Most college and university campuses today have multiple open-access computer labs and computerized classrooms that provide network access to shared resources, including Unix servers, electronic mail facilities, library resources, CD-ROMs and electronic printing systems. All this access to technology in a networked environment has created new social and ethical problems, such as:
Abuse of public computing resources, including tying up open-access workstations, disk space, network printers and other shared resources;
Invasion of privacy, such as gaining unauthorized access to other people's electronic mail by breaking passwords or spoofing;
Improper use of computer systems, including harassment, commercial use of instructional facilities and misrepresentation of user communications.
A recent study at Southern Illinois University focused on identifying and analyzing actual ethical decisions on the part of students using networked computing resources and drawing comparisons with the ethical attitudes and behaviors of information technology practitioners using similar networked computing resources.
We developed nine case studies based upon actual situations that occur in academic settings. Several of these case studies were adapted from scenarios used in prior studies, and several were developed from articles in professional publications describing issues in using the academic network.
Two groups of respondents were included in the study. The first included 71 practitioners who are responsible for managing information technology in higher education, and represent a broad cross-section of universities around the country. The second group consisted of students majoring in information systems at SIU. This sample included 103 students taking courses in information systems at both the graduate and undergraduate levels. In each case, students and practitioners were asked to determine if the actions described were Acceptable, Questionable or Unacceptable.
No. 1: Julie Hill, a student, sits down at a workstation in an open-access lab next to Bob Jones, another student. Bob's screen displays graphic images in which nudity is displayed, and Judy asks him to remove the image because it is interfering with her work. He responds by saying that he is working on a creative art project, and that there are no other workstations available for him to do his work. He is unwilling to remove these images.
Since this scenario represents a conflict between Bob's right to study art and Julie's complaint, the verdict is unclear. Both students and practitioners viewed Bob's behavior as either acceptable or questionable, with 40 percent of the students and 40 percent of the practitioners finding Bob's behavior acceptable and an additional 40 percent of both groups finding his behavior questionable at best. In general, both the students and practitioners in the sample felt that the right to view graphic images in which nudity is displayed is comparable to the right to view creative art of a similar nature and that these images should not be censored. However, one strategy for shielding students like Julie from the unwanted material might be to design partitioned workstations in the open-access computing labs.
No. 2: Jim Doe is using a workstation in a campus microcomputer lab to play a game on the Internet. He ties up the workstation for over an hour.
Approximately 90 percent of the students and 97 percent of the practitioners found it unacceptable for a student to tie up a computer workstation if another student needs access to the workstation in order to complete homework. Otherwise, the use of the computer for games was viewed as acceptable or questionable by over 60 percent of the student and practitioner respondents.
Although most of the respondents agreed that students' use of computers to play games in the labs is acceptable as long as no one else wants to gain access, a minority opinion that holds considerable weight is that workstations that have been justified and financed based upon instructional uses should not be used for game-playing. As instructional resources become more difficult to acquire, maintain and upgrade, policies affecting appropriate uses of these resources may need to address the issue of non-instructional uses.
No. 3: A student writes a program that has the effect of sending the same message to another student over and over again. In about five minutes, the program generates more than 1,000 messages to the other student. The logic error in the program results in a flood of e-mail that swamps the mail hub, shuts down the server, and disrupts mail access for many students on the campus for several hours.
The vast majority of the students (90 percent) and 100 percent of the practitioners found a prank that intentionally interferes with message traffic to be unacceptable. However, almost 50 percent of the students and 36 percent of the practitioners viewed the creation of the bug as questionable as long as the logic error was unintentional.
No. 4: A student working in a computer lab learns how to use a spreadsheet program for her accounting class. Normally, the student goes to the lab, checks out the software, completes her assignments, and returns the software. Signs are posted in all of the computer labs indicating that copying software is forbidden. One day, she decides to copy the software so that she can work on her assignment at home.
The issue of software copyright violation was a source of major differences of opinion between the students and the practitioners. The practitioners took a hard line, with 80 percent of them viewing the copying of software to be unacceptable, even when the student was planning to destroy the copy at the end of the semester. Approximately 95 percent of the practitioners viewed the student's forgetting to destroy the copy, or never intending to destroy the copy, as unacceptable.
The students were more lenient on this issue, with 75 percent viewing the temporary copying of software for convenience's sake to be either acceptable or questionable. Increasing percentages of students found copying software to be unacceptable when another student either forgot to destroy the illegal copy (40 percent) or never intended to destroy the illegal copy (67 percent).
Although intent had an impact on the students' attitudes, most of the practitioners viewed copying software as an inappropriate action, regardless of convenience or intent. The fact that practitioners took a hard line with respect to software copyright violation is a significant finding. This is one area where an educational process is needed to inform students that violating the law is taken seriously in the business environment.
No. 5: A student suspects and finds a loophole in the university computer's security system that allows him to access other student's records. He tells the system administrator about the loophole, but continues to access other students' records until the problem is corrected two weeks later.
On this issue, the students' and practitioners' attitudes seemed consistent. Even though only 22 percent of the students and 24 percent of the practitioners considered the student's action in searching for a security loophole to be acceptable, neither group condoned the student's action in continuing to take advantage of the security breach. Over 80 percent of the students and approximately 95 percent of the practitioners felt that trying to access the records for two weeks was unacceptable behavior.
In addition, neither the students nor the practitioners could condone the system administrator's failure to detect and correct the problem. Over 76 percent of the students and 65 percent of the practitioners considered the administrator's failure to detect the problem to be unacceptable. This view seems to point out the fact that MIS professionals may be held responsible for breaches of system security if they do not provide proper controls against unauthorized access.
No. 6: One day, a student programmer decides to write a virus program that causes a microcomputer to ignore every fifth command entered by a user. The student takes his program to the university computing laboratory and installs it on one of the microcomputers. Before long, the virus has spread to hundreds of users.
The virus-spreading incident illustrates a strong difference of opinion between the students and practitioners. When the impact of a virus is malicious, both students (94 percent) and practitioners (100 percent) deemed the spreading of such a virus to be unacceptable. However, students were more lenient in their evaluation of the virus issue when the virus turns out to be harmless (e.g., if the virus program outputs the message, "Have a nice day!"; about 20 percent of the students felt that spreading a harmless virus was questionable at best). However, most of the respondents, including 76 percent of the students and 91 percent of the practitioners, felt that the distribution of a virus was unacceptable - regardless of whether it was harmless or not.
No. 7: A graduate student learns how to mimic the user id of the vice-president for student affairs and represents himself as the VP on the network. In the guise of the vice-president, he sends a message to a student senator criticizing her for her remarks at a recent student senate meeting.
Over 91 percent of the practitioners viewed mis-representing a vice-president on the network as unacceptable, regardless of whether the student sent a follow-up anonymous message admitting that the message was a prank. In fact, 99.6 percent of the practitioners found the message to be unacceptable when no admission was made.
The students were more lenient. When the student admitted the prank, approximately 69 percent of the student respondents felt that the mis-representation was questionable. However, when no admission was made, about 90 percent of the students agreed with the practitioners that the act of mis-representing someone else on the network was unacceptable.
It seems from these findings that misrepresenting another individual on the network is a fairly serious violation. While some of this behavior is motivated by mischief or ingenuity, students need to be aware that such actions are taken very seriously in the business environment.
No. 8: Jim Hawkins, an engineering student, attends class in a computerized classroom in which he and his peer students are learning to use AutoCAD, a computer-assisted design tool. The students are expected to do their work independently and to store their files on the hard drives of the microcomputer workstations. Since there is no security package preventing access to these files, Jim obtains access to the classroom after hours and gains access to another student's project.
Neither the students nor the practitioners felt that accessing or copying another student's file was justified or acceptable. In fact, 76 percent of the students and 89 percent of the practitioners felt that the process of obtaining access to another student's file was unacceptable. The percentages increased in the situation in which Jim copied another student's file. In this situation, 88 percent of the students and almost 98 percent of the practitioners viewed the behavior as unacceptable.
No. 9: Mary Smith, an English student, is enrolled in a number of listservs and receives hundreds of messages each day. Even though she cannot always predict the number of messages that may be transmitted to her mailbox each day, her computer files are taking up excessive disk space.
Both the students and practitioners viewed Mary Smith's decision to maintain membership in a number of listservs to be somewhat questionable. Over 68 percent of the students and approximately 60 percent of the practitioners viewed the action as questionable, but only 16 percent of the students and 8 percent of the practitioners viewed the situation to be unacceptable. This is probably because Mary, or anyone else in this situation, could not really predict the volume of messages that might be received. In the academic environment, however, it may be important to develop guidelines that mitigate against the potential overuse or hoarding of resources, because computing resources are often very limited.
One of the findings of this study was that students were more lenient than the practitioners in cases in which the intent was not malicious. The students were more forgiving when swamping the mail hub was unintentional and when spreading a virus had harmless effects. In addition, the students were more tolerant of an attempt to mimic someone else on the network, as long as they admitted the misdeed.
However, a major area of disagreement related to violating software copyright. The practitioners found any violation of software copyright, including copying for convenience's sake, to be unacceptable. In contrast, the student sample viewed copying software on a temporary basis, or forgetting to destroy software that had been copied, to be questionable as opposed to unacceptable.
The students and practitioners were in agreement with regard to a number of unacceptable behaviors, including: (1) tying up a computer by playing games when another student needed to do homework; (2) not destroying pirated software; (3) intentionally swamping a mail hub; (4) spreading a destructive virus; (5) mimicking a high-ranking official on the network without explanation; and (6) copying another student's file without authorization. On these issues, the division between right and wrong seems to be well-understood. This study has pointed out the opportunity and the difficulty in recognizing and understanding ethical issues in one context, the context of the academic network. The difference in vantage point between the students and academic professionals points out the importance of instruction in the area of ethical analysis. Raising the consciousness of students on these issues is an important strategy for preparing them to deal with similar issues in business and other organizations.
Mary R. Sumner is a professor in the School of Business at Southern Illinois University at Edwardsville. [email protected]