Hi,

I was wanting some advice or views/opinions or build back doors into software. First let me explain my situation....

I have been working now for a company as a contractor on a number of projects, however the company is now undergoing serious financial difficulties as is unable to pay some employees and most contractors (where £100,000's is left outstanding every week :(). This as led to various scenarios that could possible happen,

1. The company goes bust and the administrator are called in and we lose everything, although the systems in place, i'm sure, would be copied and used in a newly set up company doing the same thing (without the depts)
2. Everything sorts itself out and all outstanding money is paid.

there are more but they are unlikely...

The problem i have is i find it very unfair that if the company as gone bust and people haven't be paid (namely me and other IT staff), why shud they be allowed to continue using the software that we have been developing without payment for it (most project are being continually developed on).

Now my question is would it be ethically ok for me to build something into the system that would allow programmer access to disable the system from further use (maybe until the software or labor is paid for)? or is this something i shud do to protect my own interests?

:confused::confused::confused:

I have heard of this kind of thing going on before but i would just like other views/opinions before continuing down this path.

Thanks

Now my question is would it be ethically ok for me to build something into the system that would allow programmer access to disable the system from further use (maybe until the software or labor is paid for)? or is this something i shud do to protect my own interests?

Ethically, no.

You also have to consider the fact that even if you did do it and there is some other major security breach. If that breach is investigated and they find your backdoor, you become the prime suspect. Or you could be considered to have been grossly negligent.

If you are a contractor, you should have a contract with the company. That ensures that you get paid for services rendered. If the company goes under what exactly would happen depends on the local laws. However I do know that a company would be forced to sell off assets in order to repay any debts in some cases and some jurisdictions.

the main problem is the company is has limited liability which would me the tax man comes first then if and thats a big IF there is anything left it is used to pay off VAT, and any other dept that is outstanding starting with PAYE employees.

I understand about the security risk involved with this, and although there is a access to this through the Internet. It is not through port 80 or 8080 and I find it unlikely that anyone would just stumble onto it without prior knowledge.

I do know that what i talked about was one of the main ideas (go bust and set up new one with the same services). i just find it quite difficult to accept that i will lose several thousand pounds and a company will benefit from the software i have developed.

No, it's not ethical to build that backdoor. Your question implies you already know this and just want someone to tell you otherwise.

You accepted money from the company (your pay) to build a product (the software), unless you have an agreement that states otherwise. If the company violates that agreement by not paying, you can respond by litigating or quitting the job. But purposefully corrupting the software is breaking your end of the bargain, which, presumably, normally doesn't include backdoors for the coders to shut down the software. As they say, two wrongs don't make a right.

Besides that, such behavior is quite flaccid and juvenile. Probably illegal, too.

sounds like the movie Office Space :)

modem hickup, made double post

I would bite the bullet and consult a lawyer; ethically, if you are under contract to produce code in return for payment, then they are obligated to pay up, otherwise it amounts to theft (philosophically, at least).

If the lawyer concludes that you would be unable to receive compensation, even after bringing suit against the company (or the new company that buys it, or the bank it sells its assets to, or whatever), then I would suggest that you quit, citing precisely this reason. They expect you to work, you expect to get paid. If expectations on either side of the agreement will not be met, then why enter in agreement to begin with?

On principle, I would tend to side with what's already posted. It's one thing to have the ability to sabotage the project while operating as an employee (this happens inadvertently all the time -- it's called bugs!), but another thing to intentionally leave these holes after you leave. People cannot be trusted to be perfect moral authorities, and suddenly you have power of their software that should not be there -- what if you fall on hard times and decide to threaten the company well after you have left? Certainly you would never consider blackmail, because you're probably a decent person, but that doesn't say anything about other people. If you can ethically do it, then so can others; this is not a desirable state of things, so on that alone I would suggest that it is not ethical to introduce back doors.

It's a rough situation though and I certainly sympathize. Consulting lawyers are not cheap, either -- I couldn't imagine why a suit in a small-claims court could not reclaim your salary. Lots of states have a searchable reference of laws on the books... you might consider perusing them.

I'm not sure on that, but if you haven't transferred copyright of your software to the company, they can't use it.

On the other hand, backdoor in the software can certainly bring some serious problems on your head, assuming it will be discovered. You shouldn't do it, and it wouldn't, as you think, ''protect your interest'' - if discovered it can be categorized as ''industrial espionage'' and you may end up in court.

otherwise it amounts to theft (philosophically, at least).
I agree, but actually there's nothing "philosophical" about it - it's Theft of Services, a bona fide, actionable charge.

I couldn't imagine why a suit in a small-claims court could not reclaim your salary.
Again, I agree - at least in principal. But be aware that winning in a small claims court situation does not always mean being able to collect, and, in many jurisdictions you'd still be liable for the court costs.

There are many many laws that say this is a big no no. Your question speaks of ethics but unfortunatly what you are talking about does not even come close to ethics but law.

For one you will be liable for "Industrial sabotage"this is not a good thing to be up against. Try find a job else where if you have that hanging above your head. I know i would not employ anyone who has been accuse / proven guilty of this. By the by, this can carry jail time...This is just one of the many many laws that you would be liable for charges.

It totaly depends on the liesence of your product, is there clauses that allow you to alter the software??? who is the owner, user??? You need a contractual lawyer to look into this. I dont think anyone on codingforums has the expertise in this, thats why they have law school.

Bit of advice though, if you are looking to cripple the company as they are not paying you, how will they get money to pay you, as the expression goes about "biting the hand that feads you"

We dont live in hollywood movies so there are always consiquence to our actions, beware of this before you act.