Buy this book from

Here is a hypothetical ethical conundrum.

Let’s say your local computer organization (for brevity’s sake, let’s call it Alamo PC) has been getting lots of free books from an up-and-coming computer book publisher (let’s call them Syngress) to review in the club’s monthly magazine (let’s call it the PC Alamode.)

A particular reviewer (let’s call her Susan Ives) reviewed one of their books for the December issue (Let’s call it The Mezonic Agenda), liked it a lot, and gave it a rave review. She eagerly picked up another of their volumes (let’s call it the IT Ethics Handbook) anticipating another good read.

In her opinion, it stunk.

In the back of our reviewer’s mind is the concern that if she gives the book a bad review the publisher, in a fit of pique, could cut off the supply of free books and the organization would suffer: other reviewers may not have other, probably good, books to review and the readers of the magazine would never learn about these useful books. On the other hand, she feels an obligation to the members of her organization to give an honest evaluation of everything she reviews. There is also an unwritten code of conduct among reviewers: don’t sell out.

Our reviewer has several options, among them: 

1. Write an honest review, and suffer the possible consequences
2. Give the book a good – or at least inconclusive – review to keep the organization on the gravy train
3. Weasel out of the dilemma by returning the book and having someone else review it.

I decided to take the first option: write the bad review and accept the consequences, if there are any. I also would have felt comfortable with the third solution, of requesting that another reviewer look over the book, either instead of or in addition to my own review, to make sure that my impression is not off-base. The middle option – lying to suck up to a supplier – was a non-starter. It’s unethical because it’s dishonest, it betrays a professional code of conduct principles and it breaks an implicit contract between me and the readers who rely on the integrity of my reviews. We’ll turn back to this scenario later in this review.

The IT Ethics Handbook bills itself as “Your complete guide to right and wrong.” It falls far short of this goal.

The book is abominably written in a breezy style rife with grammatical errors and indifferent editing. One example: the word “service” is misspelled in the chapter 9 headings. It reads like a hastily compilation of e-mails, not like a professional handbook. Based on the writing style alone, I would have trouble recommending it to serious business people looking for answers to weighty ethical matters. It may be entertaining as a discussion-starter for a bunch of young technicians having a bull session at the local watering hole, but barely.

It’s biggest failing, though, is not in subject-verb agreement but rather in its failure to establish a generalized approach to ethical decision making; an overarching theory, if you will. Because it is missing this central core, it is a collection of unrelated – and often conflicting - scenarios.

It is apparent that the author has not had any formal training in ethics training or, if he has had it, failed to share this knowledge with his readers. Applied ethics is a formal and serious discipline, just as computer science is a formal and serious discipline and to gloss over the basics is doing readers a gross disservice.

The closest the book comes to providing basic tools for ethical decision-making is in furnishing “conservative” and “liberal” approaches to the scenarios described, categorizations that have no meaning in applied ethics and are, in some instances quite bizarre. As close as I can figure out, the “conservative” viewpoint is a strict application of ethical principles, based on a combination of unspecified ethical principles, business customs and the law. The “liberal” interpretation is “as long as you don’t get caught and you can live with yourself, why not? “ The two competing approaches are discussed in a summary, where the author provide his take on the issue.

Let’s look at one example.

The scenario: you are hired as an independent auditor to examine a company’s computer system and assess its vulnerability to outside attacks. You find flaws. You have a friend who has developed software that will fix the problems; if the company buys the software, you will get a referral fee.

The dilemma: are you ethically obligated to disclose to the company that hired you that you get a kickback on the recommended software?

The “conservative” view, which I would endorse, is that in order to retain impartiality an independent auditor should never personally gain from the implementation of an audit. The “liberal” view is that as long as the software will solve the problem, there’s nothing wrong with getting a referral fee and no reason to inform your employer.

The books cops out by claiming that this is a matter of “personal ethics.” It offers no guidance, makes no recommendations, cites no laws, professional standards or customary practices. The purpose of a book like this should be prescriptive - providing information and guidance to help the reader grow in their ethical decision-making skills – rather than merely descriptive – listing the broad array of moral choices without injecting any moral evaluation.

The auditing example is especially disturbing as auditors often perform legally defined services, such as examining a sensitive government system for security, assessing compatibility of systems prior to a merger or looking at medical or accounting systems for compliance with government regulations.

If you don’t believe me, one of the main factors leading to the fall of Enron was the auditing firm Arthur Anderson’s co-mingling their auditing and consultant functions.

Examples like this are rampant throughout the book:

-- Your company has some old technology that it can’t use any more. Is it OK for you to sell it and pocket the money, without informing management? The book’s response: if there’s no company policy, it’s your call. No its not: it’s stealing. -- Your boss asks you to fudge some of the financial data on a marketing report. Should you do it? The book’s response: it is dangerous to actually alter data – that’s a matter of the law and your (ill-defined, says I) personal ethics but there’s no problem in leaving out questionable data. I call it lying.

Then there is the answer to my ethical dilemma of the bad review. In their example, the software developer is also one of the magazine’s major advertisers. The book recommends (and I quote exactly here, so you can get a sense of the appalling grammar):

“Business is a very complicated matter and sometimes you have to bend the rules to stay in the game. Try not to inform the public to the best of your ability when writing positive product reviews for poor vendor solutions. There is always a way to communicate the truth without sounding negative, such as damning them with faint praise. Aspire to the highest possible ethic here, to be thought a leader requires the trust and respect of the public.”

I think that what the authors are saying is that sucking up is an ethical business practice. It’s not.

After slamming the author’s grasp of the central topic it seems petty to criticize it on other fronts, but another beef I have with the book is it’s mixing of ethical issues with other problems, such as legal disputes, office politics and even technological issues. For example, what is the best way to stop pop-up ads on the internet? How do you deal with a boss who imposes impossible deadlines? Should you interrupt you supervisor to ask an important question?

These are not ethical issues. Ethics involves choices between competing human values. It trivializes important ethical quandaries to lump them in with other issues that, while important, do not involve ethics.

On the plus side, the author has an exceptionally broad understanding of the ethical dilemmas confronted by programmers, IT administrators and consultants. His examples aren’t high-level issues like privacy and hacking but rather the everyday ethical problems that the average working stiff is likely to encounter. If he had teamed with a trained ethicist, this could be the best book in the market. As it stands, it is one of the worst.

I did a quick search of Amazon and found several books that appear to be better, in that they combine the anecdotal, case study method with a solid grounding in ethical theory.

Morality and Machines: Perspectives on Computer Ethics (Jones and Bartlett Series in Philosophy) by Stacey L. Edgar (1997)

Buy this book from

Computer Ethics and Professional Responsibility: Introductory Text and Readings by Terrell Ward Bynum, Simon Rogerson (Blackwell, 2003)

Buy this book from

Case Studies in Information and Computer Ethics by Richard A. Spinello (Prentice Hall, 1996)

Buy this book from