InformationWeek

May 14, 2001

Rules Of Internet Conduct Need To Evolve

We don't have any real guidelines to establish what's right, say participants in this industry roundtable discussion

arlier this year, at Loyola University in Chicago, a group of IT professionals, business executives, and scholars gathered with InformationWeek editors in a roundtable discussion about IT and business ethics. The group ranged from the CIO of a stock-trading network to a lawyer to a philosophy professor. Some excerpts follow.

InformationWeek: What issues specific to IT are the most compelling ethical issues of the day?

Mary Arnberg, director of human resources, Childress & Zdeb Ltd: I think the pace of change in capability in technology has far outpaced everyday living, so people are confronted everyday with what is the right thing and the wrong thing to do with the technology they have. You get jokes on E-mail; you get all sorts of things. Should I forward them to somebody, or shouldn't I? There aren't really guidelines in place that help people decide what it is that they should really do, and there's just so much technological capability out there, it's really a free-for-all.

Mike Zdeb, Childress & Zdeb Ltd: What's been interesting, from my point of view, is this notion that because you use .com or you use the word Internet as an adjective that somehow the ordinary everyday rules of common sense, ethics, the legal rules don't apply. It's like suddenly the view seems to be that a new world opened up, and that it's a free-for-all. You hear that maybe we just ought to let the market run it: The problem with letting the market run it is the market will always run over individual rights at some point in the process until it gets sorted out or balanced out.

Dave Ozar, philosophy professor and director of the Center for Ethics at Loyola: And it's happening so fast that organizations haven't taken the time, or can't take the time to put the structure in place with how you operate in the right way in this environment.

Zdeb: We don't have any kind of broad public consensus about what the standards are. If organization A says: 'We're going to use the old rules, and we're going to do this in an way t we think is protective of people's rights,' and organization B says: 'Well, that's nice for you, but we're not'--you can usually guess which one is going to make more profit and whose stockholders are going to be happier, so it puts tremendous pressure on people to join the free-for-all rather than to restrain themselves.

Henry Venta, Dean of School of Business at Loyola: One issue associated with speed is whether we're going to give enough time for these rules of conduct to develop as they normally do over time. I wonder if we're just not allowing enough time before we impose rules and regulations just because this is happening so quickly that we're all scared of it. Until we can catch up, we might be making rash decisions. That's why there's not a lot of support among the technology community, for example, for widespread regulation. It's not because people think that everything that's going on is okay. It's because some of it is just going to be flushed out. The community itself is going to say: 'This is just not the kind of behavior that we want to engage in and so I think we have to be careful between rules and regulations because we're scared of the speed at which things are going.'

Ozar: One analogy is with regard to the development of our knowledge of the human genome. It became a technological goal, and we threw immense amounts of money at it, to get the human genome fully mapped and to start in the process of developing the spin-offs that would be medically useful and so on. That technology is moving extremely rapidly. At least, when they set up the human-genome project, they set up as an arm of it a unit to study the ethical implications. Now, that process is still going much more slowly than the technology. The technology has already outstripped it and will probably continue at an exponential rate. But at least there was a self-conscious effort to say 'let's talk about the fundamental questions.' You also do have a very active health-care ethics/academic community in North America and around the world, which stodgy like academics are, took a few years to catch up, but are now actively pursuing this--trying to debate the fundamentals. I don't think IT has anything comparable on either score.

InformationWeek: When you get into what's right and wrong in terms of privacy marketing on the Net, it's all gray. Is selling of personal data OK if it's aggregated and not tracked to an individual person? What are you thinking about the privacy of your own customers.

Stuart Townsend, CIO of Archipelago: There has to be some understanding of what level of privacy you're going to have in a particular environment--a Web site, or whatever it might be. We have online sign-up for our investors and traders. Many of them are very reluctant to give us their social security number. Yet it's on every form that you get from a clearing firm, from the SEC, and everywhere else you've got to put your social security number on it. They have some--we think--misguided notion of what privacy is.

Ozar: One of the things at stake here is what it takes to be a whole person; how much privacy it takes to be a whole person. I think there's wide disagreement about that, and that's one of the fundamental issues. Another is how much social cost is it worth to protect a certain measure of that privacy? Is it worth it to have firewalls everywhere so that the people down the street don't know that you just had a TB test last week? That debate isn't going on publicly right now, but at least some parts of it are.

Townsend: The real issue is, I think, trying to establish different perceptions or different beliefs in what privacy is going to be--different levels of privacy in different environments.

InformationWeek: Where does an IT person or the CEO of a business working with this IT person turn to resolve issues like this in a competitive environment?

Ozar: You hire a philosopher and go down the tubes.

James Burke, president of JPB Group: This is where you really get into personal ethics and what might be good for the firm. When you really get into it, it's like total quality management: It starts with the individual--the personal ethics of the people that are running the firm. If they don't have those ethics or that yardstick to work on, it will cascade through the corporation very rapidly.

InformationWeek: Is there a possibility that technology is simply going too fast for us get a handle on it?

Townsend: One of the issues we're facing with some technology we're rolling out right now is digital signatures and encryption for order form. And the problems are exactly the opposite. The customers don't want it--it's a hassle. It slows thing down. I want to trade. Don't screw with it. And we're the ones saying we know we're going to have to do this, we want you to have this security, we'd make it as easy as possible--but still we have to sell that to the broker dealers, broker dealers have to sell it to their customers. We've developed a privacy technology and now have to sell that to the individual.

David Enright, former director of corporate security, Ameritech: I guess my expectations are pretty low that we really have privacy out there, because we don't. Many years ago the telecommunications industry said, 'We're not going to give you service until you come in with a picture ID and sign a contract.' Well, every Congressional commission, every public utility commission across the country said, 'You can't do that, you can't make people come down to an office. You've got to be fast. You've got to have quick turnaround.' Your service indices say you'd better get service established in 48 hours or we're going to fine you $10 million, so we do business over the phone because it's quick. Well, when you do that, you're going to get fraud. Now fraud has exponentially grown because of the data that's out there, and that loss gets passed on to the consumers.

InformationWeek: We're writing to the people who are creating this capability, and we're asking, what responsibility do they have? Do they have any?

Ozar: It seems to me the ideal situation in the current flux environment would be that the corporation would do some serious thinking about its commitments to its stakeholders. But let's assume there are a lot of matters that aren't getting clear guidance from the public or the law. Well, then it [the corporation] has to make up its mind: "Are we just going to go wherever the water flows, whatever the market says? Or are we going to stand for something in relation to these privacy matters and stand for it seriously enough that when market pressures push us away from our standards, we're going to stand by them?"

In a less than ideal situation, the corporation says, "Oh, well, what the heck. You guys do whatever you want, just make sure the bottom line is OK." Well, then, what they're in effect saying is, the heat is on you individually. And that's a terrible situation to leave the people in. So I would like to see these things sorted out carefully by the corporations with some sense of the ethical issues at stake--as a guidance for their own people. The ones who do this most clearly and publicly are going to end up being the leaders of the process policy formation as time goes on.

One would hope they have an IT ethics committee or IT ethics officer who's got a committee behind him or her. One would hope that those people are in touch with whatever other ethics operations are going on in the corporation.

One would hope that there is some kind of decent ethics education, training orientation process so that when Joe Jones comes into IT, he learns what the policies are, what the guidelines are, what the leeway is, and is motivated to do something about it.

Most large corporations these days have at least some kind of ethics committee running a compliance program. But in a lot of corporations this process is veneer just in case some federal judge has to sentence us some day and we want him to think we look good.

InformationWeek: What's the role of legislation?

Ozar: I suppose, in the long run, the role of legislation is to protect people whom the market doesn't protect.

Townsend: The reason you want the regulation is so that people will give up information. Collectively the internet is a very good way of disseminating services and goods and services and you need to be able to identify people, you need to have this information to efficiently market to people--which lowers cost. If you don't have some notion that your information is not going to be misused, whatever that means, you're not going to give that information up. Everyone is worse off for that because we can't then have a more efficient system.

The real reason for regulation is not to protect the individual, but to protect society so that society can benefit from these advances. If everyone stops giving information on the Internet, the whole thing grinds to a halt.

close this window

Illustration by Jonathan Weiner

E-mail To A Friend | Printer-Friendly | Send Us Your Feedback