Where Does the CIO Fit?
Then what, exactly, is the CIO's responsibility within the context of the organization?
BOLTON: I think the CIO has a responsibility to speak up, because he or she represents the use of technology. That's an overall role that they carry, a responsibility. They have got to look and say, "Well, if we adapt this new technology, what openings or opportunities to do wrong things might it have?" That's assuming that the corporation understands what its values and ethics really are.
I mean, when you see it's wrong, you've got to speak up. But that can only happen in a company where it's okay to do that. There are an awful lot of companies where you just tell the emperor his clothes look pretty good. Is that unethical? We see that all the time. That's not just the CIO, by the way. There's a lot of that in the large organization.
|Helen Nissenbaum Ethics professor at New York University and cofounder of the Ethics and Information Technology Journal.|
NISSENBAUM: You might, as CIO, sort of throw up your hands and say, "It's not my fault, I'm a hired gun. I'm only doing what I was told to do." But the CIO must also understand how certain technological choices can embed different kinds of value structures. A CIO with integrity should be able to stand up to the CFO and all the other top brass in a company and argue for certain technological choices as opposed to others.
Would it be ethical, then, to stand up to a vendor who is selling bad or buggy software?
ROBBINS: It is unethical to misrepresent your product.
ROBBINS: And that's the distinction. If the product that is going out, a 1.0 product or a bug-fixed shipment, and you explain very clearly to the customer what they are getting, this is at the heart of revenue recognition, and the customer accepts what they are taking from you, then that's a fair exchange.
I found it fascinating that across industries in the late days before the Y2K rollover, everyone was so forthcoming with customers and partners and suppliers regarding every aspect of flaws because there was no litigation risk and because, in fact, we were being encouraged toward full disclosure. Now, though, we're back to thinking that bugs are only bugs if a customer finds one. During Y2K, we had a real opportunity to become more forthcoming as technologists and as an industry to what technology can and cannot do, but we didn't take that opportunity to continue that frank exchange, and I find that disappointing.