While the spirit of what you suggest is true (companies can equate loss of money with a bad experience) it will likely perpetuate a negative cycle instead of break it.

Sony, as an example, was already worried about lost profits, which is why they commissioned and deployed the infamous "rootkit". Hurting their profits will merely justify their current idea that without such software they will lose money. That type of negative re-enforcement is what makes bad children worse, so to speak.

HP also has this cycle. They thought they had an ethical issue internal to their company, and essentially "hired a thief to catch a thief" (to misappropriate an oft heard phrase).

The security "industry" (implying for-profit-companies) routinely hires "reformed" "former" hackers - because, again, one must be able to think like the adversary to stop the malicious individuals who mean us harm. The gray line here being that a self-professed reformed (but never formally prosecuted or convicted - ie not a felon) is okay for companies that proclaim "ethics" - but those convicted ones are tainted.

As many have alluded to - ethics (another name for "morals", but without the religious undertone) - are clearly individual to an entity, whether that be a person or a company.

Is what HP did wrong? Ask them if they really feel their actions were justified in protecting their proprietary property rights and I am sure they will say "no," but nod their head "yes" at the same time. Unfortunately it is merely a matter of opinion.

But in business, opinion counts. If publicly traded companies do NOT act in the "share holder's best interest" they can be fined or worse - enforcing the "profit as a rule of judgement on right and wrong" mentality. Protecting profit is a company's executives mission.

When faced with a distasteful ethical situation I am sure most of us would *like* to be able to say we would in no way support those actions - but as pointed out by a previous poster many of us routinely cross a potential ethical line in the "high" pressure of our mundane daily life (speeding, minor self-beneficial oversights, etc) to the detriment, however small, of our fellow Earth citizens.

And here I type, guilty as many of you are, being paid to "work", and surfing the 'net instead.

Shame on HP and Sony, et al. Oh yes... and me.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/416/33939#33939