically seen as failing to meet the requirements, over budgeting, exceeding development time or maintenance costs. Infoethics [5] adds violation of the rights of developers, system stakeholders and society.

Preventing the project failures is typically sought in the domain of software development methods and tools, in project management, in requirements engineering, in quality assurance and risk coping strategies. New or modified software development lifecycles are introduced, exploiting quality control [6] , reusability [3] , risk management, or stakeholder identification [1] , as well as maintenance procedures improved [5] .

Software Development Impact Statement (SoDIS) makes a way of addressing the problem of compliance with ethics. The goal of the SoDIS process is to identify significant ways in which the completion of individual tasks may negatively affect stakeholders and to identify additional project tasks or modifications needed to prevent any anticipated problems [2] . This is done in several steps

  • extending the domain of stakeholders identification to all individuals and institutions that are related to the project,
  • making the related impact analysis according to the tasks of the project preliminary plan,
  • incorporating new tasks and modifications that can be used as a means to mediate or avoid the identified concerns into the software project management plan, and auditing them later.

However, a software project means in fact two synergetic efforts: the customer’s process and the supplier’s one. The customer (the buyer) is interested in ordering and getting what he needs, so the main activities of his project include detailing the requirements, validating the sub-products and checking if the product meets the requirements. The supplier is the contractor, or developer, who responds to the buyer for a specific capability [4] . And as the customer and the buyer co-operate in the project but they have their own missions, goals, shareholders, employees and environments, some questions arise:

  • is it feasible for the customer to formulate detailed tasks for the developer? what does he know about developer’s stakeholders, the applied technology, software process organisation (the project preliminary plan can be prepared even before the developer is known)? and why should the buyer think of the supplier’s shareholders?
  • and vice – versa: why should a project manager (developer’s side) bother about customer’s stakeholders whose requirements are not in the contract? who is going to pay for that? isn’t it against his own share- and stakeholders? can we make him responsible for all ‘future usages’ of the software, intended or not, especially for those that harm customer’s environment or society?

The paper suggests that incorporating ethics into the software process could be viewed as follows:

  • impact analysis covering customer’s (buyer’s) stakeholders should be done on the customer’s side and result as in extension of the specified requirements as in new and modified tasks required in the customer’s process, and the project modified plan accordingly;
  • tasks and checkpoints that mutually link and interface the two processes from the ethical point of view should be defined (similarly like requirements validation or product evaluation do today); for example, if a feasibility report is delivered by an external company that could be interested in its results itself, a task of independent evaluation of the proposed solutions could be added;
  • ethics should be assured in software development process, consisting probably of supplying requirements analysis with impact analysis carried for developer’s stakeholders, planning and adjusting the development process, as well as controlling and verifying the ethics policy in the development process.

The scheme treats impact statement activities as decomposed between the customer’s and the supplier’s processes. This way of incorporating ethics into the software development process renounces a bit idealistic assumption that impact analysis can be done on one side aiming all partners, and its results executed on the other side, once more aiming all partners.

It is very interesting if assuring ethics can follow the ideas and solutions that have been already developed for software quality assurance. For example, it is quite typical to have (developer’s side) an independent Software Quality Assurance Group that adapts and introduces standards, measures and controls quality in order to improve the company software process. How about ethics, shall we strive for Software Ethics Assurance teams?

The impact of information and communications technology on managerial practices

AUTHOR

Mike Healy and Jennifer Iles (UK)

ABSTRACT

This paper critically examines the effects of the widespread adoption of advanced information and communications technology (ICT) on the way that organisations are managed.

The Internet technology-enabled enterprise, with its emphasis on global markets and global partners, is often cited as the model for the future commercial development, with the implied or explicit assumption that as organisations strive for competitive advantage in a constantly changing environment, they will be forced to develop more open management structures in order to optimise the benefits offered by new technology. Previous research is cited which claims that the move towards a knowledge-based commercial environment demands the adoption of a continuous improvement paradigm which can only be delivered through a managerial philosophy based on a flattened organisational structure along with the decentralisation of resources and activities. The imperatives for managerial change apply both to new enterprises and to established companies that have implemented major reengineering of their business processes in response to the opportunities offered by ICT. Thus, it has been maintained, bureaucratic organisations – characterised according to the nature of their rules and regulations, impersonality, the division of labour, rationality, authority, and hierarchical structure – are being replaced by decentralised management practices that focus on notions of empowerment. ICT is therefore seen by many as a powerful driver undermining bureaucratic management. In this context managers are increasingly described as co-ordinators and facilitators, and traditional modes of management are seen to be replaced by a new, enabling managerial ethos drawing its inspiration from hands-off leadership and entrepreneurship.

This paper seeks to question those lines of argument by drawing upon the findings of surveys carried out over a period of three years on the use of codes of conduct governing the use of ICT by employees in a wide range of workplaces. The project investigates the establishment and enforcement of codes of conduct governing the use of Internet technology as a means of providing a basis of trust in the e-business context. The paper reports on the findings of a recent survey of over 120 London-based organisations, and investigates the relationships between factors such as organisation size and sector, utilisation of ICT, and the origination, content, enforcement, and perceived effectiveness of codes of conduct.

The findings confirm that that there has been a considerable rise in the number of employees with direct access to the Internet through the Web, and that Internet technology is now used routinely to undertake a range of day-to-day administrative activities, including the processing of significant amounts of sensitive data. The findings relating to management objectives in connection with the introduction of codes of conduct are discussed, as well as the role of organisational culture, employees’ perception of the codes, the impact of the codes on their behaviour, and the rise in the extent and nature of disciplinary cases associated with the misuse of Internet technology at work.

Along with the increased use of ICT within organisations there has been growing public awareness of environmental issues and employment practices as well as concerns relating to electronic information handling. These include concerns about the effectiveness of security systems linked to Internet-based transactions, and the collection, transmission and processing of personal data (information about individuals). Leadership in high-tech organisations is therefore increasingly being forced to address these issues, at the same time as facing increased competition in a context of economic and political instability, the requirement to comply with new legislation regulating the handling of data, and demands for a demonstrable commitment to corporate social responsibility. These factors have provided the imperative for management to assert a greater degree of control over the manner in which ICT is utilised within organisations.

The findings of the study indicate that in order to resolve the contradictions associated with the widespread use of ICT, many organisations are reverting to traditional managerial practices, including increased monitoring of the activities of employees, particularly at operational levels, and expanding the range of disciplinary offences facing employees. The evidence concerning the nature and enforcement of codes of conduct suggests that, rather than alleviating the need for managers assert direct control over employees, the extensive use of ICT is leading to an increasingly interventionist style of management.

The role of information systems personnel in the provision for privacy

AUTHOR

Richard Howley, Simon Rogerson, N. B. Fairweather and Lawrence Pratchett (UK)

ABSTRACT

Many societies throughout the world are currently designing or implementing national schemes for privacy and data protection (PDP). The European provision for PDP is seen by many as a model to follow and or emulate. It is argued here that in order to provide for effective PDP, organisations will need to transform the way they analyse data requirements and design systems. Fundamental to this process is the role of the information systems (IS) professional. This paper reports the findings of a research study into the relationship between IS staff and the provision for PDP within both organisations and information systems.

The study was designed to explore the precise relationship between IS staff roles and the provision for PDP. In order to facilitate this, a research instrument was designed, piloted and applied to distinct groups of IS personnel. In order to define and measure the relationship between IS roles and PDP, the study required respondents to define what roles IS staff perform and to map these roles to particular contributions they can make in supporting the data protection principles found in the United Kingdom 1998 Data Protection Act.

The research instrument was designed for use in focus group sessions and was piloted before being used with respondent groups. In order to seek a broad understanding with regard to IS roles and the relationship between particular staff and particular data protection principles different respondent groups were involved in the study. This provided insight into distinct views of what IS staff actually do and what their relationship is with regard to the data protection principles. As well as seeking input from different staff groups the study also used different techniques for data gathering and analysis. The main research method was to apply the research instrument within focus groups, this was supported by semi-structured interviews with particular staff to gain detailed and or specialist insights. Data analysis was undertaken using content analysis.

Findings are presented from groups and compared, with suggested explanations for differences noted. The main findings presented include:

  1. That all eight data protection principles are supported by IS staff.
  2. Some principles are reported as being marginal to the IS role whilst others are seen as fundamental responsibilities of the IS profession. Evidence is presented to inform and explore this finding.
  3. Some IS staff have a strong relationship to a highly specific, and sometimes small, sub-set of the principles whilst the relationship of other staff is more generic in nature and applied to a wider range of principles. These variations are reported in the paper and the implications at an organisational level considered.
  4. Both organisational and technical aspects of PDP provision must be considered and aspects of each are identified and considered.

The increasing pressure on organisations to provide for PDP has led to the identification of IS staff as key contributors. It is suggested in this paper that whilst it is accepted that the IS profession has a contribution to make; the precise nature of that contribution has yet to be articulated. This paper provides a starting point in that process and identifies future research areas and themes in this important field. A precise mapping between IS staff and the particular data protection principles they have a responsibility to support emerges out of the research. IS staff and the systems they produce are increasingly seen as key organisational providers of PDP; this study identifies strategies that can be employed to support both IS staff and organisations meet their PDP obligations and in doing so it highlights significant implications for the transformation of the organisations in the information age.

The Opportunities and Challenges of Implementing E-Procurement

AUTHOR

Noor Raihan Ab Hamid and Zaifuddin Majid (Malaysia)

ABSTRACT

The advent of Internet technology has spurred various innovative applications that business organizations could take advantage of. Among the crucial business application using the Internet technology is Electronic Procurement (E-Procurement), which is a method of procurement using the electronic catalog and automated workflow processes. The processes involved are Product Requisition, Selection Of Order, Issuance Of RFQ, Purchase Order Acknowledgement, Evaluation Of Proposal, Negotiation /Award Of Contract, Issuance Of Purchase Order, Fulfillment of Orders and Payment Of Order, all of which are conducted electronically via a low cost technology, the Internet. Although E-Procurement is still at its infancy stage in Malaysia, projection has indicated that sales of products and services via the Internet in Malaysia have the potential to grow from RM 46 Million to RM 1 Billion by 2003.

Motivated by low investment in the enabling technology and potential annual savings, companies are moved to explore the promises that this new application has to offer. The participating companies in E-Procurement would be that of buy-side and sell-side in a trading community. The sellers and buyers communities need a computer, modem and online Internet services. A service provider connects the communities’ via a web technology. Therefore transactions done using a standard format file are transmitted electronically to the sellers simply via the services provider’s web portal. The seller using a web browser can later access the file to then respond on line or change the requirement in accordance to the standard of procurement procedure. The service provider will send the purchase order for evaluation and publish the award of contract using a web browser, in which at a later time, a seller can check for the payment status. All of these electronic processes enable buyers and sellers to access accurate information instantaneously, eliminating the delays to wait for faxes and multiple telephone calls during price negotiations. These makes E- Procurement a cost effective solution to businesses.

This research aims to study the impact of E-Procurement adoption on Malaysia industries. This paper presents empirical data on how companies are reaping substantial benefits from E-Procurement. Various organizational objectives of implementing E-Procurement are also highlighted. In addition, this study discusses the opportunities and challenges of introducing new technology into an organization where researchers cited experiences and lessons to be learnt from a few local business cases. In collecting the data, face-to-face opinion survey with 32 respondents each representing a company was conducted. Industries selected ranges from industrial to services sector. In analyzing the data, descriptive analysis using mean and frequency were applied.

The results indicated that firms realized significant cost savings where in general a company is able to have at average of 10% reduction on the current material and services cost. However there is a slight difference on cost reduction in the manufacturing sector. This may be due to the implementation lag as manufacturers are still using the old method in some of the procurement processes. It is also found that buyers are able to speed up the Purchase Order process to 2 days, compared to the traditional process where the cycle time needed was 6 to 10 working days. Thus enabling them to increase the frequency of orders at a given time. In addition, reduction in processing time allows buyers spend more time on added value activities such as analyzing the inventory movement or supplier relationship management. The analysis indicated that telecommunication and manufacturing sectors marked the highest mean (4.43) in reducing purchase order cycle time.

Besides that, respondents index score indicates that the average cost for a traditional procurement is RM380 to RM400. On the other hand, 68% of the respondents agreed that E-procurement helps reduce administration cost around RM80 per purchase transaction. Furthermore, from the survey response E-Procurement also facilitates in reducing the inventory cost on the average of 25%. Results showed that trading and services industry score the highest mean (4.30) while manufacturing sector scored the lowest. Respondents suggested that E-Procurement helps to reduce the cost by lowering the manpower cost, storage system cost, and shipping arrangement cost. They also agree that as a result of adopting E-Procurement, they can better manage their supply chain activities.

In spite of all the benefits that E-Procurement produces, the challenges of implementing this application do exist. Lessons learnt from a few local service provider companies that have embarked on the E-Procurement endeavor indicated that factors such as incompetent infrastructure, global competition, human resistance to change and conflicting policies and standards pose immense pressure for the companies to move forward. According to an E-Procurement service provider, Malaysians are not ready for the Multimedia Super Corridor (an advanced local cyberspace project), because of the lack of technical expert competency, especially in highly technical skills in the area of Computer Networking System and ATM technology. Thus when dealing with technical issues in the discussion with International vendors, the local engineers may be lacking in support of arguments, losing control in the implementation and contributing less to solve the problem. Lastly, the vendors may bring more external expert to support them and as a result there will be an increase in cost.

Besides that, the biggest challenge among other challenges facing the buy-side community is when suppliers are not willing to share the information openly with all the members of the supply chain by providing all information into the E-Catalog. A buyer may be trapped in a situation when he compares the products costs without knowing the details in the quality specification as well as a good delivery time option.

In conclusion, while the effort still remains costly to some, businesses try to improve their E-Procurement processes. They adopted a long-term plan, as they believe that E-Procurement will appear to be a strategic approach of purchasing activity, particularly in the reducing transactional costs and pricing for their products. This research concluded that E-Procurement allows firms to expedite the purchasing process, and thus resulted in a more efficient supply chain management.