Please read the case and answer 3 questions at the end:
Ethics, Moral Dilemmas, and Tough Decisions: The Many Challenges of Working in IT.
What Bryan found on an executive’s computer
six years ago still weighs heavily on his mind.
He’s particularly troubled that the man he
discovered using a company PC to view pornography of
Asian women and of children was subsequently promoted
and moved to China to run a manufacturing plant. “To this
day, I regret not taking that stuff to the FBI.” It happened
when Bryan, who asked that his last name not be published,
was IT director at the U.S. division of a $500 million multinational
corporation based in Germany.
The company’s Internet usage policy, which Bryan
helped develop with input from senior management, prohibited
the use of company computers to access pornographic
or adult-content Web sites. One of Bryan’s duties was to use
products from SurfControl PLC to monitor employee Web
surfing and to report any violations to management.
Bryan knew that the executive, who was a level above
him in another department, was popular within both the
U.S. division and the German parent. Yet when the tools
turned up dozens of pornographic Web sites visited by the
executive’s computer, Bryan followed the policy.
“That’s what it’s there for. I wasn’t going to get into
trouble for following the policy,” he reasoned.
Bryan’s case is a good example of the ethical dilemmas
that IT workers may encounter on the job. IT employees
have privileged access to digital information, both personal
and professional, throughout the company, and they have the
technical prowess to manipulate that information. That gives
them both the power and responsibility to monitor and report
employees who break company rules. IT professionals
may also uncover evidence that a coworker is, say, embezzling
funds, or they could be tempted to peek at private salary
information or personal e-mails. There’s little guidance,
however, on what to do in these uncomfortable situations.
In the case of the porn-viewing executive, Bryan didn’t
get into trouble, but neither did the executive, who came up
with “a pretty outlandish explanation” that the company accepted,
Bryan says. He considered going to the FBI, but the
Internet bubble had just burst and jobs were hard to come
by. “It was a tough choice,” Bryan says. “But I had a family
to feed.”
Perhaps it would ease Bryan’s conscience to know that
he did just what labor attorney Linn Hynds, a senior partner
at Honigman Miller Schwartz and Cohn LLP, would have
advised in his case. “Let the company handle it,” she says.
“Make sure you report violations to the right person in your
company, and show them the evidence. After that, leave it to
the people who are supposed to be making that decision.”
Ideally, corporate policy takes over where the law stops, governing
workplace ethics to clear up gray areas and remove
personal judgment from the equation as much as possible.
“If you don’t set out your policy and your guidelines, if
you don’t make sure that people know what they are and
understand them, you’re in no position to hold workers accountable,”
says John Reece, a former chief information officer
at the Internal Revenue Service and Time Warner Inc.
Having clear ethical guidelines also lets employees off
the hook emotionally if the person they discover breaking
the policy is a friend, someone who reports to them directly,
or a supervisor, says Reece, who is now head of consultancy
at John C. Reece and Associates LLC. Organizations that
have policies in place often focus on areas where they had
trouble in the past or emphasize whatever they are most
worried about. When Reece was at the IRS, for example, the
biggest emphasis was on protecting the confidentiality of
taxpayer information.
At the U.S. Department of Defense, policies usually
emphasize procurement rules, notes Stephen Northcutt,
president of the SANS Technology Institute and author of
IT Ethics Handbook: Right and Wrong for IT Professionals.
Adding to the complexity, an organization that depends on
highly skilled workers might be more lenient. When
Northcutt worked in IT security at the Naval Surface
Warfare Center in Virginia, it was a rarefied atmosphere
of highly sought-after PhDs. “I was told pretty clearly that
if I made a whole lot of PhDs very unhappy so that they
left, the organization wouldn’t need me anymore,” says
Northcutt.
Of course, that wasn’t written in any policy manual, so
Northcutt had to read between the lines. “The way I interpreted
it was: Child pornography, turn that in,” he says. “But
if the leading mathematician wants to download some pictures
of naked girls, they didn’t want to hear from me.”
Northcutt says that he did find child porn on two occasions
and that both events led to prosecution. As for other
offensive photos that he encountered, Northcutt pointed out
to his superiors that there might be a legal liability, citing a
Supreme Court decision that found that similar pictures at a
military installation indicated a pervasive atmosphere of sexual
harassment. That did the trick. “Once they saw that law
was involved, they were more willing to change culture and
policy,” Northcutt says.
When policies aren’t clear, ethical decisions are left to
the judgment of IT employees, which varies by person and
the particular circumstances. For example, Gary, a director
of technology at a nonprofit organization in the Midwest,
flat-out refused when the assistant chief executive officer
wanted to use a mailing list that a new employee had stolen
from her former employer. Yet Gary, who asked that his last
name not be used, didn’t stop his boss from installing unlicensed
software on PCs for a short time, although he refused
to do it himself. “The question is, how much was it really
going to hurt anybody? We were still going to have 99.5 percent
compliant software. I was OK with that.”
He says he uninstalled it, with his boss’s approval, as
soon as he could, which was about a week later.
Northcutt argues that the IT profession should have two
things that professions such as law or accounting have had
for years: a code of ethics and standards of practice. That
way, when company policy is nonexistent or unclear, IT professionals
still have standards to follow.
That might be useful for Tim, a systems administrator
who works at a Fortune 500 agricultural business. When
Tim, who asked that his last name not be published, happened
across an unencrypted spreadsheet of salary information
on a manager’s PC, he copied it. He didn’t share the
information with anyone or use it to his advantage. It was an
impulsive act, he admits, that stemmed from frustration with
his employer. “I didn’t take it for nefarious reasons; I just
took it to prove that I could,” he says.
Tim’s actions point to a disturbing trend: IT workers are
justifying their ethically questionable behavior. That path
can end in criminal activity, says fraud investigator Chuck
Martell. “We started seeing a few cases about seven or eight
years ago,” says Martell, managing director of investigative
services at Veritas Global LLC, a security firm in Southfield,
Michigan. “Now we’re investigating a tremendous amount
of them.”
Whole Foods Market Chairman and CEO John Mackey
spent years earning a positive reputation as a corporate
leader who was not afraid to take a stand on ethics issues.
Before other companies figured out that it pays to be environmentally
friendly, Whole Foods led by setting standards
for humane animal treatment. In 2006, Mackey took the
bold step of reducing his own annual salary to one dollar,
pledging money instead for an emergency fund for his staff.
Not shy about expressing his views, Mackey challenged leading
thinkers, like Nobel Prize–inner Milton Friedman, on
business ethics issues. Like many leaders, Mackey seemed to
relish the public spotlight.
On July 20, 2007, however, Mackey got more than he
bargained for in terms of publicity.The Wall Street Journal
reported that Mackey had long used the pseudonym “Rahodeb”
to make postings in Yahoo Finance forums that flattered
his own company and leveled criticisms against the
competition. Serious financial and possibly legal repercussions
continue to unfold from this incident, and the final
consequences may not be known for some time.
Amid the furor that followed this disclosure of Mackey’s
secret online alias, it is vital that we not lose sight of the
critical issues it raises about ethics and leadership in a rapidly
evolving business world. There is no question that the current
climate has prompted many more companies to tackle
ethics issues.
By now, “business ethics” is an established part of doing
business, not just in the United States, but also increasingly
around the world. People no longer joke that “business ethics
is an oxymoron,” as society has come not merely to expect,
but to demand, that business conduct itself according
to basic rules of ethics and integrity. Business will always
need to pay attention to ethics and leadership, but these lessons
are continually challenged by new developments, including
technological advances that promote new kinds of
communication online. Business leaders cannot afford to
overlook these challenges, as even a single misstep can be
enough to undo a reputation for ethical leadership.
QUESTIONS:
1.Companies are developing ethical policies and guidelines
for legal reasons, but also to clarify what is acceptable
and what is not. Do you think any of the issues raised in
the case required clarification? Would you take exception
to any of them being classified as inappropriate behavior?
Why do you think these things happen anyway?
2.In the first example (Bryan’s), it is apparent that he did
not believe justice had been ultimately served by the
decision his company made. Should he have taken the
issue to the authorities? Or was it enough that he reported
the problem through the proper channels and
let the organization handle it, as was the recommendation
of Linn Hynds? Provide a rationale for the position
you are willing to take on this matter.
3.In the case, Gary chose not to stop his boss from installing
unlicensed software, although he refused to do
it himself. If installing unlicensed software is wrong, is
there any difference between refusing to do it versus
not stopping somebody else? Do you buy his argument
that it was not really going to hurt anybody? Why or
why not?
