Ethics for ICT Professionals

By Tom Worthington FACS HML

For the ANU Perspectives on Computing (COMP1200)

Contents

  1. Introduction
  2. Ethical Conduct and Practice
  3. Web Defamation
  4. Sydney Olympics Case
  5. The Perils of e-Voting
  6. Conclusion

Introduction

Professional ethical issues can occur in developing any Information Technology system. However, the Internet and web allow many more people around the world to quickly connect to an IT system. As a result professionals are more likely to confront ethical issues when dealing with the Internet and the World Wide Web. Professionals may be called to account for their actions not only in their own country, but in any jurisdiction in the world.

Ethics (from the Ancient Greek ethikos, the adjective of ethos "custom, habit"), a major branch of philosophy, is the study of values and customs of a person or group and covers the analysis and employment of concepts such as right and wrong, good and evil, and responsibility. It is divided into three primary areas: meta-ethics (the study of the concept of ethics), normative ethics (the study of how to determine ethical values), and applied ethics (the study of the use of ethical values).

From: Ethics, Wikipedia, 2007

The President of the Australian Computer Society provided a much shorter definition of ethics:

Doing the right thing even when no one looking.

From: Philip Argy, as reported at the ACS Canberra Branch Conference 2007, 2007

Professional ethics are mainly concerned with applied ethics (as used in the workplace). However, research sponsored by the Australian Computer Society, is being carried out at ANU on meta-ethics and normative ethics as part of understanding how ethics can be better applied to the professional. From the pragmatic individual's point of view, ethics can help lower your insurance costs and keep you out of jail.

ICT and the Stock Market

Trading floor of the New York Stock Exchange

"THE US stock market lost a measure of trust with traders when computer malfunctions sent the Dow Jones Industrial Average plummeting 178 points in a minute last Tuesday.

"The system should be able to handle the capacity when you have high-volume days," Thornburg Investment Management, trading Thomas Garcia says. Thornburg oversees about $US34 billion ($43.4 billion) in Santa Fe, New Mexico. "If I was making decisions based on bad data, I have a huge problem with that."

Dow Jones says its computers were responsible for the sudden nosedive in the 30-stock benchmark about an hour before markets closed because they failed to keep up with trades. ...

Some NYSE floor brokers resorted to pen and paper to complete trades, while others scrambled to keep up with orders after an overnight sell-off in Chinese stocks spread globally and sparked the biggest US rout in four years. ..."

Computers blamed for stock crash, Australian IT, MARCH 06, 2007

ICT and Military Aircraft

The F-22 military aircraft uses MIL-STD-1394B, a military version of FireWire. In "The Electric Jet" by Edward H. Phillips, Avaiation Week, 5 February 2007, the use of multiple data busses and redundant processors were discussed to minimize the effect of a failure of the computers in the F-35 and F-22. The use of "watch dog timers" to detect runaway processor failures was used to illustrate this, but it could have been such timers overflowing which caused the problem with the F-22:

F-22 Raptor fifth generation stealth fighter aircraft

While attempting its first overseas deployment to the Kadena Air Base in Okinawa, Japan, on February 11, 2007, a group of six Raptors flying from Hickam AFB experienced multiple computer crashes coincident with their crossing of the 180th meridian of longitude (the International Date Line). The computer failures included at least navigation (completely lost) and communication. The planes were able to return to Hawaii by following their tankers in good weather. The error was fixed within 48 hours and the F-22s continued their journey to Kadena. ...

F-22 Raptor, Wikipedia, 10 March 2007

Ethical Conduct and Practice

The ACS has a Code of Professional Conduct and Professional Practice, incorporating a code of ethics which requires all members to act with professional responsibility and integrity. The code is only binding on members of the ACS. But other professional bodies have similar codes. Courts are likely to use such codes when judging the actions of professionals, even if they are not a member of a particular body.

Essentially the profession has a contract with the community: in return for governing our members we will protect the public interest.

The code goes into more detail on points in the ACS Code of Ethics:

  1. The Public Interest
  2. Integrity
  3. Confidentiality
  4. Objectivity and Independence
  5. Competence
  6. Keeping Up-To-Date
  7. Subordinates
  8. Responsibility to your Client
  9. Promoting Information Technology
  10. The Image of the Profession and the Society

Each individual professional must decide the correct ethical course in each case. You may have to act against the directions of your superiors to act legally, or against the law to act ethically. Being a member of a professional body, can help. But ultimately it is for the professional to decide.

ACS/ARC/CAPPE ethics research

In early 2005 the ACS announced that it had joined with the Centre of Applied Philosophy and Public Ethics to research IT ethics.

The ACS has partnered with the Australian Government's Australian Research Council (ARC) the Centre of Applied Philosophy and Public Ethics (CAPPE) and its membership universities to fund a $900k research program assessing ethics and regulation in the ICT industry. ... humanities-focused research projects usually account for only 16 per cent of university grants programs. ... how a work environment influences ethical behavior within the ICT sector. Privacy, autonomy and enforcement issues ...

The ACS & ACS Foundation announces globally ground-breaking research into ICT ethics & regulation - almost $1 million over 3 years, Media Release, 17 February 2005, URL: http://www.acs.org.au/news/170205.htm

IA Reports

The ACS has published a series of easy to read articles for the ICT practitioner, in addition to a formal paper on the project:

  1. ICT Integrity: bringing the ACS code of ethics up to date, Michael Bowern, Oliver Burmeister, Don Gotterbarn, John Weckert, Australasian Journal of Information Systems, Vol 13, No 2 (2006)
  2. Ethics: Why do we differ?, Richard Lucas, Information Age, 18/08/2006
  3. Codes of ethics: protecting whose interest?, Karen Mather, Information Age, 18/10/2006
  4. End-User Licence Agreements and informed consent - an ethical matter?, Catherine Flick, Information Age, 12/04/2006
  5. Electronic voting and open source, Mike Bowern, Information Age, 14/12/2005
  6. Electronic voting and open source, Mike Bowern, Information Age, 14/12/2005

ICT Governance and Ethics Conference

The researchers undertaking the ACS ICT research ran a conference on the Role of Professional Bodies in May 2008 at the ANU:

From: ET GOVICT2008: A Conference on the Ethical Governance of ICT and the Role of Professional Bodies, 1-2 May 2008, Australian National University

The heard from ethicists and practitioners, as well as a judge of the High Court of Australia. This will be used to prepare a new code of ethics for the ACS and training materials. However, it was clear from the conference that what should be in a code of ethics and how to administer is still an area for research and debate. One difficult issue is if such a code can be applied worldwide, given that ICT is a global discipline.

Differing Ethical Concepts

In Ethics: Why do we differ?, Richard Lucas argues that people have different priorities of ethical concepts which lead to different views of ethical outcomes:

... Here is an example: your project manager instructs you, the programmer, to stop your testing after four days irregardless of the results of the testing. If you value loyalty to the boss more than consequences then obeying instructions comes out as the right thing to do. It is the project manager that will have to take responsibility for the consequences, not you.

However, if you value your duty to do the best job of your testing more than loyalty to the project manager then disobeying instructions is the right thing to do. Here it is loyalty versus duty. I am not saying that either decision is the better one, I am simply pointing out that given the same information two programmers could naturally arrive at different decisions on what to do. ...

From: Ethics: Why do we differ?, Richard Lucas, Information Age, 18/08/2006

Personal or Institutional Ethics?

In Codes of ethics: protecting whose interest?, Karen Mather discusses the effectiveness of a code of ethics in the workplace:

... Opponents of encoded ethics suggest that codes of ethics will remain ineffectual until they are reinforced by structural aspects of the organisation, such as its traditions and role models, the system of rewards and punishments, job design, individual performance evaluation processes, empowerment of staff for decision-making, and management restraint in emphasising short-term and purely financial results....

From: Codes of ethics: protecting whose interest?, Karen Mather, Information Age, 18/10/2006

Web Defamation and the Expert Witness

Recently I was an expert witness for a court case involving online defamation. Someone did not like what was said about them on a web page. They alleged defamation in an Australian court. I was asked to explain to the court how the various web technologies work, so that it could be worked out who said what to who when and where and what could be done about it.

Before accepting the request I had to determine if I was competent to do so and who I was working for:

The rules of what the expert witness has to do differ in detail from court to court. But in general you are there to assist the court on matters relevant to your area of expertise. You should only deal with areas within your area of competence and present your evidence even if you think it may harm the party which hired you. It is very tempting to answer every question asked very fully. But there is no shame (and a very real danger) in attempting to answer outside your area of expertise, or in taking guesses. ...

Even where an expert witness is hired and paid for by one side in a court case, the expert doesn't (or shouldn't) work for that side of the case. The expert is working for the court to bring out the truth of the matter, they are not an advocate for one side or the other.

From: The accidental expert witness, Tom Worthington, Information Age, 14/12/2005

Then I had to work out if my personal views, or those of my professional body conflicted with the issues in the case. I have previously advocated free speech online, on behalf of the ACS before the Australian Senate. Was I biased when it was a case of defamation online? I concluded I was not.

Also I had to work out if I was competent to provide advice on the matter. It is important to realize that the professional has to decide this for them self. It is no good taking the word of the lawyer for the case: when you get into the witness box, you are on your own and if not competent, the opposing lawyer will quickly make this apparent.

Global Online Courts?

The World Intellectual Property Organisation (WIPO), provide an online Arbitration process for deciding the ownership of web domain names.

One well known case was over the ownership of the domain names thewiggles.com and henrytheoctopus.com:

The Panel has found that all of the requirements of paragraph 4(a) of the Policy have been proven by the Complainant. Accordingly, and for the purposes of paragraph 3(c) of the Policy, the Panel requires that the domain names thewiggles.com and henrytheoctopus.com be transferred by NSI to the Complainant. ...

From: The Wiggles Touring Pty Ltd v. Thompson Media Pty Ltd, Case No. D2000-0124, ADMINISTRATIVE PANEL DECISION, Philip N. Argy, Presiding Panelist, April 15, 2000

This may represent a trend to online, computer based legal decision making, where ICT professionals are not only globally accountable, but also are responsible for making the legal system technically operate and some can act as judges in the process.

Guidelines for Expert Witnesses

The guidelines provided by the court to expert witnesses are also good advice for general professional conduct:

Ways by which an expert witness giving opinion evidence may avoid criticism of partiality include ensuring that the report, or other statement of evidence:

  1. is clearly expressed and not argumentative in tone;
  2. is centrally concerned to express an opinion, upon a clearly defined question or questions, based on the expert's specialised knowledge;
  3. identifies with precision the factual premises upon which the opinion is based;
  4. explains the process of reasoning by which the expert reached the opinion expressed in the report;
  5. is confined to the area or areas of the expert's specialised knowledge; and
  6. identifies any pre-existing relationship between the author of the report, or his or her firm, company etc, and a party to the litigation (eg a treating medical practitioner, or a firm's accountant).

From: Federal Court of Australia Guidelines for Expert Witnesses in Proceedings in the Federal Court of Australia, Federal Court of Australia, 19 March 2004

The problem I was asked to work on was complex: the person who was alleged to have committed the defamation was in one country, the web site in another, the complainant in a third. I had to work out who was where and explain it all to a judge. As this case involved how the web works, a topic I had worked on and had to explain is a quasi judicial environment before, I concluded I was competent.

Domain Names

.au Domain Administration Ltd (auDA) administers Australian ".au" domain names for use by web sites and other Internet applications. A "Who Is" service allows web users to check who registered a web address. The Who Is service will provide the names of companies involved and possibly of individual technical staff. These staff may be targeted in any complaint about the web site. They may be extradited to another country to stand trial.

WhoIs response for tomw.net.au:

Domain Name: tomw.net.au
Last Modified: 30-Oct-2005 22:50:23 UTC
Registrar ID: R00045-AR
Registrar Name: Distribute.IT
Status: OK
Registrant: Tomw Communications
Registrant ID: OTHER N/A
Eligibility Type: Other
Registrant ROID: C1044494-AR
Registrant Contact Name: *********
Registrant Email: *****@***.***.**
Tech ID: C1044494-AR
Tech Name: *********
Tech Email: *****@***.***.**
Name Server: ***.***.*.**
Name Server IP: ***.***.*.**
Name Server: ***.***.*.**
Name Server IP: ***.***.*.**

From: tomw.net.au Domain Name Entry, WhoIs Service, AusRegistry Pty Ltd, 2007 (some details replaced with *** for privacy)

Sydney Olympics Case

My first case as an expert witness concerned the accessibility to the disabled of the Website for the Sydney 2000 Olympics. It was necessary to determine who was responsible for the web site as well as if it was accessible:

SOCOG website for the Sydney 2000 Olympics

... The only remaining matter is that raised by the respondent namely that any discriminatory conduct in respect of the web site was not that of the respondent but that of its contractor IBM and there has been no complaint against IBM.

The web site is the respondent's site. It has engaged within its organisation a person who is identified as the person in charge of its information technology. Clearly it has the control of the information to be posted on the site. All relevant matters in relation to the site are within its control. . ...

Accordingly, the complaint is substantiated and it is proper for the Commission to make the following determination pursuant to s.103(1) of the DDA:

1. A declaration that the respondent has engaged in conduct that is unlawful under section 24 of the DDA in that it has provided for the use of the complainant a web site which because of his blindness is to a significant extent inaccessible.

2. A declaration that the respondent do all that is necessary to render its web site accessible to the complainant by 15 September 2000 ...

Bruce Lindsay Maguire v Sydney Organising Committee for the Olympic Games, Human Rights and Equal Opportunity Commission, Disability Discrimination Act 1992, William Carter QC, No. H 99/115, 24 August 2000, URL: http://www.humanrights.gov.au/disability_rights/decisions/comdec/2000/DD000120.htm

While HREOC did not find any discriminatory conduct by the web contractor, professionals should not expect to be immune from investigation in the future. Accessible web design is explored in the ANU Course Networked Information Systems (COMP2410) and notes for it.

The Perils of e-Voting

Last year the Australian Government announced electronic voting would be trailed at the next election for the vision impaired and military personnel. According to the minister responsible for the project, the system needs to be ready by 4 August 2007. Electronic voting is a very sensitive topic and any failure of the system will be very visible. Apart from the public embarrassment for any companies involved in the project, individual IT professionals are at risk. While electronic voting has been used in the ACT and Victoria, risks remain with a new national system.

A decision by Cabinet today will pave the way for blind and vision impaired electors to cast a secret ballot for the first time at the next federal election.

The trial, recommended by the Joint Standing Committee on Electoral Matters, will be implemented by the Australian Electoral Commission (AEC) to allow blind and vision impaired electors to vote independently through the use of electronic assisted voting machines. ...

As well as approving new technology to assist the blind, Cabinet has approved a trial that will allow all ADF personnel posted overseas to vote electronically. ...

From: Australian Government approves electoral reform, Media Release, 14/2006, Special Minister of State, 22 August 2006

Penalty for Poor IT Design: 10 years imprisonment

The major offences in force for the purposes of federal elections are contained in the Commonwealth Electoral Act 1918 ("the Act"), and from 24 May 2001, in the general offence provisions of the Criminal Code. The Criminal Code is a Schedule to the Criminal Code Act 1995. A few of the more important electoral offences and the penalties that apply are listed below, but this list is not by any means exhaustive. There are more than 60 electoral offences, and these may change between elections as Parliament amends the relevant Act. For a full account of all electoral offences, the latest reprint of the Act and the Criminal Code, must be consulted, with the benefit of legal counsel where necessary. ... forging an enrolment claim card, maximum penalty: 10 years imprisonment ...

Electoral Offences, Australian Electoral Commission, 25 January 2007

Mediterranean Tsunami Warning System Needed

Historical accounts describe an earthquake and tsunami on 21 July AD 365 that destroyed cities and drowned thousands of people in coastal regions from the Nile Delta to modern-day Dubrovnik. ... we should expect an AD 365-type earthquake every 800 yr. That there has been only one other such event (in 1303) in the past 1,650 yr should focus our attention on the modern-day tsunami hazard in the Eastern Mediterranean.

Eastern Mediterranean tectonics and tsunami hazard inferred from the AD 365 earthquake, B. Shaw1, N. N. Ambraseys2,3, P. C. England4, M. A. Floyd4, G. J. Gorman5, T. F. G. Higham6, J. A. Jackson1, J.-M. Nocquet7, C. C. Pain5 & M. D. Piggott5, Nature Geoscience, 9 March 2008, doi:10.1038/ngeo151

After the 2004 Indian Ocean Tsunami, the United Nations coordinated the establishment of an Indian Ocean Tsunami Warning System. Less well known (and less well established) is the North Eastern Atlantic, the Mediterranean and connected Seas Tsunami Warning System (NEAMTWS). The need for such a facility became more urgent with recent research, showing the Eastern Mediterranean is overdue for a devastating tsunami.

The NEAMTWS is intended to alert Europe, North African and Middle Eastern countries. As with the Indian Ocean system, there is an email list provided by UNESCO which can be subscribed to for receiving warnings. However, given the small size of areas such as the Mediterranean, the warning time for a Tsunami could be very short and faster means of communication should be used by government and official emergency management organizations.

Tsunami Warning for Indonesia

As an example, the Pacific Tsunami Warning Center issued a local tsunami watch for Indonesia 0822Z 20 FEB 2008. The copy forwarded by the interim Indian Ocean Center is timed at one minute later 08:23:21 GMT. The watch was canceled at 0947Z 20 FEB 2008.

The Pacific Tsunami Warning Center's system provided a map and details of the earthquake.

Map of earthquake 20 Feb 2008 08:09 UTC Off W Coast of Northern Sumatra from Pacific Tsunami Warning Center

PACIFIC TSUNAMI WARNING CENTER/NOAA/NWS
ISSUED AT 0822Z 20 FEB 2008

THIS BULLETIN IS FOR ALL AREAS OF THE INDIAN OCEAN.

... A LOCAL TSUNAMI WATCH IS IN EFFECT ...

A TSUNAMI WATCH IS IN EFFECT FOR

INDONESIA

FOR OTHER AREAS OF THE INDIAN OCEAN REGION...THIS MESSAGE IS FOR
INFORMATION ONLY AT THIS TIME.

THIS BULLETIN IS ISSUED AS ADVICE TO GOVERNMENT AGENCIES. ONLY
NATIONAL AND LOCAL GOVERNMENT AGENCIES HAVE THE AUTHORITY TO MAKE
DECISIONS REGARDING THE OFFICIAL STATE OF ALERT IN THEIR AREA AND
ANY ACTIONS TO BE TAKEN IN RESPONSE.

AN EARTHQUAKE HAS OCCURRED WITH THESE PRELIMINARY PARAMETERS

ORIGIN TIME - 0809Z 20 FEB 2008
COORDINATES - 2.8 NORTH 96.0 EAST
LOCATION - OFF W COAST OF NORTHERN SUMATRA
MAGNITUDE - 7.2

EVALUATION

A DESTRUCTIVE WIDESPREAD TSUNAMI THREAT DOES NOT EXIST BASED ON
HISTORICAL EARTHQUAKE AND TSUNAMI DATA.

HOWEVER - THERE IS THE POSSIBILITY OF A LOCAL TSUNAMI THAT
COULD AFFECT COASTS LOCATED USUALLY NO MORE THAN A HUNDRED
KILOMETERS FROM THE EARTHQUAKE EPICENTER. AUTHORITIES FOR THE
REGION NEAR THE EPICENTER SHOULD BE AWARE OF THIS POSSIBILITY.
AREAS FURTHER FROM THE EPICENTER COULD EXPERIENCE SMALL SEA
LEVEL CHANGES AND STRONG OR UNUSUAL COASTAL CURRENTS.

DUE TO ONLY LIMITED SEA LEVEL DATA FROM THE REGION IT MAY NOT
BE POSSIBLE FOR THIS CENTER TO RAPIDLY CONFIRM NOR EVALUATE THE
STRENGTH OF A TSUNAMI IF ONE HAS BEEN GENERATED.

ESTIMATED INITIAL TSUNAMI WAVE ARRIVAL TIMES AT FORECAST POINTS
WITHIN THE WARNING AND WATCH AREAS ARE GIVEN BELOW. ACTUAL
ARRIVAL TIMES MAY DIFFER AND THE INITIAL WAVE MAY NOT BE THE
LARGEST. A TSUNAMI IS A SERIES OF WAVES AND THE TIME BETWEEN
SUCCESSIVE WAVES CAN BE FIVE MINUTES TO ONE HOUR.

LOCATION FORECAST POINT COORDINATES ARRIVAL TIME
-------------------------------- ------------ ------------
INDONESIA SIMEULUE 2.5N 96.0E 0827Z 20 FEB

THIS WILL BE THE ONLY BULLETIN ISSUED BY THE PACIFIC TSUNAMI
WARNING CENTER FOR THIS EVENT UNLESS ADDITIONAL INFORMATION
BECOMES AVAILABLE.

THE JAPAN METEOROLOGICAL AGENCY MAY ISSUE ADDITIONAL INFORMATION
FOR THIS EVENT. IN THE CASE OF CONFLICTING INFORMATION...

Dangerous lack of progress in NEAMTWS

There appears to be a dangerous lack of progress with the NEAMTWS. The latest meeting was 21 – 23 November 2007. The meeting was to consider Version 3.2 of the implementation plan. However, all the meeting report says is: "Please check back here in the next few days for the meeting summary report.".

The plan appears to be a well researched, but the current approach to Tsunami warning systems was developed in a pre-Internet age. It uses a complex hierarchy of international, regional, national and local systems. A system which sends warnings directly from those detecting them, to the citizens is needed.

While ICT professionals may feel it is not their place to tell emergency experts and government officials how to do their business, but in this case it is. Professionals involved, including ICT professionals, need to keep in mind that failure to act to build an effective warning system with a clear and present danger is unethical, and may in addition expose them to civil and criminal prosecution in the event of a disaster.

Disaster Resistant Internet Needed for Australia

The Australian Strategic Policy Institute has released the report Taking a punch: Building a more resilient Australia. It argues that recent disaster planning has overemphasized terrorist attacks, which are unlikely and more effort should be devoted to natural disasters, which occur frequently in Australia. The argue the community needs to be resilient to deal with disaster themselves, rather than assuming that if the call 000 someone will come to help.

The authors also point out that VOIP communications may make Australia more vulnerable:

VOIP (voice over internet protocols) technology is becoming of much greater importance so there will be challenges in reaching those who rely on internet access for all communications. From: Strategic Insights 39 - Taking a punch: Building a more resilient Australia, David Templeman and Anthony Bergin, Australian Strategic Policy Institute, 7 May 2008

The Department of Broadband, Communications and the Digital Economy has issued a Request for Proposals to Roll-out and Operate a National Broadband Network for Australia. The RFP asks about provision of battery backup of the equipment and mentions emergency calls, but this is priority 16 out of 18. ICT professionals designing the system have an ethical obligation to make provision for the use of the system in an emergency. This should be treated as a high priority and ICT professionals who fail to do so may face charges of unethical conduct and crimes against humanity in the event of a major disaster. ICT professionals can also improve on the previous analog telecommunications system to provide better facilities for emergency warnings and disaster recovery, such as broadcast text messages for Tsunami warning direct to the public's mobile phones and web based disaster recovery software which treats the community has participants, not just as victims.

...Commonwealth’s objectives for the NBN... 16 is consistent with national security, e-security and e-safety policy objectives including compliance with laws relating to law enforcement assistance and emergency call services; ...

From: Request for Proposals to Roll-out and Operate a National Broadband Network for Australia, ATM ID DCON/08/18, Department of Broadband, Communications and the Digital Economy, 11-Apr-2008

Conclusion

There are no final or simple answers with ethical issues. If I have left you with an uneasy feeling that you need to do more and some ideas of possible action this has been worthwhile.

ps: Green ICT Ethics?

Codes of ethics, such as that from the ACS, give the The Public Interest the highest priority. However, in 2007 there was The ACS Policy Statement for Green ICT, along with , Audit of Carbon Emissions resulting from ICT usage. This found that ICT in Australia produces CO2 pollution comparable to that from the airline industry.

... ICT use by Australian Businesses generated 7.94Mt of carbon dioxide in 2005, equivalent to 1.52% of total national carbon dioxide emissions. ... civil aviation just under 1% of total national carbon emissions. The ACS believes that leveraging technological solutions will be the key to reducing our domestic and commercial carbon dioxide emissions. ...

ACS Policy Statement for Green ICT, Australian Computer Society, 16 August 2007

The ACS established a Green ICT Group to look at how to reduce carbon emissions. But this also raises the question as to if the interests of the environment should be considered in an ICT code of ethics. It might be argued that, for example, the use of power wasting multi-core CPUs is unethical, where low energy carbon neutral CPUs are available.

See also:

Web page by