|
A software development company (MoneySoft) writes a banking software suite for a chain of banks. This software encompasses all major business processes for the banking chain that can be automated and computerized. The bank relies heavily on this suite of computer programs and at least one aspect of it is installed on all computers used by the bank. All computers are connected over local area and VP networks, and they all access a central database of customer information, with various departments having access to only the data tables they require access to in order to perform their job.
The president of the chain of banks decides that he needs more comprehensive, statistical functionality from the original specification of the software. He outlines his requirements in a meeting with an analyst (named Zilpha) from MoneySoft. When Zilpha gets a chance to review the requirements at length, she realizes that the required functionality can be implemented in two ways – the cheap way or the expensive way.
The cheap way would take very little time, and would require only that the developers give the president access to additional data tables which he had not previously had access to, and develop the needed queries. However, the reason that the president hadn’t had access to them previously is because not all of the data contained in the tables was deemed safe for viewing by any but a few departments, none of which included any executive departments.
The expensive way would take quite a bit more time, and would require that the developers restructure the central database, separating the columns of data in each new table that the president will need access to, and create a new set of tables comprised of the separated table columns. This would be done in such a way that the president will have access to the data vital to his requirements while not giving him access to any extraneous data. However, Zilpha realizes that, to do this, developers will have to sift through (insert large number here) complex queries and restructure them to work with the new form of the database.
Zilpha guesses that the president won’t be willing to spend the money required for the “expensive” solution. He doesn’t know much about computers, and would never understand why he needs to spend so much on a solution that, to him, is very simple. Zilpha calls him up and tells him the expected costs, and he barfs in her ear. She knew that would happen. Yuck, Skittle™ chunks and coffee grounds.
Zilpha isn’t sure how she should explain to the president why the “cheap” solution is unsafe. If she comes out and tells him about the privacy issues involved, he may not change his mind, and would then know that he could possibly gain access to this extra data. If she doesn’t tell him about the potential privacy issues, and someone uses the extraneous data to their advantage, MoneySoft could get in big trouble. Worse yet, Zilpha could get fired!
To top it all off, MoneySoft isn’t very large, comprised of a total of 5 highly-skilled individuals. Their only large client at the moment is the bank, and if they lose them, the company will have to start over from square one again and the team will have to go back to eating Cheeto™ entrees for dinner.
What should Zilpha do? It’s obvious that she can’t make this decision on her own; she should consult with her co-workers. Let’s assume everyone at MoneySoft is involved in the decision process.
There are some things to consider before MoneySoft makes a decision. First of all, we are dealing with the president of the bank, not just some employee. His integrity is, in part, responsible for the success of his bank. If it were discovered that he was looking at data that he shouldn’t have been or, worse yet, was using that data for his own benefit, his banking career could be over. He may, at the very least, consider this fact and decide that the wise thing to do would be to leave well-enough alone, and use the software strictly for its intended purpose.
At the same time, however, as a software company whose success also relies, partly, on the integrity and security of their software due to the sensitive, financial nature of the transactions, it would be a large risk to allow any client to have access to some software they developed which poses such a security risk. After all, it only takes one visit to the office by the president’s computer-savvy nephew to screw things up for everyone involved. What would people think of the company’s software if a 15-year-old managed to get a list of 150 credit card numbers from it during a brief visit to the office on national “Bring Your Nephew to Work” day? Besides all of this, there are also important ethical questions that the employees of MoneySoft should ask themselves while considering various actions during the decision-making process. These considerations include:
Is the action legal?
Does it comply with MoneySoft’s values?
If the employees do it, will they feel bad?
How will it look in the newspaper?
We will analyze each of these considerations in turn, and make a qualified decision for each. We will then weigh the relevance of each question, relative to our situation, and then determine a final course of action based on the answers to the questions.
When considering the question of legality in relationship to the sharing of personally identifiable financial information that is not publicly available, there are two federal laws that are generally consulted. The first is the The Fair Credit Reporting Act, which deals primarily with the handling of information distributed by consumer reporting agencies, and the second is The Gramm-Leach-Bliley Act, which limits the ability of financial institutions to distribute personal information and distinguishes between the sharing between affiliates and non-affiliates.
According to the Federal Reserve, The Fair Credit Reporting Act applies to the sharing of financial data in the following way:
“When a financial company obtains your credit report from a credit bureau, it may want to share that information with an affiliate, meaning a company that owns your financial company, that your financial company owns, or that is part of the same parent organization or corporate family. Under the Fair Credit Reporting Act, however, if the financial company plans to share certain information--for example, from your credit report or your credit application--with its affiliates, it will usually first notify you and give you an opportunity to opt out. This notice is likely to be included in the privacy notice you receive from the financial company under the Gramm-Leach-Bliley Act.”
The Gramm-Leach-Bliley Act, on the other hand, distinguishes between affiliates and non-affiliates (service providers, joint marketers or other third parties) and sets the precedent that financial institutions are required to send privacy notices of what information is shared with non-affiliates and provide a means for customers to opt out – but not when information is shared with affiliates.
In short, if the newly exposed table data included information from a customer credit reports or credit applications from subsidiaries, then the cheap solution may touch on some legal issues. Otherwise, as long as the information is not shared outside of the chain of banks then everything is legal.
When further considering how this issue relates to MoneySoft’s values as a software development company, we might explore some further options that would permit the changes as requested without degrading the security MoneySoft’s success relies upon. If an initial analysis suggests that the reason the executive departments were not included in the original set of permissions for those data tables was because the executive staff may not have the proper legal or security background to understand the implications of using or having access to said data, then the option of developing the requested statistical functionality and requiring the president to delegate the actual reporting to those departments with appropriate permissions might be worth considering. Alternatively, an auditing mechanism might be put into place to empower the executive staff to perform these queries with the understanding that suspicious queries will bring up red flags and/or additional security measures be taken on the president’s account to provide further validation when performing these sensitive queries.
The first option would permit the president to get the required information, but might cause some inconvenience. From a company perspective, the nuisance of having to go through other departments to perform the necessary statistical querying might be enough leverage to gain the funding to hit on one of the middle grounds in the second option that would produce a further value to MoneySoft’s product.
When considering if it will make the employee’s feel bad by adding this access, it is important to keep in mind if one of the “cheap” solutions are implemented and the president could gain access extra data – not telling him about the potential privacy issues does not make them go away. Security through obscurity should never be used as an excuse.
Any security flaw exposed in a software product would look bad for a company in a newspaper. This is especially true when it relates to a financial application that the software manufacture prides itself on. Exposed design defects like this will inhibit the expansion to other potential customers and would make current customers look bad for choosing your software product.
Overall, it is in MoneySoft’s favor to continue working with the bank to provide cost effective solutions with their software suite. MoneySoft needs to keep a good working relationship with their only customer, but also needs to keep true to their initial goals and values of maintaining the integrity and security of their software if they have any hopes of attracting new customers. The enhancements being requested are not unreasonable, nor are they inherently illegal or ethically questionable. It is only the method by which these enhancements are added that questions of security come into play.
If Zilpha still feels uncomfortable with the “cheap” solution after discussing it with her colleagues, then she should consider developing one of the other options with the bank to find a middle ground that both can agree on. Expanding upon the option where the president would delegate the querying to a department with the appropriate permissions, the table spaces that are required for this project could be exported to provide the information needed without violating any of the original ideals of MoneySoft. When confronted with software engineering situations where the outcome appears to be either black or white, a little resourcefulness can pay off in a shade of gray that meets everyone’s wishes.
|