In the recent past I was asked to set up a reporting facility for upper management so they can spy on what web sites users are visiting. This was done without any notice given to users. Unfortunately, I have a good friend with some rather unusual tastes who I knew would be caught! He also knew I set up the reporting...
To me, the lack of user notification was unethical. What similar experiences have you had that haven't "felt right" and left you questioning what to do? How did you deal with it?
While not exactly a task I was given, I had to recover from forced downtime.
I used to be the SA for a rather large financial site. We knew our systems inside and out, had centralized logging and great tools to sift through them.
All of a sudden (naturally very close to a deadline), all the cellphones go crazy with alert messages. Check to see that the site is down, and all SA staff drop what they're doing and start investigating.
Apache logs were fine, database wasn't throwing any errors and the caches were spinning just fine. Plenty of spare resources, network was fine and no recent deployments.
10 minutes later, I find out that one of the developer had gotten access to the site and added a die(); in an obscure module related to page generation.
In other words, the software did what it was told to do, and there was no log information that would've helped.
The GM for the company that ran the site came up with a huge grin and said he wanted to clock us. I told him to screw off, not touch my production servers, that we did have great disaster recovery plans, but his developer's incompetence made sure none of those plans kicked into gear.
If he wanted to check our response time, he should at the very least have discussed it with the CTO and asked if he could do it "some time today" or "this week". That way nobody would have been pissed off, and we wouldn't have wasted any time arguing about it.
The whole event was one of the most unprofessional ones I've encountered so far.
'Spying' on employee's web activity is par for the course. The only thing unethical here is if it's not stated anywhere in the employee handbook or other signed disclosures at time of hire. The long and short of it is the business owns the network and its data, not the user. As they say in my line of business, "There is no expectation of privacy".
I had to ask a new graphic designer (in a former position) to install his cracked copies of photoshop and a few other tools because our boss didn't want to pay for them.
It infected our servers with a virus, which I think was appropriate :)
I used to work for a company where management didn't like paying for software. I managed to convince them to buy legal copies of WinXP Pro and Office 2003, but they tried everything to save money. The boss bought a laptop that came with Office Student and Teacher edition, and he discovered the clause about installing on up to three computers. He ignored the part about not for commercial use and told me to use it on a few systems. I told him it was not legal but he didn't care. I begrudgingly proceeded under the hopes that I did my due diligence and wouldn't be at fault should the company get audited. Looking back, I wish that I had reported them.
I've been asked to find a way to send copies of every email a user sends and receives to their boss. The person in question was suspected of violating their terms of employment. This kind of Big Brother investigation makes me sick to my stomach. Thankfully, the issue was resolved with out me having to look into this.
I Think it is managements right to monitor the network/internet Activity. However i think they should be notifying users that something like this is in place. Irrespective of that as a user working in a Corporate environment i think we should be always just presume that we are being monitored.
I was asked by a coworkers wife (also coworker in past but at home now because of pregnancy) to monitor/report his 'strange' activities in e-mal/ICQ/web chats/etc..
I was asked by my boss to customize a Linux distribution, brand it with the companies logo and other stuff and then we will sell it with out providing the source. When only 10% code was developed by my company he marketed the whole product as company's own and sold it to customers without providing the source code.
This was the only unethical thing, I am still confused if this was unethical on my part to customize the distribution as I was not part of the marketing and sale of the distribution.
Just went through this, so I thought to post my incident too. :)
I was asked to hack the mail password for a co-worker's ex.
'nuff said.