ISACA Journal
Volume 6, 2,016 


Information Ethics: Information Ethics in the Mid-21st Century 

Vasant Raval, DBA, CISA, ACMA 

This is the final installment of the Information Ethics column. ISACA wishes to acknowledge with deep gratitude this column’s author, Vasant Raval, for his significant contribution of thought leadership to the ISACA Journal and readers worldwide through the years. The column will remain archived on the ISACA web site for your reference.

In his book Code,1 Lawrence Lessig talks about the two first-generation theorists of cyberspace who delivered stories about cyberspace’s future in 1996. One envisioned that the future will be a pact between two forces of social order—code and commerce—while the other emphasized how the Internet will deliver more control to the government. The passage of some 20 years since these predictions has brought tectonic shifts in both code and commerce, impacting the social order along the way. In such a short period of time, we have precipitously ushered in the second generation of cyberspace.

There are significant differences between the first and the second generations of cyberspace. The first generation was dedicated to sharing of information, especially in academia and mainly for research. Security, confidentiality and user authentication were nominally important; the primary excitement sprung from the ability to network and share projects, exchange information in real time, and work with peers and professionals remotely. The second generation saw the migration of the code to the world of commerce, where economic value creation, efficiency, authentication and information security gained prime importance. Speed to market, globalization, scaling to the masses—these took over the agenda for priority setting and resource allocation in businesses. Nonissues of the first generation of cyberspace became significant concerns of the second generation.

In tandem with first-generation cyberspace observers, a community of ethicists evolved to give shape to moral issues in the increasingly dominant information space. When one predicted the impact of computers on society early on, several thought leaders followed the thread, including one who defined computer ethics as “a field concerned with policy vacuums and conceptual muddles regarding the social and ethical use of information technology (emphasis added).”2

It is important to examine the possible connection between the arrival of cyberspace and an increased level of interest in ethics of information. Ethical issues are derivatives of changes in the concerned domain that bring about new sets of dilemmas. The emergence of cyberspace has produced a new crop of rather difficult-to-resolve dilemmas, although the precepts and paradigms to address them remain the same. Thus, the practice of ethics is challenged while the underlying ethical principles remain stable. Absent cyberspace, information in existence at the time was controlled, and the sharing of information was guarded and purposefully intentional. With the advent of cyberspace, the shareability of information has reached astronomical heights (and there is farther to go!). Questions about who controls the shared information suddenly made available in cyberspace and how such control might be used by those who possess the information are central to issues of justice, equity, fair treatment, privacy, confidentiality and so forth. How these questions will be addressed carries a value connotation and, as a result, ethical consequences.

Even in the cyberspace age, the ethical dilemmas vary in degree of criticality. The use of Roomba to vacuum my home has limited or no ethical issues, while the use of drones to target insurgents is a different value-ridden exercise.3 Moreover, the cyberspace age works both ways: At times, it helps sort out an ethical dilemma while, in other situations, it may create a new one with which we must deal. For example, in camel races in Doha, when global positioning system (GPS)-enabled, automated robots replaced enslaved and starved Sudanese boys as jockeys,4 the atrocities rendered to kidnapped children were ameliorated. In the same cyberspace, the classic trolley problem, “Is it ethical to kill one person to save five?”5 resurfaces as a puzzle on the drawing board of the logic that will govern fully automated cars.

In one analysis, the GPS-enabled, automated robot jockeys would be an example of the logical malleability of cyberspace. “The logic of computers can be massaged and shaped in endless ways”6 to create economic benefits—a supreme force that leads to innovations such as Facebook, Airbnb and Uber. Given the same information resources of cyberspace, creativity may be the only limit to unleash powerful new business models. Once a business idea is born, its information processes can be structured to support the new model using logical malleability. This is how transportation as a service is born with Uber and hospitality as a service with Airbnb. Evidently, devices are necessary; however, it is logical malleability that creates value.

Social Order

The cyberspace leveraged by commerce creates a complex web of interactions among stakeholders, which impact the social order. Because social order is the face of humanity, it mirrors acceptance of and respect for value-centric behavior on the part of individuals and organizations. Social order, in other words, is where the litmus test of practiced human values is apparent.7

It can be argued that values are of two sorts: structural and substantive. According to one ethicist, the US Constitution and the Bill of Rights are indicative of these values, respectively.8 While both are critical and complementary in value judgments, it is the substantive aspect of cyberspace that constantly changes, creating new economic realities and presenting new ethical challenges. By providing a platform for ride hailing, Uber and its competitors have changed the substantive dimension of cyberspace. The provider does not need a dedicated vehicle called “taxi” and the traveler does not need to look for a taxi. Ride-hailing platforms in cyberspace arrange to have the provider meet the customer—a new service orientation to the old industry, thanks to the logical malleability of cyberspace.

When disruptive innovations enter the market, they throw the social order out of balance. For example, with Airbnb and Uber, their traditional rivals face possible job cuts while others who need extra income flock to the idea of part-time work. Ultimately, full-time jobs in the space may shrink considerably and part-time work with hardly any associated fringe benefits will grow. With driverless cars, even the traditional taxi business does not need a person at the wheel, making the scenario more complex. These structural shifts in the job market are not value-neutral forces. If anything, ethical dilemmas of the present-day cyberspace business models could prove far more challenging to sort out.

The irony is that while traditional careers face sunsetting, there will be new skills in demand, creating flourishing careers in domains such as data analytics. However, time, resources, skills and aptitude necessary for the transition could be a major handicap for most people in need. As a result, many could suffer, demanding justice and fairness for their treatment.

Regulation is the provider of stability in the midst of chaos. In this sense, it is the closest ally to business ethics. As industries mature, regulations become more effective and predictable in their outcomes. They provide the lowest common denominator of norms of behavior. However, in second-generation cyberspace, society is constantly buffeted by considerable changes. Also, these changes are nonlinear to a degree that any learning from the established regulatory framework is not very helpful.

The remarkably different chemistry of cyberspace makes much of the regulation meaningless; its translation is neither simple nor effective. After almost 20 years of providing due diligence to cyberspace, the US government is giving up control over the domain naming system managed by the Internet Corporation for Assigned Names and Numbers (ICANN), effective 1 October 2016.9 What this will do to the globally present structural dimension of cyberspace is, at best, uncertain.

We see the regulatory struggle in the hospitality industry, the ride-hailing business, drone deployment and fully autonomous cars. There are no good answers to the question of how to regulate the radically new versions of the old ecosystems. The financial technology (FinTech) revolution reinforces the same puzzle; it is difficult to determine how, and how much of, the elaborate regulatory structure of the banking and financial services industry could be applied to the new players in the electronic payment industry. The quote, “There is no substitute and no better ‘regulator’ than the moral point of view with its attention to the needs and concerns of others (emphasis added),”10 emphasizes that greater dependence on reflective morality would be more beneficial than unreflective obedience to law.

The Future of Information Ethics

As logic makes machines deliver more, an increasingly responsible role is assigned to the machine in a man-machine allocation of tasks. Over time, more complex machine-learning systems are designed, leaving very little for humans to do except at the design and coding stage of the system. This seemingly limited human role is, nonetheless, extremely important to information ethics. This is because value judgments are exercised and embedded in cyberspace by people, not machines. The morality of a machine is close to the moral grounding of the humans who create the machine, at least for now. As machines learn, the classic Trolley problem may be addressed by the machine itself.

The rise of bad elements will continue, primarily due to two reasons. First, humans are gullible and error prone. They make mistakes and are subject to judgment errors. The rise of social engineering presents irrefutable evidence that people succumb to fraudsters, including Ponzi schemes11 and con artists. Second, when technology obviates human judgment in a situation creating an ethical dilemma, humans are often tempted to commit a compromise.12 This is, perhaps, because of the remoteness of the impact of their decision. Ashley Madison is a graphic example of how this might happen; because it is presented through technology, having an extramarital affair does not seem to be problematic for many. As another example, studies on e-signature suggest that people signing electronically do not own their responsibility as much as they would had they signed on paper or sometimes when they did not sign at all.13

Cyberspace will continue to create very powerful businesses with enormous reach. Some of these companies will be quite young, endowed with low organizational maturity or a weak will. These businesses will be bigger in their economic impact than some national economies (Alphabet, Facebook and Uber are good examples of businesses with exceedingly large economic impacts). The need to ensure some measure of fairness seems to be increasing across these vastly influential technology platforms.14 These enterprises will become the de facto guardians of privacy, confidentiality, public interest and other values important for maintaining the social order. Because they create, they know much more about it than those who guard the guardians. It makes sense, therefore, to depend on these influential businesses at the leading edge to lead the way to ethical behavior. It remains to be seen as to how well they will individually and collectively meet this tall order. Presumably, material goals take precedence in a business compared to related nonmaterial goals15 and this is unlikely to change in cyberspace. If anything, the urge to be first in the marketplace actually could become more feverish. Already, we see the signs of racing companies that amass unprecedented market wealth and soon garner the influence of a near-monopolistic player in the global space. Interestingly, despite their size, no single player will have the influence to mute others in the space. Their individual efforts could probably be considered as best practices.

One other encouraging source for seeking guidance on the code of conduct is institutions that represent various professions at the core of the cyberspace revolution. Indeed, they should have knowledge and influence to harness collective insights to frame the rules of conduct in this space. It is difficult to predict whether this will materialize. The International Ethics Standards Board for Accountants recently released A Handbook of the Code of Ethics for Professional Accountants.16 However, the publication heavily emphasizes compliance, when we require much more from the professions to cope with seismic changes in the substantive cyberspace.

The structural dimension of cyberspace has marginalized the significance of national and regional boundaries. There is much more that a business, or any group of people, can do today with little concern for national boundaries. Yes, nations have their say in controlling the region’s destiny; however, it will be difficult for a region to prosper going against the tide of the substantive cyberspace revolution. Thus, the future is a mixed blessing; collaborating across boundaries while managing the destiny of the nation will be a balancing act for future political leaders. In the process, ethical meltdowns may happen when shortcuts are taken to gain an edge on national goals.

Now, nations ponder whether they can live with some sacrifice of privacy in the interests of society. While investigating crime scenes, German law enforcement has recently found that it does not capture enough surveillance data to track the movement of people. In the larger interests of society, a nation that is a staunch defender of privacy is now reconsidering whether some privacy can be sacrificed to hunt down criminals.17

The situation in Syria epitomizes a whole new migratory wave of people from the Middle East to various countries in Europe and beyond. This is not a direct result of cyberspace; however, it bears a significant impact on the future of identity verification and authentication. Thus far, individuals have looked to national authorities to provide identification and authentication certificates (e.g., passports). Refugees may not have any of these if they lost them or could not bring such personal belongings. And, if they do possess identifying documents, it is still difficult to identify people by relying only on papers from their country of origin. An alternative is to use block chain technology to provide identity and authentication data that would transcend national boundaries and local authorities.18 The idea merits experimentation and, in the long run, could provide more effective and humane global means of identity and authentication.

And, finally, regulators cannot effectively regulate what they do not know or cannot predict. For this reason, they will have to work with industry leaders to understand the new dynamics and, thus, decipher risk factors to be mitigated. A collaborative approach to developing regulations is the only way. In the United States, regulators have echoed this sentiment when, in the case of guidelines for drone use, they diverged from the past by seeking a collaborative, incremental approach to the development of drone use regulations. On the matter of autonomous cars, US regulators have embraced the thought that if driverless cars could save many lives, why not sooner rather than later?19 Regulators are prepared to work with automakers and their electronic collaborators to learn more about related risk and how to mitigate it in the new world of transportation.

Information ethics is discretionary and, by itself, may not produce value, at least in the short run. Even for the courageous ones who want to do the right thing, past experience may not be enough to identify ethical dilemmas, let alone solve them. It will take significant effort to protect human values as material progress keeps chugging along. We may be held hostage by the devices and means of efficiency, thus, more comfortable, but not happy.

This thought sums it up well: “Humanity is messy and the cleanup falls to us.”20


1 Lessig, L.; Code, Basic Books, USA, 1999
2 Moor, J. H.; “What is Computer Ethics?” Computers and Ethics, 1985, p. 266-275,
3 Washington Post, “How Drone Strikes Get the OK,” article reprinted in Omaha World-Herald, 8 August 2016, 3A
4 Raval, V., “Machine Ethics,” ISACA Journal, vol. 5, 2014,
5 Dockser Marcus, A.; “The Refurbished Trolley Problem,” The Future of Everything, The Wall Street Journal supplement, June 2016, p. 76-79
6 Op cit, Moor, p. 3
7 Ibid.
8 Op cit, Lessig
9 McKinnon, J. D.; “Obama Administration to Privatize Internet Governance on Oct. 1,” The Wall Street Journal supplement, 16 August 2016,
10 Spinello, R. A.; “Code and Moral Values in Cyberspace,” Ethics and Information Technology, vol. 3, 2001, p. 137-150
11 Securities and Exchange Commission, “Ponzi Schemes,” USA,
12 Ariely, D.; The Honest Truth About Dishonesty, Harper-Collins, USA, 2013
13 Chou, E. Y.; “What’s in a Name? The Toll E-signatures Take on Individual Honesty,” Journal of Experimental Social Psychology, vol. 61, 2015, p. 84-95
14 Fisman, R.; T. Sullivan; The Inner Lives of Markets: How People Shape Them and They Shape Us, PublicAffairs, USA, 2016
15 Raval, V.; “Moral Dialogue on the IT-leveraged Economy,” ISACA Journal, vol. 3, 2016,
16 International Federation of Accountants, 2015 Handbook of the Code of Ethics for Professional Accountants,
17 Turner, Z.; “Germans Reconsider Tough Privacy Laws After Terrorist Attacks.” The Wall Street Journal, 24 August 2016,
18 Warden, S.; “A Digital Fix for the Migrant Crisis,” The Future of Everything, The Wall Street Journal supplement, June 2016, p. 46-47
19 Stoll, J. D.; “US Won’t Impede Self-drive Cars,” The Wall Street Journal, July 2016, p. 23-24
20 Parish, S.; “A Far-Out Affair,” The Future of Everything, The Wall Street Journal supplement, June 2016, p. 17-21

Vasant Raval, DBA, CISA, ACMA
Is a professor of accountancy at Creighton University (Omaha, Nebraska, USA). The coauthor of two books on information systems and security, his areas of teaching and research interest include information security and corporate governance. Opinions expressed in this column are his own and not those of Creighton University. He can be reached at


Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.