Today there is news that Google is close to a settlement
involving payment of $22.5 million related to its circumvention of the Apple
Safari security settings, which let it monitor the web browsing of users who
had blocked such monitoring. This very large payment was caused by a small
piece of computer code that planted a "cookie" (a tracking file) on devices
using Safari, including iPhones. The reason this computer code ended up
involving the FTC (Federal Trade Commission) in the US is that privacy rights
are regulated by law, so if a user sets the privacy settings on a browser to
deny monitoring, it is illegal to ignore this and monitor anyway. (It ought to
be difficult as well, but Safari was not programmed securely enough to stop
Google.)
Google has stated that the monitoring has not harmed anyone
and that it was not done intentionally. This statement will strike many as odd,
because it sounds like the excuse of a driver caught speeding: "I didn’t look
at my speedometer, and anyway nobody was harmed." Surely there must be a better
(and more ominous, for the consumer) reason for the monitoring, because would
they otherwise risk a fine of that size?
A new book by Donald
Palmer offers an interesting answer to this question. He looks at different theories
of wrongdoing by organizations, and classifies them by whether the wrongdoing
is seen as abnormal actions -- done for some benefit and facilitated by slack
rules and organizational cultures -- or whether the wrongdoing is seen as an
outcome of normal organizational functioning. Of those two types of theories,
we are familiar with the theories of abnormal wrongdoing, because it fits our
ideas of individuals and organizations calculating the potential costs and
benefits of wrongdoing and (if they lack a moral compass) choosing wrongdoing
when it benefits them. We are less familiar with theories of wrongdoing as a
result of normal organizational functioning, but these theories are interesting
because they are likely to explain many kinds of wrongdoing. The idea is that
under certain conditions, organizations are likely to commit wrongdoing
thoughtlessly and without consideration of benefits – just because their
systems lead to such actions.
A number of theories on normal organizational wrongdoing
exist, and it would be hard for me to do justice to his excellent book in a short
post. I can give an example, however: In an earlier post on the Costa Concordia shipwreck, I asked whether there might be a larger problem of safety routines
in Costa shipping. The answer was not clear then and still isn't, but Costa
ships have been involved in mishaps later, raising new questions about how they
are managed. This would be an example of wrongdoing through faulty
administrative systems. Organizations are not always organized (!) well enough
to handle the technologies and activities that they operate, and in some cases the
gaps in organization lead to wrongdoing through organized carelessness. Google
may indeed have broken privacy laws simply because no one thought of checking,
most likely because those writing the programs were too separated from those
who knew the law. In this case (Google says) nobody was harmed, but the same process
can produce much more dangerous results in other kinds of organizations.
Angwin, Julia. Google, FTC Near Settlement on Privacy. Wall
Street Journal Asia, July 9.
Palmer, Donald. Normal Organizational Wrongdoing: A Critical
Analysis of Misconduct in and by Organizations. Oxford University Press.