Ethics and Professional Issues for Computing Use a deontological or consequentialist theory to discuss the issues of non disclosure when software programmers go to work for another software company specialising in similar applications. Simon Cutajar B.Sc. (Hons.) ICT 3rd Year University of Malta June 16, 2011 1
Use a deontological or consequentialist theory to discuss the issues of non disclosure when software programmers go to work for another software company specialising in similar applications. Please observe the following guidelines for the structure of the essay: Identify and describe: 1. the facts; 2. the stakeholders; 3. any relevant laws/guidelines/policies (use Maltese Law or British Case Law quoting some relevant court judgements); 4. the ethical issues related to the issue of non disclosure in the ICT profession; 5. a description of the consequentialism/deontological theory you re using; 6. an ethical framework of what is specialist confidential knowledge obtained from a previous employer and what are newly acquired personal competencies; 7. to what extent non-disclosure clauses in employment contracts are ethically and legally justified; 2
In order to discuss any issues that surround the topic of non-disclosure agreements, we must first begin by providing a definition. What is a non-disclosure agreement? [Radack, 1994] defines it as being a contract entered into by two or more parties in which some or all of the parties agree that certain types of information that pass from one party to the other or that are created by one of the parties will remain confidential. By signing this agreement, both parties agree that no information can be disclosed, and actions may be taken if it is breached in any way (such as fines or a legal ramifications) [Hanson et al., 2004]. There are several clarifications that need to be made when drafting up a non-disclosure agreement. The information to be protected under the confidentiality agreement must be defined, with any exceptions made to the case if necessary. One must also investigate whether or not both parties are capable of securely storing the information as a secret, and a timeframe for the agreement must also be defined. The parties must also discuss who owns the information in terms of licenses and rights [Radack, 1994, Hanson et al., 2004]. When a person joins a professional organization (such as the IEEE 1 or ACM 2, he or she is expected to follow a code of ethics. [Davis, 1991] claims that having a code of ethics allows engineers to understand how to behave as professionals, as well as allowing us to understand the engineering profession as a whole. He also claims that by having a common code of ethics, professionals can aim towards goals that are commonly agreed upon. In the drafted version of the ACM Code of Ethics, there are several guidelines that involve the issues of non-disclosure agreements. Article 1.3 states that a person must strive towards honesty, while Article 1.5 asks the member to honor property rights including copyrights and patents. Both of these articles may be violated if a person willingly breaches a non-disclosure agreement (such as to use code that was made for another company) [Anderson, 1992]. Other relevant articles include Article 1.8 which calls for members to respect the privacy of other people (which could be violated by disclosing databases of contacts to others), and Article 2.6, which states that members should honor contracts, agreements and assigned responsibilities. 1 Institute of Electrical and Electronics Engineers 2 Association for Computing Machinery 3
The IEEE Code of Ethics [IEEE, 2006] contains similar ideas, such as stating that situations that involve conflicts of interest should be avoided. [Barquin, 1992] lists some guidelines similar in style to the biblical Ten Commandments. Relevant guidelines include Thou shalt not use a computer to steal. and Thou shalt not copy or use proprietary software for which you have not paid. An example of a non-disclosure agreement is found in the United States Code of Federal Regulations [United States Code of Federal Regulations, Accessed 2011]. It states that the recipient of the non-disclosure agreement is not allowed to distribute the information or software under the agreement to any other people, and can only use the information or software in limited cases. [Stoller] states that a problem with the use of non-disclosure agreements in software companies is the high rate of turnover for these companies. He also quotes a recent case in the United States, where code was allegedly stolen by a former employee and used in his new company [Berenson, 2009]. This could result in a breach of the original contract and could be considered as fraudulent acts, which may end up in court [Stoller]. In order to determine the relevant stakeholders when discussing the impact of a non-disclosure agreement in the software industry, we determine the influence and input of any possible people in the agreement, as well as people who may be effected by it [Savage et al., 1991]. In a non-disclosure agreement, we claim that the two main stakeholders are the employee, and the company or employee involved. Depending on the type of information or software that the agreement covers, other stakeholders may be relevant, such as the public, the company s clients, the company s target audience, shareholders, the government and others. Before taking a specific look at non-disclosure agreements in the software industry, we can first look at a general overview of such agreements elsewhere. The Swedish Secrecy Act, which came into effect on January 1, 1981, states that although the public is allowed to read all official documents, there are some documents that are considered secret and thus can only be read by certain acknowledged people [Regeringskasliet (Government Offices of Sweden) Ministry of Justice, 2009]. Article 5 of the Competition Act [Government of Malta Ministry for Justice and Home Affairs, 1994], for example, prohibits the sharing of supply sources (and we claim that the theft and use of a company s database could be considered as the sharing of 4
supply sources, as well as a breach of the Data Protection Act [Government of Malta Ministry for Justice and Home Affairs, 2001]). Trade secrets for example, are protected under the Economic Espionage Act of 1996 in the United States [United States Senate and House of Representatives, 1996], as can be seen in the case United States v. Mikahel Chang and Daniel Park, where the judge sentenced Mikahel Chang to a year and a day in prison for stealing databases related to sales from his former employer [United States Department of Justice, 2001]. Embezzlement, which [McCown, 2010] claims is a non-violent, economic crime attempted by white-collared criminals, is defined as being the theft of personal property that someone else has entrusted you with.[mccown, 2010] describes several embezzlement cases throughout history. For example, during the 1800s when there was no suitable law against embezzlement, the criminal could not be prosecuted for larceny and was therefore unpunished. [Parezo] claims that most acts of embezzlement could have been prevented with more than one person looking over statements, as well as by implementing a system of checks and balances, such as by having mandatory vacation time. There are several problems that might occur when confronted with nondisclosure agreements. [Loui, 2008] claims that if a person has signed a confidentiality agreement with one company, and then ends up working with a rival company, he faces an dilemma; should he work with competing technology and violate his agreement, or not? Some companies have introduced the concept of a non-compete agreement, which stops the employee from working with rival companies for a specific period of time [Reynolds, 2009]. Furthermore, start-up companies can put venture capitals into a tricky situation by asking them to sign non-disclosure agreements, since they are probably not the only start-up company they are investing in [Davis, 2007]. There are several different ways that one can approach an ethical dilemma. [Slowther et al., 2004] describes several ethical theories that may be used. Consequentialism, a subclass of the broader telelogical theory, states that values are found in the consequences of the actions, and not in the actor s intentions. [Sinnott-Armstrong, 2006] states that the main example of consequentialism is utilitarianism, made popular by philosophers such as Jeremy Bentham and John Stuart Mill amongst others. The deontological theory, which emerged as a criticism to consequentialism, takes into account the means that were used to achieve the goal, rather than the actual goal itself [Slowther et al., 2004]. One well-known deontological theory is that explained 5
by the German philosophy Immanuel Kant. Another ethical theory is virtue ethics. [Slowther et al., 2004] claims that virtue ethics is a revival of original Aristotelian ethics. [Hursthouse, 2007] describes this approach as placing more value on the virtues involved in the actions taken, as opposed to the consequences involved (in consequentialism) or the duties that must be taken (in the deontological theory). Casuistry, as described by [Slowther et al., 2004], relies more on previous cases that can be applied to the current situation by using practical reasoning. It is most notably used in areas such as medicine and law Townsley [2003]. We have settled for the family of deontological theories, however, which particular theory should we choose. We consider four different theories. The first theory, called the divine command theory, states that actions are right if God says that they are right. Morality is thus linked to God. We note that Socrates famously questioned this link in the form of the Euthyphro Dilemma, stating, Does God command this particular action because it is morally right, or is it morally right because God commands it?. So, if God told us to be cruel, then cruelty would become the morally correct thing to do [Austin, 2006]. The principle of non-aggression, as explained by [Rothbard, 1963] is that: No one may threaten or commit violence ( aggress ) against another man s person or property. Violence may be employed only against the man who commits such violence; that is, only defensively against the aggressive violence of another. We note that this differs from pacifism, where not even the act of selfdefence is allowed. Deontological libertarians consider this to be the core of their morality, and no violation of this principle may occur. The next deontological theory we wish to discuss is the theory of prima facie duties, an example of pluralistic deontology. According to [Garrett, 2004], when an action needs to be taken, these duties need to be considered, and only one may acted upon. However, one duty may override another. These duties are as follows: 6
Fidelity The duty to keep a promise. Implicitly, this also refers to the duty to tell the truth. Reparation The duty to make-up for any wrong doings caused. Gratitude The duty to be grateful for any signs of good will that were received, and to return signs of good will if possible. Non-Injury The duty to avoid, wherever possible, harming people; whether physically, mentally or psychologically. Harm Prevention The duty to prevent others from coming to harm from external factors. Beneficence The duty to help others and do good. Self-Improvement The duty to improve ourselves and always seek to promote our own good. Justice The duty to make sure that justice is served by distributing benefits and sanctions equally. These duties are applied in everyday life situations. However, according to [Garrett, 2004], when prima facie duties conflict, we must see which one takes priority depending on the situation. The last ethical theory we would like to discuss, and the theory that will be choosing as an ethical framework for the issue of breaches of non-disclosure agreements is Kantian ethics, by Immanuel Kant. Kant uses the categorical imperative, which is an unconditional moral obligation that is our duty to 7
uphold, regardless of the situation [Johnson, 2008]. [Guthrie] describes the concept of duty, stating that if an action is not done with a sense of duty, then there is no intrinsic moral value involved, regardless of the consequence of the action taken. [Johnson, 2008] states that some laws (which may be considered as actions of duty ) are inherently evil, or may not appear to be morally correct. [Johnson, 2008] says that we respect laws only to a certain degree, since they must not interfere with other laws or values that we deem to be more important. Note the difference between the categorical imperative and the hypothetical imperative. While the categorical imperative is unconditional, a hypothetical imperative is conditional, in the sense that actions are taken in order to gain something. If now the action is good only as a means to something else, then the imperative is hypothetical; if it is conceived as good in itself and consequently as being necessarily the principle of a will which of itself conforms to reason, then it is categorical... However, Kant asserts that morality does not work using hypothetical imperatives. Morality is made up solely of categorical imperatives that tell us what to do, regardless of what we are out to gain [Holt, 2005]. We note that hypothetical imperatives, with their emphasis on goals, are vaguely similar to consequentialism. [Guthrie] states that morality must be a priori, according to Kant. This is because if it isn t, it would simply be an observation of human nature in action. Kant states that this is not the case, since morality applied for other rational beings as much as it does to humans. [Guthrie] claims that therefore, Kant s system of morality can be considered to have been discovered, rather than invented. There are several criticisms that have been made against Kant s categorical imperative. One famous criticism is the Inquiring Murderer. [Korsgaard, 1986] describes a situation where a murderer enters a house and asks a person where he can find his victim. According to Kant s categorical imperative, a person must tell the truth at all times, and so, it would be morally correct (according to this ethical framework) to say the truth, even though this means that the victim has a higher chance of being killed. In this case, Kant actually holds the liar as being liable for whatever happens to the victim. 8
One example brought about by [Chryssides and Kaler, 1993] is whether or not it is morally permissible for a businessperson to lie. According to the Golden Rule, which states One should treat others as one would like others to treat oneself, one should not be able to lie, since we would not like to be lied to. This is, however, different in a business setting, where people expect to be lied to. Kant claims that by universalizing certain actions, they automatically become self-defeating. If lying was allowed, for example, one would never know if any statement that was being said was true or false, and so the point of telling the truth or lying has been defeated. For a more business-centric example, the same would apply to contracts. If contracts could easily be broken or breached, then there is really no point to the contract in the first place; its meaning has been lost. We note however, that Kant did not like the Golden Rule, since he claimed that it could not differentiate between situation differences. A prisoner for example, could appeal to the judge by telling him not to send him to prison, since he would not like it if someone send him to prison. Thus we can see that with regards to non-disclosure agreements, if there is no contract in place (due to the idea of a contract being self-defeating), then employees can freely disclose information as they wished. However, a non-disclosure agreement is legally required if an employer wishes to protect trade secrets. Therefore, according to Kant s categorical imperative, one should obey the law and sign the non-disclosure agreement, since it is the moral thing to do. If however, the employee resigns from the company and ends up working with a rival, he or she should not give out any relevant information, since apart from being illegal, this would also go against Kant s categorical imperative. As stated by [Frederick, 2002], any sound businessman who accepts Kantian morality would base his decision or whether or not it was a categorical imperative or not. If the decision can be made universal without succumbing to self-defeat, then it is a categorical imperative. If not, it should be discarded, since the decision is morally forbidden under Kantian morality. We can see that the use of the categorical imperative does not allow the universalization of actions to make exceptions for people, since this would be inherently immoral. As stated earlier, we can see that hypothetical imperatives are somewhat similar to consequentialism since they focus on the goals. However, it is important to note that this is not morally correct for Kant; on the contrary, 9
one must always follow the categorical imperative at all costs if one wants his or her decisions to remain moral. So for example, one cannot decide to sign the non-disclosure agreement because of a potential payrise he might get. The employee must sign the agreement simply because it is the moral thing to do, not because of any other conditions. [Frederick, 2002] claims that by using the second formulation of Kant s categorical imperative, we can arrive at the conclusion that people should always be treated as ends, and never as means (contrary to what is expected in consequentialism). [Frederick, 2002] tries to explain the argument by differentiating between negative freedom and positive freedom. While negative freedom allows a person to be free from deception, positive freedom allows a person to grow in their skills and capacities. Therefore, to treat a person as an end, we must not use any form of deception whilst also allowing the person to increase his skills. In conclusion, we have attempted to use a deontological theory; more specifically, Kant s categorical imperative, in order to discuss the issues of non-disclosure. 10
Bibliography References R. E. Anderson. ACM code of ethics and professional conduct (draft). Communications of the ACM, 35(5):94 99, May 1992. M. W. Austin. Divine command theory. Internet Encyclopedia of Philosophy - http://www.iep.utm.edu/divine-c/, August 2006. R. C. Barquin. In pursuit of a ten commandments for computer ethics. Computer Ethics Institute, May 1992. A. Berenson. Arrest over software illuminates wall st. secret. The New York Times, August 2009. G. D. Chryssides and J. H. Kaler. An Introduction to Business Ethics. Cengage Learning Business Press, 1st edition, November 1993. M. Davis. Thinking like an engineer: The place of a code of ethics in the practice of a profession. Philosophy & Public Affairs, 20(2):150 167, Spring 1991. M. P. Davis. Why VCs do not sign NDAs. http://www.markpeterdavis. com/getventure/2007/10/why-vcs-do-not-.html, October 2007. R. Frederick, editor. A Companion to Business Ethics (Blackwell Companions to Philosophy). Wiley-Blackwell, August 2002. J. Garrett. A simple and usable (although incomplete) ethical theory based on the ethics of w. d. ross. Internet Encyclopedia of Philosophy - http: //www.iep.utm.edu/divine-c/, August 2004. Government of Malta Ministry for Justice and Home Affairs. Competition Act (Chapter 379). Law, 1994. Government of Malta Ministry for Justice and Home Affairs. Data Protection Act (Chapter 440). Law, 2001. S. L. Guthrie. Immanuel kant and the categorical imperative. The Examined Life On-Line Philosophy Journal, II(7). M. J. Hanson, J. R. Thompson, and J. J. Dahlgren. Overview of confidentiality agreements. File C5-80, May 2004. 11
T. Holt. Hypothetical and categorical imperatives. http://www. moralphilosophy.info/imperatives.html, July 2005. R. Hursthouse. Virtue ethics. Stanford Encyclopedia of Philosophy http: //plato.stanford.edu/entries/ethics-virtue/, July 2007. IEEE. IEEE code of ethics. IEEE Policies, Section 7 - Professional Activities (Part A - IEEE Policies), Approved February 2006. R. Johnson. Kant s moral philosophy. Stanford Encyclopedia of Philosophy http://plato.stanford.edu/entries/kant-moral/, April 2008. C. Korsgaard. The right to lie: Kant on dealing with evil. Philosophy and Public Affairs, 15(4):325 34, 1986. M. C. Loui. Professional ethics in engineering, Part 4: Confidentiality. Presentation Slides, September 2008. E. A. McCown. Embezzlement a white collar crime: A review of federal and supreme court cases during economically challenging eras. In Proceedings of the 17th Annual Conference of the American Society of Business and Behavioral Sciences, volume 17, February 2010. S. Parezo. Embezzlement: Beware of an inside job. http://www.evancarmichael.com/business-coach/932/ Embezzlement-Beware-of-an-Inside-Job.html. D. V. Radack. Understanding confidentiality agreements. JOM, 46(5):68, 1994. Regeringskasliet (Government Offices of Sweden) Ministry of Justice. Public access to information and secrecy act. Information Material, September 2009. G. W. Reynolds. Ethics in Information Technology. Course Technology, 3rd edition edition, October 2009. M. N. Rothbard. War, peace, and the state. The Standard, April 1963. G. T. Savage, T. W. Nix, C. J. Whitehead, and J. D. Blair. Strategies for assessing and managing organizational stakeholders. The Executive, 5(2): 61 75, May 1991. W. Sinnott-Armstrong. Consequentialism. Stanford Encyclopedia of Philosophy http://plato.stanford.edu/entries/consequentialism/, February 2006. 12
A. Slowther, C. Johnston, J. Goodall, and T. Hop. A practical guide for clinical ethics support. The Ethox Centre, first edition edition, 2004. S. Stoller. CSE302/ISE302: Professional ethics for computer science Lecture 2: Ethics for IT professionals and IT users. Presentation Slides. J. Townsley. Casuistry a summary. http://www.jeramyt.org/papers/ casuistry.html, December 2003. United States Code of Federal Regulations. Federal acquisition regulations system. 48 CFR Part 227.71, Accessed 2011. United States Department of Justice. Two San Jose Men Plead Guilty in Theft of Trade Secrets Case. Press Release. http://www.justice.gov/ criminal/cybercrime/changpr.htm, 2001. United States Senate and House of Representatives. Economic espionage act. Pubic Law No. 104-294, 110 Stat. 3488, 1996. 13