Phil 354 Spring 1997 R. Feleppa First Essay Write an essay of at least 750 words (approximately 3 double-spaced typed pages or the neatly handwritten equivalent) on the following question. (You may write more if you wish.) Essays are due in class on THURSDAY, FEBRUARY 20. Essays should be written in your own words. If you wish to rely on wording from the text of CE or the articles in CESV or the Rachels reading to make your point, place it in quotes and give the page reference. Keep such reliance to a minimum. Do not use outside sources. Consider the following scenario: Barbara is the manager of a department in an academic-professional publishing firm. As manager, she can peek into the electronic mail-boxes of employees. She comes upon an e-mail message that Sylvia, an employee in her department and a graduate student at a local university, has sent to an author of an article recently published by one of the journals the firm publishes. Sylvia there requests recent references from that author on recent developments in superconductors, which is the author's area of expertise and is the subject of a Ph.D. thesis that Sylvia is writing. Barbara is infuriated. The firm's policy strictly forbids employees to use the firm's e-mail system for personal correspondence. She calls Sylvia into her office and admonishes her. Sylvia points out that she is a new employee and did not know of the firm's policy. Barbara is worried about other employees significantly raising the firm's costs by this sort of act (and other appropriations of its property for personal use), and decides to make an example of Sylvia by firing her. In your essay try to address at least FOUR of the following issues. How much you emphasize each is up to you. Your essay should be well organized, and not simply a list of answers to each of these questions. It would probably be better to focus on the issues you find most interesting rather than to try to cover all six points evenly. 1. Is Barbara's act more like monitoring the output of her employees, or is it more like eavesdropping outside their office doors, or looking secretly into their desks or files? Or is there a better analogy than both of these? Explain why you favor the analogy you pick. 2. Is Barbara's general policy of looking at her employees' e-mail a good one when analyzed in utilitarian terms? 3. Give a utilitarian analysis of Sylvia's behavior. Is she entitled to use the resources of her company in the way she did? Is her plea of ignorance a valid excuse? Explain. 4. What do you think about firing Sylvia to make an example of her? Evaluate in terms of utilitarian theory. Was there a better option for Barbara? 5. Utilitarian theory has weaknesses that lead some people to prefer other approaches to ethics. Do you think this case illustrates such a weakness? Is rule-utilitarianism better than act-utilitarianism here? Explain. (For example, suppose the firing does have the desired effect on the other employees and the company benefits overall. Does this compel the utilitarian to say she was treated fairly? If so, is the utilitarian right?) 6. Suppose Sylvia complains that in the culture in which she was brought up, businesses recognize that their employees are entitled to reasonable personal use of business resources. Does this make any impact on our ethical judgment of this case?

    In this scenario, an employee who had violated a company policy was terminated. We are asked to decide, in utilitarian terms and with utilitarian justifications, whether the employee, Sylvia, acted in a morally wrong manner, and if the actions of her manager, Barbara, were morally correct. I argue that Sylvia’s actions created benefit to her and caused minimal harm to the company, and were therefore justified. Barbara’s action, however, will result in considerable harm, while promoting minimum, if any, benefit to herself, the company or the remaining employees. Her action is therefore inconsistent with utilitarian principles, and is thus considered wrong.

    As Barbara’s justification in terminating Sylvia is essentially that employee use of email (and other company resources) significantly increases the firm’s costs, it is useful to discuss the company’s email system. If the company pays for email services by the bandwidth that it uses (the amount of data transferred in email messages), then the harm comes to the company not by employees’ use of the system, but by the provider of its email transport in the form of costs significantly higher than what it should be paying. Few companies would be so remiss as to contract with such a provider, and so we shall operate under the assumption that the company’s email services are provided under a flat, cyclic fee. If, however, the company is using a provider with a by-the-byte charge, then the appropriate action by management would be to immediately engage a new provider. If the policy against personal use of email was created because of the high costs of by-the-byte charges, then the company has responded inappropriately by treating a symptom of the problem, rather than correcting the problem itself.

    Secondly, it is unreasonable for a company to expect employees to spend 100% of eir time at the workplace on strictly work-related issues. At times when work is not immediately pressing, one may have occasional free time. If one chooses to spend that time (or perhaps a lunch or break period) attending to personal communications, either by telephone or email, the company is not harmed unless the action results in an increase in the company’s costs, a loss of revenue, or loss of productivity. Employees who are aware of a company’s rules, and the costs to the company of various actions on the part of those employees, can generally be expected not to harm the company by utilizing company resources against company rules. These rules, however, need to be clearly stated.

    Barbara’s general policy of reading employees’ email, while potentially beneficial in preventing employees from abuse of the system or from sending out trade secrets to competitors, is distinctly harmful. The act of reading employees’ email is equivalent to opening and reading eir personal smail or other private documents. Email is a legally recognized and protected form of personal communication, along with paper mail and telephone conversations. By reading employees’ email, an employer violates the employees’ expectation of privacy - a direct harm to the employees - and possibly the law, which could potentially lead to lawsuits - and cause further harm to the company. In many states, perhaps all, it is unlawful for an employer to read employees’ email. Even if it were "legal" under this scenario, it is still possible that Sylvia could file a civil lawsuit against the company for wrongful discharge. Although the court may rule in the company’s favor, it is possible that the lawsuit itself could harm the company by damaging its reputation, by incurring legal fees, and by causing its employees to distrust management.

    Sylvia’s use of the company’s email system for personal messages is of benefit to her (and presumably to other employees), and considering the previously mentioned assumptions, causes no harm to the company. Further, Sylvia’s claim of ignorance is valid only if the company is responsible for said ignorance. If new employees are not explicitly informed of the company’s policies - by the person who hires them, or during an employee orientation, or in an employee handbook that new hires are required to read - then the company is at fault for the employee’s ignorance, and therefore the employee cannot be held responsible for violation of those rules. If, on the other hand, the employee did not pay attention during orientation, did not read the handbook, or in any other way was responsible for eir ignorance, then the claim of ignorance is not defensible.

    Even if Sylvia were aware of a policy regarding employee use of the company email system, Barbara’s action of firing Sylvia to make an example is not the best option. In the short term, it will harm both Sylvia and the company, and possibly result in a lawsuit - a distinct harm to the company. In the longer term, it could result in the company’s employees worrying that the smallest mistake or violation of the rules could result in the loss of eir jobs. The resultant paranoia would cause psychological harm to current employees, may result in increased employee turnover, may harm recruiting efforts, and could result in decreased productivity, thereby harming the company’s bottom line, along with morale. A better option would be to discuss the policy with Sylvia, give her a warning, and issue a memo to all employees clearly explaining the policy. The employees could then be required to sign a form stating that they understand and will abide by the policy. Infractions could then be addressed in a manner consistent with the policy.

    In terms of utilitarian theory, the company’s policy of not allowing personal use of email facilities is indefensible. Barbara’s action of firing Sylvia will cause more harms than benefits, and is therefore not in the best interests of the company, the employees, or the manager, Barbara.

Phil 354 Spring 1997 R. Feleppa Second Essay Write an essay of at least 750 words (approximately three double-spaced typed pages or the neatly handwritten equivalent) on one of the scenarios, 5.1, 5.2, or 5.3, at the beginning of Chapter 5 in Johnson's Computer Ethics. (You may write more if you wish, but do not greatly exceed 1500 words.) Essays are due in class on TUESDAY, APRIL 29. Essays should be written in your own words. If you assert or quote a view expressed by another author, give the reference of your source, including page number(s). Keep such reliance to a minimum. You may rely on sources outside the class readings, but keep this to a minimum as well. In your discussions please be sure to do the following things.    *Take account of all the facts given and answer all the questions asked in the scenario.    *Try to draw clear conclusions. Support them with arguments. This does not necessarily mean that you must come down clearly on one side or the other of an issue; but if you cannot, you should explain why the merits of both sides prevent you from doing this.    *Whatever side you take on an issue, try to give consideration to opposing viewpoints and to reasonable objections to your opinions.    *Each question requires you to consider the importance of privacy. Explain how important it is and why, keeping in mind that in all of these discussions respect for privacy probably limits the potential for attaining some other benefits. In these discussions, rely on the philosophical theories we have discussed: Rachels' or Johnson's discussions of the philosophical importance of privacy, or what you take to be the viewpoint of a utilitarian or, if you prefer, non-consequentialist theory. (You may want to review some of our earlier readings on ethical theory.) You should also consider relevant points that come up in classroom discussion.    You do not have to consider all these philosophical viewpoints. It might be best just to select the approach you find best. However you may, if you wish, organize your discussion so as to use the scenario as a basis for evaluating some theoretical viewpoint or for comparing viewpoints.

SCENARIO 5.1: DOWNLOADING PERSONAL INFORMATION Max Brown works in the Department of Alcoholism and Drug Abuse of a northeastern state. The agency administers programs for individuals with alcohol and drug problems and maintains huge databases of information on the clients who use their services. Max has been asked to take a look at the track records of the treatment programs. He is to put together a report that contains information about such factors as number of clients seen in each program each month for the past five years, length of each client's treatment, number of clients who return after completion of a program, criminal histories of clients, and so on.    In order to put together this report, Max has been given access to all files in the agency's mainframe computer. It takes Max several weeks to find the information he needs because it is located in a variety of places in the system. As he finds information, he downloads it to the computer in his office; that is, he copies the information from the mainframe onto the hard disk of his office microcomputer.    Under pressure to get the report finished by the deadline, Max finds that he is continuously distracted at work. He decides that he will have to work at home over the weekend in order to finish on time. This will not be a problem. He copies the information (containing, among other things, personal information on clients) onto several disks and takes them home. He finishes the report over the weekend and decides to send it to his office computer by telephone. He leaves the disks at home and forgets about them.    Was Max wrong in moving personal information from the mainframe to his office computer? In moving personal information from his office computer to his home computer? In leaving the disks containing personal information at home? What might happen as a result of Max's treatment of the data? Should the agency for which Max works have a policy on use of personal information stored in its system? What might such a policy specify?

    In this scenario, Max, an employee of the State Department of Alcoholism and Drug Abuse, copies and moves personal information on clients from the department's mainframe in order to perform his job. He also saves the data to disk so that he can work at home to meet the project deadline, and subsequently transmits his report to his office via modem. In so doing, he increases the risk that unauthorized persons could obtain this information. This information could be used in a variety of ways to harm the individual(s) concerned. For example, if Senator X went through rehabilitation for a chemical abuse problem, and is now up for re-election, information on his treatment could - almost certainly would - be used against him. The ethics of that behavior are beyond the scope of this essay, but it does illustrate the danger involved. If a client’s rehabilitation records were to fall into the hands of a less-than-admirable person, harm to the client could quite easily result. Other dangers include a loss of faith in the confidentiality of the program on the part of those individuals who might be considering treatment (who might then not seek treatment), increased anxiety of those currently in the program that the same thing might happen to them, and the possible loss of jobs or potential for advancement if a client’s employer had access to this confidential information. Having noted the dangers, we must determine if Max acted wrongly in his treatment of the data. Furthermore, we should analyze the need for a definitive departmental policy regarding the treatment of clients’ personal information.

    To begin with, the information Max needed was scattered throughout the mainframe. It required much time and effort to access, and may have been in different and incompatible formats. It is therefore appropriate for Max to move the information to a single location where it can be manipulated freely. This prevents him from having to repeatedly access the originals, as well as allowing him to change the formatting of the information as needed. This creates additional copies of the information, which in turn increases the chance of the information being compromised. It is, however, a simple matter to ensure that unauthorized personnel cannot access the information stored in his office computer.

    At work, Max found himself unable to complete the project by the assigned deadline. He decided that in order to finish on time, he would need to work at home. To do so, he needed copies of the information. He saves and transports the data via floppy disks. This is the safest method possible. He would need to be physically assaulted by someone specifically after the disks in order for the information to get out. The probability of Max being mugged on his way home, while not zero, is not dangerously high. The probability of a given mugger taking the disks Max carries, reading them, and then using the information they contain, is too negligible to consider.

    While it is conceivable that Max’s home computer and workspace are as secure as his office, it is unlikely. We were not told if Max lives with anyone or if anyone has regular access to his computer. In either case, there is a risk that someone could gain access to the disks or, if he copied the information to his home computer as well, to the computer itself.

    An important issue arises when Max leaves the disks at home. Even if he deletes the files and reuses the disks later, residual data will remain on the disk. Further, anyone then gaining access to the disks will have access to at least part of the data. Once he was finished with the data, Max should have erased it. There are many programs available for destructively deleting files, making their later recovery impossible. Considering the nature of the data, Max should have done this. On the other hand, the probability of anyone accidentally gaining access to the data via the disks is extremely low; it would again require Max to be specifically targeted as a source of the data.

    Max uploaded his report via modem. The effort needed to tap a telephone is not great; to tap a modem call requires only the addition of a demodulator. It is unlikely that the report (by description a statistical abstract) would contain any confidential information. If it did contain such information then a wiser choice would have been to carry the report back on disk, or to replace any personal identifiers with record identifiers that are meaningless without the original data.

    If a person or agency was intent on gaining access to this information, Max provided several opportunities for them to get it from him. However, to obtain it through him would not be much - if at all - easier than obtaining it through someone susceptible to bribery or taking it directly from the department’s computer systems. The probability of anyone using Max to obtain the data is certainly very low.

    It is probable that persons and other agencies would want this information. As a result, it is important for the department to have a policy regarding the use and treatment of its data. This policy should not unreasonably restrict the motility of the information, but should restrict its permanent storage. Max should have been allowed to carry the information home, but should also have been required to eliminate any such temporary copies when they were no longer needed. Discarded copies, even partial ones, of the data are an unnecessary risk with no benefit. It is a simple matter to make data on disks and hard drives unrecoverable. Further, the department’s policy should require that identifying information be stripped from copies of records when it is not needed. A simple alphanumeric code could be used to identify individual clients in treatment records, and any personal information (name, etc.) could be kept separately and accessed only when necessary.

    In summary, although it did increase the risk of sensitive information being compromised, Max’s actions were not morally irresponsible. He should have taken the precaution of wiping the data from the floppy disks, but his failure to do so is unlikely to result in harm. The department does need to develop a policy governing its client information, but should not make that policy too restrictive.