ISACA Journal
Volume 3, 2,015 


Information Ethics: The Limits of Rules 

Vasant Raval, DBA, CISA, ACMA 

T. H. Green, a renowned ethicist, once said: “…Whatever moral capacity must be presupposed, it is only actualized through the habits, institutions, and laws, in virtue of which the individuals form a nation.”1 Habits are shaped by one’s personal character, family, formal and informal groups, and the community to which one belongs. Families have formal or informal rules by which they attempt to stabilize expectations of behavior among the family members. Institutions and organizations also have to have rules. Interpreted in a larger context, these would include codes of conduct, policies, protocols and other dictates. From neighborhood associations to the county, city, state and nation to which the community belongs, there are all sorts of requirements imposed upon the citizen. Some may be called codes or covenants, others regulations and still others the law. While they are not all laws as such, most of these are often accompanied by some degree of consequences for violation. These are all instruments, artifacts and understandings that cause social, institutional and moral pressure for everyone to behave in the interests of the larger community and, in turn, their own interests.2

Any organized form of a community needs rules. Even when we trust each other to do the right thing, rules may help induce and guide proper behavior. In this sense, rules have existed for as long as humans have lived on this earth, for they allow us to set expectations of behavior in families, in organizations and in communities. Rules make life easier because one knows how others will behave, or at least are likely to behave. For example, if the rule is that everyone will drive on the right side of the road, one would expect that the oncoming traffic will show up on the left side of the road. Consistency in following the rules, once set, will provide stability in the group, whether it is a family, institution, business or government. The common interests of a group are maintained by having rules and enforcing them to generate stability.

Codes of conduct, policies, guidelines and protocols—these are all rules in various forms, albeit some at higher levels and, therefore, may not all be considered as such. Rules are somewhat like goals and objectives. When one sets goals, one essentially commits to not indulge in alternatives. For example, if one decides to study for the next few hours, one would refuse an offer to play golf during that time. Goals and objectives provide direction, harnessing energy to achieve something. In contrast, rules do not provide a particular destination or measurement metric one would set out to achieve. They do, however, harness people into behaviors that others expect in the larger interest of the group. The problem is: No one likes being harnessed!

In an interesting reflection on rules, C. S. Lewis notes,3 rules are made to “restrain…the lusts of our neighbours and to give a pompous coloring to our own.” Thus, rules are frequently denials of desires, including those involving morality, such as not to cheat or lie or commit any moral compromise. They also serve the function of self-approval through obedience. For example, corporate executives may brag about their company’s regulatory compliance record or how they never had to restate their financial statements.

While all kinds of rules are evident in society, we focus here on the most critical rules: rules that help us act as moral agents.

Rule Makers

C. S. Lewis uses an analogy of maps and roads to raise some interesting issues. Think of the early period of time when human existence came into being. Someone had to draw the lines, like in a map, and then implement these in the form of pathways and directions. Like maps and roads that follow the initial mapping, rules exist forever, and one may not recall who set the rules. Lewis uses “landlord” and “steward” in his articulation of how rules came into existence. He argues that it is fruitless to identify the landlord; perhaps it is impossible to search for the landlord. Often, our introduction to the rules is associated with the steward. For example, compliance with corporate disclosures is monitored in the US by the US Securities and Exchange Commission (SEC), an external steward,4 and the code of conduct is introduced to new hires by the employer’s human resources (HR) director, an internal steward.

If one did not set the rules, one would want to know who set them up and why their observance is necessary. Those who are subject to a rule may ascribe some faith in it if they are aware of the source of and the rationale behind the rule. Rules are often questioned, and, if not addressed properly, the questionability of the rules may turn into violation of the dictate. The perceived sanctity of rules is tied to the authority vested in the one (e.g., the landlord) who set the rules. Unless one has some sort of incentive to obey or fear of backlash from defecting rules, one is less likely to follow the rules.

It is often difficult, and sometimes impossible, to trace the rules to their author. And yet, it seems critical that we understand why a certain steward set a particular rule. Institutions and the government normally follow due process to make the rules. Recently, the US Federal Aviation Authority (FAA) announced a set of proposed rules to govern the deployment of drones.5 The regulation will limit drone flights to daytime, below 500 feet, at a speed of less than 100 miles per hour, and within sight of the operator, while keeping the ban on commercial drones intact for now. The proposed rules will benefit certain industries (e.g., farming, film making, energy, construction) while capping the potential of commercial use (e.g., package delivery). After all, despite good intentions, the greater good is always a balancing act.

The Origin of Rules

The FAA—the steward of the drone-use rules in this case— justified the proposed rules as an attempt to balance the need for flexibility for the emerging drone industry with the agency’s heightened moral sensitivity for public safety. We should note, however, that not all rules inherit moral sensitivity; they vary in their association with morality. For example, driving on the designated side of the road has little to do with morality.6 Here, we will focus on morally sensitive rules.

The origin of a rule rests with its maker. It is important to know the rule maker; if you can’t know the landlord, at least you would want to know the steward of the rules. This is because rules of morality carry a value connotation assigned by the rule maker, with which we may or may not agree. If we agree, we would tend to accept the rule from our heart, and this makes the rule worthless in generating proper behavior, because we would have committed to follow our heart regardless of the presence or absence of the rule. On the other hand, if we do not agree with the rules, whose values would we want to follow? Do we follow our conscience or the steward’s conscience?7 If roads are mapped into the world by the “landlord” or his “steward,” must we use the roads, or could we create our own trails? Under what conditions would people defy the rules? This is an important question for a simple reason: We rely on a great deal of rules everywhere.

Playing by the Rules

People obey the rules for various reasons. They may dread the consequences (punishment) of noncompliance, or they may be rewarded for compliance. In Bruce Schneier’s terminology, the more doves (people loyal to the rules) we have, the greater the trustworthiness in society.8 The fight is to limit the rise of the hawks, the defectors, for they thwart the existing balance.

The most recognized defector in recent years is Edward Snowden. His actions had a global impact. At home, depending on who you talk to, he was a hero or a traitor; abroad, he was seeking the sympathy of supporters. The US National Security Agency (NSA), the compromised agency, evaluated its policies and practices and likely plugged holes in their systems. They also had to address the public outcry on the nature and amount of data collected by the NSA and how these were used. On a larger scale, the issue of privacy became the most talked about platform.

While most defectors leave considerable damage in the hands of the victimized organization, some may simply prove to be a catalyst for change. On the socio-political front, history echoes the story of Rosa Parks, who, in a bus ride, by not giving up her seat to an Anglo-American passenger, shone a light on the injustices of racial segregation. Indeed, there is a difference among defectors along the lines of intentions and courage to do the right thing for the greater good.

In a remarkable contrast to the defectors, among the loyal followers of rules, there are those who strive to rise above the rules. According to Green, they ask themselves: “Shall I be acting according to my ideal of virtue…as a good man should?”9 Rising above the rules, he “will always be on the look-out for duties which no one would think worse of for not recognizing.… He is like a judge who is perpetually making new law in ostensibly interpreting the old.”10 Interestingly, this view of Green is in complete agreement with that of C. S. Lewis, who asserts that you need no rules to obey if they originate from, or agree with, your own conscience. Wordsworth (Rob Roy’s Grave) beautifully echoes the same sentiment:

We have a passion—make a law, too false
to guide us or control!
And for the law itself we fight in bitterness of soul.
And puzzled, blinded thus, we lose distinctions
that are plain and few;
These find I graven on my heart; that tells me what to do.

Limits of Rules

Where rules do not exist, chaos prevails. The electronic currency, including its most visible variant bitCoin, suffers from the lack of rules for its governance and, therefore, is often suspected of potential criminal activities due to unregulated anonymity. Undoubtedly, the value of rules has been established; without rules, the world would not be the same. Unfortunately, we find ourselves in the midst of more and more rules. For example, rules addressing the issue of net neutrality are in the works and may be announced sometime soon. Rules provide for stability in expectations, protection, security and even human dignity. So, they have a definite place and will likely exist forever. However, rules are a double-edged sword: necessary but costly and invasive, often resulting in apparently nonvalue-added work. Enforcement of rules can detect violations, but cannot always prevent compromises. Rules engender rooted bureaucracies, and they may be overdone in response to a catastrophe or slow to change even in a dynamic environment and, thus, may become overhead at least until they are recast to fit the change.

What is especially concerning is the fact that despite rules, compromises occur. People, including institutions and the government, know right from wrong but would indulge anyway. Recent hacks on Sony Corp. provide a graphic example of gross indulgence that blurred the line between a corporate hack and cyberterrorism. It seems that rules are incapable of passing on to the people any moral wisdom implicit in them. Thus, rules are mere crutches to support society in the face of anticipated defectors, necessary, but not sufficient and perhaps even effective.

The quandary is this: There appear to be no better solutions. Relying on character traits of individuals is a possibility, but even good people sometimes break their resolve. This may have been induced by the interaction with the nurture side of the nature-nurture relationship. Moral action is the expression of a man’s character, as it reacts upon and responds to given circumstances.11 People have multiple social identities, and moral behavior can change according to which identity is most on their minds. For example, leaving dropped popcorn on the floor of a movie theater may be acceptable, but doing the same on the floor of a church may not be acceptable.12

The context can be only an inducer of the compromise. What really matters is the character of the person involved in the act. But then, there are no strong rules for building the character of a nation. We hide behind a pile of rules to protect ourselves from the human frailty and still do not always succeed.


1 Green, T. H.; Prolegomena to Ethics, BiblioLife, USA, 2010, p. 211
2 Schneier, Bruce; Liars & Outliers, John Wiley & Sons, USA, 2012
3 The Pilgrim’s Regress, The Timeless Writings of C. S. Lewis, Inspirational Press, USA, p. 96-97
4 One might argue that the landlord in this case is the US Congress, which passed the law, e.g., the Sarbanes-Oxley Act.
5 Nicas, Jack; Andy Pasztor; “Landmark Rules for Commercial Drones,” The Wall Street Journal, 17 February 2015, p. B1-B2
6 This may become a moral issue if driving on one side of the road causes more fatal accidents than driving on the other side.
7 Op cit, The Pilgrim’s Regress
8 Op cit, Schneier
9 Op cit, Green, p. 372
10 Op cit, Green, p. 360
11 Op cit, Green, p. 120
12 Sapolsky, Robert M.; “When Our Ethics Change According to Where We Are, Mind & Matter,” The Wall Street Journal, 14 February 2015, p. C2

Vasant Raval, DBA, CISA, ACMA, is a professor of accountancy at Creighton University (Omaha, Nebraska, USA). The coauthor of two books on information systems and security, his areas of teaching and research interests include information security and corporate governance. Opinions expressed in this column are his own and not those of Creighton University. He can be reached at


Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.