User management

5.9 Ethical conduct of administrators and users

No system involving human beings is complete without a consideration of human social anthropology. Humans meet in consensus, and oppose one another in competition. Our beliefs are based on complex historical and cultural factors and span everything from lifestyle, gender, religious beliefs, cultural norms, justice, autonomy, democracy, privacy and the list goes on.

We believe that we know the difference between right and wrong, and those beliefs influence our use of policy as a tool. However, complete consensus between everyone in a society is impossible to achieve, moreover our sense of responsibility is not always as well developed as our sense of righteousness, and thus there is a need for reminders and the enforcement of ethical decisions.

5.9.1 Compliance with laws and social norms

The basis of any stable community is a ‘pact’ of common beliefs and ethical principles. These are usually codified into ‘policy’ and even formalized even further into ‘law’. Human–computer communities are usually described as being ‘virtual’

milieux, which tends to suggest that we do not fully believe in their reality. So far, few laws have been codified to regulate our behavior in these realms. Nevertheless, our strong dependence on technology means that real harm can come to us as a result of anti-social behavior. Thus, in the absence of strict laws, determined by society at large, network communities can easily become unruly places that fail to work in a way that is conducive to their purpose.

Given the temptation to exceed the boundaries of common sense and courtesy, humans excel at challenging every assumption that we might make about behav-ior. Experience shows that regulations and their enforcement are necessary parts of any interpersonal system. Administrators have a natural position of power in this community model, and this brings with it great responsibility.

5.9.2 Responsibility to others

A system administrator wields great power. He or she has the means to read everyone’s mail, change anyone’s files, to start and kill anyone’s processes. This power can easily be abused and that temptation could be great. Nevertheless, administrators are sometimes required to involve themselves in others’ affairs, to help out or even settle conflicts of interest.

The ethical integrity of a system administrator is clearly an important issue.

Administrators for top secret government organizations and administrators for small businesses have the same responsibilities towards their users and their organizations. One has only to look at the governing institutions around the world to see that power corrupts. Few individuals, however good their intentions, are immune to the temptations of such power at one time or other. As with governments, it is perhaps a case of those who wish for power are least suited to deal with it.

Administrators ‘watch over’ backups, E-mail, private communications and they have access to everyone’s files. While it is almost never necessary to look at a user’s private files, it is possible at any time and users do not usually consider the fact that their files are available to other individuals in this way. Users need to be able to trust the system and its administrator.

As an administrator, one needs to consider:

• What kind of rules can you fairly impose on users?

• What responsibilities do you have to the rest of the network community, i.e.

the rest of the world?

• Censoring of information or views.

• Restriction of personal freedom.

• Taking sides in personal disputes.

• Extreme views (some institutions have policies about this).

• Unlawful behavior.

• Jeopardizing user security.

A system administrator should avoid taking sides in ethical, moral, religious or political debates, in the role of system administrator; personal views should be kept separate from professional views, or the temptation to abuse privileges could become irresistable. However, the extent to which this is possible depends strongly on the individual and organizations have to be aware of this. Some organizations dictate policy for their employees. This is also an issue to be cautious with: if a policy is too loose it can lead to laziness and unprofessional behavior; if it is too paranoid or restrictive it can lead to bad feelings in the organization. Historically, unhappy employees have been responsible for the largest computer crimes. For references see [104, 105].

There is a temptation for an administrator to think that the system exists primarily for him or her and that the users are simply a nuisance to the smooth running of things; if network service is interrupted, or if a silly mistake is made which leads to damage in the course of an administrator’s work, that is okay:

the users should accept these mistakes because they were made whilst trying to improve the system. When wielding such power there is always the chance that such arrogance will build up. Some simple rules of thumb are useful; examples of these are provided in the codes of ethics in section 5.9.4.

5.9.3 Propaganda and misinformation

Computers lie with flawless equanimity; to the inexperienced user they always tell the truth. A computer has a perceived authority which makes it a very powerful tool for abuse. An ill-thought out remark in a login message, or a deliberate attempt to steer users with propaganda can have equally insidious results. One might argue that this is no worse than our eager reliance on television and media, and indeed this is true. Information warfare plays on our vulnerabilities to authority symbols, and it is on the rise.

In the Paramount film The Wrath of Khan, a questioning lieutenant Saavik queries Spock about his use of a verbal code to mislead the enemy: ‘You lied?’ she says. Spock replies: ‘I exaggerated.’ Although the scene is amusing, it highlights another way in which computers can convince us of incorrect information. A sufficient exaggeration might also be enough to convince us of a lie. Information can always be presented misleadingly. Where do we draw the line? Software which is incorrectly configured and delivers incorrect information is perhaps the worst example. For example, an early version of Mathematica (a tool for mathematical manipulation) gave an incorrect answer for the derivative of a well-known function.

It would have been easy to have simply used this answer, knowing that Math-ematica performs many complex manipulations flawlessly. Fortunately the main users of Mathematica, at the time, were scientists, who are a naturally sceptical breed and so the error was discovered. In a CD-ROM encyclopedia, a Norwegian right-wing political party was listed as a neo-Nazi organization. This was an unfair

exaggeration of the truth, with potentially damaging consequences abroad, had this party ever been elected to government. The fact that the information was on a CD-ROM containing a body of essentially correct information would tend to convince readers of its general truth.

The book you are reading, by virtue of being in print, also has an authority and the power to mislead. If it were written, ‘the correct way to do X is Y’, it might appear that that was the only correct solution to the problem. That might be true, but it might also only be my flawed opinion. That is one of the reasons why the emphasis of this book is on becoming independent and thinking for oneself. To summarize: most users look up to computers in awe; for that reason, the computer is an authority symbol with a great potential for abuse. System administrators need to be on the look out for problems like this, which can damage credibility and manipulate users.

Principle 23 (Perceived authority). Computers have a perceived authority.

Administrators need to be on the look out for abuses of that authority, whether by accident or by design.

5.9.4 The SAGE code of ethics

The System Administrator’s Guild has developed its own professional guidelines for system administrators. We cite them here for reference. The original draft of this document was written by Hal Miller, and the revised draft by Lee Damon.

Original draft

Background: Computers, and particularly networked systems, have become as necessary a part of life as the telephone. The functionality they bring to home and office environments is now taken for granted as a part of daily life. As the world moves toward becoming a paperless society, the information stored and handled in the computing environment becomes more critical to that lifestyle.

Proper operation, support and integrity of computing assets is regarded as being as important as that of the telephone system in most countries today.

System administrators, under any title and whether or not they are members of a professional organization, are relied upon to ensure proper operation, support and protection of those computing assets. Unlike most previous technological advances, any problem with a computer system may negatively impact millions of people world-wide, thus such protection is more crucial than equivalent roles within other technologies. The ever-increasing reliance upon computers in all parts of society has led to system administrators having access to more information, particularly information of critical importance to the users, thus increasing the impact that any mis-step may have.

The scope of the system administrator’s responsibilities is wide. Users rely upon the advice, planning, maintenance and repair tasks performed, whether pro-actively or reactively performed. System administrators are expected to have a good understanding of what is available in the vendor world, and what the user community may require in the foreseeable future.

With such responsibilities upon the shoulders of these individuals, it is impor-tant that all computer users and system administrators understand the norms and principles to be applied to the task. A code of ethics supplies these norms and principles as canons of general concepts. Such a code must be applied by individuals, guided by their professional judgment, within the confines of the environment and situation in which they may be.

The code sets forth commitments, responsibilities and requirements of mem-bers of the system administration profession within the computing community.

As used within this document, the word ‘users’ applies not only to those computer-utilizing members of that computing community who call upon sys-tem administrators for support, but also to those syssys-tem administrators, and even to management personnel who may not actually be using a computer.

This Code of Ethics has as its purposes the following:

• to provide a set of codified guidelines for ethical directions that system administrators must pursue;

• to act as a reference for construction of local site acceptable use policies;

• to enhance the professionalism and image of the Guild and of its individual members by promoting ethical behavior;

• to act as an ‘industry standard’ reference of behavior in difficult situations, as well as in common ones;

• to establish a baseline for addressing more complex issues.

This Code is not:

• a set of enforceable laws;

• an enumeration of procedures;

• proposed responses to situations;

• all-encompassing;

• an enumeration of sanctions and punishments.