What do you think?
Rate this book
Ethics in Information Technology
Ethics in Information Technology, Second Edition is a highly anticipated revision offering updated and newsworthy coverage of issues such as file sharing, infringement of intellectual property, security risks, Internet crime, identity theft, employee surveillance, privacy, and compliance. This book offers an excellent foundation in ethical decision-making for current and future business managers and IT professionals.
368 pages, Paperback
First published November 1, 2002
10 people are currently reading
202 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 12 of 12 reviews
August 6, 2022
A far more precise title for this book would have been An Introduction to US legislation on Information Technology. There is little specifically on ethics in the book and most of it is in its short, excellent appendix A Brief Introduction to Morality written by Clancy Martin -unfortunately unrelated to the rest of the book. As a matter of fact, Reynolds very incorrectly defines ethics as:
In spite of this terrible shortcoming, it is an excellent textbook for a second information systems or IT course mainly for its coverage of, mainly US, legal constraints on IT workers and users circa 2017.
The first chapter also includes an introduction to ethics in the business world. The author considers that several trends "...have increased the likelihood of unethical behavior:
Chapter 2, Ethics for IT Workers and IT Users focuses on relations between employees, suppliers, customers and regulators and thus treats topics such as internal controls, bribery -looking closely at The Foreign Corrupt Practices Act (FCPA)-, software piracy, inappropriate use of IT resources, inappropriate sharing or use of information and professional codes of ethics for IT professionals, compliance -with special mention of U.S. Department of Defense’s Design Criteria Standard for Electronic Management Software ( DoD5015), the Sarbanes–Oxley Act of 2002, the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the California Online Privacy Protection Act of 2003- and the use of audit committees. Many of these topics are dealt in more detail in later chapters.
The next chapter is a layman's introduction to Cyberattacks and Cybersecurity and thus provides brief explanations of basic concepts and topics such as exploits, black hat hacker,
cracker, malicious insider, industrial spy, cybercriminal, hacktivist, cyberterrorists, ransomware, viruses, worms, Trojan horses, logic bombs, blended threats, spam, DDoS attacks, rootkits, phishing, spear phishing, smishing, vishing, cyberespionage, cyberterrorism, recommended safeguards and responses to cyberattacks, including security dashboards, firewalls, routers, encryption, proxy servers and vpns, intrusion detection systems, authentication measures, antivirus systems. And computer forensics As usual Reynolds pays particular attention to the US legal framework for this area i.e. Computer Fraud and Abuse Act, the Fraud and Related Activity in Connection with Access Devices Statute, the Stored Wire and Electronic Communications and Transactional Records Access Statutes, and the USA Patriot Act. Table 3.4 provides a list of additional standards organizations may have to meet, such as the Bank Secrecy Act(Public Law 91-507) and its amendments, the European Union—United States Privacy Shield, the Federal Information Security Management Act (44 U.S.C.§ 3541, et seq.), the Gramm-Leach-Bliley Act (Public Law 106-102), and the Payment Card Industry Data Security Standard (PCI DSS).
Privacy, freedom of expression and intellectual property are treated in chapters 4 through 6. Table 4.1 provides an interesting list of public and corporate systems that gather data about individuals.Particular care is taken in all these chapters to present the legal framework including key court cases for these topics. Chapter 5, on freedom of expression takes a broad view of the topic and includes sections on protection for children, pornography and fake news. They are all chapters worth reading carefully.
Chapter 7 covers Ethical Decisions in Software Development, focusing specifically on data quality and providing elements to help define a key ethical question which is how much effort should be dedicated to ensuring data and software quality and including as part of the relevant legal framework issues such as software product liability and (very briefly) the ISO 9001 family of standards. A substantial part of the chapter covers basic technical aspects of software engineering which is useful only for students unfamiliar with very basic concepts and techniques for system and softwar analysis, design, and testing. IN y opinion this one of the weaker chapters of the book, in spite of its inclusion of the fascinating case study of the development of the F-35 joint strike aircraft. However the second case included for discussion, which is on autonomous vehicles is, in my opinion, very unsatisfactory and shallow.
Chapter 8, The Impact of Information Technology on Society, is divided into three parts:
Chapter 9 (Social Media) presents an overview of the business importance of social media with particular attention to marketing, recruiting and hiring, customer service, and social shopping platforms. It then treats legal and ethical issues in a section which focuses on online abuse, harassment, cyberstalking, cyberbullying, encounters with sexual predators and the uploading of inappropriate material and the participation of employees in social networking, and briefly mentions additional issues such as the increased risk of accidents associated with social media interaction while driving, the (hotly contested) tendency of many social media users to become narcissist in their postings, and the ability to perform self-image manipulation. Table 9.6 provides a list of federal laws that address cyberstalking, table 9.5 provides a list of resources on preventing or helping to deal with cyberabuse, and Reynolds includes an interesting discussion on past attempts and the current state (2017) of legislation in the USA pertaining to sex offenders.
In chapter 10, Ethics of IT Organizations, Reynolds goes a little more deeply into employment, providing interesting developments in part-time, temporary and independent contractor hiring that eventually led to the IT-enables gig economy, offshore and non-offshore outsourcing. Reynolds take on this subject is focused on the importance of being careful that non-full employment hiring be carried out in such a way as to prevent lawsuits and court mandated sentences to provide full employment and compensation packages to workers originally hired as part-time or temporary workers or as indpendent contractors. However the possible ethical implications of jobs carried out as part of gig-enabling platforms are not covered at all, except for some observations on the possible impact of non-full employment jobs on wages. The chapter includes a section on whistle-blowing which is well worth reading carefully, as usual Reynolds pays particular attention to the legal safeguards whistle-blowers may or may not have access to in the USA -it makes for fascinating reading. Finally the chapter ends with a somewhat cursory section on green computing, which I consider should be enriched and extended in future editions.
Also missing from the book are sections on technology assessment and responsible innovation.
I consider this to be a necessary and important book for IT and Information Systems professionals or even managers who have stakeholder responsibilities for IT use, management or development. I fell it works best for a second course on Information Systems or IT management, once the more technical aspects of IT evaluation, adquisition, use, development and maintenance are covered. The legal complexities that have arisen in order to attempt to prevent, contain, control or punish IT abuse must be tackled head on, and Reynolds does a fine job at this, within the USA context and thus makes the European Union's framework a fascinating complement and contrast. Many countries have developed their own legal frameworks for IT which can also be profitably compared to the US's efforts in the area. Even though I have a high regard for most of this book, I still consider that it lacks satisfactory coverage of the ethics of information systems and IT, which is why I consider that either its title ought to be corrected as some point in the future or it should be greatly expanded (possibly to two volumes) in order to actually present the fascinating, important and extremely timely facets of cyberethics.
Ethics is a code of behavior that is defined by the group to which an individual belongs.According to this definition, a dress code or rules of etiquette would be ethics.
In spite of this terrible shortcoming, it is an excellent textbook for a second information systems or IT course mainly for its coverage of, mainly US, legal constraints on IT workers and users circa 2017.
The first chapter also includes an introduction to ethics in the business world. The author considers that several trends "...have increased the likelihood of unethical behavior:
First, for many organizations, greater globalization has created a much more complex work environmentIf businesses rely on such relativistic and incomplete definition of ethics as the one introduced by Reynolds, the very idea of consistent application of ethics becomes moot and impossible to solve -does consistency mean applying the ethics of each region, country or group of employees/managers, that of the company, or that of the region where the company's headquarters are located? Or does it mean applying the same ethical principles to all its stakeholder groups? Is working 90 overtime hours per month ethical by Chinese ethical standards - or simply is it legal but unethical by those same standards? Or, since China is member of the International Labor Organization, is it both illegal and unethical? Further complications arise from the fact that the Pegatron factory referred to is in Shanghai (mainland China), Pegatron is a company whose main headquarters are in Taiwan and was an Apple subcontractor. According to Wikipedia:
that spans diverse cultures and societies, making it more difficult to apply principles and codes of ethics consistently. Numerous U.S. companies have moved operations to developing countries, where employees or contractors work in conditions that would not be acceptable in the most developed parts of the world. For example, it was reported in 2016 that employees of the Pegatron factory in China, where the Apple iPhone is produced, are often forced to work excessive amounts of overtime—up to 90 overtime hours per month—while their overall wages have been cut from $1.85 to $1.60 per hour.
In December 2014, a BBC investigation exposed poor working conditions and employee mistreatment at Pegatron factories making Apple products near Shanghai. It found staff being forced to work eighteen days in a row without any days off, workers falling asleep on the production line during shifts lasting between 12 and 16 hours, forced overtime, and a cramped dormitory room which twelve workers were forced to share.Reynolds continues:
In August 2016, China Labor Watch published a report which stated that working conditions had not improved since 2014. The average worker at Pegatron's Shanghai factory works 80 hours of overtime a month. Over 62% of workers worked more than 100 overtime hours in March 2016. Workers are required to perform up to 1 hour a day of unpaid overwork. 64% of its maintenance department interns are overworked. At the same time, over 96% of Pegatron workers are only making minimum wage, well below Shanghai's average income despite the extra overtime hours they put in.
In November 2020, Apple discovered that Pegatron was using student workers in factories in mainland China. Due to this, Apple suspended their business with Pegatron and stated that they would not grant the company any new business until this practice was ceased.
In December 2020, Pegatron's Shanghai subsidiary Pegaer Technology (Shanghai) Co., Ltd. broke out in labor disputes. Thousands of people gathered to ask for salaries. In response, the factory director led the beatings of the people who had gathered, and many police officers came to the scene to suppress it. Some people were beaten to the ground, and many of their fates remain unknown. More than ten people were arrested, triggering a rights defense incident.
Second, in today’s challenging and uncertain economic climate, many organizations are finding it more difficult to maintain revenue and profits. Some organizations are sorely tempted to resort to unethical behavior to maintain profits. Tesco, Britain’s largest supermarket chain, admitted its first half-year of profits for 2013 were overstated by $400 million. Fiat Chrysler Automobiles admitted its U.S. auto sales were overstated by hundreds of cars each month starting as far back as 2011.The books tends to somewhat gloss over or excuse unethical or illegal behavior in the face of profits -note that the Tesco and Fiat Chryslers actions appear to be both illegal and unethical. There is no mention for example of the triple bottom line practice introduced by several of the most ethical companies, which takes into account not only its financial results but also its social impacts and ethical behavior. The author seems far more intent on spelling out what is actually illegal and what the risks incurring in illegality entail than what is ethical and unethical to the point where the ethics appears to be limited to whether it is worth risking falling afoul of the law. In this sense, note how in the following paragraph, most, if not all, the examples are probably illegal and the main worry appears to focus on "financial loss" and possible incarceration:
Employees, shareholders, and regulatory agencies are increasingly sensitive to violations of accounting standards, failures to disclose substantial changes in business conditions, nonconformance with required health and safety practices, and production of unsafe or substandard products. Such heightened vigilance raises the risk of financial loss for businesses that do not foster ethical practices or that run afoul of required standards. There is also a risk of criminal and civil lawsuits resulting in fines and/or incarceration for individuals.To be fair, part of the chapter also covers corporate social responsibility and provides some ideas on how organizations can improve their ethics -it is a pity thse topics are not carried through or applied more in the rest of the textbook. Reynolds also claims to provide a simple ethical decision making model. The decision making process consists of five very abstract stereotypical steps:
(1) define the problem, (2) identify alternatives, (3) choose an alternative, (4) implement the decision, and (5) monitor the results. Ethical considerations are injected into the model [...by] identifying and involving the stakeholders; weighing various laws, guidelines, and principles—including the organization’s code of ethics—that may apply; and considering the impact of the decision on you, your organization, stakeholders, your customers and suppliers, and the environment.In many of his discussion questions, Reynolds recommends the reader to apply this model to very interesting cases, which is commendable but insufficient in terms of more sophisticated value-driven or value based design methodologies, which certainly deserve some coverage in the book.
Chapter 2, Ethics for IT Workers and IT Users focuses on relations between employees, suppliers, customers and regulators and thus treats topics such as internal controls, bribery -looking closely at The Foreign Corrupt Practices Act (FCPA)-, software piracy, inappropriate use of IT resources, inappropriate sharing or use of information and professional codes of ethics for IT professionals, compliance -with special mention of U.S. Department of Defense’s Design Criteria Standard for Electronic Management Software ( DoD5015), the Sarbanes–Oxley Act of 2002, the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the California Online Privacy Protection Act of 2003- and the use of audit committees. Many of these topics are dealt in more detail in later chapters.
The next chapter is a layman's introduction to Cyberattacks and Cybersecurity and thus provides brief explanations of basic concepts and topics such as exploits, black hat hacker,
cracker, malicious insider, industrial spy, cybercriminal, hacktivist, cyberterrorists, ransomware, viruses, worms, Trojan horses, logic bombs, blended threats, spam, DDoS attacks, rootkits, phishing, spear phishing, smishing, vishing, cyberespionage, cyberterrorism, recommended safeguards and responses to cyberattacks, including security dashboards, firewalls, routers, encryption, proxy servers and vpns, intrusion detection systems, authentication measures, antivirus systems. And computer forensics As usual Reynolds pays particular attention to the US legal framework for this area i.e. Computer Fraud and Abuse Act, the Fraud and Related Activity in Connection with Access Devices Statute, the Stored Wire and Electronic Communications and Transactional Records Access Statutes, and the USA Patriot Act. Table 3.4 provides a list of additional standards organizations may have to meet, such as the Bank Secrecy Act(Public Law 91-507) and its amendments, the European Union—United States Privacy Shield, the Federal Information Security Management Act (44 U.S.C.§ 3541, et seq.), the Gramm-Leach-Bliley Act (Public Law 106-102), and the Payment Card Industry Data Security Standard (PCI DSS).
Privacy, freedom of expression and intellectual property are treated in chapters 4 through 6. Table 4.1 provides an interesting list of public and corporate systems that gather data about individuals.Particular care is taken in all these chapters to present the legal framework including key court cases for these topics. Chapter 5, on freedom of expression takes a broad view of the topic and includes sections on protection for children, pornography and fake news. They are all chapters worth reading carefully.
Chapter 7 covers Ethical Decisions in Software Development, focusing specifically on data quality and providing elements to help define a key ethical question which is how much effort should be dedicated to ensuring data and software quality and including as part of the relevant legal framework issues such as software product liability and (very briefly) the ISO 9001 family of standards. A substantial part of the chapter covers basic technical aspects of software engineering which is useful only for students unfamiliar with very basic concepts and techniques for system and softwar analysis, design, and testing. IN y opinion this one of the weaker chapters of the book, in spite of its inclusion of the fascinating case study of the development of the F-35 joint strike aircraft. However the second case included for discussion, which is on autonomous vehicles is, in my opinion, very unsatisfactory and shallow.
Chapter 8, The Impact of Information Technology on Society, is divided into three parts:
1. The impact of IT on the standard of living and productivity in the US, particularly on workplace automation;In spite of some interesting statistics Reynolds quotes, the first two parts of this chapter are very shallow, techno-optimist narratives. However, chapter 10 includes an important section which delves more deeply into IT and the gig economy. The third part of chapter 8 is far more interesting and looks at topics such as the annual increase in healthcare costs, the promises, dangers and disappointments of electronic patient medical records, clinical decision support systems, computerized provider order entry (CPOE), telemedicine and, in a critical thinking exercise, automated (AI) clinicians. Ethical problems and discussions are rife in the three areas of this chapter but, disappontingly, Reynolds does not go into them, except in the critcal thinking exercise and the two cases, one on the failed attempt to use the IBM Watson system to help make cancer diagnosis and suggest treatments and the other on precision medicine (Sophia Genetics) -however the student is very much left on his own to apply the fuzzy “ethical decision making process” suggested in the first chapter. Again, in my strong opinion, a value-based or value-sensitive framework would be required to tackle the richness and complexity of information and decision support system in healthcare.
2. The impact of AI, robotics and natural language processing on workplace automation;
3. The impact of IT on healthcare.
Chapter 9 (Social Media) presents an overview of the business importance of social media with particular attention to marketing, recruiting and hiring, customer service, and social shopping platforms. It then treats legal and ethical issues in a section which focuses on online abuse, harassment, cyberstalking, cyberbullying, encounters with sexual predators and the uploading of inappropriate material and the participation of employees in social networking, and briefly mentions additional issues such as the increased risk of accidents associated with social media interaction while driving, the (hotly contested) tendency of many social media users to become narcissist in their postings, and the ability to perform self-image manipulation. Table 9.6 provides a list of federal laws that address cyberstalking, table 9.5 provides a list of resources on preventing or helping to deal with cyberabuse, and Reynolds includes an interesting discussion on past attempts and the current state (2017) of legislation in the USA pertaining to sex offenders.
In chapter 10, Ethics of IT Organizations, Reynolds goes a little more deeply into employment, providing interesting developments in part-time, temporary and independent contractor hiring that eventually led to the IT-enables gig economy, offshore and non-offshore outsourcing. Reynolds take on this subject is focused on the importance of being careful that non-full employment hiring be carried out in such a way as to prevent lawsuits and court mandated sentences to provide full employment and compensation packages to workers originally hired as part-time or temporary workers or as indpendent contractors. However the possible ethical implications of jobs carried out as part of gig-enabling platforms are not covered at all, except for some observations on the possible impact of non-full employment jobs on wages. The chapter includes a section on whistle-blowing which is well worth reading carefully, as usual Reynolds pays particular attention to the legal safeguards whistle-blowers may or may not have access to in the USA -it makes for fascinating reading. Finally the chapter ends with a somewhat cursory section on green computing, which I consider should be enriched and extended in future editions.
Also missing from the book are sections on technology assessment and responsible innovation.
I consider this to be a necessary and important book for IT and Information Systems professionals or even managers who have stakeholder responsibilities for IT use, management or development. I fell it works best for a second course on Information Systems or IT management, once the more technical aspects of IT evaluation, adquisition, use, development and maintenance are covered. The legal complexities that have arisen in order to attempt to prevent, contain, control or punish IT abuse must be tackled head on, and Reynolds does a fine job at this, within the USA context and thus makes the European Union's framework a fascinating complement and contrast. Many countries have developed their own legal frameworks for IT which can also be profitably compared to the US's efforts in the area. Even though I have a high regard for most of this book, I still consider that it lacks satisfactory coverage of the ethics of information systems and IT, which is why I consider that either its title ought to be corrected as some point in the future or it should be greatly expanded (possibly to two volumes) in order to actually present the fascinating, important and extremely timely facets of cyberethics.
Read
August 11, 2025School
October 6, 2012
A good coverage of concepts for information technology administrators, computer programmers, And software and web providers and users. Issues such as intellectual property, handling and protection of private information, security breeches, and freedom of speech online are thoroughly discussed with examples.
January 18, 2019
Informative and thorough, this textbook touches on a lot of important and relevant issues. I found that it didn't spend enough time on open-source and its benefits and many sections were a bit bland. Overall, it was an engaging textbook, but given the topic, I was hoping for more philosophy and less technical definitions.
December 14, 2017
Of most of the technology books I have read this is the best. The explanations are interesting and information relevant. I read every chapter for class and think this was a good choice.
August 15, 2018
Relevant now more than ever.
December 17, 2012
Appendix A is good. The rest is meh.... I think I'd rather have my students read a short work on the philosophy of ethics and then have a book that just teaches applicable legislation (which this book does OK with, but with a lot of unnecessary fluff in between).
December 6, 2014
Read this for class and thought it covered all the issues pretty decently. I didn't know there was that much to IT ethics.
March 22, 2015
i want to read it
George W. Reynolds
George W. Reynolds
May 20, 2016
Many of it's contents are very specific to the USA law context but overall it's a good introduction to the topic of Ethics in IT
March 6, 2016
as far as school text books go, this was one of the more interesting that I've had to read.
Read
November 22, 2017How cheap am I that I count my school text books toward my reading challenge
Displaying 1 - 12 of 12 reviews