An Introduction To Software Engineering Ethics: What Do We Mean When We Talk About Ethics'?
An Introduction To Software Engineering Ethics: What Do We Mean When We Talk About Ethics'?
2
should they use to determine the answer? These are all valid questions, but what is
perhaps even more interesting here is the disproportionality between the amount of time
engineers spent creating the feature (at most a few person-days, in all likelihood), and the
amount of time users spent on it (several lifetimes). Often, in today’s world, engineers
must grapple with these questions instead of relying on management or anyone else.
Finally, the lack of geographic constraints means that engineers are generally culturally
unfamiliar with some or most of their users. The cost-cutting imperative often leaves little
room for user studies or consultations with experts that would allow software
development firms to acquire this familiarity. This leads to the potential for privacy
violations, cultural offenses, and other such types of harm.
For example, people in many countries are notoriously sensitive to the representation of
disputed border territories on maps. In one recent example, an error in Google maps led
to Nicaragua dispatching forces to its border with Costa Rica. Google then worked with
US State Department officials to correct the error.5
On top of these considerations, software engineers share with everyone a basic human
desire to flourish and do well in life and work. What does that have to do with ethics?
Imagine a future where you are faced with a moral quandary arising from a project you
are working on that presents serious risks to users. In that scenario, will you act in a way
that you would be comfortable with if it later became public knowledge? Would it matter
to you whether your family was proud or shamed by your publicly exposed actions?
Would it matter to you whether, looking back, you saw this as one of your better
moments as a human being, or one of your worst? Could you trust anyone to whom these
outcomes didn’t matter?
Thus ethical obligations have both a professional and a personal dimension. Each are
essential to consider; without a sense of personal ethics, one would be indifferent to their
effect on the lives of others in circumstances where one’s professional code is silent. To
understand what’s dangerous about this, consider any case in human history when a
perpetrator of some grossly negligent, immoral or inhumane conduct tries to evade their
responsibility by saying, ‘I was just following orders!’ So personal ethics helps us to be
sure that we take full responsibility for our moral choices and their consequences.
But for professionals who serve the public or whose work impacts public welfare, a
personal code of ethics is just not enough. Without a sense of professional ethics, one
might be tempted to justify conduct in one’s own mind that could never be justified in
front of others. Additionally, professional ethics is where one learns to see how broader
ethical standards/values (like honesty, integrity, compassion and fairness) apply to one’s
particular type of work. For example, wanting to have integrity is great – but what does
integrity look like in a software engineer? What sort of specific coding practices
demonstrate integrity, or a lack of it? This is something that professional codes of ethics
can help us learn to see. Finally, being a professional means being a part of a moral
community of others who share the same profound responsibilities we do. We can draw
strength, courage, and wisdom from those members of our professional community who
have navigated the same types of moral dilemmas, struggled with the same sorts of tough
decisions, faced up to the same types of consequences, and ultimately earned the respect
and admiration of their peers and the public.
5 “Google Maps Embroiled in Central America Border Dispute,” AFP, Nov 6 2010.
3
Broadening our view of software engineering ethics
Certainly, software engineers must concern themselves primarily with the health, safety
and welfare of those who are affected by their work, as the so-called ‘paramountcy
clause’ of NSPE’s Code of Ethics states. But we need to broaden our understanding of a
number of aspects of this claim, including:
• The types of harms the public can suffer as result of this work;
• How software engineers contribute to the good life for others;
• Who exactly are the ‘public’ to whom the engineer is obligated;
• Why the software engineer is obligated to protect the public;
• What other ethical obligations software engineers are under;
• How software engineers can actually live up to ethical standards;
• What is the end goal of an ethical life in software engineering;
• What are the professional codes of software engineering ethics;
Let’s begin with the first point.
4
PART ONE
What kinds of harm to the public can software engineers cause? What
kinds of harm can they prevent?
We noted above that failures of critical software systems can result in catastrophic loss of
life or injury to the public. If such failures result, directly or indirectly, from software
engineers’ choices to ignore their professional obligations, then these harms are clearly
the consequences of unethical professional behavior. Those responsible each bear the
moral weight of this avoidable human suffering, whether or not this also results in legal,
criminal or professional punishment.
But what other kinds of harms do software engineers have an ethical duty to consider,
and to try to prevent? Consider the following scenario:
Case Study 1
Mike is a father of 3, and in order to save for their college educations, he has
been working two jobs since his kids were born. His daughter Sarah has
worked as hard as she can in high school to get high grades and SAT scores;
as a result of her hard work she has been accepted to a prestigious
IvyLeague college, and the deposit for her first year is due today. If the
deposit goes unpaid, Sarah loses her spot in the freshman class. Mike paid
the bill last week, but today he gets an email from the college admissions
office saying that his payment was rejected for insufficient funds by his
bank, and if he does not make the payment by the end of the day, Sarah will
lose her place and be unable to attend in the Fall. Panicked, Mike calls the
bank – he had more than enough money in his savings to cover the bill, so
he cannot understand what has happened. The bank confirms that his
account had plenty of funds the day before, but cannot tell him why the
funds are gone now or why the payment was rejected. They tell him there
must be some ‘software glitch’ involved and that they will open an
investigation, but that it will take weeks to resolve. They will only restore
the funds in his account once the investigation is completed and the cause
found. Mike has no other way to get the money for the deposit on such
short notice, and has to tell Sarah that he couldn’t cover the bill despite his
earlier promise, and that she won’t be attending college in the Fall.
5
Question 1.1:
What kinds of harm has Mike probably suffered as a result of this incident? What
kinds of harm has Sarah probably suffered? (Make your answers as full as possible;
identify as many kinds of harm done as you can think of).
The harm that was caused by this incident is pretty bad for both Mike and his daughter. He will
be going through lots of time-wasting phone call not only the that but also the added stress no
one deserve that. His daughter will not be able to attend the class for that semester which will
cause more delay for her graduation. Also it will be evident her daughter will depressed which
will cause more headache for the family.
Question 1.2:
Could the problem with Mike’s account have been the result of an action (or a
failure to perform an action) by a software engineer? How many possible
scenarios/explanations for this event can you think of that involve the conduct of one
or more software engineers? Briefly explain the scenarios:
This is a complex issue where it could have been avoided if the software QA testing done
vigorously. If it is a software glitch it is a fault of the Bank who should reverse the charge and
help Mike in this instance instead, they are going on the wrong way of treating its customer. Due
to the system was not tested properly by their QA engineers.
Question 1.3:
Taking into account what we said about ethics in the introduction, could any of the
scenarios you imagined involve an ethical failure of the engineer(s) responsible?
How? Explain:
*Note: An ethical failure would be preventable, and one that a good human being
with appropriate professional care and concern would and should have prevented
(or at least have made a serious effort to prevent).
This is an ethical failure where Bank probably did not hire enough QA engineers to test different
scenario of the system. There will be flaws of any software but if the QA’s are not able to do their
job due to lack of funding or lack of support responsibility should fall on the owner of the system.
Ethically QA did a poor job as well by not trying hard to go through this kind of scenario
6
Let’s try a different scenario:
Case Study 2
Question 1.4: In what ways could Karen potentially be harmed by this app,
depending on how it is designed and how her shopping data is handled and used?
Identify a few harmful scenarios you can think of, and the types of harm she could
suffer in each:
The potential harm that may be caused by this app are:
a. Information shared to 3rd parties may reach parties, who might not favour her, given her
profession. Hence the interested parties may use this data to their advantage and force her to
comply with them.
b. She might get disturbed every now and then because of the offers passed on to her. This may
affect her own work, but on a lower level.
c. Her financial details such as credit card, bank account details are vulnerable, since it is open to
third parties such as Facebook. Online theft is a possibility in this case
7
Question 1.5: Which if any of these harms could result from ethical failings on the
part of the people who developed Errand Whiz? How, specifically?
All these harms mentioned can result from ethical failure on part of the Errand Whiz developers,
because given 3rd party handling issues, if information security people shows some negligence
on their part to deploy preventive measures to avoid third party information leakage this may be
a result of ethical failing. Voluntary sharing of data or information leakage from Facebook is also
an ethical failure for Errand Whiz developers, because it is the responsibility of the developers to
filter which information should pass to Facebook .
Question 1.6: What actions could the people behind Errand Whiz take to prevent
these harms? Are they ethically obligated to prevent them? Why or why not?
Explain your answer.
Ideally, these scenarios have helped to broaden your understanding of the ethical scope of
software engineering. In considering and protecting the ‘health, safety and welfare’ of the
public, we must not limit our thinking to those contexts in which our design choices or
coding practices have the potential to cause someone’s death, or cause them direct
physical injury. The harms that people can suffer as a result of failures by software
engineers to consider their ethical obligation to the public are far more numerous and
more complex than we might think.
Yes, they have the ethical obligation to prevent these harms, as long as it is within their purview
and they are responsible for the security of the collected data. Generally, a customer signs the
terms and condition document before signing in an application and it is implied that their data
will be preserved. The developer team should follow all internet security protocols, using
maximum care to prevent leakage of any personal information to the third parties, that may
cause any kind of possible harm to the user. They are more responsible than Facebook and since
they have tied up with Facebook, they should ensure that Facebook doesn't get their hands-on
data they ideally shouldn't have access to.
8
PART TWO
How do software engineers contribute to the good life for others?
There is a second way in which we need to broaden our understanding of engineering
ethics. Ethics is not just about avoiding harms, as a narrow focus on preventing
catastrophic events might make us believe. Ethics is just as much about doing good.
‘Doing good’ is not something that matters only to missionaries, social workers and
philanthropists. To live a ‘good life’ is to make a positive contribution to the world
through your existence, to be able to say at the end of your life that in your short time
here, you made the world at least somewhat better than it would have been without you in
it. This is also how we think about the lives of those who have left us: when we mourn
our friends and loved ones, we comfort ourselves by remembering the unique comforts
and joys they brought to our lives, and the lives of others; we remember the creative work
they left behind, the problems they helped us solve, and the beautiful acts they performed,
great and small. Could a life about which these things could not be said still be a good
life?
If the good life requires making a positive contribution to the world in which others live,
then it would be perverse if we accomplished none of that in our professional lives, where
we spend many or most of our waking hours, and to which we devote a large proportion
of our intellectual and creative energies. Excellent doctors contribute health and vitality to
their patients and medical knowledge to their interns and colleagues; excellent professors
cultivate knowledge, insight, skill and confidence in their students and contribute the
benefits of their research to the wider community; excellent lawyers contribute balance,
fairness and intellectual vigor to a larger system of justice.
Question 2.1: What sorts of things can excellent software engineers contribute to
the good life?
There is a second way in which we need to broaden our understanding of engineering ethics.
Ethics is not just about avoiding harms, as a narrow focus on preventing catastrophic events
might make us believe. Ethics is just as much about doing good. ‘Doing good’ is not something
that matters only to missionaries, social workers and philanthropists. To live a ‘good life’ is to
make a positive contribution to the world through your existence, to be able to say at the end of
your life that in your short time here, you made the world at least somewhat better than it
would have been without you in it. This is also how we think about the lives of those who have
left us: when we mourn our friends and loved ones, we comfort ourselves by remembering the
unique comforts and joys they brought to our lives, and the lives of others; we remember the
creative work they left behind, the problems they helped us solve, and the beautiful acts they
performed, great and small.
9
Question 2.2: What kinds of character traits, qualities, behaviors and/or habits do
you think mark the kinds of people who tend to contribute most in these ways?
If the good life requires making a positive contribution to the world in which others live, then it
would be perverse if we accomplished none of that in our professional lives, where we spend
many or most of our waking hours, and to which we devote a large proportion of our intellectual
and creative energies. Excellent doctors contribute health and vitality to their patients and
medical knowledge to their interns and colleagues; excellent professors cultivate knowledge,
insight, skill and confidence in their students and contribute the benefits of their research to the
wider community; excellent lawyers contribute balance, fairness and intellectual vigor to a larger
system of justice
10
PART THREE
To whom are software engineers obligated by their professional ethics? Who is ‘the
public’ that deserves an engineer’s professional concern?
The NSPE’s paramountcy clause asks engineers to recognize that their primary
professional duty is to ‘hold paramount the safety, health and welfare of the public.’ But
who exactly is this ‘public?’ Of course, one can respond simply with, ‘the public is
everyone.’ But the public is not an undifferentiated mass; the public is composed of our
families, our friends and co-workers, our employers, our neighbors, our church or other
local community members, our countrymen and women, and people living in every other
part of the world. To say that we have ethical obligations to ‘everyone’ is to tell us very
little about how to actually work responsibly as an engineer in the public interest, since
each of these groups and individuals that make up the public are in a unique relationship
to us and our work, and are potentially impacted by it in very different ways. We also
have special obligations to some members of the public (our children, our employer, our
friends, our fellow citizens) that exist alongside the broader, more general obligations we
have to all of them.
One concept that ethicists often use to clarify our obligations to the public is that of a
stakeholder. A stakeholder is anyone who is potentially impacted by my actions.
Clearly, certain persons have more at stake than other stakeholders in any given action I
might take; when I consider, for example, how much effort to put into cleaning up a
buggy line of code in a program that will be used to control a pacemaker, it is obvious
that the patients in whom the pacemakers with this programming will be implanted are
the primary stakeholders in my action; their very lives are potentially at risk in my choice.
And this stake is so ethically significant that it is hard to see how any other stakeholder’s
interest could weigh as heavily.
Still, in most ethical contexts, including those that arise in software engineering, there are
a variety of stakeholders potentially impacted by my action, and their interests may not
always align with each other. For example, my employer’s interests in cost-cutting and
an on-time product delivery schedule may frequently be in tension with the interest of
other stakeholders in having the highest quality and most reliable product. Yet even
these stakeholder conflicts are rarely so simple as they might first appear; the consumer
also has an interest in an affordable product, and my employer also has an interest in
earning a reputation for product excellence, and in maintaining the profile of a
responsible corporate citizen.
Of course, while my own trivial, short-sighted and self-defeating interests (say, in gaining
extra leisure time by taking reckless coding shortcuts) will never trump a critical moral
interest of another stakeholder (say, their interest in not being unjustly killed by my
product), it remains true that I myself am a stakeholder, since my actions also impact my
own life and well-being. A decision to ignore my well-defined contractual obligations to
my employer, or my obligations to my fellow product team members, will have weighty
consequences for me. But ignoring the health, safety and welfare of those who rely upon
the code I produce has consequences that are potentially even graver – for me as well as
for those persons whose well-being I have chosen to discount or ignore.
11
Ethical decision-making thus requires cultivating the habit of reflecting carefully upon
the range of stakeholders who together make up the ‘public’ to whom I am obligated, and
weighing what is at stake for each of us in my choice.
Here is a scenario to help you think about what this reflection process can entail:
Case Study 3
You are a new hire in a product design team for a start-up company that is
developing new and more powerful versions of the kind of packet-sniffing
and email scanning software systems used by law enforcement agencies and
large corporations to monitor data traffic for illegal activities. This kind of
software might, for example, be programmed to detect illegal downloads of
copyrighted materials, or to flag for review email keywords like ‘bomb,’
‘steal,’ or ‘bribe.’ You are a young parent of two small children, with
parents and friends who are deeply proud of your achievements. You are
looking forward to using this first job to cultivate a reputation in your
industry for being an excellent software engineer.
One day, you happen to overhear your supervisor chatting with another
supervisor about a new contract the company has recently received from a
foreign government. You happen to recognize the name of this country as
one that is currently run by an oppressive military regime that routinely
imprisons its citizens without trial or other due process. In this country,
people perceived as political dissidents and their families are often sent to
labor camps with deplorable living conditions, without hope of appeal, for
an indefinite period. Your own nation has strongly criticized this country’s
human rights record, and many international organizations as well as the
United Nations have condemned its practices.
You realize now that the product your team is working on is part of your
company’s contract with this government; and in fact, you have been
assigned specifically to develop the part of the product that searches for
specific keyword strings in private emails, texts, social networking
messages, Skype and phone conversations. Reviewing the specs for your
task, you realize that your contribution to the product will almost certainly
be used to identify for extraction and review conversations between private
citizens of this country in which there is any specific discussion of their
government or its policies, and especially those in which words like
‘reform,’ ‘injustice,’ ‘corruption,’ ‘due process’ or ‘human rights’ occur.
12
Question 3.1: Who are the various stakeholders in this scenario, and what do they
each have at stake in your action? Reflect carefully and deeply, and answer as
fully as possible.
In this case there are four main stake holders, government, public, the company and employees
of the company. The local government is the most powerful stake holder, the public have to
discuss the relevant issues and analysis the overall situation in which they living, the company
provides the technical assistance to the law enforcement agencies and the employees are the
individuals working in the company.
Question 3.2: What do you think is your ethical obligation in this situation? What do
you think an excellent software engineer would do in this situation? Are they the
same thing, or different? Please explain your answer.
In this situation an ethically develop engineer should not be a part of such a activity. He/she
should discuss the issue with supervisor and need to convince the supervisor also to not be a
part of such activity which is against the human rights. If the supervisor not wants to listen, then
the engineer should quit the job there because it is not ethically justifiable to work against
human rights.
13