"The unexamined life is not worth living." -- Socrates. The unexamined system is not safe to ship.
These three concepts are often used interchangeably in conversation. They are not interchangeable. Each operates at a different level and is enforced by a different mechanism.
"Ethics is a code of behavior defined by the group to which an individual belongs." -- Reynolds, Ethics in Information Technology
Law and ethics do not map perfectly onto each other. There are four distinct combinations that arise in professional practice. Understanding this grid is foundational to ethical reasoning in IT.
| Classification | Example | Implication |
|---|---|---|
| Legal and Ethical | Disclosing a data breach to affected users promptly and completely | The standard outcome -- compliance and professional responsibility aligned |
| Legal but Unethical | Selling user behavioral data to third parties without meaningful disclosure, when permitted by current law | Most professional ethics cases land here -- the law permits it but professional codes prohibit it |
| Illegal but Ethical | Disclosing classified surveillance programs that reveal unlawful government activity (the Snowden argument) | The whistleblower's dilemma -- rare, contested, and carries personal risk |
| Illegal and Unethical | Stealing customer credit card data to sell on dark web markets | Both mechanisms agree -- legal and ethical violation simultaneously |
Most of what this course covers occupies the "legal but unethical" quadrant. The law has not caught up to the technology. Professional ethics codes must fill the gap.
Two opposing positions on the nature of ethics define the major philosophical divide in moral reasoning. Both have direct applications to IT ethics decisions.
"There are no universal moral standards. Ethics is culturally, historically, and personally relative. What is right in one context may be wrong in another." -- Moral Relativism
"Some moral standards apply universally, regardless of culture, time, or personal preference. Certain acts are wrong in any context." -- Moral Universalism
Relativism appears in organizational culture defenses: "That's how we do things here." It is frequently used to justify crossing ethical lines because "everyone does it" in a particular industry. The VW emissions case, the Cambridge Analytica case, and the Therac-25 case all involved organizations where incremental relativism enabled significant harm.
Universalism underpins professional codes of ethics. The ACM, IEEE, and PMI codes assert that certain obligations hold regardless of organizational culture, competitive pressure, or national context. This is the philosophical stance professional codes take.
Professional codes define minimum group standards. They do not replace personal ethical reasoning. A practitioner who only consults the code when caught has missed the point.
A personal code of ethics for an IT professional integrates: the professional standards of relevant codes (ACM, IEEE, PMI), an understanding of applicable law (HIPAA, CFAA, GDPR, Section 230), and a personally examined position on obligations to employers, clients, users, and the public.
The houses teach you how to build systems. The Warehouse teaches you why you are responsible for what those systems do to people who never chose to be affected by them. Your personal code is the bridge between the two.
Professional ethics is not identical to personal morality. A professional may personally believe an employer's data collection practice is harmless. The professional ethics code may prohibit it anyway. The code governs conduct in the professional role, not personal beliefs.
IT professionals regularly have access to systems and data that their employers, clients, and the public do not fully understand. That asymmetry creates obligations that exist regardless of whether the individual finds them personally compelling. The code is not optional because you agree with it. It governs because you hold the role.
The fact that "everyone does it" is a description of behavior, not a justification for it. Professional ethics codes exist precisely because groups tend to normalize the behavior of their members -- including harmful behavior.
Work through each question before proceeding. There are no lookup answers. The reasoning process is the point.
Review the self-check questions before marking complete.