Information+System+Ethics

=**Information Systems Ethics**= Tuesday, December 1, 2009

Topic overview:
It has been said that "with great power comes great responsibility". In this class we will explore and wrestle with some of the ethical issues that can arise when designing, building, and using powerful information systems and the data that those systems capture and reveal. We will try to arrive at some basic principles and guidelines for insuring that these systems are used ethically.

Preparation for class:
Prior to class today you need to read the following article. One of the compelling aspects of this article is that it even though it is almost twenty years old, the ethical framework it lays out seems as relevant today as it was in 1990. As you read through the article, think about whether it needs to be updated to handle advances in data warehousing, business intelligence, social networking, mobile applications, etc.


 * [GS90] Mary Gentile, John Sviokla, "Information Technology in Organizations: Emerging Issues in Ethics and Policy", Harvard Business School Note 9-190-130, February 15, 1990.
 * []

I will distribute hard-copies of the article in class during the week prior to this class, or you may purchase the article yourself directly from the HBS website. HBS Publishing copyright rules prohibit me from posting the article to the wiki.

In addition to the readings, you must post a one or two paragraph description of a hypothetical ethical dilemna relating to the use and application of an information system and/or its underlying data. You do not need to post a reading question today but your choice of ethical dilemma should demonstrate that you understand the key issues raised in the reading. I have posted a sample scenario below to get things started. I will select a subset of the submitted scenarios for discussion in class.

Slides:
 * Resources:**

As a supplemental reading, I suggest John Hooker's article "Ethics in Six Not-So-Easy Lessons". This reading is available online at: [] Dr. Hooker is a Professor at the Tepper School of Business who has done extensive work in Business Ethics and Corporate Social Responsibility. His primer provides an alternative framework for analyzing ethical situations and behavior in a business setting.

Ethical dilemnas:

 * //FindMyMatch.com//** [fictional scenario submitted by Bob Monroe]

After five years of running an online matrimonial matchmaking service, FindMyMatch.com has run out of cash and filed for bankruptcy. The parties involved in the bankruptcy have decided to liquidate the company’s assets. Not surprisingly, the creditors have pushed to sell off the company’s assets to the highest bidder. One of the company’s most valuable assets appears to be the data warehouse it has assembled to store information on the 950,000 members of the site. When people signed up for the FindMyMatch service they filled out a survey containing very personal information. In addition to this initial survey information, the data warehouse contains detailed information on introductions between members arranged by the service. When these members signed up, the membership agreement indicated that this information would be held in strict confidence, used only by FindMyMatch.com for the purpose of making effective matrimonial matches, and never shared with any third parties.

A number of potential buyers have shown interest in purchasing the company’s assets. One potential buyer has offered significantly more money for just the data in the data warehouse than others have offered for the whole company. As the current CEO of the company (appointed by the bankruptcy court) you don’t believe that this buyer has any intention of honoring the customer agreement relating to use of the data, though they have not formally stated what they intend to do with the data.

What should you do?

[Shuaa]

Jennifer Lemon, the owner of Orange boutique in London, decided to open her second boutique. The first boutique sells casual clothes ,and she attempts to sell accessories in her second boutique. Lemon hired Kim Mango as the manager of her second boutique. Kim is a fresh graduate from Oxford and has no background of such management. Lemon wants to share the first boutique's database with the new boutique. The data base holds detailed information of the first boutique customers. It includes information like : name, age, address, credit card number, signature, and previous purchases. By sharing the database, She attempts to enrich the value of the information in order to form a pattern to help her in studying the customers' tastes. Lemon is worried about revealing the customers' information to her new manager. She is worried about to whom might these information be made available?, should the customers have foreknowledge of the availability of such data in the new boutique?, should the customers have the choice as to whether data is made available in the new boutique?

Lemon is confused .. how much effort and expenses should she incur in responding to these questions? what are the implications if she doesn't consider these questions?

//**Q-phone**// [fictional scenario submitted by Hala Khashabi]

Q-phone is a 2-year-old telecommunication company in Qatar, which now faces a tough time due to a recent security breach its data center encountered. The company houses all of its computer systems and information about its customers in this data center. Because of the breach, the data center now requires more security, which is more expensive. And many employees decided to leave the company due of this tragedy and go to work for another company. Q-phone has lost its reputation and is now afraid of losing its employees. The company has to make hard choices about where to best allocate its available money. It has to decide whether to spend the money on securing the data center or giving bonuses to its employees to convince them to stay in the company.

What should Q-phone do?


 * Deckagon Online** [The game is real but the scenario is fictional by Muhanna Al - Rumaihi]

Deckagon online is a massive multiplayer online game that has recently encountered a massive security breach to many top accounts in the game. In people's accounts are information such as their credit card numbers which they use to purchase other accounts and items in the game, emails, names and other accounts and peronal information. People are now hesitant to play the game and many people have stopped playing the game altogether. The way that the owners of this game makes money is through charity and people purchasing items and skills in the game and now since many people stopped playing the game due to the hacking of many of the game's top accounts, people have lost faith and trust in the game's managers and their IT capabilities to ensure the people's privacy and security. What should the owners do? Should they install a more expensive security system to ensure people's privacy or reward them with free accounts, money, and skills in the game?

[Nada Al-Mahmeed] **A&B Taxes** fictional scenario: A&B is a well known and established Taxes consultant company in the US. Recently, A&B established a spin-off of its company: C&D Investments, an entity which provides several services to those who want to invest their taxes refunds. In order for C&D to establish itself in the market and attract potential clients, the new entity asked A&B to share their clients and their history databases. However, the management at A&B is now concerned about the information to be shared with C&D and how C&D plans to use such information. A&B is also concerned if such collaboration with C&D would be appreciated by current clients or would be faced by dissatisfaction and as a result abandons A&B’s services. What should A&B do? What kind of conditions and restrictions (if any) should be required in case of the databases are shared between both entities? Do you think that A&B is more likely to approve or decline C&D’s request?

In 2004, the Ministry of Interior in the state of Qatar wanted to implement a system that allows people to check their traffic tickets online by either rntering the car plate number or the Qatari Identification number. The problem with the initial launch of the system was that the Ministry didn't appropriately consider the privacy and security issues. The issues that arised were from the customers who complained and sued the Ministry because the online system showed the full name of the owner of the car and the number of cars he owned. For example, if any person typed a random ID number, he/she will know who is the person with such ID number and how many cars he had. This has allowed the possibility of identity theft and privacy breaches as anyone can view how many cars his friend has and what types cars are they. For example, if a company needs to know how many cars does another company has, they will just type the ID number of the person in charge of the cars. The Ministry of Interior didn't analyse the project from a stakeholder's perspective or the rights-based's perspective properly. If it did, it will anayse such potential issues and dealt with it effectively. A solution to their problem is to just keep only the system that checks the car plate of the car. This will not allow to view the personal ID number of individuals. Another solution to ask the user to enter both the car plate and ID number in order to minimize the ethical issues that can arise with such system. Finally, the Ministry of Interior should have considered such "access" issue and tried to ask questions about it in order to decrease the risks of such problem.
 * Ministry of Interior** [An ethical delimma in the State of Qatar by Abdulla Ali Al-Kuwari]

QatarOnline is an online shopping store that sells a range of products for everyone. They have been successfully operating in the Doha market for many years and have recently decided to outsource some of their daily operations to third-party service providers. Previously, QatarOnline used to perform these functions themselves such as delivery of the products, sending transaction emails to customers, processing of the credit card payments and analyzing customer data. Now that they are established and have a good reputation, so they have decided to expand their services to other towns and cities in Qatar. However, with their new policy of sharing customer information to third-party service providers, new and existing customers are hesitant to use their website. What should QatarOnline do to avoid losing customers?
 * //QatarOnline.com//** [fictional scenario submitted by Hira Ahmed]

//**Elegance.com**// [fictional scenario submitted by Maryam Al-Kuwari] Elegance.com is an online shop in Qatar that sells women clothes, bags and accessories. It is recently facing a lot of traffic due to its Christmas promotions and customers started buying more gifts. Unfortunately a hacker was able to enter the system and stole a large amount of money (QR 100,000) from a customer’s credit card. The company was sued for the theft and to solve the problem, the decision was whether to pay the amount to the customer which implies that their advertising budget for 2010 will be gone or to claim that the breach was not from their system and loose the customer and Elegance reputation also. What should Elegance.com do to solve this?

JK.com (fictional scenario by Jummana Kahlout)is a social networking website. It has information stored about all of its users. In 2008, the website was hacked and all the private information and pictures of users were in some hackers hands. The company had two options, either to spend a large amount of money improving their security levels and ensuring that no information breach can happen again or spend that same money on investigating to figure out who the hacker is so they can press charges and retrieve their customers information.

=
Suppose you are the Global CIO for Facebook and the company is being bought out by Google. Google sets the terms of the merger in such a way that all of the previous Facebook employees will still be the only ones responsible for monitoring the site, whereas the Google employees will now be responsible for managing the site, maintaining it and making sure that downtime is kept at 0% (i.e. taking care of the performance of the system and not its content). ======

=
Having this responsibility also means having access to the informational database which contains all of the users' accounts, their personal information and all of their pictures. Naturally, as the CIO of Facebook you would rather keep this information confidential but for technical purposes, Google can only perform their maintenance if access to all of the personal information is granted.======

=
The dilemma you are facing as CIO is whether to let Google run your maintenance (which would greatly improve the gargantuan database's performance, bring in more Facebook users and your value to the company as CIO would increase, bringing you an almost guaranteed chance of a promotion) or would you be more concerned with the interests of Facebook users as a whole in terms of not allowing those who don't necessarily *need* access to their private information (Google maintenance employees) and break off the deal that allows them to manage your entire database?====== 

What would you do in this situation?

 * //Dolly's Supermarket//** [fictional scenario submitted by Eatidal Al-Qatami]

Dolly's is a large self-service grocery store located in Doha, Qatar. It sells daily used products such as dairy products and household goods. As its customer base is getting larger and larger, more products are now sold in the store to better serve its customers daily needs. Moreover, special promotions are made in occasions such as Eids and Christmases. Thus, a new automated system will be put in place to track customers buying habits and inform them of the promotions made on their favorite and most bought items. Consequently, two ethical issues arise. Would customers agree on sharing their private information with a supermarket store! Since a new system will be used, some job redesign will be taking place. Employees should be capable of using the new technology, would the old cashier people have to lose their jobs or get trained to use the new system? Are the job specifications of the new hired people be different now due to the new technology placed?

After running for about 3 years and having over 1 million members, freetube has become one of the most popular sites for online videos. Due to the high rate of popularity, members began to upload movies part by part. In the last 3 months, members were only uploading movies and these were the only videos being watched by other members and users. This is effecting the movie sales in general and also has a negative consequence on the reputation of freetube. Further, other online movie sites are threatening freetube.com to restrict their users to upload movies. Should freetube.com restrict their users and follow the law or should it continue its members upload the videos?
 * //FreeTube.com//** [Samira Islam]

**Central Doha Pharmacy [fictional scenario yara saeed]**
Central Doha pharmacy holds confidential all its medicine ingredients, inventory levels and customer health history. All this information is maintained non electronically on paper. The manager wants to automate its customer database and hires a company to transfer all this information onto a database to help manage inventory. This IS company that specializes in designing inventory management systems is the sole provider. Sharing this information would breach the confidentiality agreement with its customers as the company would have access to all the customer's medical history. This IS company has shared customers medical history and medicine ingredients with others but its a monopoly. Should the pharmacy risk a confidentiality breach to automate its system?

CallsMadeEasy is a VOIP application, which enables you to call internationally at a cheaper rate relative to the telecommunication providers around the world. CallsMadeEasy has a database that stores information about its users, their e-mail addresses, their current location, which countries they call, how frequently they call, the users credit card number is automatically stored as well. CallsMadeEasy stores credit card details, for the convenience of its users, so that refilling their account is fairly easy and doesn’t take more than a click. However, after several years of great service, a hacker has managed to find its way into the database and has access to all the valuable information of the users. What should CallsMadeEasy do? Should it inform its users? Inform them that their personal information is in jeopardy? Or stay silent until they come up with a solution?
 * CallsMadeEasy**[**Fictional Scenario, Hadi Murtada]**

DirectDeliver is a shipping service that delivers good/documents from one country to another, originally based in the United States. It has been in service for the past 7 years and has built a good image and has customers from all over the world. However, the government has set out a new law where, employees are instructed to go inspect all packages and documents that are being shipped. They also require the employees to photocopy any documents being sent, and keep it in a record. Some customers are a little skeptical and are starting to find out about this unethical procedure.DirectDeliver is losing its customers fast, since customers don't feel comfortable using their service anymore.What should DirectDeliver do about this situation?
 * DirectDeliver[Fictional Scenario, Benazir Anis]**