February 27, 2012

From Any Branch Banking to Any Booth Voting

Once upon a time, in a banking scenario far removed from where we are today, one had to visit the specific branch of a bank for any banking transactions. To deposit and withdraw cash or to deposit and encash cheques there was no option but to travel to the branch where one had opened one’s account. Then came Core Banking Systems and the world was not the same anymore. Since all the branches were connected to a centrally located Core Banking Systems, all information about a customer was always available at any branch and the concept of Any Branch Banking become the norm. This was followed by ATM and finally Internet Banking.

When it comes to voting we are still in the old, old era. Why can the Election Commission not move along the same trajectory that the banks have travelled in the past twenty years ?

Let us consider the feasibility and possibility of Any Booth Voting.

The Election Commission has a process in place to issue Voter ID Cards and while there could be loopholes in the validation of the applicants right to vote, these cards have been, by and large, accepted as proof of identity beyond reasonable doubt. Now if someone has such an Voter ID Card there should be no need for him or her to visit the specific booth where he is registered to cast his vote. Any booth operated by the Election Commission -- if it is connected to a Central Election System through the digital technology -- should be adequate. An attempt to vote at two or more places can be detected immediately - just as an attempt to overdraw money from two different branches is detected immediately in any decent Core Banking System.

With Any Booth Voting, a voter need not be physically present at his constituency on the specific day and time. He can vote from anywhere in the country where the Election Commission has set up a booth. This will be a boon for travellers as well as economic migrants who have to live away from their constituency to earn a living.

Using the banking system as an analogy, we can extend this idea even further.

  • First the Voter ID Card can be made smarter and more rugged by adding a magnetic stripe or an embedded chip in which the biometric information collected by the UIDAI or the NPR can be encoded.
  • Secondly, the software on the nationwide network of ATM machines can be upgraded to connect with the Central Voting System and determine the identity of the voter who has entered the card and direct his vote to the appropriate constituency or election. So an eligible voter could vote in the Kolkata Corporation Elections and the  South Kolkata Lok Sabha elections as and when they are held even though the voter may be physically working in Mumbai.
  • Finally, and as a measure of abundant ( or redundant ) caution, there can be mechanism in which a password can be sent by SMS to the phone number registered in the name of the voter. Nearly half the population of the country has access to cellphones and so this is not a limiting factor.
Any Branch Banking has not put and end to normal branch based banking. There are still many people who do not use ATMs and prefer the comfort of a face-to-face encounter. So could be the case with Any Booth Voting and existing booth-based elections can continue to operate in parallel. Voters who are comfortable with Any Booth Voting can ask for and have their Voter Cards upgraded to support this new system and they can be even be charged some money for the same. There could be a fee for a smart Voter Card, just as there are charges for ATM usage but with the passage of time these will become the norm and it may be cheaper for the Election Commission to pay for these cards from the money that will be saved through this process.

The technology to make all this happen is available in the country today. It needs someone in the Government to connect all the dots and make it happen.

this post has appeared earlier in FirstPost

February 21, 2012

Sweating Our Assets in the Higher Education Sector

The Higher Education sector in India has been the subject of much attention, heartburn and soul searching in the public and private media. We know that India with her vast pool of young citizens is ready to reap the economic benefits of the demographic dividend because both the West -- Europe and North America -- and China is plagued with an ageing population. But somehow or other have not yet found a sustainable and scalable way to train our youth and enable them to acquire the skills that are badly needed for economic success. Currently the debate and attention is focussed on two areas. First (a) how should the government set up new schools and colleges, for example new IITs, new IISERs and second (b) In what way should the private sector be engaged in a manner that regulates the balance between the entrepreneurship of private providers vis-a-vis the rapacious exploitation of innocent students. In this two pronged debate, let us introduce a third perspective namely, how can the existing network of government colleges -- which is indeed a vast network -- be upgraded to support the growing aspirations of the nation.

While existing government colleges -- starting from the exalted IITs down to the humble district colleges -- continue to teach a large number of students, the general perception is that they are absolutely worthless. In fact this perception extends to the IITs as well. Not too many people will admit this in public but the likes of Jairam Ramesh and Narayan Murthy have had the guts to say so and there are many others who would agree with them. While it is easy to criticise governement colleges, it is stupid to write them off. After all a lot of  time and public money has been invested in these institutions and it only makes sense to see how to reform them to the point where they can deliver good returns in terms of quality of students. This post explores some of the options that are possible.

The starting premise is that these institutions -- from the IITs downwards -- are grossly inefficient. They have consumed and are still consuming a vast amount of public resources -- money, land etc -- but deliver very little.  The ratio of Output to Input is very low but how do we measure output ? By the number of students ? By the quality of the placements ? By the number of papers published ? While it would have been nice if we could have come out with an unambiguous definition, the fact remains that there is no immediate consensus. So let us park this contentious issue for the moment and focus on the means, not the ends. Can we explore some abstract principles that lie beneath inefficiency at which our public sectors education units (PSEUs) operate ?

The most important component of an educational unit is its manpower, its people. This is generally true for most industries but more so in EUs that deal with the generation and transmission of knowledge. In fact a university is not a collection of buildings and equipment but in reality a collection of people and our first focus should be on people -- how to get the attract and retain a lot of good people here.

This is not too difficult if we can delink ourselves from long held and obsolete beliefs and look at the best practices of successful corporates. What we need is a modern Compensation and Benefits policy that ties pay to performance. Current salary levels in the education sector are low but what is more important is that there is no linkage to either performance or market realities. There is neither a carrot nor a stick so the good teacher and the bad teacher are paid the same -- as cast in stone by government agencies like the 6th Pay Commission. Also teachers in subjects that are in great demand -- like engineering -- are paid the same as that in subjects where demand is less and where availability is more. Finally teachers in remote locations should naturally be paid more, openly and not through some accounting subterfuge, because no one wants to go and teach in such areas. Net-net there cannot be one uniform, monolithic, one-size-fits-all Comp-n-Ben policy that covers all PSEUs. In industry, the days of centralised socialism are over. Salaries are now driven by the market forces of supply and demand and the education sector cannot be allowed to remain insulated from the winds of change.

If it is not the central government -- the UGC or the 6th Pay Commission -- then who determines salary ? The obvious answer is to look at "standard" PSUs -- the SAILs and BHELs of India. These are government organisations that have, because of market pressure, migrated to some kind of a performance-based pay at least for the officers ( or "executives"). Moreover each such PSU has its own pay structure determined by the market in which it operates. There is no centralised mechanism that governs PSU salary structure. So should be the case with PSEUs -- each institute or college should move towards its own performance based compensation structure at least for the faculty, if not for the staff.  Depending on its location, the subjects it teaches and the quantum of funds that it has -- grants plus income -- each PSEU should work out its own Compensation and Benefits policy that will allow it to attract and retain the best faculty that it can afford.

Faculty and staff who have never faced a performance appraisal will generally be uncomfortable with if not actually hostile to such activities. They will raise the bogey of favouritism. They will ask who will decide on the yardsticks of performance measurement ? That is best left to the individual PSEUs who can figure out what constitutes good performance. It could be teaching performance in the classroom or it could be research performance in terms of papers published or it could administrative performance in terms of the various non-teaching jobs that a faculty has to do --admissions, placement, fund raising and what not. No two PSEUs are same and so no common policy is possible or should be imposed. Each company -- in the private sector and increasingly in the public sector -- has its own appraisal mechanism, none of which are perfect but all of them are -- by and large -- useful in rewarding performance. There is no reason why PSEUs cannot do the same.

Which brings us to the next topic, affordability or the larger question of finances.

While it is nice if PSEUs can generate their own revenue -- through fees, consultancy or alumni endowments -- it is a fact that education is something that the tax-payers money should be spent on and government grants will, and should, continue to play a signficant role in PSEUs. Point is are these grants being used efficiently ? And the answer is NO.

If one looks closely at the money that the government spends on education --  especially in places like the IITs -- one would soon realise that the quantity is not very small but the tragedy is that most of the money is spent wrongly. It is not that money is being stolen -- there are enough checks and balances for that -- but accountability remains a big challenge. Since there are no statutory audits as is the case of companies and there are no modern accounting systems no one quite knows where the money is going. Elementary accounting principles like cost-code, charge-accounts,  planned and actual expenditure are unheard of. All the money is dumped into one gigantic pool and the granularity of accountability is only at the level of the Head of the Institute. In this murky atmosphere most of the money is spent on non essential items whereas critical areas like performance benefits for good teachers or equipment for labs or books are starved of funds. Net-net, it is not the quantum of money that is the issue but proper accountability of the existing money that is essential.

Our initial premise was that the PSEUs are inefficient -- the output is meagre when compared to the input. A rugged, robust, industrial grade financial accounting system would be a good way to monitor and control the input side of the equation. The Institute of Chartered Accountants and the Registrar of Companies have joined hands to create a set of generally accepted accounting principles against which a company is measured during the statutory audit. Perhaps the ICAI and the UGC ( or MHRD or the AICTE or whoever wins the turf battle to become the Single Regulatory Authority for Higher Education ) should create a similar mechanism so that the tax-payers of India, whose money is being used to fund PSEUs, should have a clear visibility on the usage of  funds in the PSEUs.

Once we have a good financial management system that clearly shows the use ( or misuse, abuse ) of funds in a PSEU appropriate decisions can be made or appropriate individuals can be held accountable. Once accountability is established at a granular level, there will be a pressure to be more economical with expenditure and many of the best practices of cost management that are in use in the corporate sector will eventually enter the education sector. Overall the system will become more efficient in financial terms.

Our goal is to improve the efficiency of our PSEUs and now we have two handles : (a) a financial management system to make sure that money is spent wisely and for the right reasons and (b) a compensation and benefits policy for the faculty ( and if possible for the staff ) that drives rewards towards people who are really needed -- the high performers.

Once these are in place, we can move to the next level , where funds to individual PSEUs will be granted on the basis of the performance of the EU as a whole -- that would be the subject of another blog post.

February 16, 2012

Ethics in Information Technology - IV

Freedom of Information

Freedom of information has two aspects, namely, the freedom to express one’s thoughts and ideas and the freedom to access the thoughts and ideas of others. Both these aspects admit to multiple perspectives on what is right and what is wrong and in all cases there is no unambiguous way to decide on which is the correct perspective -- and in many cases there may not be a perspective that is universally correct.

But before we explore these two aspects, it must be understood that, like privacy, the issues and ethical questions raised here are neither exclusive to nor a consequence of the usage of IT products and services. Freedom of information is enshrined in the constitution and governance structures of most modern and liberal nations but the scope and impact of this freedom or the lack thereof is greatly expanded by the use of modern tools of information dissemination, namely, the Internet and tools like websites, blogs, social media platforms, email, chat rooms, instant messages and others. Hence freedom of information takes on a new importance and urgency in this Age of Information.

Freedom of Expression

Digital media, particularly blogs and social media allows anyone with access to the Internet to broadcast his or her thoughts to every corner of the planet that is digitally connected easily, swiftly and a very low cost. However the right to say anything is necessarily circumscribed by the corresponding and complementary rights of those who are impacted by what is being said.

In India, the Freedom of Speech and Expression is guaranteed by the Constitution under Article 19 and in the United States, where most of the IT enabled media platform are  hosted, this same freedom is guaranteed under the First Amendment. None of these constitutional safeguards are specifically directed at users of IT products and services but are nevertheless generally considered applicable as being universal in their ambit.

But these constitutional safeguards also have built in provisions to guard against the negative aspects of freedom of expression. In the US, for example, the First Amendment protection is not available for obscene speech, defamation, incitement to panic, crime and sedition and “fighting words”. Similarly in India there are laws in place to prevent obscenity, pornography and incitement to communal hatred, sedition, terrorism and other anti-national activities.

What constitutes a violation of each of these exclusions is a matter of great debate -- for example, images of naked humans engaged in sex is considered pornography if depicted in movies and magazines but is considered heritage art to be proudly showcased to tourists at Khajuraho. Since it is impossible for the Constitution to come out with specific definitions for each category of exclusion that is applicable across all places and all times, the decision to extend or deny protection is left to the discretion of statutory bodies that includes the judiciary and other government agencies. In India, the Information Technology (Amendment) Act 2008 is the operative legislation that regulates freedom expression on digital platforms and unfortunately its provisions are generally more restrictive of freedoms than what many people, including the author, believe that it should be.

Closely associated with the freedom of expression is the issue of defamation and privacy. Freedom of expression does not allow the propagation of falsehood and there are laws against defamation that can be invoked by individuals who feel that they have been adversely impacted by deliberate falsehood. These laws generally target slander or oral defamation and libel when the defamation is written and can be used against information published on digital platforms as well.

But even if the information that is published is true and hence does not fall under defamation, the act of publishing this information -- for example a person’s medical history or condition -- can fall foul of the right to privacy that was discussed in an earlier section. This is where we leave legislative and regulatory jurisdictions and enter the domain of ethical debate. Is it appropriate to publish information about the medical condition of a public figure ? Usually the answer is no but then one is haunted by the thought that if Jinnah’s impending death from lung cancer was known, the independence of India might have been delayed and the partition of country may have been avoided.

Freedom of Access

While what constitutes pornography or libel or sedition would differ across legal jurisdictions and may allow the publication of the same material to be legal in one country but illegal in another, the essentially borderless nature of the digital world -- through Internet platform like website, blogs and social media -- raises the issue of what should be accessible to people. For example, users in China are not allowed to talk about the 1989 massacre of protesters at Tiananmen Square but the Internet contains a lot of information about the same. So is the case with explicit X rated pornographic movies that are not allowed in India.

There are three ethical questions and one technical question here :

  • Should there be a regulation on what adult citizens watch in the privacy of their homes ?
  • If so, then what should be allowed and what should be not be allowed ? 
  • Who decides what should be allowed ? and finally
  • Is it possible to prevent people from accessing banned information ?

Obviously, the ethical questions to do not have universally accepted answers and the only operating principle that can be applied is that what is protected by the freedom of expression is should also be permissible under freedom of access. But because of different definitions of acceptability, individuals and more importantly nation states -- particularly totalitarian states like China, Iran and to a certain extent even India -- do try to put restrictions, sometimes temporary restrictions, on what is accessible to its citizens. The technology to do so is generally available but difficult to implement and it is possible for technically competent individuals to circumvent the same. But whether they should do so and what should be the punishment for violating the law is matter is something that goes beyond ethics and into the domain of criminal law.


One important topic that has been deliberately excluded from this chapter is the nature of and preventive measures to be used against computer crimes like hacking, phishing, identity theft and electronic fraud. This is because these are not matters of ethical debate -- there is complete consensus that these are criminal acts and so the law of land is applicable in its totality. For example, hacking into a computer, inserting a virus program and causing it to stop operating is absolutely no different from surreptitiously entering a bank, exploding a bomb and causing a disruption to banking services. There are no ethical issues here -- just a matter of choice of technology. The law does not discriminate between a bomb made of RDX from one made from ammonium nitrate and this indifference to the technique extends to software “bombs” like the Stuxnet virus that caused a total breakdown in Iran’s nuclear processing capability.

In this chapter we have addressed some important ethical issues that confront IT professionals and three specific issues -- intellectual property, privacy and freedom of information --  that are of interest to the public at large who use IT products and services. Unfortunately there are no universally valid and acceptable answers to the questions raised nor are there specific guidelines on how these issues are to be resolved. Social mores and conventions specific to the time and place where these issues are raised will guide and dictate how these issues will be resolved.

What is reassuring however is the fact that the ethical issues that arise in the usage of IT products and services are essentially no different from the ethical issues that the underlying society is expected to address in any case. Mature societies have in general arrived at solutions to these issues that are acceptable to most members and the introduction of IT products and services poses no disruptive threat to the process of arriving at a consensus, however novel and innovative the technology, products and services may be.

Concluded. Part IV of 4
Inspired by and partially based on : Ethics in Information Technology, Reynolds, G.W., Thomson Technology. http://www.worldcat.org/title/ethics-in-information-technology/oclc/71193660

February 13, 2012

Ethical Issues in Information Technology - III

The Question of Privacy

On 10th January 2010, Mark Zuckerberg, the founder of Facebook -- the world’s largest gossip and chit-chat facilitation platform with nearly a billion active members, in a six minute interview on stage with TechCrunch founder Michael Arrington told a live audience that if he were to create Facebook again today user information would by default be public not private as it was for years. This statement highlights an issue that has been debated in IT forums for a very long time.

To put things in perspective, let us first identify the three types of channels through which personal data is revealed :

  • Deliberate disclosure : when someone deliberately reveals information about oneself while applying for services like bank loans and employment, during medical investigations and under statutory requirements like tax returns.
  • Deliberate investigation : when someone, for example market research professionals, investigative journalists or the police, deliberately gathers information about an individual for reasons that may be bonafide or malafide depending on the perspective.
  • Passive accumulation : when someone by virtue of his behaviour -- that includes presence, actions, purchases, comments, preferences and so on -- inadvertently reveals information about him that is observed, recorded unobtrusively and analysed by others for reasons not directly associated with the behaviour under observation.

None of these three channels are exclusive to or have been created by information technology but the usage of IT products and services has significantly expanded the bandwidth, or capacity, with which these channels can operate. What this means is that the ability to collect, store, analyse and disseminate or otherwise exploit this information has increased to such an extent that any inappropriate usage of this information can have consequences that can adversely impact a large number of people.

Ethical questions crop up on the issue of what is appropriate and what is not. For example ..

  • Using personal financial information is appropriate for deciding on the eligibility of bank loans but may not be appropriate for sending unsolicited offers for lifestyle products like TV, washing machines or camcorders.
  • Intercepting private communications -- telephonic or email -- between people suspected of terrorist inclinations may be appropriate for ensuring security but would not be appropriate in the case of individuals involved in romantic dialogue or in the case of a company submitting quotations against a Government tender.
  • The fact that a person has subscribed to the Facebook page “LGBT” may be appropriate while deciding upon whom to invite to a rainbow parade but may not be appropriate for, say, short listing applicants for employment.

An even larger question is, not what is appropriate, but who decides what is appropriate ? In each of the cases mentioned above and in all other similar situations while there will always be someone who believes that the usage of the information is appropriate and there will, in general, be someone else who believes that it is not. What is worse is that there will never be an unambiguous and objective way to determine who is right except of course in the case of a narrow set of situations where the law of the land takes an explicit stand.

Since there are no clear answers to either of these questions, the focus shifts on finding ways and means to minimise the impact of disclosure or at least the surprise associated with the disclosure of personal information. If a person is aware that his personal information can or will be disclosed he is less likely to be impacted by the disclosure. More importantly, if he is allowed to control the quantity and quality of the information that is being disclosed then the onus and responsibility for any adverse consequences of the disclosure can be safely shifted to the discloser who is also the possible victim.

How is this done in practice ? There are two approaches that can be followed for collecting data legitimately

  • When personal data is being provided voluntarily, the recipient of the data should make it clear to the provider the purpose for which the data is being acquired. Should the recipient intend to use the data for purposes other than for what it is being acquired then an explicit permission to do so should be sought from the provider of the data who in this case happens to be person about whom the data is being collected. 
  • When behavioural data is being collected unobtrusively, this fact should be made explicitly clear to the person about whom the data is being collected so that he, if he chooses to, may modify his behaviour to the extent that it conceals or reveals what he wants.

Issues related to deliberate collection of data is easier to handle. If personal data has been released or collected using either of the techniques described above then collecting this data either from the legitimate owner of the data or from the public domain, if the legitimate owner has placed it there, is perfectly acceptable. This is the basis of all legitimate market research and demographic studies. Any other way of collecting data, including but not restricted to patently illegal activity like hacking – unauthorised access to computers and communication equipment for the purpose of extracting or modifying data – is totally unethical. Rupert Murdoch’s hundred year old bestselling publication “News of the World” had to cease operations in 2011 when confronted with evidence of this illegal activity.

Even easier to address is the issue of personal information obtained by statutory bodies, like the police or other Government agencies, on the basis of explicit rules, regulations and laws. Whether an individual wants it or not, these agencies have the explicit legal mandate to, for example, intercept telephones and email, demand information from service providers like banks and telephone companies, or as in the case of Census or in issuing PAN or Aadhar numbers demand personal information on income, address and even biometric parameters like fingerprints and iris scans.

But while this issue is easy to address at the operational level -- the immediate transaction that results in the collection of data is immune to ethical or legal uncertainty -- the larger issue of whether the law is right or not or whether there is an adequate safeguard against misuse is always a matter of great debate. While there are many reasons why personal data should be collected by Government and used for benefit of society as a whole, there is also enough evidence of totalitarian and non-representative governments that have used such data for activities that are prejudicial to welfare of the population at large.

To be continued. Part III of IV

February 12, 2012


Android upload

Testing using BlogAway

Ethical Issues in Information Technology - II

The Tragedy of Intellectual Property

Property is something that we not only understand very well but it is also something that we have a healthy respect for. If one has a house, another would not dare to occupy it. If one has a book, another would -- in general --  never think of stealing it even though he likes it very much. But would he hesitate to have it photocopied ? Possibly not, because he would rationalise that the original owner is not losing the book -- and hence his property rights are not being violated. But what about the author of the book ? And the 10% royalty that he was expecting from a sale of the copy ? For a standard text book costing Rs 250, each time someone makes a photocopy he or she is literally stealing Rs 25 from the author’s pocket ! It is the same when someone rips a music CD, creates mp3 files and uploads it for “free” download on the internet. The real tragedy of the theft of intellectual property is not merely the financial loss suffered by the IP owner -- though that is big enough -- but that people who are otherwise honest -- and would never steal anything physical -- somehow seem to lose all their honesty when it comes to stealing intellectual property.

The owner of the intellectual property has the right use, copy, distribute and profit from the property and prevent others from doing the same without an explicit permission from the owner.  This right is for defined period of time after which the property reverts to the public domain. Two common ways of creating intellectual property is through :
  • Copyright :  Whoever creates anything original -- literature, image, music, art, architecture, choreography, design, computer software -- immediately and automatically gets the copyright. There is nothing explicit to be done -- other than creating something original -- to be recognised as the owner of the copyright.
  • Patent : An inventor of a process, product, machine or material is formally granted a patent by Government if and only if it can be demonstrated that it is (i) novel and original (ii) useful and (iii) not obvious to anyone with common knowledge and skills in the area. This is done on the basis of a formal application through which the inventor reveals the secret behind the invention to the world and in return for his revelation is compensated by the grant of the patent.
Intellectual property, whether acquired through a copyright or patent,  is of economic value to the owner and like any other physical property can be sold, bought, donated, gifted or inherited through traditional commercial and legal channels.

Theft of intellectual property, like any other property that has economic value, is a crime under the laws of the land but the difference lies in (i) the ease with which the crime can be committed -- simply copying or downloading and (ii) the difficulty in discovering the crime and locating the perpetrator. However that does not make it any less of a crime when compared to the theft of a purse or a book and the perpetrator is just another common thief or criminal.

There are two main classes of crimes that are generally committed by IT users in their personal capacity and these are :
  • Piracy : Installing and using software products on personal or professional computers without paying for them even though the owner of the IP associated with this software product has not allowed it to be used free of cost and 
  • Plagiarism : Copying text, images, music from websites hosted by the owner of the IP and using them to create and distribute new units of intellectual property -- like articles, reports, designs, artwork.

Both piracy and plagiarism are no different from simple theft of intellectual property that is under copyright. Patent violations -- that are thefts at a corporate level -- are generally observed when companies copy products or processes patented by their rivals but this is a crime that cuts across all industries and is not something that is related to the IT business.

Should piracy and plagiarism be practiced, tolerated, condoned or encouraged ? The immediate and unambiguous answer is no -- because it is a crime under the laws of the land. But because of the widespread nature of the crime and the difficulty in preventing it -- somewhat like throwing rubbish on the road -- there has been attempts to (a) legalise it, under certain circumstances and, interestingly (b) discover some hidden merits in the process of legalisation. It is almost like legalising the production, sale and usage of cannabis and then discovering its therapeutic properties !

The stigma of crime can be removed from piracy if the software product is developed and released under an Open Source License (OSL) and from plagiarism if the original product is distributed under Creative Commons (CC). While both OSL and CC are fairly complex legal constructs with many kinds of options and exclusions, the general philosophy behind both is simple : you are allowed to copy, use and even modify the property but whatever you create by using this property must be released recursively, under either OSL or CC, as the case may be, so that someone else can also copy, use and modify it as well. Adoption of this philosophy ensures an ever expanding collection of useful intellectual property that is in the public domain and so legitimately accessible to all at no cost and hence no criminal stigma.

The immediate benefit of Open Source Software is that it allows a large number of otherwise honest, non-criminals to retain their innocent status and still have access to useful software products. In fact for almost every popular commercial software product in the market, there is a free, open source equivalent : Open Office is a replacement for Microsoft Office, GIMP for Adobe Photoshop, MySQL for Oracle RDBMS, R for SPSS, Linux for the Windows operating system and so on. Unfortunately most users are either ignorant of legitimate alternatives or are simply too lazy to locate, acquire and use these products and take the easy route of becoming petty criminals.

But why would anyone give away the intellectual property that he or she has created and release it under Open Source License or Creative Commons ? There are a number of viable business models based on free and open source products but this is not the place to explore and evaluate these models. Instead, it is sufficient and interesting to note that a large number of individuals and companies have realised that by using this model of copy-and-share they have been able to create high quality products that have resulted in the greatest good for the greatest number of people and this includes financial well being as well.

To be continued : Part II of IV

February 11, 2012

Ethical Issues in Information Technology - I

Ethics is something that is universal to the human condition but this is not where we try to explain its origin or justify its ubiquity. Instead we take these as given and explore how it impacts people and businesses who are involved with information technology. Wendell Berry, farmer and philosopher, had famously said that “If you eat, you’re involved in agriculture” and for us in the age of Google, it is but a little stretch to conclude that “If you use a computer or a smart phone, you’re involved with information technology”. So the issues of ethics in information technology are as universal as ethics in general. However in this section we will first look at issues confronting information technology professionals and then look at some broader and more fundamental issues that concern the population at large.

Information Technology Professionals

In its early days, India as a nation with a burgeoning population and cheap labour was a hesitant user of what was viewed as labour-saving computers and even today the level of penetration of this technology is low when compared to the more mature economies. However the profession exploded into the mindscape of the Indian population on the back of the immense employment opportunities that surfaced prior to the Y2K scare -- when panicky American companies were on a desperate search for computer programmers to make changes to ancient computer programs that were expected to malfunction at the turn of the century and bring the computer dependent economy to a grinding halt. Whether the panic in the US was justified or not, the fallout for India was very beneficial as hundreds of companies took advantage of the opportunity to not only earn a lot of immediate money but also to lay the foundation of a vibrant profession that is anchored by mega-corporations like TCS, Infosys, Cognizant and Wipro that employs lakhs of programmers today.

While programmers are the most visible members of the IT community, the range of people who claim to be IT professionals is quite diverse. At one end we have the mathematicians who practice computer science while at the other we have people who install and repair our laptops and in between we have programmers, systems analysts, architects, network specialists, database administrators, hardware engineers and many other job descriptions. Unlike doctors, lawyers, chartered accountants and company secretaries there is no statutory body that certifies a person as anIT professional nor is there any specific educational qualification that is either necessary or sufficient for a person perform any of these roles. So the definition of an IT professional can be expanded to include anyone who delivers a product or service related to  digital devices -- including but not limited to computers, telephones, gaming consoles, industrial equipment and other components of a modern society.

Once we have identified an IT professional it is easier to identify the categories of people that the professional interacts with and the ethical issues that emerge with each kind of interaction.

EmployersSoftware Piracy, Trade Secret and Whistle blowing
ClientsFraud, Misrepresentation and Breach of Contract
Other IT professionalsResume Inflation, Conflict of Interest
IT users and society at largeCode of Ethics, Certification and Malpractice

Many of these issues are certainly not unique to IT professionals but some of them are more common in their occurrence because of the nature of products and services provided by the IT industry. For example :

  • Software Piracy : Software is a key “tool” or “equipment” that is used to deliver software services and very often an employer encourages the employee to use pirated software tools to deliver services. Such a scenario is extremely unlikely in other professions where the use of stolen tools like screwdriver, spanner, wrench or stolen machinery is highly improbable.
  • Trade Secrets : While designs of products and the machinery required to create and deliver them are always closely guarded in any organisation, the nature of the products in the IT industry is such that they are far easier to copy, retain and transmit through widely used communication channels. This leads to greater risks.
  • Resume Inflation :  Given the large number of people in the IT business, the similarity of backgrounds and qualifications among them and the fact that almost every company has large requirements of largely similar people -- for example Java Programmers or SAP consultants, the rate at which people change jobs is very high in the IT business. In fact, IT professionals are said to be more loyal to the profession than to the organisation ! In this volatile scenario of rapid recruitment to counter high employee turnover it is very difficult to verify the competence and  credentials of job applicants adequately. 
  • Conflict of Interest : The high turnover of IT professionals also results in situation where colleagues working for the same company very often find themselves in competing companies and personal relationships can and does fall foul of professional relationships. Somebody who was your boss and mentor, someone whom  you admire and respect, is now working for rival. So could be the case with a spouse or the “significant other” since relationships within the industry are very common. In this case, the nature and quantum of information that you can share is very debatable.

Most of these issues can be categorised into three major areas of concern : Intellectual Property, Privacy and Freedom of Information that we explore in greater detail in subsequent sections. However what makes the issues difficult to address is the fact that from a legal perspective, IT workers are not recognised as professionals since there is no statutory mechanism to “license” them to practice as in the case with doctors -- the Medical Council of India, lawyers -- The Bar Council of a particular court or chartered accountants -- The Institute of Chartered Accountants. As a consequence there is no statutory body that can adjudicate on the correctness of their behaviour. Nor is there any legally enforceable code of conduct -- other than the law of the land -- against which debatable behaviour can be measured which in turn means that an IT professional cannot be held legally liable for professional malpractice. However this is equally true for many other service lines like banking, insurance or even education but unfortunately that is no excuse to either duck the debate on ethics in the IT industry or, what is worse, use it as a fig-leaf to hide behavioural traits that are indeed unethical.

to be continued : part I of IV