Malicious compliance

Last updated

Malicious compliance (also known as malicious obedience) is the behavior of strictly following the orders of a superior despite knowing that compliance with the orders will have an unintended or negative result. It usually implies following an order in such a way that ignores or otherwise undermines the order's intent, but follows it to the letter. [1] [2] It can also describe a willful act of regulatory interference, for example when a corporation releases a compliant but inferior version of a product in response to new legislation. A form of passive-aggressive behavior, [3] it is often associated with poor management-labor relationships, micromanagement, a generalized lack of confidence in leadership, and resistance to changes perceived as pointless, duplicative, dangerous, or otherwise undesirable. It is common in organizations with top-down management structures lacking morale, leadership or mutual trust. In U.S. law, this practice has been theorized as a form of uncivil obedience. [4] [5]

Contents

Malicious compliance was common in the Soviet Union's command economy; examples are used in the studies of behavior, management, and economics to hypothetically show differences between the Soviet command economy and a free market. [6] [ unreliable source? ]. As of the 2020s, the term is often used to describe commercial response to digital governance, for example the response of American big tech to the European Union's requirement for informed consent in their General Data Protection Regulation.

Definition

There is no universally agreed-upon definition of malicious compliance. Among those ventured, a principle characteristic includes establishing 'malice' as a behavior "always meant in some way to damage, humiliate or threaten the established power structure, regardless of what level that may be". [3]

Fundamental to establishing malice is whether there is any financial or other remunerative incentive in acting contrary to good practice, as well as the likelihood of penalties and their severity for non-compliance, both of which mitigate the charge.

Another fundamental characteristic is that the malicious action can be taken without overt risk, as one is complying to the letter of a directive. [3] Nevertheless, repercussions may follow, often indirectly, whether from the supervisor, co-workers possibly burdened by the consequences of malicious obedience, or others higher in the management structure. [3]

The definition becomes grey when countering motivations are introduced, such as complying with what may be construed as a wrong-headed directive with the intention of drawing attention to the consequence, as to highlight an inefficient procedure or the managerial inadequacies of a superior. [3]

Some perceive malicious compliance as a tool for effecting change, such as social change, [7] or meeting goals, such as production quotas, even at the expense of efficiency and the organization. [8]

Other motivations include office politics, jealousy, revenge on a supervisor, [3] [9] and simply "sticking it to" an organization one is unhappy with. [5]

Examples

Some possible examples of malicious compliance include:

Responses

It has been theorised that managers might avoid malicious compliance by not making excessive, contradictory, or incomprehensible demands of employees as well as clarifying policies. [16]

See also

Related Research Articles

Social influence comprises the ways in which individuals adjust their behavior to meet the demands of a social environment. It takes many forms and can be seen in conformity, socialization, peer pressure, obedience, leadership, persuasion, sales, and marketing. Typically social influence results from a specific action, command, or request, but people also alter their attitudes and behaviors in response to what they perceive others might do or think. In 1958, Harvard psychologist Herbert Kelman identified three broad varieties of social influence.

  1. Compliance is when people appear to agree with others but actually keep their dissenting opinions private.
  2. Identification is when people are influenced by someone who is liked and respected, such as a famous celebrity.
  3. Internalization is when people accept a belief or behavior and agree both publicly and privately.

In computer security, a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures and/or software vulnerabilities from spreading. The isolation metaphor is taken from the idea of children who do not play well together, so each is given their own sandbox to play in alone. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory scratch space. Network access, the ability to inspect the host system, or read from input devices are usually disallowed or heavily restricted.

In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Compliance has traditionally been explained by reference to the deterrence theory, according to which punishing a behavior will decrease the violations both by the wrongdoer and by others. This view has been supported by economic theory, which has framed punishment in terms of costs and has explained compliance in terms of a cost-benefit equilibrium. However, psychological research on motivation provides an alternative view: granting rewards or imposing fines for a certain behavior is a form of extrinsic motivation that weakens intrinsic motivation and ultimately undermines compliance.

An Internet bot, web robot, robot or simply bot, is a software application that runs automated tasks (scripts) on the Internet, usually with the intent to imitate human activity, such as messaging, on a large scale. An Internet bot plays the client role in a client–server model whereas the server role is usually played by web servers. Internet bots are able to perform simple and repetitive tasks much faster than a person could ever do. The most extensive use of bots is for web crawling, in which an automated script fetches, analyzes and files information from web servers. More than half of all web traffic is generated by bots.

<span class="mw-page-title-main">Portable application</span> Type of computer program

A portable application, sometimes also called standalone, is a program designed to operate without changing other files or requiring other software to be installed. In this way, it can be easily added to, run, and removed from any compatible computer without setup or side-effects.

Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. The process employs the use of a cryptographic hash to validate authenticity and integrity. Code signing was invented in 1995 by Michael Doyle, as part of the Eolas WebWish browser plug-in, which enabled the use of public-key cryptography to sign downloadable Web app program code using a secret key, so the plug-in code interpreter could then use the corresponding public key to authenticate the code before allowing it access to the code interpreter's APIs.

An open API is a publicly available application programming interface that provides developers with programmatic access to a software application or web service. Open APIs are APIs that are published on the internet and are free to access by consumers.

<span class="mw-page-title-main">App Store (Apple)</span> Mobile app distribution platform by Apple

The App Store is an app marketplace developed and maintained by Apple, for mobile apps on its iOS and iPadOS operating systems. The store allows users to browse and download approved apps developed within Apple's iOS SDK. Apps can be downloaded on the iPhone, iPod Touch, or iPad, and some can be transferred to the Apple Watch smartwatch or 4th-generation or newer Apple TVs as extensions of iPhone apps.

Compliance is a response—specifically, a submission—made in reaction to a request. The request may be explicit or implicit. The target may or may not recognize that they are being urged to act in a particular way.

<span class="mw-page-title-main">Virtual assistant</span> Software agent

A virtual assistant (VA) is a software agent that can perform a range of tasks or services for a user based on user input such as commands or questions, including verbal ones. Such technologies often incorporate chatbot capabilities to simulate human conversation, such as via online chat, to facilitate interaction with their users. The interaction may be via text, graphical interface, or voice - as some virtual assistants are able to interpret human speech and respond via synthesized voices.

Database activity monitoring is a database security technology for monitoring and analyzing database activity. DAM may combine data from network-based monitoring and native audit information to provide a comprehensive picture of database activity. The data gathered by DAM is used to analyze and report on database activity, support breach investigations, and alert on anomalies. DAM is typically performed continuously and in real-time.

<span class="mw-page-title-main">Mac App Store</span> App Store on macOS

The Mac App Store is a digital distribution platform for macOS apps, often referred to as Mac apps, created and maintained by Apple Inc. The platform was announced on October 20, 2010, at Apple's "Back to the Mac" event. Apple began accepting app submissions from registered developers on November 3, 2010, in preparation for its launch.

An app store, also called an app marketplace or app catalog, is a type of digital distribution platform for computer software called applications, often in a mobile context. Apps provide a specific set of functions which, by definition, do not include the running of the computer itself. Complex software designed for use on a personal computer, for example, may have a related app designed for use on a mobile device. Today apps are normally designed to run on a specific operating system—such as the contemporary iOS, macOS, Windows, Linux or Android—but in the past mobile carriers had their own portals for apps and related media content.

<span class="mw-page-title-main">Google Play</span> Digital distribution service by Google

Google Play, also known as the Google Play Store or Play Store and formerly Android Market, is a digital distribution service operated and developed by Google. It serves as the official app store for certified devices running on the Android operating system and its derivatives, as well as ChromeOS, allowing users to browse and download applications developed with the Android software development kit (SDK) and published through Google. Google Play has also served as a digital media store, offering games, music, books, movies, and television programs. Content that has been purchased on Google Play Movies & TV and Google Play Books can be accessed on a web browser and through the Android and iOS apps.

iPhone OS 2 2008 mobile operating system

iPhone OS 2 is the second major release of the iOS mobile operating system developed by Apple Inc., being the successor to iPhone OS 1. It was the first version of iOS to support third-party applications via the App Store. iPhone OS 2.2.1 is the final version of iPhone OS 2. It was succeeded by iPhone OS 3 on June 17, 2009.

Onavo, Inc. was an Israeli mobile web analytics company owned by Facebook, Inc.. The company primarily performed its activities via consumer mobile apps, including the virtual private network (VPN) service Onavo Protect, which analysed web traffic sent through the VPN to provide statistics on the usage of other apps.

XcodeGhost are modified versions of Apple's Xcode development environment that are considered malware. The software first gained widespread attention in September 2015, when a number of apps originating from China harbored the malicious code. It was thought to be the "first large-scale attack on Apple's App Store", according to the BBC. The problems were first identified by researchers at Alibaba, a leading e-commerce firm in China. Over 4000 apps are infected, according to FireEye, far more than the 25 initially acknowledged by Apple, including apps from authors outside China.

<span class="mw-page-title-main">HKmap.live</span> Hong Kong live web mapping service

HKmap.live is a web mapping service which crowdsources and tracks the location of protesters and police in Hong Kong. The service was launched during the 2019–2020 Hong Kong protests and gathers reports on police patrols and tear gas deployments via Telegram. The service is available for smartphone users in an Android version via the Google Play Store and in a World Wide Web version, while the iOS smartphone version was removed by Apple.

<i>Epic Games v. Apple</i> 2020 U.S. lawsuit

Epic Games, Inc. v. Apple Inc. was a lawsuit brought by Epic Games against Apple in August 2020 in the United States District Court for the Northern District of California, related to Apple's practices in the iOS App Store. Epic Games specifically had challenged Apple's restrictions on apps from having other in-app purchasing methods outside of the one offered by the App Store. Epic Games' founder Tim Sweeney had previously challenged the 30% revenue cut that Apple takes on each purchase made in the App Store, and with their game Fortnite, wanted to either bypass Apple or have Apple take less of a cut. Epic implemented changes in Fortnite intentionally on August 13, 2020, to bypass the App Store payment system, prompting Apple to block the game from the App Store and leading to Epic filing its lawsuit. Apple filed a countersuit, asserting Epic purposely breached its terms of contract with Apple to goad it into action, and defended itself from Epic's suit.

The Coalition for App Fairness (CAF) is a coalition comprised by companies, who aim to reach a fairer deal for the inclusion of their apps into the Apple App Store or the Google Play Store. The organization's executive director is Meghan DiMuzio and its headquarters are located in Washington, D.C.

References

  1. Tom DeMarco, Tim Lister, Peopleware: Productive Projects and Teams, p. 179, Addison-Wesley, 2013 ISBN   978-0-13-344073-7.
  2. "U.S. Set To Begin Massive Military Exercises in Qatar", CNN.com transcript, NewsNight with Aaron Brown , Dec 6, 2002, retrieved June 7, 2007, Malicious compliance is when your boss tells you to do something and you do it even though you know it's not going to have the desired result.
  3. 1 2 3 4 5 6 "What is malicious compliance?", John Staughton, ScienceABC, scienceabc.com, January 22, 2022
  4. Bulman-Pozen, Jessica; Pozen, David E. (2015). "Uncivil Obedience". Columbia Law Review. 115 (4): 809–872. ISSN   0010-1958. JSTOR   43387025.
  5. 1 2 3 4 Steinberg, Monica (2020-03-01). "Uncivil Obedience: Lowell Darling Follows the Law". American Art . 34 (1): 112–135. doi:10.1086/709417. ISSN   1073-9300. S2CID   218780624.
  6. Schug, Mark C (January 1, 1997). "From Plan to Market: Teaching Ideas for Social Studies, Economics, and Business Classes" (PDF). uttyler.edu. National Council on Economic Education. p. 2. Retrieved 18 October 2022.
  7. "We can learn a lesson from Italy", Philadelphia Gay News, Jeremy Rodriguez, August 2, 2023
  8. 1 2 3 Spitzer, Dean R. (2007). Transforming Performance Measurement Rethinking the Way We Measure and Drive Organizational Success. American Management Association. pp. 27–28. ISBN   978-0-8144-0891-9.
  9. "Learn the art of malicious compliance: doing exactly what you were asked, even when it's wrong", The Register, Mathew JC Powell, February 11, 2023
  10. Gagliano, Mike; Phillips, Casey R.; Bernocco, Steve; Jose, Phillip (2008). Air Management for the Fire Service. Fire Engineering Books. ISBN   978-1-59370-129-1.
  11. DeCarlo, Douglas (October 2010). EXtreme Project Management Using Leadership, Principles, and Tools to Deliver Value in the Face of Volatility. Wiley. p. 135. ISBN   978-0-470-57367-9.
  12. "Apple announces changes to iOS, Safari, and the App Store in the European Union". Apple Newsroom.
  13. Roth, Emma (26 January 2024). "Dirty tricks or small wins: developers are skeptical of Apple's App Store rules". The Verge.
  14. Meaker, Morgan (26 January 2024). "Apple Isn't Ready to Release Its Grip on the App Store". Wired.
  15. "Apple faces 'strong action' if App Store changes fall short, EU's Breton says". Reuters.
  16. Cecilie Strømgaard Patscheider (8 August 2016). "Djøf: Lyv dig ud af spørgsmål om babyplaner og seksualitet til jobsamtalen". Politiken (in Danish).
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.