The Ethical Attitudes of Information Technology ...

8 downloads 1047 Views 347KB Size Report
Another study on 726 US workers, by Information Security Magazine in 1998, also .... The highest mean (4.67) is for statement 11: “It is acceptable for me to use ...
The Ethical Attitudes of Information Technology Professionals: A Comparative Study between the USA and the Middle East Luay Tahat1, Mohammad E. Elian1, Nabeel Sawalha1, Fuad N. Al-Shaikh2, 1 Gulf University for Science and Technology, State of Kuwait 2 Yarmouk University, Jordan

Abstract This paper aims at investigating comparatively the ethical orientation of information technology (IT) professionals in the Middle East and the United States. It tests for attitudes toward and awareness of ethically-related issues, namely intellectual property, privacy and other general ethical IT aspects. In addition, through a comparison between the two regions, this paper intends to examine whether differences in IT professional demographics and characteristics, including gender and academic level, have any impact on attitudes to business ethics. A t-test is used to establish significant differences between the targeted samples, while an ANOVA F-test is conducted to determine significant differences among the sample countries on a group basis. The results show a general awareness of ethical issues concerning information technology, and no significant differences are found between the two samples. However, different ethical attitudes are reported among respondents in terms of their reactions to the targeted IT ethical aspects. On an individual sample basis, the results about gender support the claim that male and female respondents are different, while mixed results are revealed for the influence of academic level on attitudes towards IT ethics. For intellectual property, the results are significant regarding ethical attitude differences between MiddleEastern professionals and their counterparts in the US, while no significance differences are reported in terms of privacy. Keywords: Ethics, Attitudes, Culture, Information Technology, Privacy, Social Orientation, Intellectual Property 1.

Introduction

High-speed computer networks are transforming our world. Currently, more people than ever around the globe are collecting, handling and sharing important personal and organisational information at all levels. Specifically, business organisations today handle and manage tremendous amounts of information pertaining to a variety of business and non-business transactions, while information processing is available at one’s fingertips. However, whilst the flexibility of information technology (IT) offers many potential benefits to our society and its organisations, it has also raised serious concerns and ethical dilemmas that need to be addressed, mandating the necessity to question ethical behaviour in the IT context. We propose that this is crucial, given that the goal of information ethics is to integrate IT and human values, in order to advance and protect people’s interests rather than do harm. Exploring business ethics has been, and will continue to be, one of the most popular and hottest research topics, particularly in the IT professional context. From a strategic point of view, firms around the globe rely heavily on the IT industry, which indicates the impact of IT professionals on firms’ performance. IT professionals are in charge, in most cases, of the size and quality of information availability, which feeds into decisions made by policymakers. In addition, IT professionals internationally lack a code of ethics to assist in guiding their behaviour (Pearson et al. 1996). Given the significant implications of IT professionals handling enormous amounts of data that might be susceptible to misuse or being taken advantage of, it is highly important to shed some light on their ethical practices and attitudes toward these businesses. According to Moore (2005), information ethics investigates ethical issues arising from the development and application of information technologies. Furthermore, it provides a critical framework for considering moral issues concerning information privacy, intellectual property and security. As reported by Vitell (1992), about $1.5 billion of losses in sales of computer software are due to piracy. In addition, Computer World Magazine surveyed one thousand US IT users in 1998 and revealed that 45% of the respondents acknowledged being

involved in some unethical conduct, while 13% admitted to a very ethical misconduct (Computerworld 37). Another study on 726 US workers, by Information Security Magazine in 1998, also found that about 23% of the surveyed workers acknowledged entering into very unethical behaviours (Information Security 12). About 40% of personal computers installed worldwide run software that is pirated, and 80% of software programs in China are obtained illegally (Software Alliance 2009; Muncy and Vitell 1989). In these indicators, unethical forms of conduct range from surfing the net on company time, to software copying, the disclosure of private information and the modification or destroying of unauthorised data files. As a result of such unethical IT professional behaviour, Wood (2000) stated that the cost of software piracy in the US was on the rise, ranging between $ 1 and 2 billion, compared to $8-10 billion worldwide. On the other hand, Business Software Alliance indicated that over 50% of industry software was illegally pirated in 1996, while an estimate by Chan et al. (1998) stated that US software companies had lost over $322 million as a result of Chinese software piracy. In short, statistics on piracy in the software industry are extremely shocking. The above consequences of the unethical behaviour of IT professionals has called for a better awareness of an issue that seriously affects many industries and people’s lives, as well as highlighted the great need to develop standards and codes of conduct that govern practices in the IT industry (Brightman 1981; Heide & Hightower 1983; and Weber 1985). This study contributes to the related literature by addressing empirically and assessing IT professionals’ ethical and unethical conduct. More precisely, whereas the ethical IT issues are so complex and varied, this paper investigates the ethical orientation of information technology professionals (ITPs) in the Middle East and the United States, by focusing on attitudes towards and awareness of intellectual property, privacy and general IT ethical practices. Narrowing down the study focus on these specific issues should increase awareness of potential ethical issues related to information technology misuse in businesses in general as well as IT companies, government organisations and educational institutions more specifically, as they are heavily dependent on IT professionals processing diverse amounts of general and confidential information around the clock. The rest of this paper is structured as follows. Section 2 details the significance and objectives of the study, while section 3 outlines the methodology and the sampling collection. The data analysis and results are provided in section 4, the discussion and the concluding remarks are given in section 5 and limitations and future research possibilities are included in section 6. 2.

Significance and Objectives

As computers and high-speed communication networks transform our world, bringing tremendous advantages such as speedy information processing and business output, they also raise important ethical concerns that generate continuous interest in questioning behavioural aspects in the context of information technology, as evidenced by the ongoing literature. In this respect, many studies have been conducted to examine the most influential factors affecting IT decisions from an ethical perspective. In the field of business, the significant economic losses that might be generated from unethical IT practices demands the need for a better understanding of these issues, which could be prevented if addressed properly. In fact, addressing unethical IT behaviour, including piracy and privacy, would help to save billions of dollars annually and to improve the image of enterprises and their legitimacy, thus resulting in the improved wellbeing of societies (see Bass et al. 1999; Banerjee et al. 1998). Overall, most surveys conducted to explore IT professionals’ ethical attitudes have been piloted outside the Middle-Eastern region. Hence, it is believed that evidence on the subject from other parts of the world, such as the Middle-East region specifically, and the extent to which they diverge from their counterparts in other regions, would be valuable. This paper will contribute to the related literature by providing more empirical evidence to explore the ethical orientation of IT professionals within the Middle Eastern countries context comparative to their counterparts in the US, as this part of the world is classified through different cultural dimensions besides Anglo-Saxon and Far-Eastern clusters (Hofstede, 1980). The specific objectives of this study aim at (1) determining the views of information system professionals (ISPs) concerning a variety of ethical issues, namely intellectual property, privacy and other general IT ethical issues, (2) examining whether there are significant differences between the ethical orientations of ISPs attributed to their demographic and professional characteristics, including gender and academic level, and (3) comparing and contrasting ethical orientations of ISPs in the Middle East and in the US. The comparison is made by

reference to findings from previous studies, which provides the chance to test for significant differences regarding the ethical attitudes of the IT professionals in different cultural contexts. 3.

Methodology

3.1 Measurement Instrument The survey instrument for the study includes two main sections. The first section contains demographic information about the respondents, such as gender, age, academic level and working experience, as well as open-ended questions to identify whether the respondents have ever participated in business ethics training programmes. The second section includes a 22-statement instrument developed by Mary Prior et al. (2002). These statements were used to test the IT professionals’ attitudes towards business ethics on several related issues. For the majority of the ethical issues, the questions were placed randomly among the statements, in order to test the consistency of responses. Each respondent was requested to indicate his/her stance on each ethical statement as 1 (strongly agree), 2 (agree), 3 (not sure/undecided), 4 (disagree) or 5 (strongly disagree). The ethical issues, number of statements dedicated to the issue and questions associated with these issues are listed in Table 1 below. Table 1 Ethical issues, number of statements and questions used in this survey. Ethical Issues

Number of questions

Questions

Intellectual property

4

1, 2, 3, 9

Privacy

4

10, 11, 14, 16

General IT Ethical Issues

12

4, 5, 6, 7, 8, 12, 13, 15, 17, 18, 19, 20, 21, 22

3.2 Sampling and Data Collection In the survey cover letter, it was emphasised that participation was completely voluntary and anonymous. It was also stated clearly that all information obtained would only be used by the disclosed authors for the purpose of academic research and would not be shared with any employer or any other entity for their safety. Therefore, there would be no impact in terms of benefits or their position in the organisation In order to investigate the ethical attitudes of IT professionals in the US and Middle-Eastern countries, an online questionnaire was created and tested to explore the differences in IT ethical issues. As with the survey, a cover letter was attached to the online survey explaining the purpose of the study and the voluntary and confidential nature of the questionnaire, which was sent to several social network lists of IT professionals such as LinkedIn, Facebook, professional IT groups and technological organisations. To ensure that the survey obtained valuable answers, the targeted participants were selected from high-profile local and international IT corporations and were mostly graduates from English-based institutions; the sample was picked after assuring English proficiency. Before sending the survey to individuals in the social networks, we made sure that these participants were also proficient in English. For direct organisational targets, we checked with HR personnel to gain their approval to distribute the questionnaire. It was also communicated that the participants should be English speakers and that IPR concepts and a code of conduct were part of their governance. Through this assurance we were confident of the validity of the data collected. More than 1,000 email invitations were sent to the targeted IT professionals. Initially the authors received a low response, so in order to address the issue several email reminders were sent to the targeted participants. Ultimately, out of 1,000 invitations sent, a total of 225 responses were received. On receipt of the surveys, data were captured and then stored in a database for subsequent analysis. 4.

Data Analysis and Results

4.1 Methods of Analysis Demographic information was analysed using frequencies, while responses to the business ethics value statements were analysed by comparing means for each statement separately as well as by comparing overall means for the targeted variables. For comparison purposes, the equality of means T-test was used to test for significant differences (P-value ˂ 0.05, where confidence of 95% is used and with a 0.05 probability level). An ANOVA F-test was conducted on a group basis to test for significant differences among countries, while the

open-ended questions were analysed after categorisation. Given the objectives of the research, and for the sake of comparison, some methods of analysis used in this article are consistent with most previous studies as a data collection instrument (Sims 2006; Phau and Kea 2007; Spero and Tyler 2007; Alshaik et al. 2013; Elian et al. 2013). 4.2 Demographic and Professional Profiles Out of 225 received questionnaires, 35 (16%) were discarded because they were either incomplete or had vague responses to some questions. The remaining 190 completed responses (84%) were used for analysis purposes. Of these 190 responses, 114 (60%) came from Middle-Eastern countries and 76 (40%) from the USA. For the demographics profile of the respondents, the male/female ratio was 144/46 (75.78%/24.22%). For the US, the male/female ratio was 70/20 (36.84%/10.52%) and for Middle-Eastern countries the ratio was 74/26 (38.94%/13.68%). Ages ranged from 20 years to 68 years for the US, with a mean age of 33, and for Middle-Eastern countries the ages were 22-60, with a mean age of 31 years. For nationality, 40.0%, 0.89%, 1.33%, 3.11%, 2.22%, 4.44%, 5.78%, 4.89%, 19.11% and 18.22% came from the US, Sudan, Iraq, Syria, UAE, Saudi Arabia, Egypt, Lebanon, Kuwait and Jordan, respectively. Regarding academic level, 66.67%, 24.44% and 8.89% were Bachelor, Master and PhD graduates, respectively. Of the sample, 14.22% had once – as part of my new employee orientation – enrolled in a business ethics course, while 11.11% had participated in business ethics training every two years and 17.33% every year. A total of 43.63% had never received ethics training. Figure 1 below shows the industrial sectors in which the IT professionals were working. In relation to working experience, the mean length of the respondents’ working experience in the IT sector was 8.13 years, whereas the mean for the present organisation was 6.66 years.

Fig. 1 Industrial sectors in which the IT professionals worked

4.3 Ethical Orientations of the IT Professionals Table (2) below summarises the results regarding the first objective of the study, namely to addresses the respondents’ attitudes towards ethical IT issues, also known as ethical orientation. Descriptive statistics, including mean scores and standard deviations (SDs) for each statement, are given. The overall mean for the 22 statements is 3.58, which is above the midpoint (3), thereby indicating a moderate level of awareness in regard to IT ethics among the respondents. However, their views varied in terms of their reactions to the different ethical statements. The highest mean (4.67) is for statement 11: “It is acceptable for me to use other employees’ access codes without their permission to access data normally hidden from me”. The standard deviation for this

statement is 0.67. Statement 1: “It is acceptable for me to make unauthorised copies of commercial software to use at work” has the second highest mean, at 4.22, and a standard deviation of 1.01. Statement 12: “Employees who violate their organisation’s code of professional ethics should be appropriately disciplined” has the third highest mean, at 4.19, and a standard deviation of 0.85. Statements 5, 16 and 6 report the lowest means, respectively. Statement 5, with a mean of 2.15 and a standard deviation of 0.77, reads: “Ongoing consultation with representatives of all those affected should occur throughout the information system’s development lifecycle”. The second lowest mean is for statement 16, which has a mean of 2.42 and a standard deviation of 1.12 – it reads: “My organisation’s security arrangements are sufficient to ensure that information held on its computer systems is safe from unauthorised access from external sources”. The third lowest mean is for statement 6, which has a mean of 2.98 and a standard deviation of 1.19 – it reads: “It is acceptable to use my employer’s computing facilities for my own non-profit-making activities, if this has no adverse effect on my employer”. As for intellectual property, the results for statements 1, 2, 3 and 9 substantiated different attitudes among the respondents, who lean heavily toward statement 1: “It is acceptable for me to make unauthorised copies of commercial software to use at work”, followed by statement 3: “If an organisation has developed software for use in the office, it is acceptable for employees to make unauthorised copies of this software for use at home”. Low levels of concern are reported for statement 2: “It is acceptable for me to make unauthorised copies of commercial software for personal use” and statement 9: “Employees should be allowed to recreate a product/program/design for another organisation if they change jobs and are no longer employed by the organisation who paid them to create it”. For privacy, different attitudes are indicated by the respondents’ feedback on statements 10, 11, 14 and 16. They show a high level of interest in statement 11: “It is acceptable for me to use other employees’ access codes without their permission to access data normally hidden from me”, followed by statement 14: “Employers are entitled to use electronic surveillance to monitor employees’ performance without their consent”. Low levels of concern are reported for statement 10: “It is acceptable for me to use other employees’ access codes with their permission to access data normally hidden from me”, followed by statement 16: “My organisation’s security arrangements are sufficient to ensure that information held on its computer systems is safe from unauthorised access from external sources”. For general IT ethical issues, statement 12: “Employees who violate their organisation’s code of professional ethics should be appropriately disciplined” and statement 20: “A person who is doing well in business does not have to worry about moral problems” reported the highest concern. At the same time, statement 5: “Ongoing consultation with representatives of all those affected should occur throughout the information system’s development lifecycle” and statement 6: “It is acceptable to use my employer’s computing facilities for my own non-profit-making activities if this has no adverse effect on my employer” reported the lowest concern among the sample. Table 2 The ethical orientations of respondents towards IT ethical issues No 1

2

3

4

5

Questions

It is acceptable for me to make unauthorised copies of commercial software to use at work It is acceptable for me to make unauthorised copies of commercial software for personal use If an organisation has developed software for use in the office, it is acceptable for employees to make unauthorised copies of this software for use at home I would refuse to work on a project that I considered to be unethical Ongoing consultation with representatives of all those affected should occur throughout the information system’s development lifecycle

Mean

SD

Strongly Agree

Agree

Indiffe rent

Disagree

4.22

1.01

3.69

Strongly Disg.

0.51%

10.15%

10.15%

27.41%

51.78%

1.36

5.56%

20.20%

18.18%

14.14%

41.92%

4.10

1.06

48.24%

28.14%

12.06%

10.05%

1.51%

4.04

1.12

5.58%

6.60%

11.17%

32.99%

43.65%

2.15

0.77

1.05%

2.62%

23.56%

54.45%

18.32%

No

6

7

8

9

10

11

12

13

14

15

16

17

18

19

Questions

It is acceptable to use my employer’s computing facilities for my own nonprofit-making activities, if this has no adverse effect on my employer It is acceptable to use my employer’s computing facilities for my own profit-making activities, if this has no adverse effect on my employer If a project is significantly behind schedule or over budget, it is acceptable to cut down on testing effort Employees should be allowed to recreate a product/program/design for another organisation if they change jobs and are no longer employed by the organisation who paid them to create it It is acceptable for me to use other employees’ access codes with their permission to access data normally hidden from me It is acceptable for me to use other employees’ access codes without their permission to access data normally hidden from me Employees who violate their organisation’s code of professional ethics should be appropriately disciplined When disagreements arise between development personnel and those affected by the system, it is the project manager who should have the final call Employers are entitled to use electronic surveillance to monitor employees’ performance without their consent Providing a systems development project provides me with an interesting challenge, I do not care about its overall objectives or purpose My organisation’s security arrangements are sufficient to ensure that information held on its computer systems is safe from unauthorised access from external sources Organisations should develop and administer an ethics awareness programme for all employees It is acceptable for a software contractor, provided with a brief specification, to go ahead and develop the system knowing that in the future re-work under another contract will be essential Consideration of the overall working

Mean

SD

Strongly Agree

Agree

Indiffe rent

Disagree

2.98

1.19

3.99

Strongly Disg.

14.29%

19.39%

25.51%

33.16%

7.65%

1.01

38.27%

36.73%

12.76%

11.73%

0.51%

3.79

0.99

25.25%

43.94%

15.66%

14.65%

0.51%

3.34

1.17

19.70%

27.78%

24.75%

23.23%

4.55%

3.49

1.26

29.69%

25.52%

15.63%

25.00%

4.17%

4.67

0.67

75.92%

18.32%

4.71%

0.00%

1.05%

4.19

0.85

3.13%

0.52%

8.85%

52.08%

35.42%

3.53

0.99

13.16%

4.21%

20.00%

50.00%

12.63%

3.75

1.22

34.21%

33.16%

13.16%

13.68%

5.79%

3.63

0.97

17.19%

44.27%

24.48%

11.98%

2.08%

2.42

1.12

4.71%

15.71%

16.75%

42.93%

19.90%

3.32

1.49

0.52%

2.08%

6.25%

44.79%

46.35%

3.06

0.99

27.22%

8.33%

33.33%

27.78%

3.33%

3.69

0.87

16.20%

49.72%

24.58%

8.94%

0.56%

No

20 21

22

Questions

environment is not part of the IS professional’s responsibility A person who is doing well in business does not have to worry about moral problems I view sick day days as vacation days that I deserve For every decision in business the only question I ask is, “Will it be profitable?” If yes, I will act accordingly; if not, it is irrelevant and a waste of time. Mean of All Statements USA Respondent Mean Middle Eastern Countries Mean

Mean

SD

Strongly Agree

4.14

0.94

42.54%

3.48

1.21

21.98%

3.58

1.09

21.21%

Indiffe rent

Disagree

42.54%

8.29%

4.42%

2.21%

36.26%

18.68%

15.93%

7.14%

Agree

44.85%

13.94%

16.36%

Strongly Disg.

21.21%

3.58 3.60 3.58 Note: Questions 4, 5, 13, 21, 22 and 26 have been reversed, to reflect a higher mean (more ethical)

4.4 Demographic and Professional Characteristics and Attitudes towards Ethics Using the independent sample t-test, this section tests for our second objective, which attempts to determine whether any significant differences between the ethical orientations of IT professionals in Middle-Eastern countries and the USA can be attributed to their demographic and professional characteristics, including gender and academic level. Table 3 presents results regarding the differences between male and female ethical orientations. The overall mean for male IT professionals in the Middle East is 3.563784, whereas the overall mean for females is 3.717692. Mean figures in the USA are 3.548235 and 3.762 for men and women, respectively. The results show no significant difference between the two categories with respect to males and females in terms of their responses. However, when testing for each region separately, differences exist between the genders for both geographical areas, given 5% and 10% significant levels for the US and Middle East, respectively. The results are supported by using the pooled-variance t-test (see Table 3 above for differences between the means of the two categories, which concludes that the means of males and females are different in terms of their attitudes towards ethics on separate category basis. Such a finding triggers a question about the validity of the widely held belief that women tend to be more considerate and disciplined than men. Table 3 Results of t-test statistics for gender and academic level differences towards IT ethics USA-ALL

MID-ALL

USA-Male

USA-Female

MID-Male

MID-Female

no diff. There is sig. diff. There is sig. diff.

USA-Male USAFemale

MID-Male

no diff.

MID-Female

USA-BS

USA-MS

MID-BS

MID-MS

no diff. There is sig. diff. There is sig. diff.

USA-BS

MID-BS

USA-MS

MID-MS

no diff. There is sig. diff.

P(T