Web Industry – Lack of Ethics and Morals

Jan
22
2010

Ethics and morals should be a big thing in our industry, and yet I’m beginning to think that some people have forgotten all about them recently.

I’ll tell you a story.

We have been working with a development company, who support a various range of their own products. Products that one of our clients use.   Straight forward, when we have issues with their product we email their support line. The other day we discover that the client’s site was down, we trace the issue back to badly written script injection hack. Easy to fix.

This doesn’t normally happen often, but it does occur from time to time. Usually it’s a attack on the hosts server.

So immediately I began the process of isolating the cleaning the site.  No major issue.  Having daily backups of all our clients sites does help.

When the site was operational and all passwords have been changed I began the process of determine how this all happened.   Seems a vendor support password had been activated once a few hours before and a file uploaded then deleted.  Same time the site failed.

I contact the said support vendor.   Only when presented with evidence of the compromised systems (via the FTP and PHP log)  did they admit to the issue.   No assurance of the issue not happening again, no statement that they have changed their security procedures.  At least they said sorry, cold comfort really.

Now as a support company surely they have an obligation, if only from an ethical view point to inform their clients that their passwords have been compromised as soon as they are aware of the issue.  This would at least allow their client to vigilant and reset  any system passwords or the like.

It appears in this case, that the client (my client) was on their own, we have to discover the issue and work it out for ourselves.  Despite the fact that the issue is clearly their fault.   I know there are legal issues here, but putting those aside, there is the moral issue as well.

Trust and Obligation

If you consider that we have an extreme sense of trust with our clients.  After all we have a guardianship to look after their web.   We can control their information resources, the presentation and branding for their organisation online.   There is a distinct duty of care that we have with each client.

Besides the various legislative requirements of the privacy and client information, do we have an ethical obligation to look after a clients data?  Should we tell them when things go wrong that are under our control?   Should we be 100% honest with our clients and work  with them all the time.   Or should we just deliver our service and leave it at that.   Should we just play the deny everything game, until we are presented with evidence in an effort avoid any legal implications.

It may seem like a clear issue.

However, if you don’t tell your client,  this gives your  client the impression that you are just in it for  the money and aren’t interested in them in the longer term.  On the flip side  if you do tell your client of the issue they may perceive you as incompetent, in that you let it happen in the first place.  In a way your are damned both ways.

Still personally I have found that being 100% and up front is the way to go.   Clients will respect you for this.

Other Issues of Ethics.

Our industry is just full of moral choices.  Not just this duty of care and information guardianship.

As a User Experience Designer I know that I can use my skills to leverage the psychology of  design and in fact I can influence customers, leading or tempting them to buy goods that they  don’t really need.   Now just because I can do this, does that mean I should.  I can make a lot more money doing this, should I?

This also extends to what industries you will work with.   From my view I don’t work with the gambling industry, religious groups and businesses that use high pressure sales tactics at any cost.

It could be said that we just have to provide our services and that’s it.  All this duty of care  and information guardianship is just a load of rubbish.  It’s not like it’s in the contract or written anywhere.

This is true, to a degree.  Maybe an industry code of conduct wouldn’t go a miss for our industry.  Mind you I have yet to see any of the fledgling web industry associations move in that direction.

Still till that happens, we all have to make our own personal choices on these issues.

The burning question is what would have you done in the case above, not told your clients?   Also where do you draw the line, what type of work would you not take on?

Tags: , , , , , ,

6 comments

  1. Too much to comment, had to have a little rant…

    🙂

  2. A code of conduct would be a start, at least.

  3. A code of conduct would have to focus on industry-specific situations rather than broad moral questions. The principles of the situation you describe, Gary, could occur in many lines of work – it's about taking personal responsibility for a professional failing.That's not to say we shouldn't have a web industry code of conduct, just that it most likely wouldn't be useful in addressing that scenario. Someone who isn't comfortable with exposing a professional failing isn't going to be more so because their industry has a code of conduct.There's at least one situation I can think of where a commercial web services provider carries the imprimatur of a code of conduct – and the endorsement of a statutory authority with very specific, legislated conditions – and simply contravenes the terms of its own code of conduct at will.It's also important to take circumstances into account. Any questioning of someone else's conduct on moral or ethical grounds has to follow the highest principles, including giving them the right to explain under fair conditions.I think we probably will develop an industry-specific code of conduct. It may grow to be significant enough that all industry members commit to it as a matter of course. But we will still "have to make our own personal choices on these issues".

  4. I am aiming (whenever possible) to develop long term mutually beneficial partnerships with clients. It is much easier to retain a client than find new clients, after all. Happy clients are often your best sales people too! After over 20 years in IT, I have found clients can cope with just about any calamity if you do your best, keep them informed and are totally honest. I suspect folks that can’t be honest are only in it to make a quick buck!

  5. Very interesting article, Gary. I’ve always been intrigued and wonder how some sort of ‘Code of Conduct’ would ever go, and if any association would be able to execute it successfully.

  6. Thanks for the comments people. They are very welcome.

    @ricky – I agree that you are always going to get the cowboy element of any industry. But at least a CoC would allow the general public to see that the members of various professional organisations have sometype of moral and ethical line in the sand.

    @neil – This is what I have found too, it you approach it the right way the do things professionally most clients can deal with.

    @ben – Yes I’m very interested to see how it would go as well. The execution and getting the members to accept it would be the hard part. As well as ensuring it didn’t become too generic, otherwise it’s just a pretty corporate document that says nothing.

Comments are now closed, move along, nothing to see here.