This article has raised a lot of questions, but has not attempted to provide set answers. That’s because, ultimately, the answer to the question “Is it ethical?” must be answered by each individual IT professional. Unlike older, more established professions such as medicine and law, most ethical issues that IT and security professionals confront have not been codified into law, nor is there a standard mandatory oversight body (such as the national or state medical association or bar association) that has established a detailed code of ethics.
However, the question of ethical behavior in the IT professions is beginning to be addressed. Voluntary professional associations such as the Association for Computing Machinery (ACM) have developed their own codes of ethics and professional conduct, which can serve as a guideline for individuals and other organizations.