We've already covered that ethical problems are never black and white. Questions of whistleblowing and information leaks are similarly grey- particularly in Boeing's computer security situation. In my opinion, neither Boeing nor Nicholas Tides and Matthew Neumann- employees of Boeing's IT Sarbanes-Oxley Audit Group (apps.americanbar.org/buslaw/blt/content/2012/01/article-4-haaf-platt.shtml)- were completely right in their actions.
According to the Seattle Pi article, “Computer Security Faults put Boeing at Risk” by Andrea James and Daniel Lathrop, Boeing listened to reports for years that “company’s inability to patch database and software development security holes” poses a “’significant deficiency’ within the computer infrastructure.” Despite an auditor raising ethical concerns, Boeing continued to fail to demonstrate a “robust control environment” in accordance with the Sarbanes-Oxley Act according to the Wired article (https://www.wired.com/2007/10/boeing-employee/). I believe if Boeing had made a meaningful effort to address the concerns of its employees, the employees would not have felt it necessary to go public with the computer security faults. That being said, Nicholas Tides and Matthew Neumann should have taken further action to disclose the Boeing shortcomings to the proper channels before going to the press. I do not think that Boeing was out of line in dismissing Tides and Neumann for disclosing private information to the press. According to the Seattle Pi article, although there were fears that the problem would rise to the level of “material weakness,” Deloitte- an external audit firm- gave the company’s control a clean bill of health. If the auditors disagreed with this decision, they should have focused on disclosing that to the federal authorities rather than gunning for public attention right away. It is understandable that most of the attention in this situation is being focused on the auditors' disclosure to the media. This detail enabled Boeing to legally terminate the auditors. That being said, the full details of their disclosures paint a picture that favors the auditors more. One detail in particular that I think was glossed over by most media sources is that the auditors not only went to the media but also the Security and Exchange Commission (SEC). The Wired article "Boeing Employee Fired for Discussing Computer Security" was the only article for class that I saw this mentioned in, and, even there, it was less than a sentence- "He then spoke with a reporter as well as the SEC about his concerns." Disclosure to the proper channels was definitely called for and appropriate in this situation. In fact, it's an auditor's job to inspect and ensure transparency and honesty. It would be shady if the auditors detected such a large scale problem and took no action to report it to the Securities and Exchange Commission. I do not believe that the workers should have been protected under the Whistleblower protection laws because they made the decision to go public with information that could have been dealt with in other channels without trying the other channels first. If they had first approached the SEC then gone public if no action was taken, I might have a different opinion.
0 Comments
Leave a Reply. |
Archives |