DIMENSIONS OF REFLECTIVE RESPONSIBILITY AND IT

Subject

In order to live up to the theory of reflective responsibility, the subject must be chosen in such a way that the ascription is viable and open to scrutiny. The process of imputation must show results and aim at the improvement of the circumstances of the involved parties. That means that some of the traditional problems of the subject of responsibility as discussed earlier appear less severe.

The traditional subject, the individual human being, is certainly still the central player in reflective responsibility. In our example, that means that the manager deciding about surveillance, the technician who installs it, or the company itself are still candidates. Reflective responsibility, however, demands more than just an easy identification, it requires checking whether the subject is capable of discharging its responsibility. At this point reflective responsibility may make matters even more complicated than traditional approaches. It is no longer enough to determine who or what is responsible; it is now required to ascertain that the responsibility in question is realisable. In the case of our example, that means that it is not enough to hold the CIO, the technician, or the firm responsible. These potential subjects must now be analysed with regard to their ability to live up to the expectation. Especially in the case of classical individual responsibility, this may lead to problems.

On the other hand reflective responsibility also offers advantages for any sort of subject. The emphasis on results and the recognition of the fallibility of the concept combine to facilitate ascriptions even in those cases that so far were problematic due to a lack of the fulfilment of conditions. Reflective responsibility recognises that even in the modern world, there is no alternative to the traditional system of the control of individual behaviour (cf. Seebass, 2001, p. 98). In those cases where individual conduct can make a difference and individuals are aware of this and able to act, the ascription of responsibility makes sense. In this sense the reflective idea of responsibility is in agreement with those approaches to the ethics of business information technology that emphasise the importance of the individual (cf. Langford, 1999a, p. 73).

However, reflective responsibility must take into account that there are limits to what the individual can do and that there are vast areas of ethically relevant problems where the limitation to individual responsibility is counterproductive because it leads to the oversight of important alternatives. This is the area of collective responsibility where the idea of reflective responsibility shows some of its strengths.

The main problem of collective responsibility in traditional moral philosophy,-as we have seen, is that collectives are not recognised as moral subjects. They do not fulfil the conditions of knowledge or self-consciousness. They have neither conscience nor body, they know no moral feeling and no compassion. They are not persons. While these objections may be valid for many ethical theories , they weigh far less with regard to reflective responsibility. The main questions here are: Is the ascription open, does it have consequences, and does it improve our collective life? If this is so, then the ascription makes sense. It is clear that in many cases these questions can be answered in the affirmative for collective subjects and therefore collectives can be accepted as subjects.

Of course collectives such as corporations have been recognised as responsibility subjects in some areas such as, for example, the law for some time. Moral philosophers might therefore object to the idea that corporations are responsible, that this has nothing to do with ethics, and that their point that collectives are not suitable subjects is not touched by these deliberations. A theory of reflective responsibility would reply that the determination of the normative foundation on which ascriptions are made is part of the process of ascription. Therefore, philosophers who rule out collectives as moral subjects and thus conclude that there cannot be collective subjects create the very situation they describe. They generate self-fulfilling prophecies or tautologies. In the cases where these are accepted as the normative basis in a given group or society, this would mean that no collective could act as a subject. However, if a group or society does not adhere to this normative basis, there is no prima facie argument against collective responsibility. In fact this point of view allows the use of moral ascriptions that go beyond what is admissible for human beings. One can for example use responsibility ascriptions for the purpose of stigmatising companies for unwanted behaviour that is usually deemed to be inappropriate behaviour if applied to humans (cf. Maring, 2001, p. 139).

While corporative collective responsibility does not pose any fundamental challenges to reflective responsibility, things become more difficult in the case of group responsibility. Here the problem is that there is no unified subject of action, and consequently it is hard to define a responsibility subject. A theoretician of reflective responsibility would first have to ask whether it is possible to assign responsibility in this setting in such a fashion that consequences become noticeable. In order for this sort of ascription to become viable, there will usually have to be institutions and mechanisms for accountability which allow the ascriptions to become viable and potential sanctions to be effective. This means that for example the anonymous user of a car realises the costs and damages he produces and is made liable for them. Similarly, the user of a computer or a certain program might be held responsible for the cumulative results that the use produces. Possible candidates for our example of privacy are those groups that set the tone of the discussion. This might be the group of CIOs in a particular industry or even the group of all business users who have to contend with or decide about surveillance. This is of course much more easily said than done, and even if it were possible in any given case, the question remains whether such an attribution of responsibility to the single individual of a group has anything to do with collective responsibility. However, from the point of view of reflective responsibility, this is a secondary problem. The distinction between the different types of responsibility is an artificial one anyway since they overlap in most cases. Reflective responsibility needs to ensure that the subject is identified and accepted, that it is capable of living up to the expectation, that the ascription is open, that it has results, and that it leads to an improvement of conditions in a general way. This is clearly ethically relevant in itself. Other than that, the question whether it is an ethical ascription, a legal one, or any other sort of responsibility is of secondary importance. Reflective responsibility thus solves the problem of collective responsibility by assigning a low importance to the traditionally contentious points and by concentrating on its own criteria. For our example that means that it might be reasonable to hold a heterogeneous group responsible such as a specific industry that has developed specific ways of dealing with privacy. If there is something like a collective approach to employee surveillance in, say, call centres , then it might make sense to ascribe responsibility for this practice to the call centre industry, regardless of whether it can have the status of subject in any other environment.

In the same manner the reflective approach addresses the difficult question of what the relationship between individual and collective responsibility is. All theories of collective responsibility as we have seen agree on the fact that they are not meant to replace individual responsibility. Collective responsibility is seen as a complement or an enhancement of individual responsibility. It is meant to facilitate individual responsibility or to cover different areas. In all of these cases, however, it has some kind of bearing on the individual aspect.

Collectives are constituted by individuals, and therefore collective responsibility will usuallyhaveresultsforindividuals.Theywillleadtoindividualresponsibility.A software company for example may decide to monitor its employees without notifying them. The employees can sue the company and it will then be held responsible by having to pay compensation. This may translate into individual responsibility when the manager who made the decision is fired or all of the employees get a financial compensation. But even in less clear-cut cases, collective responsibility will have individual consequences, which can be interpreted as individual responsibility. Just like individual responsibility can lead to or result from other individual responsibility, the same can be said for individual and collective responsibility.

One of the typical arguments against collective responsibility is based on the difficulty of distinguishing between individual and collective aspects of the ascription. Again, reflective responsibility has a relatively simple theoretical answer to this. Among the results of the reflective turn of responsibility, we have seen that it typically postulates the introduction of institutions with the purpose of rendering ascriptions viable. Also, it emphasises the importance of accountability and underlines the relevance of institutional and organizational factors for the establishment of accountability. The trick is therefore to find institutions and organisational arrangements that will allow the distribution of individual and collective responsibility. One example for such an institution that seems well suited for the realisation of the combination of the two aspects are codes of ethics or codes of conduct (cf. Eckard & L ffler, 1991, p. 286). This is of course only one possible approach. But again the important part is that the responsibility ascription is viable, that it is open, that it has consequences, and that it improves social life. Therefore the theoretical problem of untangling joint responsibility may be less important from the reflective viewpoint. Even though it is complicated at first sight, it is also manageable. In fact, as Schmitz (1998, p. 10) points out, it is a matter of daily routine in any court of law and therefore not a fundamental threat to responsibility.

There is one last point of interest with regard to responsibility subjects in IT. The question is whether computers or information systems can themselves acquire the status of subjects. ^[19] There are two extreme answers to the question. The first is yes, computers can be responsible because they make decisions, consequentially are subjects of action, and thus can be subjects of responsibility. On the other hand one can argue that computers are not moral subjects, that they do not fulfil any of the conditions, that they have no knowledge, no feelings, no judgment, no body, no mind, nothing that traditionally characterises moral subjects or persons.

From a reflective viewpoint one can again concentrate on other factors, namely on the questions of whether the ascription to a computer would be viable, whether it would have consequences that might further the underlying normative order. In this sense it might make sense to ascribe responsibility to computers in cases where further causal relationships are not discernible. An information system might be held responsible because it is known to be faulty. False and morally negative decisions made on the grounds of such a system may be attributed to the system. In some sense we all know this sort of reasoning when we hear: I could not do it because the computer crashed. Often this sort of reasoning is used as an excuse to render responsibility inapplicable. In these cases the use of computer responsibility would be against the spirit of reflective responsibility. However, it is conceivable that the ascription of responsibility to computers could make sense. In cases where it is no longer determinable which individual caused a certain behaviour of the computer, it may be a helpful construct to say the computer is responsible. The next question would then have to be what the results of such an ascription might be. If it were possible to build institutions that could translate computer responsibility into a form having to do with humans, then the ascription could fulfil its purpose. What we have in mind is a situation like this: An information system is recognised to deduce wrong conclusions from the given data. If this were known it could be said that the system is responsible for these conclusions. In a next step one could then say that humans or organisations dealing with this system are responsible for using it and will therefore be attributed the actions that result from the wrong conclusions.

Critics might object that this is not really a case of the computer being the subject of responsibility, but rather personal responsibility hidden under a new name . This is correct in the sense that the end result would be personal responsibility. However, the computer would still play the part as the subject in an irreducible part of the chain of ascriptions. Also, it could be argued that this has nothing to do with moral responsibility, and again the answer would be that the analytic distinction between the types of responsibility is not really important. In the end the ascription would affect how people act, and it would therefore have moral repercussions .

Where does this discussion of the subject of responsibility leave us with regards to our example of privacy and employee surveillance? We have seen earlier on that the problem of the traditional approach to responsibility for privacy was that it rules out some subjects such as collectives while the subjects it admits, individual human beings, do not fulfil the conditions of causality , knowledge, power, etc. By concentrating on the three main points ”on openness, consequentialism, and the good life ”the reflective approach can neglect some of the theoretical problems and the need for complete stringency and coherence of every type of ascription. What is important is whether ascriptions are open and thus acceptable, whether they improve our living together, and whether they refer to factual or expected results. This facilitates the ascription to subjects that so far did not play a role in responsibility such as corporations or even information systems. Of course the advantages of reflective responsibility go further than just admitting new promising subjects to the ascription process. In order for the ascription to be successful, there must be objects that correspond to the subjects, objects whose being ascribed to the subjects makes sense and is acceptable to those who are party to the ascription.

Object

There is a close link between the subject and the object of responsibility. Most of the conditions of responsibility discussed earlier refer to this relationship. The subject must have knowledge of the object, it must have a causal relationship and a certain amount of power over it. The subject must have a choice of whether to realise the object, or it should at least have the chance to avoid it. We have seen that these traditional conditions run into a number of problems. Firstly, there is complexity, which obscures the knowledge of causal chains as much as that of rules. Secondly, the objects in question may be out of the reach of available subjects. Some objects are cumulative; others do not appear to be caused by any subject at all. Thirdly, there is an apparent lack of intention in many of the technological problems. Fourthly there is the problem of side effects, and fifthly there is the huge problem of doing and omitting, the problem that apparently one does not have a chance of discharging all of one s responsibilities without running straight into new ones.

Let us take a brief look at the example from the beginning of this chapter. Possible objects of responsibility that were identified with regards to privacy and surveillance included the well-being of employees, profit generation of the company, the technical functioning of surveillance software, social acceptability of company practice, the image of the company, etc. If we again concentrate on the CIO as responsible subject, we quickly find that she has huge difficulties with being responsible for, say, the decision to install a monitoring system. The CIO will never be able to consider all of the results of this decision. While there may be good reasons to suppose that it will lead to an increase of turnover as well as an improvement of business processes, the totality of the results will only be determinable in hindsight. Maybe a certain group of employees will not get used to the new system and leave the company. Maybe it will offer a new weakness in security and allow hackers to destroy essential data. Maybe it will change business processes in such a way that the company all of a sudden discovers completely new services that it could provide. Similar uncertainties can be constructed for each and every possible object of responsibility.

What use can reflective responsibility be with regard to the object of responsibility in IS? Again, as in the case of the subject, the criteria of reflective responsibility help setting priorities, which in turn allows realising ascriptions. Openness and the corresponding discursive nature of ascriptions should help identify the relevant objects in the first place. In order to render the ascription practically relevant, reflective responsibility has to make sure that the object is clearly defined and delimited. These definitions cannot be produced by the subject itself. They always depend in some degree on the subject s environment. Depending on the situation and the scope of the ascription, this may mean the creation of large institutions or maybe just contractual agreements. There is a social side to it which is needed to define the temporal range and the question of side effects. Society and public administration must make it clear up to which point in time the results of actions have to be considered and how much care must be taken with side effects. In fact, it is constitutive of the notion of action itself that the agent has to limit the range of results in question (Spaemann, 1980, p. 189f). These are obviously difficult issues that determine much of the current discussion about technology. We are unable to consider all of the results of our actions, but we must be required to consider some of them. The limit is subject to debate, and it is one of the challenges for people who want to live in a responsible society to ensure that this limit is set and accepted. The debates about nuclear energy or biotechnology are examples for the relevance of these questions. But also the business use of computers will need this sort of guidance. As we have seen, the central problem of privacy is exactly that of its limits. Not the idea itself is contentious, but the question where it must yield to other interests or values.

Apart from this social scale of things, the same need for clarity and limitation of objects is also needed on an operational or managerial level. If someone is to be ascribed an object, then that object must be discernible. In our example this could mean that the CIO who is responsible for the surveillance system looks only at the immediate business implications of her actions. Of course she may be held responsible for more than that. Therefore, she must be willing to listen to the other stakeholders and take their opinions into consideration. A definition of the object that is too narrow may hold the advantage of being manageable, but may also run into the problem that it backfires later on. If the CIO accepts responsibility from the board of directors for improving discipline in the organisation by installing a surveillance system, then there is a good possibility that this responsibility can be discharged as planned. The example makes it clear at the same time, however, that there are more objects of responsibility that can be ascribed because of this action. Employees can feel insecure or customers may object to the fact that their emails are read for purposes other than intended. The CIO must be aware of this fact and act accordingly . This means that she must keep an open mind with regards to possible subjects and that she should follow open and discursive procedures in order to determine what these may be. Acting responsibly in a reflective fashion for our CIO means that she communicates with those people or groups whom she knows will be affected before making the decision. In the case of surveillance, there are some obvious candidates such as employees, but also management, customers, or other departments. The communicative nature of responsibility forces her to hear these opinions . As we have seen, responsibility ascriptions will follow morally relevant decisions anyway. The question therefore is: How can the CIO react to this knowledge? The two alternatives that we tried to develop here were:

1. Follow a traditional model by being responsible in her role for the fulfilment of her task, and

2. Being reflectively responsible by having the affected parties participate. The advantages and disadvantages of both courses of action are obvious. Action 1 is easier to handle, clearer to manage, and success/failure can easily be determined. On the other hand this action runs the serious danger of overlooking relevant factors that management is not aware of or does not consider important. This sort of behaviour goes a long way toward explaining the estimated 40% of failures of information system investments. Action 2 has the clear disadvantage of being more complex, more difficult to handle, more lengthy, and more expensive. On the other hand having the stakeholders participate in a decision is the best guarantee possible for finding out problems at an early stage, for maximising knowledge and prognosis in the future. The probability of success in determining relevant objects of responsibility is greatly increased by this sort of action. Consequentially, it can be argued that it makes economic as well as moral sense to choose this sort of action.

Summarising the problem of the object of reflective responsibility in IS, one can say that the fundamental problems discussed in the general theory of responsibility are not really changed. However, reflective responsibility can put aside some of the fundamental difficulties and concentrate on the realisability of an ascription. This will not solve all of the difficulties, and again most of the resulting ascriptions will be less than perfect and subject to justified criticism. Nevertheless, there is still the plausible case that the attempts of realising responsibility will leave the affected parties better off and therefore, given the procedural nature of reflective responsibility, it will be justified. The attitude that would result from reflective responsibility could be summarised as saying that an imperfect ascription of responsibility is better than none. The reflective turn of responsibility might help constituting such imperfect ascriptions where the traditional theory would fail.

Instance

The last of the three classical dimensions of responsibility is that of the instance or authority that determines the result of an ascription. As we have seen earlier, the instance is the most contentious dimension because many doubt its very existence. Some of the deciding authorities, however, are beyond any doubt. The legal authority of the judge is clearly recognisable in its power and tasks . Others such as God can no longer claim universal acceptability. We have also seen that some authors doubt the necessity of an instance and instead postulate that the recognition of and agreement to a set of rules is all that matters. This complete renouncement of the instance seems to go a little too far. The legal instances are a good sign for the fact that even in cases where the rules are known and accepted, there needs to be someone who can determine their fitting interpretation for a given case. Furthermore, one of the defining characteristics of responsibility is that it leads to consequences, often to sanctions. These sanctions will in most cases be against the will of the individual in question, and they will therefore have to be enforced against resistance. An effective ascription therefore needs someone who shapes the rules to a given case and who also has the power to enforce this interpretation. The specific weakness of moral responsibility is in many cases that this instance is nowhere to be seen.

What can reflective responsibility offer as a solution? The three functions of the instance, the identification of valid rules, their contextual interpretation, and their enforcement will all have to be integrated in the process of ascription. Let us recall the characteristics of the process of ascription from the point of view of reflective responsibility. In order to obtain validity and to be open and lead to consequences, all of the affected parties ”as far as possible ”must be included in the process. The discussion or discourse between all of these parties will have to address all of the relevant matters. This means that factual questions of truth and the relevant reality are as much an object as are questions of norms. We can see that the first task of the instance, the identification of the normative background, is always a part of responsibility ascriptions. Reflexive responsibility cannot take a particular set of norms or rules for granted, but always has to ascertain them.

This leaves us with the interpretation and the enforcement of the rules. Both of them are also addressed during ascription. The identification of and agreement on certain rules will usually happen with regard to a specific case, and it will therefore include the question of the appropriate interpretation. At the same time this question of the appropriate interpretation will tend to include or at least touch on the problem of enforcement. Reflective responsibility thus allows the addressing of all of the issues classically connected with the subject of responsibility without having to postulate the existence of any sort of physical or theoretical authority. This of course does not rule out that such an entity exists, but it does not presuppose its existence either.

Let us turn once more to the example. If the CIO wants to act responsibly in introducing the new surveillance system, then she will in a first step have to do a stakeholder analysis and try to find out who will be affected. These individuals or groups will then have to be given space and time to voice their opinions concerning the project. In this discussion (we call it discussion instead of discourse because the conditions of an ideal discourse will be far from fulfilled), subject, object, and instance of responsibility will be determined. Possible objects might be job security, ease of use, economic considerations, or many other things that depend on the specific case. These objects will then be attributed to the subject. That means that in all probability, more subjects than just the CIO will be identified. The responsibility ascription will most probably end in a web of responsibilities rather than in a single case. However, for our main subject in question, for the CIO, the result will be that the objects that she must pay attention to should be clearer. At the beginning of the project, the responsibilities will usually be prospective or ex ante . As the project progresses she will have to live up to and discharge her responsibilities as they appear. The responsibilities will then turn from ex ante to ex post, which means that the CIO will later on be judged on her performance with regard to the issues she knew in advance.

It is plain to see that this sort of process will be rather messy and error prone in real life. Every step of the way may lead down a dead end or may have to be repeated. The identification of stakeholders may overlook a relevant interest group, or the resulting discussion may be too dominated by any one group to be of value. But even under perfect discourse conditions, all of the affected parties may overlook a relevant issue. Furthermore there can be a lack of agreement on the norms and rules or on their application. The subject may not agree to the ascription, thinking someone else should be responsible. The persons holding specific roles could change and the successor may not know about expectations. Finally, the enforcement of rules may not work and people can use power positions to avoid sanctions. At the same time the mere attempt to organise such a responsibility discourse is costly and time intensive . From the point of view of the manager, the question is important: Why bother at all?

As we have already seen in the last section dealing with the object, there are two possible answers to this question: a business and a moral answer, both of which argue similarly. The tenor of the answer is that despite the costs, the attempt to realise responsibility is worth the effort because the benefits are potentially high. From the business point of view, the process can serve as a procedure to minimise the failure of an investment. Empirical research suggests that around 40 percent of the investments in information systems fail. Of those, only 10 percent fail because of technical difficulties, and the majority of failures are attributed to human and organisational problems (Forester & Morrison, 1994, p. 226). Given the immense value of technology investment in today s economy, the complex and expensive process of responsibility ascription would be economically justified if it could prevent just a relatively small percentage of these bad investments. Another typical problem with new technologies is that they tend to be implemented in a cultural gap. Those who are charged with implementing them tend to have a technical background, whereas the users and top management will look at issues of usability and profitability (Ward & Peppard, 1996). This culture gap is another reason for the failure of investments and again it might be overcome , at least in some cases, if the responsibility process as suggested here were realised.

A similar argument can be made from the ethical point of view. If the CIO wants to act morally, wants to accept ethical responsibility, then the stakeholderand-discussion-based approach offers a high probability of achieving this. A solipsistic ethical approach, where an individual tries to identify the ethical issues and to find the answer to them all by herself, may work just as well. However, there is a high probability that the individual does not know all of the relevant facts or overlooks some of the important perspectives. As we have seen some of the reasons for the rise to importance of the ethical concept of responsibility were the limitations of the individual, its lack of knowledge, power, or perception. The process as described above can help overcome these problems.

However, it should be stated clearly that there is no guarantee that this approach will work and that its results will indeed be better than those that would come about without it. This refers to the economic as well as the ethical side of it. The entire process of identifying and realising responsibility can be very costly, time consuming, and still not have a satisfactory result. Worse still, it may itself become a reason for the failure of a particular project that would have worked fine without it. Ethically, too, it may turn out that the responsibilities identified in the process are not the ones that matter in the end, or that they are not viable or that the results are more immoral than what would have happened without them. This lack of certainty and trustworthiness in an ethical process would seriously jeopardise it in many cases. A Kantian ethicist could probably not suggest something as uncertain with a good conscience.

However, it is one of the features of reflective responsibility that it realises and takes into account its own fallibility and builds on it. There are many good reasons why the process as described has a relatively high probability of being successful. It therefore stands to reason that instituting it will have positive results, that it will lead to consequences even if those are just incrementally better than what would happen without them. The intrinsic modesty of reflective responsibility with regards to its goals therefore allows the conclusion that the attempt is justified because of a positive expected outcome, even if there is no guarantee for it.

Another advantage of the reflective and discursive approach with regards to the instance is that the discourse may be able to identify a possible instance. If we see the ascription as a contest in which ascribers and ascribed try to sort out the acceptability of their claim, if we see responsibility as a conflict, then there is one characteristic that the instance must have: impartiality. Just as we assume that a judge is impartial in a court of law, any instance deciding about ascriptions and sanctions must be impartial. In the constructivist world of reflective responsibility, however, it is impossible to define who or what is impartial because there is no neutral ground. On the other hand any instance that is acceptable to the parties of the ascription and who is determined beforehand will be able to claim acceptability when enforcing its decision afterwards. This determination of the instance must therefore be part of the stakeholder process. It is also a good example for the mix of validity claims that are the basis of responsibility. The question of the instance will be answered by mix of normative, factual, and personal arguments that cannot be clearly distinguished.

^[19] For a more detailed discussion of this point, see Stahl (2001a).