No Comments

There’s a gradually coalescing idea in Alison Holt’s mind around the issue of ‘IT ethics’, which the leader of global forums and standards on a number of other IT issues is well versed to consider.

From her point of view, IT ethics is about the application of ethical values to the design, development, delivery and management…through to retirement…. of information technology. It could also be called responsible IT.

What it means in practice, as software based systems become ubiquitous across everything from traffic lights to phones to hospital equipment is to understand software’s potential uses and abuses.

As part of the World Class New Zealanders network, Holt has been at the forefront, often chairman, of global ‘standards’ initiatives across wide ranges of IT infrastructure and operations. She carries out the standards work mainly on a voluntary basis, though concedes that such work helps drive her IT strategic consultancy business, Longitude 174°.

And as an IT professional at the strategic consultancy level, with a passion for ‘standards’ she’s well aware of the value of being linked into, or even helping set the benchmarks that drive the industry, and of New Zealand’s opportunity as a result.

“I’m passionate about positive impacts of economic development,” Holt says. “The development of standards that meet international market needs is an example. If you’re south of the equator, you can get good leverage for doing business north of the equator if you’re certified to a standard. It tells the potential buyer about how you deliver your service; it’s a passport to business.”

She gives an example that if a New Zealand IT business can’t prove how it protects information (under a standards approach), “who outside of NZ is going to do business with you?”

Holt’s international group is currently working on standardization in the area of the governance of cloud computing to ensure organizations can make informed decisions when choosing a cloud service provider.

‘Once you’ve applied existing ISO standards across cloud, you’ve addressed most of the risks associated with service management and security management.’

That leaves just three key questions around sovereignty, privacy and portability — and Holt expects her group to address these issues through a disclosure standard.

Cloud computing is very much a today issue — but what of the future?

Holt firmly believes that within the next two years there will be an international push on organizations to prove that they use their IT systems and collected information ethically, and that they understand the consequences of use and abuse.

“We need to think holistically across the whole lifecycle of an IT system or IT application, because if we don’t ‘accidents’ can happen and the whole information management thing falls apart,” Holt says.

She gives an example of why IT ethics is required. A piece of software used in automatic doors was copied in large chunks to operate the door of a CAT scanner. However, because the doors of the scanner did not have other failsafe mechanisms to prevent such closures happening (as happens with doors) the doors of a closing CAT scanner crushed a patient inside.

“A misuse of IT can occur because people aren’t thinking of consequences,” she says. ‘If a hacker breaks into the code used for the remote maintenance of a pacemaker, is the hacker the sole person to blame? Shouldn’t we ask why the software developers were enabling the software to be modified from distances over 10 metres, when there was no business requirement for this?’

Holt says IT ethics needs to have a type of design influence, which considers all aspects of a product (or service) across its entire lifecycle.

“We need a framework that sits with an IT company’s governing body and influences the whole organisation,” she says. “It needs to guide how you develop and deploy IT systems and how you manage your information assets, in an ethical way — considering the consequences of what you’re doing, at all times.”

Holt says a set of principles, and a standard, needs to be put in place for IT ethics. She is to prepare a paper for an international committee by May 2011, and is interested in talking to organisations who want to be part of the discussion.