Ten Commandments for Computer Ethics 1. Thou shalt not use a computer to harm other people. This one is pretty universal and I doubt many people would argue against it. Okay, well maybe the military and certain government agencies. Hmmm... on second thought this one falls apart pretty fast when you consider things like national security, or even corporate security (monitoring users heavily could result in a user being "harmed", for example they may be fired for inappropriate use of the network). 2. Thou shalt not interfere with other people's computer work. This one sounds good, but interfering is a rather vague term. 3. Thou shalt not snoop around in other people's files. This one means well but is (in my opinion) unfeasible in most corporate/government environments. If you work for a company then anything you create is generally the property of that company (even things you do outside of company hours, you might want to re-read your contract). As an administrator you may be tasked with searching user files for non-work files, such as updated resumes, personal correspondence, unauthorized copies of company data files, and so on. 4. Thou shalt not use a computer to steal. Again most people will have no problem with this except for military and government agencies. I think it would be perfectly acceptable to break into a terrorists computer network and snoop data on upcoming attacks, undercover members, and so forth. 5. Thou shalt not use a computer to bear false witness. Ditto for the above, and the term "bear false witness" is incredibly vague. I assume it means a combination of: not altering log files, not creating incriminating files, not hiding people identities. 6. Thou shalt not copy or use proprietary software for which you have not paid. This one is covered by copyright laws such as UCITA and the DMCA, which many people abhor (primarily for the rights it strips from consumers), however the usage or copying of software illegally is generally frowned upon by most organizations. 7. Thou shalt not use other people's computer resources without authorization or proper compensation. I agree with the first part of this, however the "or proper compensation", is it okay for me to walk into a building, use a computer at a company and then leave a quarter (or whatever) for the use? I'd change that "or" to "and". 8. Thou shalt not appropriate other people's intellectual output. Again this is covered by copyright laws, and there are notable exceptions (like monitoring illegal use). Also there are many software licenses (and information licenses) such as the GNU class of licenses and the Open Content and publishing licenses that explicitly allow for appropriating others intellectual output. 9. Thou shalt think about the social consequences of the program you write or the system you design. There are some consequences that can be foreseen, and many that cannot without spending a ridiculous amount of effort. As well the entire landscape of computing is constantly changing, something may have "bad" consequences which are quickly negated by a new technology. Who could have predicted that the Internet would fundamentally change society in so many ways in such a short time? 10. Thou shalt use a computer in ways that show consideration and respect for your fellow humans. Does this mean I cannot look at pornography on my computer? Many people (and communities of people) have hugely varying standards on what is acceptable. Clearly these 10 commandments for computer ethics leave a lot to be issued. However they can form as a rough outline for a set of computer ethics for your company or organization. A superb example of this would be "The University of Georgia Computer Security and Ethics" pages (URL below). They are very well thought out, presented clearly (in normal speak, not legal speak). Not only do they present the guidelines and rules, but they give good examples, to help users understand them, a policy document is useless if people do not read and understand it. I suggest you download, print it out and show it to management if you do not have one. Hopefully if you do not have a policy you are now thinking about one. In the following articles I will be interviewing several notable information and computer security professionals, with questions and example scenarios, to get their feedback. Kurt Seifried (seifried@securityportal.com) is a security analyst and the author of the "Linux Administrators Security Guide", a source of natural fiber and Linux security, part of a complete breakfast. Related links: http://www.securityportal.com/cover/coverstory20000529.html - Acceptable use policies http://www.brook.edu/its/cei/cei_hp.htm - Brookings Institute http://www.uga.edu/compsec/ - The University of Georgia Computer Security and Ethics