Management and the Technology Professional – B302

Case study answer 1

As the lead developer I should not have created the rootkit for Sony for many reasons, but the most compelling reason is because the program is an indisputable invasion of the customer’s privacy. The very nature of which breaks our social ethics as everyone is entitled to their privacy. The ACM's (Association for Computer Machinery) code of conduct explicitly states that we must respect the privacy of others. My actions went against all the good principles that engineers stand for. Ethics and people's emotions govern this county quite extensively and because of my lack of engineering professionalism customers do not have as much confidence or trust as they once did in the Sony brand. The ACM's code of conduct’s first few lines says professionals should avoid harm to others such as undesirable loss of information and honesty is essential.

My Program broke many laws, legislations and codes of conduct from several professional bodies. I broke the data protection act by preventing the right to stop processes likely to cause damage or distress as customers did not have the choice to prevent the rootkit from running as it installs automatically upon loading the CD. I also broke the Computer Misuse Act by unauthorised modification of windows internal state and causing various vulnerabilities, system instabilities and unpublicised performance overheads.

The BCS (British Computer Society) states under its code of conduct that all members must comply with the listed legislations such as the Computer Misuse Law and data protection act. Their code of conduct also states that professionals should not misrepresent or withhold information on the performance of products, systems, services or take advantage of the inexperience of others. The program in question by its very nature had to remain secretive for it to work, so we deliberately withheld information on the product in direct violation of BCS’s code of conduct.

There were many factors that inevitably came into account when making the decision to develop such a program, such as the amount of money that can be made and how this project could boost the company’s profile. When developing this program I didn’t prioritise my objectives as I should have. Such that my duty as an engineer to follow good practice, procedure and avoid harm to others were not at the top of my list, to my regret. To prevent this from happening again in the future we need to implement a policy to govern how we look at our client’s needs and compare how feasible they really are.