Discussions

How to tackle this ethical issue as an administrator....

Tags:
+
0 Votes
Locked

How to tackle this ethical issue as an administrator....

sanjith2091
A system administrator who is in charge of the technical support and smooth running of the system in an organisation has been told by a company Director that there are concerns about some members of staff using their work computers for non-work related activities, such as using the Internet for social networking and sending emails. They have also heard rumours that some people are downloading music to listen to whilst at their desks.
The Director wants to avoid being questioned at Board level, and asks the administrator to look into the matter without telling anyone. What could the system administrator do, and what are the ethical, legal and social issues to be considered?
  • +
    0 Votes
    Deadly Ernest

    to be done.

    As a general rule, where laws and policies allow, the company has the right to control what is on their computers and network, and what they're used for. So you can remove any unapproved files, like music etc. But better to send a memo out telling people to remove them before you do.

    Best thing is to have a good gateway and use a proxy appliance. then set it up to deny access to the unapproved sites used for the social networking and music downloads. Best not to conduct a witch hunt, but to close and shut the barn door.

    edit to add - if all you're doing is enforcing existing company policies, there is no ethical concerns raised at all. If no policy exists, then ethics requires you see policies are created, made known, then enforced after people have a reasonable time to comply with them.

    +
    0 Votes
    sanjith2091

    Agreed but dont you think its kind of peeping into employees privacy???

    +
    0 Votes
    CharlieSpencer

    but in the US it has been established there is no expectation of privacy on a workplace computer. The policy where I work is that company computer resources are subject to examination by the IT department at any time. I specifically outline that to new employees.

    Using a company computer to get personal e-mail is just like using a company car to drive to your personal post office box.

    +
    0 Votes
    Deadly Ernest

    the employees and they should have absolutely NO expectation of privacy of anything on a company computer as the company can turn up and move it at any time. It's not as if you're checking their home computer.

    Think of it as a company car they use during the day, can they expect any privacy about things they leave lying around in the car, when any other employee has a the right to use the car as well? no they don't, same applies to all company assets.

    +
    0 Votes
    santeewelding

    The ethic of your own statement about what the Director "wants".

    Is it that? Are you competent to say what another wants? Or, was it that you were simply told of this want by the Director? And, why were you told this?

    Not only, mayhap, are you being invited to intrigue, you readily deceive yourself into it.

    In your place, all you can know, and truthfully testify to, is what you have been told to do. The rest can make of you a co-conspirator; the one who first gets thrown under the bus.

    +
    0 Votes
    mafergus

    All other issues aside, the admin is only being asked to investigate what is going on. Knowing that these are company assets, there isn't an ethical issue if the admin does as is asked. Unless i am not reading enough into this, this is simply a request to help determine if there is a problem or not. After the information is collected and the severity is assesed, then policies may be put in place/enforced.

    I do not see an ethical issue here.

    +
    0 Votes
    sanjith2091

    Since the director instructs that higher management / others should not be aware of this inspection dont you think he i mean the director might be using the info on what the employees have accessed and stuff to do something bad for the employees eg- if he is having some grudges with one employee with this info he might tarnish that employee's image etc etc

    +
    0 Votes
    CharlieSpencer

    Is there an HR department? We usually involve them in this sort of action in order to prevent conflicts like the one you describe.

    +
    0 Votes
    JamesRL

    Do this very openly. At my current and at some previsou employers, we talk about it at orientation, and employees have to sign a document acknowledging they have read and understood the policy.

    It should never be used by one person. If I were writing a policy I would insist that HR approve every instance where an investigation takes place. I wouldn't want that Director spying on his boss for example.

    As for tarnishing someone's reputation, the employees should realize that they are being monitored and govern themselves accordingly. There is no right to non buinsess browsing from work, and if an employee choses to go to questionable sites, they will live with the consequences.

    James

    +
    0 Votes
    TonytheTiger

    and what he is asking you to do is legal, his motives are not your concern.

    +
    0 Votes
    cmatthews

    1) Tell HR you want to insert a transparent proxy to do a bandwidth study: Log usage by domain (not by person) in order to build some kind of a 'cost of use' case.
    (bypass any sites that would affect your LOB and productivity).

    or

    2) Go third-party on your DNS service: OpenDNS gives faster DNS resolution and allows you to filter and redirect access to sites without identifying anyone. Budget this under Malware-AntiVirus costs, since OpenDNS claims not to resolve to known attacker IP addresses. (could be the Win-win your looking for..)

    3) Ask HR to make an 'Internet Usage Policy' that new employee's sign at hire. (What to do with current employees, I do not know..)

    "...XYZ ltd. reserves the right to restrict access to Internet resources as deemed wasteful, intrusive, unlawful or conducive to unauthorized installation of software on company equipment..."

    4) I have found that DNS redirects to a Google search page can be more positive than showing a block page.

    5) OpneDNS has a forum where you could ask this question:
    http://forums.opendns.com/

    BTW, I use this with several companies.

    +
    0 Votes
    seanferd

    1) It can be had for free, unless you want different levels of filtering under one IP, or

    2)you want to redirect the OpenDNS block page, which does require an Enterprise account.

    3) If you read the information available on Enterprise and still need more information, contact OpenDNS directly, not through the forum. Phone numbers and email address to contact support available everywhere on site.

    +
    0 Votes
    cmatthews

    ... articles and such, since some concern was noted in that direction. I always find this so-called legal issue fascinating.

    If I ran a company that made clothes, maybe I'd should make the employees sign agreements to not use the company sewing machines on any personal articles of clothing either ;-)

    +
    0 Votes
    JackOfAllTech

    Company policy, company hardware, company software, company electricity, etc., etc..

    You can do anything you are told to do on the network.

    In fact, as long as they post a sign telling you about it, they can legally put cameras in the restrooms.

    +
    0 Votes
    cmatthews

    ..there bud, that's close to the edge.. Are you fishing?
    Suppose the boss comes by your cubical and slaps you in the side of the head.
    No sign posting squat can supersede the laws of nation, state or local by-laws. Find out what those laws are, because "I didn't know" holds no water with a judge.

    +
    0 Votes
    sanjith2091

    Guys i wud like to throw a question to you'll

    what if the admins sees an email of an employee while monitoring the network behavior... from the mails he gets to know that that employee is having some secret affairs with the boss's wife what should the system admin shud do??? say it to teh boss or keep his mouth shut?????

    +
    0 Votes
    CharlieSpencer

    If non-work e-mail is against company policy, the policy should state who is to be notified regarding non-work e-mails. In most places this is the Human Resources department or the employee's supervisor. Unless the content is illegal, it is not the admin's job to decide who to notify based on the content. If the policy doesn't state notifying the boss regarding non-work e-mail, then you should not notify him. As far as an admin is concerned, this is just another non-work e-mail, no different from a chain letter, PowerPoint joke, or baby photos. You cannot decide to notify someone personally affected by the content without violating professional ethics. Once you do, you'll never be trusted with payroll, personnel, or sensitive data again.

    It's possible you aren't required to notify anyone. In that case, I'd delete the e-mails as non-work messages and keep my mouth shut. You're dangerously close to crossing over from professional job performance to being a nosy gossip. Is this a 'real world' situation or are you just making up scenarios?

    +
    0 Votes
    RookieTech

    i completely agree with you Cmatthews cameras in the bathrooms never is, was, or ever will be legal if that was then you are going by some messed up and illegal terms. sorry man this would never work

  • +
    0 Votes
    Deadly Ernest

    to be done.

    As a general rule, where laws and policies allow, the company has the right to control what is on their computers and network, and what they're used for. So you can remove any unapproved files, like music etc. But better to send a memo out telling people to remove them before you do.

    Best thing is to have a good gateway and use a proxy appliance. then set it up to deny access to the unapproved sites used for the social networking and music downloads. Best not to conduct a witch hunt, but to close and shut the barn door.

    edit to add - if all you're doing is enforcing existing company policies, there is no ethical concerns raised at all. If no policy exists, then ethics requires you see policies are created, made known, then enforced after people have a reasonable time to comply with them.

    +
    0 Votes
    sanjith2091

    Agreed but dont you think its kind of peeping into employees privacy???

    +
    0 Votes
    CharlieSpencer

    but in the US it has been established there is no expectation of privacy on a workplace computer. The policy where I work is that company computer resources are subject to examination by the IT department at any time. I specifically outline that to new employees.

    Using a company computer to get personal e-mail is just like using a company car to drive to your personal post office box.

    +
    0 Votes
    Deadly Ernest

    the employees and they should have absolutely NO expectation of privacy of anything on a company computer as the company can turn up and move it at any time. It's not as if you're checking their home computer.

    Think of it as a company car they use during the day, can they expect any privacy about things they leave lying around in the car, when any other employee has a the right to use the car as well? no they don't, same applies to all company assets.

    +
    0 Votes
    santeewelding

    The ethic of your own statement about what the Director "wants".

    Is it that? Are you competent to say what another wants? Or, was it that you were simply told of this want by the Director? And, why were you told this?

    Not only, mayhap, are you being invited to intrigue, you readily deceive yourself into it.

    In your place, all you can know, and truthfully testify to, is what you have been told to do. The rest can make of you a co-conspirator; the one who first gets thrown under the bus.

    +
    0 Votes
    mafergus

    All other issues aside, the admin is only being asked to investigate what is going on. Knowing that these are company assets, there isn't an ethical issue if the admin does as is asked. Unless i am not reading enough into this, this is simply a request to help determine if there is a problem or not. After the information is collected and the severity is assesed, then policies may be put in place/enforced.

    I do not see an ethical issue here.

    +
    0 Votes
    sanjith2091

    Since the director instructs that higher management / others should not be aware of this inspection dont you think he i mean the director might be using the info on what the employees have accessed and stuff to do something bad for the employees eg- if he is having some grudges with one employee with this info he might tarnish that employee's image etc etc

    +
    0 Votes
    CharlieSpencer

    Is there an HR department? We usually involve them in this sort of action in order to prevent conflicts like the one you describe.

    +
    0 Votes
    JamesRL

    Do this very openly. At my current and at some previsou employers, we talk about it at orientation, and employees have to sign a document acknowledging they have read and understood the policy.

    It should never be used by one person. If I were writing a policy I would insist that HR approve every instance where an investigation takes place. I wouldn't want that Director spying on his boss for example.

    As for tarnishing someone's reputation, the employees should realize that they are being monitored and govern themselves accordingly. There is no right to non buinsess browsing from work, and if an employee choses to go to questionable sites, they will live with the consequences.

    James

    +
    0 Votes
    TonytheTiger

    and what he is asking you to do is legal, his motives are not your concern.

    +
    0 Votes
    cmatthews

    1) Tell HR you want to insert a transparent proxy to do a bandwidth study: Log usage by domain (not by person) in order to build some kind of a 'cost of use' case.
    (bypass any sites that would affect your LOB and productivity).

    or

    2) Go third-party on your DNS service: OpenDNS gives faster DNS resolution and allows you to filter and redirect access to sites without identifying anyone. Budget this under Malware-AntiVirus costs, since OpenDNS claims not to resolve to known attacker IP addresses. (could be the Win-win your looking for..)

    3) Ask HR to make an 'Internet Usage Policy' that new employee's sign at hire. (What to do with current employees, I do not know..)

    "...XYZ ltd. reserves the right to restrict access to Internet resources as deemed wasteful, intrusive, unlawful or conducive to unauthorized installation of software on company equipment..."

    4) I have found that DNS redirects to a Google search page can be more positive than showing a block page.

    5) OpneDNS has a forum where you could ask this question:
    http://forums.opendns.com/

    BTW, I use this with several companies.

    +
    0 Votes
    seanferd

    1) It can be had for free, unless you want different levels of filtering under one IP, or

    2)you want to redirect the OpenDNS block page, which does require an Enterprise account.

    3) If you read the information available on Enterprise and still need more information, contact OpenDNS directly, not through the forum. Phone numbers and email address to contact support available everywhere on site.

    +
    0 Votes
    cmatthews

    ... articles and such, since some concern was noted in that direction. I always find this so-called legal issue fascinating.

    If I ran a company that made clothes, maybe I'd should make the employees sign agreements to not use the company sewing machines on any personal articles of clothing either ;-)

    +
    0 Votes
    JackOfAllTech

    Company policy, company hardware, company software, company electricity, etc., etc..

    You can do anything you are told to do on the network.

    In fact, as long as they post a sign telling you about it, they can legally put cameras in the restrooms.

    +
    0 Votes
    cmatthews

    ..there bud, that's close to the edge.. Are you fishing?
    Suppose the boss comes by your cubical and slaps you in the side of the head.
    No sign posting squat can supersede the laws of nation, state or local by-laws. Find out what those laws are, because "I didn't know" holds no water with a judge.

    +
    0 Votes
    sanjith2091

    Guys i wud like to throw a question to you'll

    what if the admins sees an email of an employee while monitoring the network behavior... from the mails he gets to know that that employee is having some secret affairs with the boss's wife what should the system admin shud do??? say it to teh boss or keep his mouth shut?????

    +
    0 Votes
    CharlieSpencer

    If non-work e-mail is against company policy, the policy should state who is to be notified regarding non-work e-mails. In most places this is the Human Resources department or the employee's supervisor. Unless the content is illegal, it is not the admin's job to decide who to notify based on the content. If the policy doesn't state notifying the boss regarding non-work e-mail, then you should not notify him. As far as an admin is concerned, this is just another non-work e-mail, no different from a chain letter, PowerPoint joke, or baby photos. You cannot decide to notify someone personally affected by the content without violating professional ethics. Once you do, you'll never be trusted with payroll, personnel, or sensitive data again.

    It's possible you aren't required to notify anyone. In that case, I'd delete the e-mails as non-work messages and keep my mouth shut. You're dangerously close to crossing over from professional job performance to being a nosy gossip. Is this a 'real world' situation or are you just making up scenarios?

    +
    0 Votes
    RookieTech

    i completely agree with you Cmatthews cameras in the bathrooms never is, was, or ever will be legal if that was then you are going by some messed up and illegal terms. sorry man this would never work