A service from Red Gate

in
Home SQL .NET Exchange Opinion Blogs Forums About
Sign in | Join | Help
Home Blogs Forums
Blogs Home > Phil Factor's Phrenetic Phough... > DBAs and the moral dilemma

Phil Factor's Phrenetic Phoughts

Simple-Talk columnist
The wilder shores of Transact SQL

DBAs and the moral dilemma

Published Friday, August 10, 2007 7:50 PM

DBAs are often put in a difficult moral position in the course of doing their work because they have a uniquely privileged access to corporate data. The ridiculous stories that have recently been put about by security firms concerning the dishonesty of DBAs miss the point entirely. In twenty years of work in the database industry, I have never come across a corrupt DBA. Bad-tempered perhaps, eccentric, tedious, unhelpful maybe, but never dishonest. I've come across criminal behaviour in almost every other participant in the IT industry, but never in a DBA. It doesn't seem to be part of a DBAs personality. A DBA is always better at observing and monitoring than participating. It is an important talent for a DBA
 
No, the problem for DBAs comes when they discover dishonesty and criminal activities in the company they work for.  This has happened to me several times. When you are designing and maintaining a financial system, you have to subject the financial transactions of the company to an intense scrutiny. It is a matter of self-preservation. When doing financial reporting, you have to crosscheck all the figures you provide, often with more zeal than the auditor. After you have your eye in, criminal activity is easy to spot, and alarmingly frequent. When it is a rogue individual, then the course of action is clear, but when the company itself is corrupt, the DBAs position is difficult indeed.

I could write a book about the criminal activity, and civil offences, I've come across in companies I've worked for in the course of my IT career. The trouble is that it would be cheerless and discouraging to read, as there is no easy, career-enhancing way out of the predicament in which the DBA finds himself. They were, with only one exception, painful and dreary experiences.

I once, long ago, got a job helping a company to configure a handheld PC for remote monitoring. The employers were pleasant, and paid both well and promptly. One might, perhaps, criticize the cut of their dark suits or their strange habit of wearing sunglasses in winter, indoors, but they seemed honest and straightforward. It was some time before I discovered that I was configuring these machines for remotely altering the behaviour of  'one-armed bandits' (fruit machines). I never discovered what country these were used in. When I spoke reproachfully to the MD, he smiled disarmingly and said that of course the organisation did criminal things since they were a criminal organisation. He proudly told me that the device could milk a punter of his cash as smoothly as one could milk a cow. I'd always puzzled over why they referred to the portable device as a 'milking machine'. Now I knew. Firstly, one let the gambler win over and over again until that psychological point at which the gambler felt his luck was in, and then one changed the odds to the exact setting that experience had told them that the average gambler would continue to put money into the machine despite losing. I'm told that this fiddling of the odds is all done automatically nowadays; alas the demise of manual labour.

He explained that, except for the obvious, and lucrative transgression, they were obliged to run their business with complete integrity, as they had to assume that they were under round-the-clock surveillance. They were never a day late with payments or filing their tax returns. They never knowingly committed any sort of offence. They were 'squeaky', he explained.

Fortunately I had, by then, completed my work. His honest answers to my questions rather floored me. Besides which, these guys had charm.

We parted on good terms.  I tried to feel tainted by my association with them but couldn't. For many years afterwards we exchanged Christmas cards, but I have never been tempted to try my luck on any slot machine since that day.

by Phil Factor

Comments

 

SQLWayne said:

Better the devil you know? :P

I haven't run into anything that bad, but I did quit a job because the owners wanted me to assign expenses of their residence to houses that they rented out, very non-kosher.  That's been my only employment-related moral dilemma that I can recall.
August 13, 2007 11:26 AM
 

swjohnson said:

In my last few jobs at a financial institutions (US, Latin America, & Eastern Europe), I was in the financial transfers area and as the DBA, I had quite a bit of power and was also on a team for fraud (i.e. credit card/debit card transactions).  I had to be bonded and insured as part of my employment with them as were all other team members.  

However, I consistently came across instances where someone (not on our team) was trying to subvert the system.  Nothing suprises me when it comes to money and people trying to cheat the system and have been offered many things to help.  
August 13, 2007 4:02 PM
 

Phil Factor said:

Possibly the silliest case I came across was the company I did a job for that had two accounting systems, one real one and one for the Taxman. This was in the days before Windows and the systems were set up in Concurrent DOS. One just used a 'hotkey' to go from one to the other. They felt I was being rather sanctimonious when I refused to have anything to do with the system!
August 14, 2007 5:24 AM
 

ShawnNWF said:

That is a position where I might have to call the IRS anonymous hotline, or the HMRC in your case.
August 15, 2007 9:16 AM
 

Adam Machanic said:

Nothing quite that interesting has happened to me.  The nearest to criminal activity I've encountered was last year, when I received a call from a guy who wanted me to pretend to be the project manager of a team of developers in the United States.  Seems he'd scored a few lucrative web dev contracts, and had signed agreements with his clients that he would only use American developers.  He wanted me to take everything from his real team -- in India -- scrub it of anything that might ring alarm bells with the clients, such as improper use of English, and lie about where the work was done.

I said no thanks...

August 17, 2007 12:08 AM
 

HenryH said:

Yes, I had a very painful experience in discovering that the IT director was defrauding the company out of hundred of thousands of pounds. The police, who I discussed this with, weren't at all interested in white-collar crime.
August 17, 2007 11:00 AM
 

Mobile.Holmes said:

Nicely done! I think your perception of of the character of a DBA is spot on. I've been faced with many crooked business owners who wanted a little boost. Last one was a magazine publisher who, not having the postage to send the full mailing list wanted the list cut by 100,000 people.

I've never seen anyone in IT doing these kinds of things. Maybe I'm running with the wrong crowd.
August 22, 2007 7:55 PM
 

JayDubya said:

Hmm, I was DBA for a UK law enforcement agency (not saying which one) and resigned as a matter of principle over the corruption and rampant cronyism which went on there. I have to say this was on the civilian side, not uniform, though some were compliant to it too. Shame because it was an intrinsically rewarding and fulfilling job.

My only regret was not breaking one of the weasel's fingers when he tried to give me a 'special' handshake when I was asking probing questions about their wasteful software licensing arrangements!
August 22, 2007 9:33 PM
 

Granted said:

I've never actually uncovered illegal activity at a place where I was working. However, the founders of a startup that failed shortly after I left went on to found another company. This one used the technology developed by the first within spyware to capture & report every web page a person visited as well as capturing keystrokes within search screens or comment screens like this one. They were under investigation when I was contacted by one of the investigators. They were curious about the types of data that could be stored by the original system. When I told them about all the personal data we collected in the original system the flabergasted investigator informed me that he'd been told by the company that they had no way of connecting the web pages collected and the personal information of people. When I got done explaining how exactly he could run a select statement against the original database (I kept the schema's) he was gleeful.
I understand they may have done some jail time.
August 23, 2007 7:18 AM
 

nigelrivett said:

>> they discover dishonesty and criminal activities in the company they work for.  This has happened to me several times

Wonder why you seem to gravitate towadrs these companies.

Was at a (very large) company where they had interesting purchasing agreements aranged by a manager and his brother. Diskettes £10 each was the first interesting one I noticed - it was before dvd's and cd's were expensive so they used a lot of them. Think they were about £2 a box in the high street at the time.
Had to use that supplier because they were so reliable (although oddly always late).

Usually though I find dishonesty to do with call centres - not  the customer info but fiddling the performance statistics. Not a fun job though so don't really blame them
August 23, 2007 11:34 AM
 

Maxx Dopp said:

I was working as a manager for a medium-sized manufacturing company, and I found it odd that I never got to see my budget. One day, by accident, my budget for the previous quarter was sent to me. I discovered that I had an employee on the payroll that I was supposed to manage, but had never heard of. With a little research, I found out that this employee was the company's owner's sister, who lived in a different state, who was obviously not doing any work, just collecting a check.

I have to agree that the "nature" of the professional DBA is honesty and integrity. In fact, I would like to see PASS, or other professional organization, create a code of ethics for the DBA profession, along with other professional standards. Not because I think it is really needed, but because it will help recognize DBAs as a very important job and career.
August 23, 2007 3:24 PM
 

Lee said:

My guess is that it would require legal training to ferret out every instance in a person's career when one's skills have been employed for illegal purposes.  There are so many laws, and so many ways to break them.

It isn't even clear to me that Phil's example would be illegal in a technical sense, if the primary customers happened to be casino owners.  Legalized gambling (at least in the U.S.) appears to be one of those "perfect storms" where the interests of businessmen (casino owners), government, and shady individuals are congruent.  

I have definitely been asked to do things, in my 23-year career, that I considered unethical or borderline, but cannot recall ever being outright asked to break a law.  I have been asked, on occasion, to write statistical reports that provide every advantage toward corroborating management's favored spin, but if there is an implicit hint to fudge the results, I usually dispel that notion by sending an email stating all of the assumptions contained in the query.  That usually ends any off-the-record discussion.  I follow the rule that I never code anything that I'm not willing to explain to someone, prefaced with, "Your Honor...."
August 23, 2007 3:46 PM
 

Vayse said:

Slot machines in the UK have to guarantee a minimum return, I think its around 72%. It will be on the bond sticker on the side of the machine. The percentage winnings are calculated beforehand on all machines anyway, so its not much of a stretch to change the percentages on the fly.
August 27, 2007 5:11 AM
 

SQLWayne said:

<b>I never code anything that I'm not willing to explain to someone, prefaced with, "Your Honor...."</b>

Lee, you've struck the proverbial nail on the head.  Just like never posting anything online that you don't want to see as a newspaper headline, not that I've ever done anything like that. ;-)
August 27, 2007 1:01 PM
You need to sign in to comment on this blog
  Opinion Home

  Opinion Pieces (94 articles)

  Geek of the Week (36 articles)

  Tony Davis - Editor (6 articles)

  Phil Factor (40 articles)

  Damon Armstrong (8 articles)

  Douglas Reilly (40 articles)

  Adrian Furnham (1 articles)

  Claire Brooking (1 articles)

  Richard Morris (32 articles)

  Tim Gorman (1 articles)

  Jesse Liberty (5 articles)

  Sarah Blow (1 articles)

  Anna Larjomaa (1 articles)

  Gaidar Magdanurov (2 articles)

  Regular Columnists (1 articles)

  Ben Hall (2 articles)

  Blogs Home
<August 2007>
SuMoTuWeThFrSa
2930311234
567891011
12131415161718
19202122232425
2627282930311
2345678
Reporting on Mobile Device Activity Using Exchange 2007 ActiveSync Logs
 In this new column giving practical advice on all things Sys Admin related, Ben Lye takes on the often... Read more...

The Bejeweled Puzzle in SQL
 Alex Kozak provides another SQL puzzle to hone your SQL Skills with.  Read more...

Using Powershell to Generate Table-Creation Scripts
 For all of us who learn best by trying out examples, Bob Sheldon produces a PowerShell script file for... Read more...

Configuring Exchange Server 2007 to Support Information Rights Management
 In Exchange Server 2007, Information Rights management is easy to set up once you have set up the... Read more...

SQL Response: The dim sum interview
 Richard Morris met David and Nigel of the SQL Response team, in a dim sum Restaurant in Cambridge. They... Read more...