Assignment 1:
Scenario 1:
Sami Mohammad is a software developer working at XYZ corporation. He made a mistake by leaving a CD at the coffee station. Sometime later, Laila, a junior programmer, was topping off her mug with fresh tea at the same coffee station. She was hoping to wrap up her work on the current SQL code module before it was time to go home. She saw the unlabeled CD on the counter. Being the helpful sort, she picked it up, intending to return it to the person
who had left it behind. Expecting to find perhaps the latest device drivers, or someone's work from the development
team's office, Laila put the disk into the drive of her computer and ran a virus scan on its contents before opening the file explorer program. She had been correct in assuming the CD contained data files, and lots of them. She opened a file at random: names, addresses, and Social Security numbers appeared on her screen. These were not the test records she expected; they looked more like critical payroll data. Concerned, she found a readme.txt file
and opened it. It read:
"Jill, see files on this disc. Hope they meet your expectations. Wire money
to account as arranged. Rest of data sent on payment."
Laila realized that someone was selling sensitive company data to an outside information broker. She looked back at the directory listing and saw that the files spanned the range of everything from customer lists to shipping invoices. She saw one file that appeared to contain the credit card numbers of every Web customer the company supplied. She opened another file and saw that it only contained about half of the relevant data. Whoever did this had split the data into two parts. That made sense: payment on delivery of the first half.
Now, who did this belong to? She opened up the file properties option on the readme.txt file. The file owner was listed as "Mohammad" That must be Sami Mohammad, the developer, she thought. Laila pondered over her next action. She called the company security hotline. The hotline was an anonymous way to report any suspicious activity or abuse of company policy, although Laila chose to identify herself. The next morning, she was called to a meeting with an investigator from corporate security, which led to more meetings with others in corporate security, and then finally a meeting with the director of human resources and the CIO of XYZ.
Questions:
1) Was Laila's action of reporting this justified or she should have left the CD back at the coffee table? Is it Ethical? Discuss and support your answer with respect to the four workable theories we have discussed.
2) What would be the legal issues that might be taken against Sami if he is found guilty?