Ten Commandments for Computer Ethics

1. Thou shalt not use a computer to harm other people.

This one is pretty universal and I doubt many people would
argue against it. Okay, well maybe the military and certain
government agencies. Hmmm... on second thought this one
falls apart pretty fast when you consider things like national
security, or even corporate security (monitoring users heavily
could result in a user being "harmed", for example they may be
fired for inappropriate use of the network).

2. Thou shalt not interfere with other people's computer work.

This one sounds good, but interfering is a rather vague term.

3. Thou shalt not snoop around in other people's files.

This one means well but is (in my opinion) unfeasible in most
corporate/government environments. If you work for a
company then anything you create is generally the property of
that company (even things you do outside of company hours,
you might want to re-read your contract). As an administrator
you may be tasked with searching user files for non-work files,
such as updated resumes, personal correspondence,
unauthorized copies of company data files, and so on.

4. Thou shalt not use a computer to steal.

Again most people will have no problem with this except for
military and government agencies. I think it would be perfectly
acceptable to break into a terrorists computer network and
snoop data on upcoming attacks, undercover members, and so
forth.

5. Thou shalt not use a computer to bear false witness.

Ditto for the above, and the term "bear false witness" is
incredibly vague. I assume it means a combination of: not
altering log files, not creating incriminating files, not hiding
people identities.

6. Thou shalt not copy or use proprietary software for which you have not
paid.

This one is covered by copyright laws such as UCITA and the
DMCA, which many people abhor (primarily for the rights it
strips from consumers), however the usage or copying of
software illegally is generally frowned upon by most
organizations.

7. Thou shalt not use other people's computer resources without
authorization or proper compensation.

I agree with the first part of this, however the "or proper
compensation", is it okay for me to walk into a building, use a
computer at a company and then leave a quarter (or
whatever) for the use? I'd change that "or" to "and".

8. Thou shalt not appropriate other people's intellectual output.

Again this is covered by copyright laws, and there are notable
exceptions (like monitoring illegal use). Also there are many
software licenses (and information licenses) such as the GNU
class of licenses and the Open Content and publishing licenses
that explicitly allow for appropriating others intellectual output.

9. Thou shalt think about the social consequences of the program you
write or the system you design.

There are some consequences that can be foreseen, and many
that cannot without spending a ridiculous amount of effort. As
well the entire landscape of computing is constantly changing,
something may have "bad" consequences which are quickly
negated by a new technology. Who could have predicted that
the Internet would fundamentally change society in so many
ways in such a short time?

10. Thou shalt use a computer in ways that show consideration and
respect for your fellow humans.

Does this mean I cannot look at pornography on my computer?
Many people (and communities of people) have hugely varying
standards on what is acceptable.

Clearly these 10 commandments for computer ethics leave a lot to be
issued. However they can form as a rough outline for a set of computer
ethics for your company or organization. A superb example of this would be
"The University of Georgia Computer Security and Ethics" pages (URL
below). They are very well thought out, presented clearly (in normal
speak, not legal speak). Not only do they present the guidelines and rules,
but they give good examples, to help users understand them, a policy
document is useless if people do not read and understand it. I suggest you
download, print it out and show it to management if you do not have one.

Hopefully if you do not have a policy you are now thinking about one. In
the following articles I will be interviewing several notable information and
computer security professionals, with questions and example scenarios, to
get their feedback.

Kurt Seifried (seifried@securityportal.com) is a security analyst and the
author of the "Linux Administrators Security Guide", a source of natural
fiber and Linux security, part of a complete breakfast.