Company X has just signed a business agreement with Company Y, which entitles both of them to access each other clients’ records. Faisal, a software programmer at Company Z, was assigned the task of developing a software program that handles the access and retrieval of records from each Company’s database system into the other. A first run of the software on real data indicated that the work was well within the state of the art, and no difficulties were found or anticipated.
Several weeks later and during a normal test on the software developed, Faisal discovered a serious ‘security hole’ in the database system of Company Y by which hackers can easily obtain confidential information about clients. He was convinced that while the software he developed could correctly accomplish the task, the code in Company Y’s database system could not be trusted as the security hole posed a threat even on Company X’s database system. Faisal told his manager about the problem and explained its significance. The manager’s response was, “That’s not our problem; let’s just be sure that our software functions properly.” Faisal is not sure what to do. Refusing to work on the project means disobeying his manager’s orders. Continuing to work on the project, means disobeying one of God’s commands, which requires him to be truthful and sincere in his dealings.
1) What’s going on?
There are three main parties involved in the case presented; companies X, Y and Z. the two minor parties mentioned are employees in company Z, Faisal, a software developer and his manager. Company Y and X have signed a memorandum of understanding, to allow access of each other’s client records. It is Faisal who is vested with the task of designing a program that will accomplish the two company’s agreement. During development, he notes that there is a loophole in company Y’s database; a threat that may affect only its system’s performance, but might spill over to affecting company X’s database. The response he gets from his manager upon informing him of his findings is the pillar of this analysis; the code of ethics in the IT subsector and the workplace in general.
2) What are the facts?
According to the Affiliated Computer Services Act, there are several clauses that stipulate the expected behavioral code of employees within this context; ACS code of professional conduct. The four main areas mentioned as relevant in the case presented are; honesty, public interest, quality of life and competence. Under competence for instance, a software develop should advise the user of the intended project on any faults suspected or if the project is not in their best interest. Adherence to this set codes of professionalism ensures the services rendered are of the best quality and errors are minimized if not eliminated.
3) What are the issues?
Another issue arises from company Z. Faisal’s manager advises him to concentrate on the project without putting into consideration the ‘loophole’ in company Y’s database. He is profit driven and does not factor in the woes of the company’s customers.
4) Who is affected?
Company Y will be affected directly. Since Faisal will not point out his observation concerning company Y’s database, in the long run, black hat hackers may take advantage of their system to steal information.By extension, company X will be affected since the untrusted security code used by company Y in their system will find its way into company X’s database once sharing of clients’ information takes place. At the center of these are the clients, who will unknowingly have their information accessed by third parties.
5) What are the ethical issues and implications?
According the ACS clause on public interest, one should discuss with other stakeholders any issue that conflicts their professional activity and the accepted public requirements(Ferrell, Fraedrich, & Ferrell, 2013). Faisal had conflicting issues that can be put under this context; a dilemma. Professionally, he has to obey his manager, lest he gets sacked. On the other hand, clause 1.2.1 (g) clearly points out that an ICT personnel should endeavor to preserve the confidentiality and privacy of others. It is a strike for balance between being loyal to his boss or preserving the confidentiality of clients’ information in companies X and Y. if Faisal opts for the former and neglects the latter, though he would have preserved his job, company Y and associated parties will suffer the consequences of IT insecurity. The reverse will lead to his loss of employment; a show of disrespect and disloyalty to his manager.
6) What can be done with that?
Faisal may bypass his immediate manager and inform other senior employees in company Z of the observation, explaining to them clearly the importance of securing company Y’s database before proceeding with his project.
7) What options are there?
Option1: Alternatively, Faisal could communicate directly to company Y’s IT manager and inform them of the need to sealing the ‘hole’ in their database, before he completes his software development project.
Option2: Else Faisal could do it himself
8) What is the best option and why?
Though both alternatives show a breach of hierarchy of communication, the second seems the better. This is because Faisal could make a communication with company Y in private. The advantage of this is that he would have secured his job and good relation with his manager, and ensured confidentiality of clients’ information in both companies X and Y are preserved.
Ferrell,O.C.,Fraedrich, J., & Ferrell, L. (2013). Business ethics: Ethical decision making and cases. Mason, OH: South-Western/ Cengage Learning.
Shafer-Landau, R. (2012). The fundamentals of ethics. New York: Oxford University Press.