A Facebook request: Write a code of tech ethics
latimes.comI agree with the idea, and so does the IEEE.
https://www.ieee.org/about/corporate/governance/p7-8.html
We, the members of the IEEE, in recognition of the importance of our technologies in affecting the quality of life throughout the world, and in accepting a personal obligation to our profession, its members, and the communities we serve, do hereby commit ourselves to the highest ethical and professional conduct and agree:
1) to hold paramount the safety, health, and welfare of the public, to strive to comply with ethical design and sustainable development practices, and to disclose promptly factors that might endanger the public or the environment;
2) to avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected parties when they do exist;
3) to be honest and realistic in stating claims or estimates based on available data;
4) to reject bribery in all its forms;
5) to improve the understanding by individuals and society of the capabilities and societal implications of conventional and emerging technologies, including intelligent systems;
6) to maintain and improve our technical competence and to undertake technological tasks for others only if qualified by training or experience, or after full disclosure of pertinent limitations;
7) to seek, accept, and offer honest criticism of technical work, to acknowledge and correct errors, and to credit properly the contributions of others;
8) to treat fairly all persons and to not engage in acts of discrimination based on race, religion, gender, disability, age, national origin, sexual orientation, gender identity, or gender expression;
9) to avoid injuring others, their property, reputation, or employment by false or malicious action;
10) to assist colleagues and co-workers in their professional development and to support them in following this code of ethics.
Not needed, we hackers - more or less - already have one for about 35 years:
1) Access to computers - and anything which might teach you something about the way the world really works - should be unlimited and total. Always yield to the Hands-On Imperative!
2) All information should be free.
3) Mistrust authority - promote decentralization.
4) Hackers should be judged by their acting, not bogus criteria such as degrees, age, race, or position.
5) You can create art and beauty on a computer.
6) Computers can change your life for the better.
7) Don't litter other people's data.
8) Make public data available, protect private data.
Originally penned down by Steven Levy in "Hackers: Heroes of the Computer Revolution" and slightly modified by the CCC after that.
I really enjoyed that book in particular, and generally appreciate that code, but I've always questioned the definition of information in this context.
There must be a line somewhere between authority and expertise—also information and intellectual property.
It's more that I don't think I understand, even though I've probably read [most of] the same books.
Where does a journalistic piece of writing fall? Certainly, and often, the results of an investigative piece of writing would be considered quite valuable information. Does that mean it should be free? If so, how should that work be funded in the future. Most efforts outside of selling the final product have failed disastrously. Most people want it for free—free as in free like rainfall. I suppose some software may fall under a similar question.
On authority—who gets to speak to a subject? Decentralizing "facts" has put us in the position where empirical evidence is actively opposed on baseless grounds, with decentralizing the ability to compound nonsensical ramblings and dress them up as if they are of equal value as something hypothesized, experimented on, iterated, and proven within the confines of our scientific process.
Those are two more practical and immediate questions, but a sibling comment also raised a salient point.
I like a lot of the points they make, but also think some of them are naive as they came before the normalizing of internet and computers.
Curious to hear from others on this one.
The medical code of ethics dates back, at least in sentiment, to Hippocrates. Legal codes of ethics draw on Daniel Webster, Thomas More, and so on back to Rome. If programming is going adopt a more heavyweight code of ethics, I don't want it to be in response to the news stories of the day - I'd much rather see us start with the admirable history of the field.
The whole image of amoral, selfish programming implies that we either lost sight of or failed to publicize the strong ethical stances which have been around for decades.
>All information should be free.
>protect private data.
How do you reconcile these? Data is information. Or is this another free vs Free (Kostenlos vs Frei) situation?
Using the first part of the "protect private data" line
Make public data available.
So then why are Facebook/Youtube getting criticized for not censoring the New Zealand shooter broadcast fast enough?
I can't speak for others on this, but I do have one: https://www.acm.org/code-of-ethics
Like medical and legal professionals, it is concerned with professional ethics. Many people would be surprised to find their personal ethics are not present.
Every single time I've seen a public call for a code of tech ethics, the call is justified by discussing professional standards, but quickly switches to calling for legal entrenchment of the author's personal ethics.
On the blogs of notable programmers, best practices for security sit next to demands for closed-shop union membership. In comments sections (like this one), avoiding malicious dark patterns comes alongside demands that no programmer work for the US military. In the news, respecting user data is paired with enormously controversial positions on censorship and encryption.
This is far from the only reason codes of tech ethics have yet to gather major attention, but I think it would suffice even if the others disappear. Professional codes like the ACM's are valuable, but attempts to popularize and enforce them are derailed by attempts to add in specific personal ethics.
Personal ethics vs what? What do you consider universal, and why?
In their post they are contrasting personal ethics vs professional standards (which would pertain to how work is done, I would say).
A code of professional standards could say, for example, You have to keep clear notes for decisions made for each revision for a period of 5 years. A list of compilers that a serious "Software Engineer" will use. Establishing norms that might improve the overall quality of work done.
To some degree, I think a code like that one is really a kind of personal marketing or branding or something.
Thank you, that's exactly the contrast I'm trying to draw.
I hope neither of your examples makes it into an ethical code for software developers, but that doesn't make them bad examples - those are the sorts of things that appear in other fields. If a professional code more detailed than the ACA & IEEE ones were to arise, I'd hope to see more timeless things like "best practices for authentication" (e.g. passwords salted and strongly hashed) or "not unduly exposing personal information" (e.g. don't accept identifying information without SSL).
A lot of professional codes are definitely branding exercises more than standards of behavior. In particular, codes with lots of concrete requirements or specific corporate backers usually aren't much different than becoming an MCSE or Certified Scrum Master. Legal and medical codes are substantially better, but they're also much older and enforced by government-backed licensing cartels. Civil engineering is probably the most recent and broadly accessible field to get a strong code, but the parallels are obvious: engineers own specific projects with known uses, and their errors are directly lethal. Realistically, I don't expect software to see an Iron Ring sort of obligation unless the field's best practices stabilize and errors with real-world harms become common.
'Contribute to society and to human well being'. So your personal ethics are only not present if you wear giant blinders around this statement. So many software devs hold positions that they could probably not defend ethically in casual conversation, it's an epidemic!
My apologies, I can see I've been unclear.
Many people expect ethical codes to expressly and explicitly include their personal ethical framework in clear detail, that they might use it to hold others to account. A reference to what someone personally considers to be a contribution to society and humanity might not rise to this standard.
Professional ethics is not the right approach to fixing the problem with user data. As the Equifax hack shows, the problem is not limited to the tech industry, and it's a problem of incentives at the corporate level, not the individual contributor level. We need corporate regulation.
User data is an asset, because you use it to make money, and it is a liability, because it can be stolen and misused. Companies currently get all of the benefit but very little of the risk. If user data had to be insured then there would be a financial incentive to only keep what's needed, and to treat it more carefully.
> If user data had to be insured then there would be a financial incentive to only keep what's needed, and to treat it more carefully.
Interesting thought, how would you imagine this would work in practice? Insurance against what? In the event of loss, who would make a payment to who?
There are "cybersecurity" insurance policies available to companies now but they really only cover the cost of mailing notification letters to impacted people and sometimes the cost of credit monitoring for a year. They're way overpriced and usually not at all worth it. I suspect that isn't really what you had in mind though?
The insurance payouts for a breach could go to the affected users or to the government, I don't think it would matter much. The important part is that companies need to pay to retain user data. The insurance would have to be mandatory for large companies.
I agree there needs to be a cost to companies who lose user data but I fear insurance would be a way to compensate users for the loss without incentivizing corporations to mitigate the risk.
Presumably the insurance (or company who failed to get insurance) would pay the affected users.
I can't wait till software development is as ethical as the medical and legal industries.
This is coming. It won't be long before PwC is auditing more code than they are financial statements.
So, prone to negligence and high fees?
Point well taken, but that's underselling the problem by a lot. The American Psychological Association has a clear, strong code of ethics, but worked to help the CIA design torture programs. Not just 'psychologists' but the APA itself.
Codes of professional ethics seem to offer some defense against total indifference to malpractice and incompetence, as with civil engineering restrictions. People holding out for them to do more, especially around conscious decisions like political work, seem to seriously overestimate what they've achieved in the past.
On a good day.
Yes, technologists should. However, that does not prevent those who would violate those ethics. Laws are in place to do this.
Facebook is just trying to shift the blame to its employees. Gross.
Yes, we don't have a major problem with technologists behaving unethically. We have one with corporate decision makers behaving unethically.
Doctors protect life, and lawyers keep you out of jail. I guess software engineers can take an oath not to kill people or put people in jail, but after that it's your morals vs. mine, no?
And if I work for the Department of Defense making missile guidance software, then it's OK to kill people, I suppose...
Some people will think creating weapons for defense is an ethical thing to do. I prefer not to do that but I think the point is valid and there is no clear way to determine what’s ethical and what isn't.
Such people are welcome to the freedom of their consciences.
There is a distinction between personal ethics and professional ethics. In my opinion, that position crosses the line and lands squarely in the realm of personal ethics.
What's unethical is to have your countrymen in a fight with substandard equipment that you could have helped them improve.
War is an ever-present possibility - do you want your neighbor's kids (or yours, if they join the service) dying or being maimed because you didn't help with what you know?
1000 years ago, if you were a blacksmith and the Vikings were coming, would you make swords or ornamental railings?
People who think "it's unethical to make weapons" always assume that someone else is making the weapons, which makes them feel good about themselves (not sure why) - they're willing to sacrifice themselves and their neighbor's children for their ethics.
I'm not. I make weapons, and I think the 'ethical' stance on defense is really just virtue-signalling.
/Edited. ;)
>What's unethical is to have your countrymen in a fight with substandard equipment that you could have helped them improve.
if the fight's imminent or already on, sure. but most of the time weapons are made long before there is the anticipation of a fight.
if nation A has a weapon that lets them fight without risking their soldiers as much as nation B, nation A will always be more willing to enter armed conflict, especially against the less-endowed nation B. so the act of making a better weapon lowers the threshold for using force.
that's one big reason why drones are exceptionally effective weapon systems. surveillance and airstrikes in enemy territory are prone to being shot down and the pilots killed or taken prisoner to be used as a bargaining chip for peace, but drones aren't. the political toll of a drone being shot down is practically zero in comparison, so drone wars can continue indefinitely without domestic outcry.
It takes 10-20 years to field a capable modern weapons platform. It would be ridiculous to wait for the fight to be joined before developing your platforms.
The air Force joke is "it isn't your Dad's air Force, but it might be his plane." Service lifetimes of some craft are past 50 years.
I don't mind a done war that field tests all of our systems, kills a slew of bad people, and costs us no blood. That's a good deal to me.
“think the limp-wristed 'ethical' stance on defense is really just virtue-signalling for other limp-wristed selfish people.”
You are making some good points and you are damaging them with your last paragraph.
Removed last paragraph, thanks for the feedback.
Regardless of how this country uses or misuses their weapons, I have to say this is really impressive: https://arstechnica.com/tech-policy/2019/05/dod-cia-develope...
I used to think like this. But these days I believe we've lost our moral high ground, beginning with OIF and continuing with countless unethical, shady things people in power are doing in the name of the red herring that is "national security." I've lost faith in this country's ability to wisely wield the technology it has.
Maybe it was always this way and I just had a rosy outlook early in life, but it seems at some recent point we became the bad guys. I don't want to make weapons, or anything really, for the bad guys.
I suspect that if people could rely on that the weapons they make are used defensively, many more would be willing to make weapons. In many countries, you can't rely on that, and making tools that reduce risk increase the leaderships willingness to use force more offensively.
And of course there's a large unclear area where one persons long-term defensive measure is another persons justified intervention, and another persons war of aggression.
Agreed about risk reduction leading to increased use of force, that's totally the case - look at drones.
However while the frequency might increase, the scale and impact is at an all-time low.
WW1: 40 million dead. Drones: "According to the Long War Journal, which follows US anti-terror developments, as of mid-2011, drone strikes in Pakistan since 2006 had killed 2,018 militants and 138 civilian". Hard to argue with those numbers for a 5 year period. Roughly 20 people a year die by being crushed by their TV's and furniture in the US a year - we don't stop selling furniture.
https://en.wikipedia.org/wiki/Civilian_casualties_from_U.S._...
I mean how can you NOT support several thousand dead militants, with that minor a civilian cost? I'd happily accept a far higher civilian cost for the decimation of militants, but our guys are exceedingly professional and their precision is legendary.
Mistakes happen, sure, but in comparison to the 20th century, we're doing great!
We're doing so good, maybe we should argue that we need MORE precision weapons, given how much they've reduced overall conflict and the fact that large governments are no longer as willing to go toe-to-toe because of them.
This isn't total war. Technically it's not even a war, but a "Military Operation Other Than War" (MOOTW). We're not fighting against a coalition of countries; we're fighting a few thousand dudes in caves with AK-47s and rusty Russian ordnance. Of course there will be fewer casualties. Yet still we've managed to kill upwards of 100,000 people, mostly innocents, across 18 years of occupation, in retaliation for a lucky strike that killed 3,000 Americans. You're right--that's actually a lower number for direct casualties than I expected. But I seethe knowing this is what my "defense" tax dollars fund.
Those drones just make it easier to continue killing people tagged as "militants" (a very flexible word in the hands of our government, I'm sure) while removing deterrents, like the idea that our children could be sent off to die in such a campaign. So now we have robots killing people the government doesn't care about, simply because they have been identified as the "enemy." I think I've seen this movie before.
Mostly innocents? That's not supported by the numbers I was looking at.
Could you point me to these numbers? It looked to me like killing a whole slew of extremists for extremely minimal collateral damage.
I wasn't referring to drone strikes in particular. I pulled the numbers from from https://en.wikipedia.org/wiki/Civilian_casualties_in_the_war... and might have misread the 30k wounded as additional deaths. So "most" could be wrong, but the numbers have a way of reflecting the best possible outcome for us.
I'll try to be more precise in future rants.
As for drone strikes: https://www.militarytimes.com/news/your-military/2018/11/14/...
Personal I think a country needs to produce defense weapons but I would draw a line at selling to unstable countries for profit. Defense should not be a profit center
Whole hearted agreement about selling to unstable countries for profit.
But selling to our friends/allies? I like the French, I'd be overjoyed if they thought my weapons were so chic/dangerous that they'd protect their countrymen in their most perilous times. Same thing if the Germans, Canadians, Japanese, etc bought my wares. Why not?
Saudi Arabia... not a fan, I don't think that's wise at all, I think that's going to come back to bite us in the ass and that it's a mistake in progress.
The system isn't perfect, I admit.
You define what the ethics is. If you think creating weapon for defense is not preferable to you then you better work on convincing or forcing other to follow.
I don’t understand what you are trying to say.
Edited some mistake. My point is everyone have different ethics. You must fight for your preference if you want yours to be the winning ethics.
There no one true "correct" ethics
I guess we agree then. Determining what’s ethical is personal and it will be hard to crater a universal code.
If you’re a lawyer representing a mass murderer you must still represent the interests of the client. To not do so would see you disbarred.
So professional ethics can run counter to what a polite member of society would normally wish to do.
Although I believe lawyers are still required to disclose to the authorities any information concerning their clients' intention to commit a crime in the future - so the obligation to represent a client's interests is not unlimited.
>>Doctors protect life, and lawyers keep you out of jail.
I think this is an oversimplification. A lot of doctors deal with non-life threatening diseases and ailments, and some even deal with purely cosmetic stuff (e.g. plastic surgeons). Similarly, a lot of lawyers deal with issues that don't directly carry a risk of a jail sentence, e.g. workers compensation.
Making missile guidance software is wholly unethical and is what we should be striving to prevent engineers from working on.
I want to put aside the question of whether this claim is true for a second, and just point out that it is - obviously, as proven by the response here - controversial among engineers. On that basis alone, it's never going to be part of an effective professional code of conduct. A code which starts with that condition will not be widely adopted. A popular code which tries to add it will fail, or be mired in controversy and lose members. A licensing regime which attempts to keep people who disagree out of the industry will be broken by (government-abetted) defectors or competing licensing.
The number of doctors or prospective doctors who deny the medical code of ethics is very nearly zero. Almost all debate around it centers on subtle questions like defining 'harm' in self-determination cases (e.g. assisted suicide). The number of lawyers who would reject a given the legal code of ethics is perhaps larger, but the code is accordingly narrower. Lawyers are for instance free (and in fact obligated) to support "not guilty" pleas by clients they know are guilty. The boldest parts of the code (e.g. that lawyers cannot actively lie on behalf of clients, or mingle personal business with professional work) are also the the parts which are regularly broken.
Striving to avert something you consider immoral is a sensible decision, even if other people dispute that ethic. But doing so with a professional code of ethics is not only a doomed task, it's one which dooms the rest of the code in the process.
I bet the civilians who do not become collateral damage because the missile that was supposed to hit a military base did so due to good guidance software instead of missing and hitting their town would disagree.
When a situation has escalated to the point that someone is launching missiles, it has usually reached the point where destroying the target is more important to them then the risk of collateral damage. If the guidance software is not good enough to give a small margin of error, they will launch several missiles to ensure that one is likely to hit the target, which pretty much guarantees a lot of damage throughout the margin of error of the guidance software.
How about getting rid of those bloodthirsty decision makers, and in the meantime not supporting their violent rampaging.
While I appreciate your sentiment, and would describe myself as a pacifist as well, I am unable to say that self-defense is unethical. However, even in 10th grade, when we first entered Afghanistan, I found the concept of the wars in Afghanistan and Iraq appalling, unjustifiable, expensive, unproductive, and without a way out. Nearly two decades later and that all seems to be true.
That said, I wouldn't find myself saying "don't retaliate" if there was an actual force striking the country.
Being unable to categorically rule out self defense, springing from/combined with, being unable to control others means that we may need to defend ourselves, and if we must, we should be capable.
I don't know if I could work for the military, directly or as a contractor, but I'm not ready to say that every member in uniform and every contractor is amoral for doing so.
Anyway, my point is even if you convinced your entire country to never take up offensive arms, would you be able to also convince everyone else to as well? Would you be willing to tell your countrymen not to take up defensive arms?
The alternative to guided missiles isn’t peace, it’s carpet bombing.
The planes needed to drop those bombs have software too.
It's perfectly possible to build very devistating weapons without computers. For example Little Boy & Enola Gay; and Fat Man and Bockscar. The Uranium, Plutonium, and Hydrogen bombs we're built without and do not contain computer. Ditto for the P38, B29, F104, &c.
Software makes our world go round, but it's not a necessity.
This person gets it.
That’s ridiculous. Letting ISIS exist is unethical. Allowing the North Korean government to exist is unethical. Allowing Nazis to attack Poland was unethical. Germans occupying France was unethical. Letting Somali warlords steal UN food aid was unethical. Saddam Hussein invading Kuwait was unethical. Creating weapons to defend against and prevent such things? Not only ethical, but honorable. Would you have us fight evil with our bare hands? Because you’ve essentially said that all weapons are unethical. The problem is that evil, such as ISIS, the Taliban, Nazis, the Khmer Rouge: they don’t care about ethics. Not doing everything possible to defend against such a scourge is itself unethical. Pacifism is unethical when the failure to act allows evil to prevail.
No, that is ridiculous. Missals made in the US are used to fight illegal wars in the middle east and sold to dictators committing genocide. Stop drinking the nationalism kool-aide, we aren't the good guys.
Doctor and lawyer ethical codes work because there is a state sanctioned licensing authority. If you try to practice law or medicine without a license, you will be arrested.
Because of that, the ethical codes have teeth, as the medical board or bar can strip you of your license and thus the ability to practice for ethical violations.
There is so such equivalent to the medical board or bar for programmers. Anybody who has the inclination can program. Because of that, any ethical codes will be just words. In fact, companies may actually pay more for people willing to violate these codes.
While I think ethical codes are good, I don’t think they are worth having a licensing authority. I am happy that anyone with the ability is allowed to program and that I don’t need a state license.
The ACM tried to revise its code of ethics not long ago. The process a bit rough because there are very very different interests and perspectives within the organization, not to mention difference in norms between nations (like China).
They did try, though. They went just far enough that it's almost possible to suggest that one couldn't adhere to the current code and still work for Google, Facebook, or China in any engineering capacity. But I still don't really expect them to start penalizing members, as the ACM seems to see itself a lot more as an academic/research group than professional org.
> unjustified physical or mental injury
I don't subscribe to "mental injury" as a quantifiable or philosophical harm. There is no way to protect against interpretation or experience, that necessitates increasingly complex and ineffective measures to adapt to subjective and possibly aberrant, mental states. This will always devolve into a discussion of normality, which is immoral at the core.
> 2.6 Perform work only in areas of competence.
This perhaps, can be salvaged. I would not agree to this as-is. How anyone measures competence is too open, given the state of software development.
https://www.acm.org/code-of-ethics
https://www.ieee.org/about/corporate/governance/p7-8.html
These seem like good starting points to me.
The problem is that unless there is a licensing body that enforces adherence the ethics, they will be ignored. Doctors and lawyers have such licensing requirements, tech does not. The question is not what the ethics should say, but whether or not tech should require licensing to be involved in it.
Then establish something comparable to the PE concept for software engineers, and require it for certain categories of software (aviation and medical software already have to get certified, have a Professional Software Engineer on the hook too, and then extend this to other types of software systems like certain financial, legal, or personal data systems).
+1 I've long advocated for a higher degree of professionalism and credentialing to establish a minimum bar of competence. Unfortunately, people who only work on yet-another-Rails-SaaS thing complain that excludes those that are not formally credentialed. Even then, try asking a customer of said SaaS product if they would trust something not built with a high degree of professionalism.
I don't disagree that perhaps software developers should be on board with a code of ethics, but this is a false dichotomy between the decisions of doctors/lawyers when providing services, and the decisions of technology companies on the whole. Companies that exist to make profit, in this case generally by monetizing user data in some (often questionable) form. It seems to me like the ethical responsibility bit lies more with the directorship and management of these companies, and not the Joe Bloe software dev that's working on making emojis display correctly in IE.
I frequently see people dismiss this with "programmers have an obligation to think about the possible uses of their work". That's not false, but I think it seriously underestimates the depth of the problem.
The simplest difference between professions with clear ethical codes (doctors, lawyers, civil engineers) and ones without is that professions with strong codes provide outcomes. A doctor treats a specific patient, a lawyer litigates a case, a civil engineer builds a specific bridge. Even indirect work like medical research has specific recipients and a fairly clear course for future use. Programmers, like chemists or machinists, frequently create tools.
Alfred Nobel famously created his prize in atonement for the destruction caused by his invention, but he invented and marketed dynamite for use in mining and construction, where it provided real benefit to humanity. Edward Teller spent the second half of his life championing civilian uses for nuclear power and atomic bombs, having seen the world reshaped by fear of a weapon he hoped would be demonstrated to prevent future wars.
The beauty of professional codes in medicine and law is that they achieve moral good without taking heavily-disputed moral stances; if doctors do no harm and refuse instructions to do so, harm will generally be prevented. A chemist studying nitrates or a programmer designing GPS guidance has no such guarantees; the same work is very likely to create both good and bad in uncertain amounts, depending on where it's put to use.
The case I like to bring up was the Volkswagen emission scandal. The executives where pointing fingers at "well shucks, these engineer's must have done it and not told anyone". Having a strong sense of ethics would be to stand up and say "I can't do that lest I risk my license so fire me".
I don't think you can compare the relationship of a company to customers, to that of a one-to-one relationship of a doctor or a lawyer. The company acts as a third party with very different (and often directly conflicting with the end user) aims that creates a much harder ethical situation for a developer to navigate and creates confusion as to who has the responsibility to sound the alarm.
I think of something like legal or medical confidentiality, which can involve their clients doing pretty horrible things but it being the "ethical" thing to not reveal that. If one takes this same thing to a Facebook scenario, does the developer who works for Facebook then have the obligation to protect the confidentiality of Facebook even if they're doing awful things? Would it be any different where a lawyer is working for a horrible client, trying to use the law to do things that are a net-negative for society, but ethics would put their obligation towards their direct client rather than society at large.
If one then wants to write a piece about ethics, one should start with examples of fields with ethical codes that have a structure closer to the relationship of users/Facebook/developers.
> The company acts as a third party with very different (and often directly conflicting with the end user) aims that creates a much harder ethical situation for a developer to navigate and creates confusion as to who has the responsibility to sound the alarm.
This is very similar to structure I operated under as a corporate attorney at a bank but also as the Chief Information Security Officer. I owed a duty to the bank, as my "client," and also to the bank's clients, whose information I was charged with protecting. You are indeed correct that it's a difficult and uncomfortable situation to manage. I always tried to be a "zealous advocate" for the bank in all matters except those related to privacy and I'll be the first to admit that much of my zealous advocacy was indeed a net-negative for society. I did ultimately leave because of a disagreement over how to respond to (or in their case, chose to ignore) an ongoing breach of customer accounts.
All of that being said, I don't think it's an impossible ask with a bit of help from the government. I also served as the AML Officer and in that capacity I had the absolute final say on all matters related to money laundering thanks to the PATRIOT Act. The only way to override my decision would be a board vote. I never had any "disagreements" about how to handle an AML situation because my decisions were final while my decisions as CISO were merely a recommendation that management could (and did) ignore in order to save time, money, and bad PR.
> I'll be the first to admit that much of my zealous advocacy was indeed a net-negative for society
Curious to find out more about this, and how you felt about it while you were doing it, if you're willing to talk about it.
Oddly enough I loved working for a hedge fund. The attorneys at the SEC and the attorneys who worked for the funds' clients were all brilliant. I could "zealously advocate" but it was an equal match. The SEC (though overworked) know what they're doing and often have industry experience so they understand how the business operates.
When I moved to investment banking, where the state regulators play a bigger role (with a much smaller budget) and the clients are wealthy families instead of investment funds, that's when it started to feel dirty. State regulators are... at best woefully ineffective and at worst completely clueless as to how the industry operates (they tend to be career government people).
Not meaning to offend anyone's politics but I often told my friends that I was Kelly Anne Conway putting forth an argument that was really kind of a stretch. I felt obligated to advocate but I also felt the regulators and auditors really should have objected or tried to negotiate but they almost never pushed back. Sometimes because they just didn't care but more often because they didn't know any better.
At the hedge fund, a "win" was collaborative and strategic and felt like I had earned it. At the bank a "win" felt a lot like bullying.
The challenge here is technologists have shunned labor organization to my knowledge which is what I understand controls the cited fields. Different economic model applies to most people in technology compared to law and medicine. Smells like a buzzword article. Maybe the cloud companies could implement a code and create barriers to deploy "unethical" code... that might work.
I see people in technology doing border-line dishonest and unethical things all the time. They're called marketing, sales, and product management. I've rarely known them to go by the name of software developer - in fact they're usually the ones to dig their feet in against misrepresenting things or doing stuff that violates privacy or user expectations, etc.
Here's what I don't want:
I don't want ethics exams and accreditation requirements to constrain software development to people with traditional software backgrounds. The cost of a traditional college education in the United States is easily five or six figures, and socioeconomic forces means that black people face systemic barriers to getting access to that education (versus whites, indians, asians, etc.). I want there to be more YCs, more Startup Schools, more Lambda Schools, and I want them open to immigrants and non-US-citizens, too.
I also don't want ethics exams to constrain supply. A lot of software withers on the vine because there's no "business case" for it, but if there was a way to divorce the need to put dinner on the table from how much people (or advertisers, or...) are willing to pay for software, then there's a lot of software that is yet to be written that could make the world better (say, enabling the creation of more art and music, or something).
The same could be said for doctors and lawyers though, and I don't think we complain too much about having less unethical doctors.
See ACM (Association for Computing Machinery) Code of Ethics and Professional Conduct at https://ethics.acm.org/code-of-ethics/
Here are the main points:
1. GENERAL MORAL IMPERATIVES.
As an ACM member I will
1.1 Contribute to society and human well-being.
1.2 Avoid harm to others.
1.3 Be honest and trustworthy.
1.4 Be fair and take action not to discriminate.
1.5 Honor property rights including copyrights and patent.
1.6 Give proper credit for intellectual property.
1.7 Respect the privacy of others.
1.8 Honor confidentiality.
2. MORE SPECIFIC PROFESSIONAL RESPONSIBILITIES.
As an ACM computing professional I will
2.1 Strive to achieve the highest quality, effectiveness
and dignity in both the process and products of
professional work.
2.2 Acquire and maintain professional competence.
2.3 Know and respect existing laws pertaining to
professional work.
2.4 Accept and provide appropriate professional review.
2.5 Give comprehensive and thorough evaluations of computer
systems and their impacts, including analysis of
possible risks.
2.6 Honor contracts, agreements, and assigned
responsibilities.
2.7 Improve public understanding of computing and its
consequences.
2.8 Access computing and communication resources only when
authorized to do so.
3. ORGANIZATIONAL LEADERSHIP IMPERATIVES.
As an ACM member and an organizational leader, I will
3.1 Articulate social responsibilities of members of an
organizational unit and encourage full acceptance of
those responsibilities.
3.2 Manage personnel and resources to design and build
information systems that enhance the quality of working
life.
3.3 Acknowledge and support proper and authorized uses of
an organization’s computing and communication
resources.
3.4 Ensure that users and those who will be affected by a
system have their needs clearly articulated during the
assessment and design of requirements; later the system
must be validated to meet requirements.
3.5 Articulate and support policies that protect the
dignity of users and others affected by a computing
system.
3.6 Create opportunities for members of the organization to
learn the principles and limitations of computer
systems.
4. COMPLIANCE WITH THE CODE.
As an ACM member I will
4.1 Uphold and promote the principles of this Code.
4.2 Treat violations of this code as inconsistent with
membership in the ACM.You linked to the 1992 version, which was replaced in 2018.
Among other things, section 1.5 was always a disaster because copyright and patent are not natural rights, but special privileged statuses granted to (in theory) promote the accrual public benefit, and there's no reason practitioners should be required to subscribe to copyright or patent maximalist perspectives.
Section 2.8 was too broad because it didn't take into account security researchers, stuff like insulin pump hacking, etc., (which also ties back to 1.5 being too heavy handed).
Not that the 2018 version is tons better, but it tries more.
This is kind of grossly simplified though, isn't it?
> 1.2 Avoid harm to others
So no smart weapons which minimize collateral damage?
> 1.5 Honor property rights including copyrights and patent.
So no Sci-Hub? What about bad copyrights?
> 1.8 Honor confidentiality.
What about whistleblowing?
It's worth mentioning that the text you are responding to is the overview. The ACM offers greater detail that addresses your concerns: https://www.acm.org/code-of-ethics
> So no smart weapons which minimize collateral damage?
This section is concerned with indirect and unintentional harm. Weapons tend to be a problem for every ethical system. Here, my reading would be that weapons should work as intended.
> So no Sci-Hub? What about bad copyrights?
What is a bad copyright is not a question for the ACM code of ethics. You'll find a more detailed examination of intellectual property in the full code of ethics.
> What about whistleblowing?
An excellent question! I'll just quote from the discussion directly:
> Computing professionals are often entrusted with confidential information such as trade secrets, client data, nonpublic business strategies, financial information, research data, pre-publication scholarly articles, and patent applications. Computing professionals should protect confidentiality except in cases where it is evidence of the violation of law, of organizational regulations, or of the Code. In these cases, the nature or contents of that information should not be disclosed except to appropriate authorities. A computing professional should consider thoughtfully whether such disclosures are consistent with the Code.
> So no Sci-Hub?
The ACM are a major academic publisher.
I might have missed it when scanning the article, but nowhere did it mention how the formal ethical codes for docs and lawyers are backed up by licenses and review panels and exams. Are they proposing the same regulation before allowing someone to build an app?
Would they call for the same for journalists too? Arguably, the media has an equal need for ethical oversight, but we generally prefer the media to be free of partisan interference.
I believe journalists and technologists are better off without state or federal licensing to enforce ethical codes.
Why would tech workers go the way of medical professionals and structural engineers and all these instead of going the way of financial engineers?
I participated in the Order of the Engineer ceremony (https://en.wikipedia.org/wiki/Order_of_the_Engineer) when I finished my degree, and I think it wouldn't hurt for more people to do so. I have met very few people wear the ring on a regular basis.
What’s silly here is that things that are harmful only happen with hindsight and scale. I don’t think anyone at FB understood what Cambridge Analytica would turn into, because it came from a program of trying to help advance researchers. When things are new, you assume the best for them. Only once time passes do you understand all the unexpected ways people can abuse it.
Ethics was a required 2 credit course in my university computer science studies. It isn't some new idea, but I guess it isn't an industry standard yet. I'd agree anywhere the opportunity to do harm exists there should be clear ethical standards established.
I studied business and we also had ethics classes. But nobody really took it seriously. I think there is a strong ethos in medical industry, and think it would be good to see it in startup culture. I think this is a point of this article.
At my university every major has a specific ethics class as well as taking a general ethics class. The classes were a joke. All we talked about in Computer Science Ethics was gender/race imbalance in the field. An important issue no doubt, but when with Facebook stuff going on, creating weapons, EU privacy laws, and a bunch of other topics out there it was extremely frustrating being in the class.
For every ethical software developer, there are 10 who will work for Cambridge Analytica and there is nothing you can do about it.
It's a fools errand; at most serving the purpose of 'feeling good about yourself' rather than any societal impact
There are also doctors who help criminal gangs steal kidneys. That doesn't mean there's no point in bothering to have them all swear an oath in medical school.
Ironically technologists seem to have higher ethical standards than doctors and lawyers. Hell, the entire US medical system revolves around financial assault of the infirm.
Medical system vs medical professionals are very different. You can't solve systemic issues with individualized responsibility. It's not that doctors are bad, it's privatized healthcare that is causing the problem, and requires systemic solutions (since it's clear the same problems don't exist under other systems).
What's really happening here is that Facebook wants to push for blaming individuals, because it let's them keep doing whatever unethical things they want to, since they know that individual responsibility is toothless in the face of such a massive system like itself.
We do have an ethical code. "The Unwritten Laws of Engineering" book sums it up nicely. The ethical codes such as those of ACM or IEEE are good examples.
Let's write a code of executive ethics instead. All this ressentiment at tech workers needs to be channeled into something actually productive.
Just don't be a piece of shit. If you need a list of rules to do that, lord have mercy on your soul.
Different people view being a piece of shit differently. It's good to codify standards no?
No we shouldn't. Obey your personal codes and follow the laws.
Tech is fun. Let's keep it that way.
So we shouldn't have a code of ethics because it would make tech "less fun"?
That's actually a good demonstration of why we do need a code of ethics.
A code of ethics is meaningless for “tech” (whatever that is.) Medicine and law have licensing. Violating professional ethics can result in a loss of licensing. In “tech” there isn’t such licensing, thus a code of ethics is just a platitude. There is nothing stopping you from writing your own code and following it.
As far as a code for all of tech, who would write such a thing? And how would it be enforced? And who would be obligated to follow it? Just people that write code? Or what about designers? And if designers have to follow the code, that would mean that they can be “kicked out” for non compliance, which means they have to be “allowed in.” So how does that work? Professional licensing for designers now too? A four-year degree along with a test on the Bauhaus and Human Interface Guidelines?
As far as licensing, that would make tech less fun. What would be the licensing requirements? Would it be like a coding interview with ridiculous whiteboard algorithm examples? Would you have to pass a test on front end frameworks? How about a test on Kubernetes? Would you have to have a degree in “tech?” Steve Wozniak wouldn’t have been eligible to work on Apple I. How about the Wright Brothers? They worked in a bike shop, how were they qualified to invent airplanes with engines? A proper authority ought to have shut them down promptly because clearly they weren’t qualified to be working on flying machines! The Bicycle Mechanics Code of Professional Ethics expressly prohibits working outside of the scope of your training and licensure right? Howard Hughes wasn’t a professional engineer, yet somehow he helped design the fastest airplane at the time.
You want ethics? Then act ethically. But the last thing we need is a gatekeeper organization deciding who is worthy or not to invent the future.
I am usually not averse against regulation but one advantage of tech is that it's still the Wild West where it's possible to innovate quickly and change things. Lawyers and doctors are in much more controlled environment where not much innovation is happening. I am also not sure how to determine what's ethical or not.
I much prefer laws like GDPR where there is a set of rules everyone has to follow.
Medicine is innovating a lot more than some ride-sharing, restaurant rating, social-local photo sharing app startup.
No. I work in medical and progress is much slower. In a lot of tech you can try something and get immediate feedback. In medical you have to wait for years and spend a ton of money.
this won't help with corporate malfeasance at all.
Programmers/technologist often work for those who only work money... ethics generally do not work in such places...
I actually had the exact same thought on different lines. A software code of ethics will be toothless without a financial code of ethics. But a financial CoE is antithetical to finance's goals.
Edit: to be clear that doesn't mean we shouldn't have one!
A code of ethics is backed by law at least for the most part (sometimes ethical and legal principles might even clash). And here is the biggest difference. For doctors or lawyers unethical behavior leads to losing the license to practice. There's no such thing for coding.
Do you believe there should be?
In principle (because the technicalities are way too complex to address here and now) there's no reason specific fields in programming couldn't require a license, like a clearance needed to work with sensitive data.
Coding is more and more used to build the backbone of future society. It's about time we recognize the criticality of the whole industry (not just the coders themselves). Having no ethics code for this is not very different from accepting when soldiers invoke the "superior orders" defense.
It may very well turn out that it simply can't be applied to this field but to get there you have to at least consider it first.
Lawyers also often work for those who only care about money. Ethics are still important in those cases.
Well that is still ethics. It largely my ethics too. Works for me. It might be different than yours but still.
Exactly this. If we create hardware and software ethically, that product will not make enough money. Capitalism is almost entirely add odds with ethical engineering practices.
Think about it. Imagine Facebook not doing anything evil. Never selling your data without your permission. Never spying on you. Putting lots of restrictions on advertisements to make sure they are all ok. Banning all the bad users. Reporting analytics accurately. Etc.
How would Facebook make any money? The only ethical sources of income would be to sell non evil ads (if you believe there even is such a thing) or to charge users money to have accounts like Netflix. Non-evil ads are not very effective, and with accurate analytics, they will not fetch a high price.
What other ethical business model is there? If operating ethically, they would be lucky to cover their operating costs. Giving any kind of ROI to investors would be impossible. The same applies to every Silicon Valley operation. Google, Twitter, etc. If they operate ethically and morally, they can't make enough money.
Of course, if the power were mine, I would force them to behave ethically anyway. I don't care if they all shut down. Gonna eat me some rich people.
You say it as if these companies shutting down would be a bad thing. These products exploit their users in ways the users and society at large does not yet understand.
If a product cant be profitable without abusing its power, it shouldn't exist.