Case study answer 1

Management and the Technology Professional – B302

Case study answer 1

What is the most compelling reason why you should not have developed the rootkit software?

The most compelling reason why this software should not have been developed is because it’s deceiving the end user. Even though a EULA has to be agreed to, it does not fully disclose what is installed and what it does. This directly breaches the UK Computer Misuse Act 1990, section 3 – Unauthorised modification of computer material. When the project was undertaken by First4Internet they would have been well aware that it was one of Sony’s objectives to hide files on the users system, obviously giving them the chance to question certain motives and decline such a contract.

Further to the deception of the end user the software cannot be simply uninstalled without causing damage to the system and also provides a means for computer hackers to access the system without the user knowing. First4Internet must have been quite reputable for Sony to use them to write the software, so they should have sufficient knowledge of legislations and codes of conduct. A particular code of conduct which is likely to of been breached is that of the BCS. A specific point relates to “not taking advantage of the lack of knowledge” on a product, which has clearly occurred here.

Another point which should be noted is that the software allegedly sends information regarding the user. When Sony was asked about this they denied this function was carried out but the code suggested otherwise. If data was sent regarding the user and obviously depending on how the data was used this could then lead to an offence according to the Data Protection Act 1998. If a legislation under this act is breached this can lead to a further offence which is described under Section - 6 General provisions relating to offences - Liability of directors etc, which would apply to the company directors at First4Internet Ltd. Under this section if a director has given consent to carry the creation of software which could breach a legislation they can then be held accountable.

It is also important to assess personal ethics for both companies. Even though there are vast amounts of laws and codes, its likely most individuals have principles which they believe in. For example some of the developers at First4Internet could have declined working on the project due to their own principles even when consent was given for the project by a company member with higher authority. This could also be applied to members of staff at Sony who were involved with the project.

Sony’s business objectives must also be taken into consideration when looking into this case. At some point they must have weighed up the pros and cons of including this software with CD’s. Their conclusions must have led them to believe that using this software would have created greater financial gain due to the theory, in which users would not be able to copy the audio files leading to more members of the public purchasing the CD as opposed to downloading illegally. An argument which Sony could put forward is that they were simply trying to reduce piracy, but this is unlikely to overrule all the factors which would suggest the primary goal was financial gain. This approach could have created the exact opposite of what Sony anticipated, as consumers are unlikely to buy a product if they previously had been intentionally deceived by the company. This could then lead users to download the music illegally. In essence it could create a chain effect essentially leading to reduced trust in Sony and a diminished reputation.

In conclusion both companies would have been well aware of the implications this software could have, but must have thought that the financial gain was enough to out-weigh the correct thing to do both by law and by ethics. The primary factor which this whole project relied upon is the end user not knowing the full extent to what the software does, which relates back to why First4Internet should never have developed this for Sony.