Write a 2 page APA formatted paper with high order thinking.
Professional
Ethics and
Responsibilities 9.1 What Are "Professional Ethics"?
9.2 Ethical Guidelines for Computer Professionals 9.3 Scenarios
Exercises
466 Chapter 9 Professional Ethics and Responsibilities
9.1 What Are "Professional Ethics"?
The terms "computer ethics" and "digital ethics" can include such social and polit ical issues as the impact of technology on employment, the environmental impact of computers, whether or not to sell digital technology to totalitarian govemments, use of computer systems by the mihtary, and the impact of new applications on pri vacy. Or, they can t^e a more personal focus and include dilemmas about what to post on the Internet or what to download. In this chapter, we concentrate more nar rowly on a category of professional ethics, similar to medical, legal, and account ing ethics, for example. We consider ethical issues a person might encounter on the job as a computer professional. Professional ethics cover relationships with and responsibihties toward customers, clients, coworkers, employees, employers, peo ple who use one's products and services, and others whom one's products affect. We examine ethicd dilemmas and guidelines related to actions and decisions of individuals who create and use computer systems. We look at situations where you must make critical decisions, situations where significant consequences for you and others could result.
Extreme examples of lapses in ethics in many professional fields regularly appear in the news. In numerous incidents, journalists at prominent news organiza tions plagiarized or invented stories. A famed and respected researcher pubUshed falsified stem cell research and claimed accomplishments he had not achieved. A writer invented dramatic events in what he promoted as a factual memoir of his experiences. These examples involve blatant dishonesty, which is almost always wrong.
Honesty is one of the most fundamental ethical values. We all make hundreds of decisions all day long. The consequences of many decisions are minor, yet others have huge consequences and affect people we never meet. We base decisions, partly, on the information we have (e.g., it takes 10 minutes to drive to work; this software has serious security vulnerabilities; and what you post on a social network site is available only to your designated friends.) We do not always have accurate informa tion, but we must base our choices and actions on what we know. A lie deliberately sabotages this essential activity of being human: absorbing and processing informa tion and making choices to pursue our goals. Lies are often attempts to manipulate people. As Kant might say, a lie treats people as merely means to ends, not ends in themselves. Lies can have many negative consequences. In some circumstances, lying casts doubt on the work or word of other people unjustly. It hurts those people, and it adds unnecessary uncertainty to decisions by others who would have acted on their word. Falsifying work is a form of theft of the payment for the work, and it wastes resources that others could have used productively. It contributes to incorrect choices and decisions by people who depend on the results of the work. The costs and indirect effects of fies can cascade and do much harm.
Many ethical problems are subtler than the choice of being honest or dishonest. In health care, for example, doctors and researchers must decide how to set
9.2 Ethical Guidelines for Computer Professionals 467
priorities for organ transplant recipients. Responsible computer professionals confront issues such as How much risk (to privacy, security, or safety) is accept able in a system? and What uses of another company's intellectual property are acceptable?
Suppose a private company asks your software company to develop a database of information obtained from government records, perhaps to generate lists of con victed shoplifters or child molesters, or perhaps marketing lists of new home buy ers, affluent boat owners, or divorced parents with young children. The people who will be on the lists did not have a choice about whether the information would be widely available to the public. They did not give permission for its use. How will you decide whether to accept the contract? You could accept on the grounds that the records are already public and available to anyone. You could refuse in opposi tion to secondary uses of information that people did not provide voluntarily. You could try to determine whether the benefits of the lists outweigh the privacy inva sions or inconveniences they might cause for some people. The critical first step, however, is recognizing that you face an ethical issue.
The decision to distribute a smartphone app for paying bills from a phone has an ethical component: Do you know enough about security? The decision to distribute software to convert files from formats with built-in copy protection to formats that people can copy easily has an ethical component. So, too, does the decision about how much money and effort to allocate for training employees in the use of a new system. We have seen that many of the related social and legal issues are controversial. Thus, some ethical issues are also controversial.
There are special aspects to making ethical decisions in a professional context, but the decisions are based on general ethical principles and theories. Section 1.4 describes these general principles. It would be good to reread or review it now. In Section 9.2, we consider ethical guidelines for computer professionals. In Section 9.3, we consider sample scenarios.
9.2 Ethical Guidelines for Computer Professionals
9.2.1 Special Aspects of Professional Ethics
Professional ethics have several characteristics different from general ethics since the role of a professional is special in several ways. First, the professional is an expert in a field, be it computer science or medicine, that many customers know little about. Most of the people affected by the devices, systems, and services of professionals do not understand how they work and cannot easily judge their quality and safety. This creates responsibilities for the professional as customers must trust the professional's knowledge, expertise, and honesty. A professional advertises his or her expertise and thus has an obligation to provide it. Second, the products of many professionals (e.g., highway bridges, investment advice, surgery protocols, and software that drives cars) profoundly affect large numbers of people.
468 Chapter 9 Professional Ethics and Responsibilities
A computer professionars work can atfect the life, health, finances, freedom, and future of a client or members of the public. A professional can cause great harm through dishonesty, carelessness, or incompetence. Often, the victims have little ability to protect themselves; they are not the direct customers of the professional and have no direct control or decision-making role in choosing the product or making decisions about its quality and safety. Thus, computer professionals have special responsibilities, not only to their customers, but also to the general pubhc, to the users of their products, regardless of whether they have a direct relation ship with the users. These responsibilities include thinking about potential risks to privacy, system security, safety, reliability, and ease of use, and then acting to diminish risks that are too high.
In Chapter 8, we saw some of the minor and major consequences of flaws in computer systems. In some of those cases, people acted in clearly unethical or irre sponsible ways; however, in many cases, there was no ill intent. Software can be enormously complex, and the process of developing it involves communications between many people with diverse roles and skills. Because of the complexity, risks, and impact of computer systems, a professional has an ethical responsibility not simply to avoid intentional evil, but to exercise a high degree of care and follow good professional practices to reduce the likelihood of errors and other problems. That includes a responsibility to maintain an expected level of competence and be up to date on current knowledge, technology, and standards of the profession. Pro fessional responsibility includes knowing or learning enough about the application field to do a good job. Responsibility for a noncomputer professional who man ages or uses a sophisticated computer system includes knowing or learning enough about the system to understand potential problems.
In Section 1.4.1, we observed that although people often associate courage with heroic acts, we have many opportunities to display courage in day-to-day life by making good decisions that might be difficult or unpopular. Courage in a professional setting could mean admitting to a customer that your program is faulty, declining a job for which you are not qualified, or speaking out when you see someone else doing something wrong. In some situations, it could mean quit ting your job.
Volkswagen's "defeat device": An example of widespread ethical failure^
Millions of diesel cars produced by the Volkswagen group (Volkswagen, Audi, and Porsche) contained software specifically designed to falsify emissions testing in the United States and the European Union. The software sensed when these cars were undergoing emissions testing and properly engaged the emissions control system, which includes a trap for the pollutant nitrogen oxide (NO2).* Operation of the trap increases the use of fuel, so to improve performance when the car was on
'Nitrogen oxide can cause emphysema, bronchitis, and other respiratory diseases.
9.2 Ethical Guidelines for Computer Professionals 469
the road, the software reduced the amount of NO2 captured by the trap. This released into the air up to 40 times more NO2 than is permitted by the U.S. Envi ronmental Protection Agency (EPA). To cover the change in the trap operation, software for the on-board diagnostics system was altered to indicate the emissions system was functioning properly. The software system and corresponding control hardware were referred to as a "defeat device."
After public discovery of the existence of the defeat devices, the CEO of Volkswagen resigned over the scandal, but dozens of engineers, programmers, and other staif were involved. Audi teams developed the defeat device as a shortcut for the high cost of reengineeiing their cars to meet emissions standards. When Volkswagen, and later Porsche, faced similar challenges, the technology was shared and modified for other car models. Investigations show that at least six dif ferent defeat devices were implemented on numerous car models over the course of about 10 years. At a minimum, to implement a single defeat device, someone or a team must have designed it, another team programmed it, and yet another tested and integrated it into the car's systems. From testimony and numerous emails, it is clear that people working on the defeat devices and their managers knew the purpose of these systems. Even though many people inside Volkswagen knew of the device, it was not made public until a university study found emissions discrepancies and the EPA followed up.
Many questions arise from this case. An important one is: Why did no one work ing on the defeat devices or having knowledge of the devices become a whistle- blower and go public? The company blamed the incident on individual misconduct and a culture in some departments that tolerated breaches in rules. The government and news organizations pointed to a cut-throat corporate culture that encouraged cheating to accomplish the goal of becoming the number one automaker.
Corporate culture or peer pressure can be a powerful deterrent to ethical actions. People are tempted to blur ethical boundaries because "everyone else is doing it" or "this is the way it has always been done." Professional ethics provide a guide for us in these situations.
9.2.2 Professional Codes of Ethics
Many professional organizations have codes of professional conduct. These codes provide a general statement of ethical values and remind people in the profession that ethical behavior is an essential part of their job and that they have specific pro fessional responsibilities. Professional codes provide valuable guidance for new or young members of the profession who want to behave ethically but do not know what is expected of them. Their limited experience has not prepared them to be alert to difficult ethical situations and to handle them appropriately.
There are several organizations for the range of professions included in the general term "computer professional." The main ones are the ACM and the IEEE Computer Society (IEEE CS).^ They developed the Software Engineering Code of
470 Chapter 9 Professional Ethics and Responsibilities
EtMcs and Professional Practice (adopted jointly by the ACM and IEEE CS) and the ACM Code of Ethics and Professional Conduct (both in Appendix A). We refer to sections of the codes in the following discussion and in Section 9.3 using the shortened names SE Code and ACM Code. The codes emphasize the basic ethical values of honesty and fairness.* They cover many aspects of professional behav ior, including the responsibility to respect confidentiality,^ maintain professional competence,* be aware of relevant laws,^ and honor contracts and agreements. In addition, the codes put special emphasis on areas that are particularly (but not uniquely) vulnerable from computer systems. They stress the responsibility to respect and protect privacy,** to avoid harm to others,** and to respect property rights (with intellectual property and computer systems themselves as the most relevant examples).^ The SE Code covers many specific points about software development, and is available in several languages. Numerous organizations have adopted it as their internal professional standard.
Managers have special responsibility because they oversee projects and set the ethical standards for employees. Principle 5 of the SE Code includes many specific guidelines for managers. Another important code of ethics for project manag ers is the Project Management Institute's (PMI) Code of Ethics and Professional Conduct. This code provides mandatory standards for all project managers and aspirational standards that managers should strive to uphold.
9.2.3 Guidelines and Professional Responsibilities
Here, we highlight only a few of the many principles for producing good systems. Most concern software developers, programmers, and consultants while some are for professionals in other areas who make decisions about computer systems. Many more specific guidelines appear in the SE Code and in the ACM Code, and we introduce and explain more in the scenarios in Section 9.3.
Understand what success means. After the utter foul-up on opening day at Kuala Lumpur's airport, blamed on clerks typing incorrect commands, an airport official said, "There's nothing wrong with the system." His statement is false, and the attitude behind the statement contributes to the development of systems that will fail. The official defined the role of the airport system narrowly: to do certain data manipulation correctly, assuming all input is correct. Its true role was to get pas sengers, crews, planes, luggage, and cargo to the correct gates on schedule—a goal at which it did not succeed. Developers and institutional users of computer systems must view the system's role and their responsibility in a wide enough context.
*SE Code: 1.06,2.01, 6.07,7.05,7.04; ACM Code: 1.3,1.4. ^SE Code: 2.05; ACM Code: 1.8. *SE Code: 8.01-8.05; ACM Code: 2.2. ^SE Code: 8.05; ACM Code: 2.3. "ACM Code: 2.6. ^^SECode: 1.03, 3.12; ACM Code: 1.7. «SECode: 1.03; ACM Code: 1.2. ^E Code: 2.02,2.03; ACM Code: 1.5,1.6,2.8.
9.2 Ethical Guidelines for Computer Professionals 471
Include users (such as medical staff, technicians, pilots, and office workers) in the design and testing stages to provide safe and useful systems. The importance of this guideline is illustrated by the discussion of computer controls for airplanes (Section 8.3.1) where confusing user interfaces and system behavior increased the risk of accidents. There are numerous "horror stories" in which technical people developed systems without sufficient knowledge of what was important to users. For example, a system for a newborn nursery at a hospital rounded each baby's weight to the nearest pound. For premature babies, the difference of a few ounces is crucial information.^ The responsibility of developers to talk to users is not limited to systems that affect safety and health. Systems designed to manage stories for a news website, to manage inventory in a toy store, or to organize photos and video on a website could cause frustration, waste a client's money, and end up on the trash heap if designed without sufficient consideration of the needs of actual users. Numerous studies have found that user input and communication throughout the design and development of a system are critical to the system's success. The box Reinforcing exclusion" illustrates more ways to think about your users.
einforci
A speaker recognition system is a system (consisting of hardware and software) that identifies the person speaking. (This is dif ferent from speech recognition, discussed in Section 7.5.2, which identifies the words
spoken.) One application of speaker rec ognition is teleconferencing for business meetings. The system identifies who is speaking and displays that person on every one's screen. An early speaker recognition system recognized male voices more easily than female voices. Sometimes the system failed to recognize female speakers and focus attention on them, effectively remov ing them from the discussion.'^ Did the designers of the system intentionally dis criminate against women? Probably not. Are women's voices inherently more difficult to recognize? Probably not. What happened? There were many more male programmers than female programmers and there typi cally were many more men than women in high-level business meetings. Men were the primary developers and testers of the sys tem, so the algorithms were inadvertently optimized for the lower range of male voices.
In his book, The Road Ahead, Bill Gates tells us that a team of Microsoft program mers developed and tested a hand-writing recognition system. When they thought it was working fine, they brought it to him to try and it failed. All the team members were
right-handed and Gates is left-handed.® In some applications, it might make
sense to focus on a niche audience or
ignore a particular audience, but that choice should be conscious (and reason able). These examples show how easy it is to develop systems that unintentionally exclude people—and how important it is to think beyond one's own group when designing and testing a system. Besides women and left-handed people, other groups to consider are nontechnical users, different ethnic groups, disabled people, older people (who might, for example, need a large-font option), and children.
In these examples, doing "good" or "right" in a social sense—taking care not to reinforce exclusion of specific groups of people—coincides with producing a good product and expanding its potential market.
472 Chapter 9 Professional Ethics and Responsibilities
Do a thorough, careful job when planning and scheduling a project and when writing bids or contracts. This includes, among many other things, allocating suffi cient time and budget for testing the software or system and its security. Inadequate planning leads to pressure to cut comers later. (See SE Code 3.02, 3.09, and 3.10.)
Design for real users. In so many cases, systems crashed because someone typed input incorrectly. In one case, an entire paging system shut down because a technician did not press the "Enter" key (or did not hit it hard enough). Real people make typos, get confused, or are new at their jobs. It is the responsibility of the system designers and programmers to provide clear user interfaces and include appropriate checking of input. It is impossible for software to detect all incorrect input, but there are techniques for catching many kinds of errors and for reducing the damage that errors cause.
Require a convincing case for safety. One of the most difficult ethical prob lems that arises in safety-critical applications is deciding how much risk is accept able. We repeat a guideline from Section 8.3.1: For the ethical decision maker, the policy should be to suspend or delay use of the system in the absence of a convincing case for safety, rather than to proceed in the absence of a convincing case for disaster.
Require a convincing case for security. As we saw in Chapter 5, the early Internet, early versions of applications, and many of the devices that comprise the Internet of Things were developed without security in mind. Systems that have security patched or cobbled on later are seldom as secure as those where develop ers design security in from the start. Many insecure devices, once deployed, cannot be recalled or upgraded, and thus remain vulnerable. Designers of every device or application that connects to the Intemet should expect that someone with malicious intent will discover it and attempt to expose its data or take over its operations. As with safety, the policy should be to suspend or delay use of the system in the absence of a convincing case for security.
Do not assume existing software is safe or correct. If you use software from another application, verify its suitability for the current project. If the software was designed for an application where the degree of harm from a failure was small, the quality and testing standards might not have been as high as necessary in the new application. The software might have confusing user interfaces that were tolerable (though not admirable) in the original application but that could have serious neg ative consequences in the new application. We saw in Chapter 8 that a complete safety evaluation is important even for software from an earlier version of the same application if a failure would have serious consequences. (Recall the Therac-25 and Ariane 5.)
Be open and honest about capabilities, safety, and limitations of software. In several cases described in Chapter 8, there is a strong argument that the treatment of customers was dishonest. The line between emphasizing your best qualities and being dishonest is not always clear, but it should be clear that hiding known, serious
9.3 Scenarios 473
flaws and lying to customers are on the wrong side of the hne. Honesty includes taldng responsibility for damaging or injuring others. If you break a neighbor's window playing ball or smash into someone's car, you have an obligation to pay for the damage. If a business finds that its product caused injury, it should not hide that fact or attempt to put the blame on others.
Honesty about system limitations is especially important for expert systems (also called decision systems)—that is, systems that use models and heuristics incorporating expert knowledge to guide decision making (for example, medical diagnoses or investment planning). Developers must explain the limitations and uncertainties to users (doctors, financial advisors, and so forth, and to the public when appropriate). Users must not shirk responsibility for understanding them and using the systems properly.
Pay attention to defaults. Everything, it seems, is customizable: the level of encryption on a wireless network, whether consumers who buy something online are placed on an email list for ads, the difficulty level of a computer game, the type of news stories your favorite news site displays for you, what a spam filter will filter out, and what you share and with whom in your social network. There fore, default settings might not seem important, but they are critical. Many users do not know the options they can control or how best to configure the options. Very importantly, most users do not understand issues of security and do not take the time to change settings. As a result, system designers must give serious thought to default settings. Sometimes, protection (of privacy or from hackers, for example) is the ethical priority. Other times, ease of use and compatibility with user expectations is a priority. Balancing these priorities can lead to difficult conflicts.
Develop communications skills. A computer security consultant told me (SB) that often when he talks to a client about security risks and the products available to protect against them, he sees the client's eyes glaze over. It is a tricky ethical and professional dilemma for him to decide just how much to say so that the client will actually hear and absorb it.
There are many situations in which a computer professional must explain technical issues to customers and coworkers. Learning how to organize information, distinguish ing what is important to communicate and what is not, engaging the listener actively in the conversation to maintain interest, and so on, will help make one's presentations more effective and help to ensure that the client or coworker is tmly infonned.
9.3 Scenarios
9.3.1 Introduction and Methodology
The cases we present here, most based on real incidents, are just a few sam ples of ethical situations that occur. They vary in seriousness and difficulty.
474 Chapter 9 Professional Ethics and Responsibilities
and include situations that illustrate professional responsibilities to customers, clients, employers, coworkers, potential users of computer systems in the gen eral public, and others. Additional scenarios appear in exercises at the end of the chapter.
In most of this book, we have tried to give arguments on both sides of contro versial issues without taking a position. Ethical issues are often even more difficult than some of the others we have covered, and there could well be disagreement among technology ethics speciahsts on some points in the cases considered here. In any real case, there are many other relevant facts and details that affect the con clusion. Despite the difficulty of drawing ethical conclusions, especially for brief scenarios, we give conclusions for some of these cases. You might face cases like these where you must make a decision and we do not want to leave the impression that, because a decision is difficult or because some people benefit or lose either way, there is no ethical basis for making the decision. (It seems ethically irrespon sible to do so.)
On the other hand, in Section 1.4 we emphasized that there is not always one right answer to an ethical question—often many responses or actions are ethically acceptable. We also emphasized that there is no algorithm to crank out the correct answers. And so, we must use our knowledge of how people behave, what prob lems have occurred in the past, and so on, to decide what choices are reasonable. Throughout this book, we have approached many issues as problem-solving situ ations. For example, identity thieves get information in a certain way. How can we make it harder for them while maintaining varied and convenient services for consumers? Drivers of semi-autonomous cars may become inattentive. How can we encourage them to pay attention? We will see the same approach in some of these ethical scenarios. Rather than simply concluding that a service, product, or action is right or wrong, we, as responsible, ethical professionals, look for ways to reduce negative consequences.
How shall we analyze specific scenarios? We now have several tools. We can try to apply our favorite ethical theory, or some combination of the theories. We can ask questions that reflect basic ethical values: Is it honest? Is it responsible? Does it violate an agreement we made? We can consult a code of professional eth ics. But ethical theories and guidehnes might conflict, or we might find no clause in the codes specifically applicable. The preamble of the SE Code recognizes this problem and emphasizes the need for good judgment and concern for the safety, health, and welfare of the pubhc.
Although we will not follow the outline below step by step for all the scenarios, our discussions will usually include many of these elements:
1. Brainstorming phase
• List all the people and organizations affected. (They are the stakeholders.) • List risks, issues, problems, and consequences.
9.3 Scenarios 475
• List benefits and identify who gets each benefit. • In cases where there is not a simple yes or no decision, but rather one has
to choose some action, list possible actions.
2. Analysis phase
• Identify responsibilities of the decision maker. (Consider responsibihties of both general ethics and professional ethics.)
• Identify rights of stakeholders. (It might be helpful to clarify whether they are negative or positive rights, in the sense of Section 1.4.2.)
• Consider the impact of each potential action on the stakeholders. Analyze consequences, risks, benefits, harms, and costs for each action considered.
• Find sections of Ae SE Code or the ACM Code that apply. Consider the guidelines in Section 9.2.3. Consider Kant's, Mill's, and Rawls' approaches. Then, categorize each potential action or response as ethically obligatory, ethically prohibited, or ethically acceptable.
• If there are several ethically acceptable options, select an option by con sidering the ethical merits of each, courtesy to others, practicality, self- interest, personal preferences, and so on. (In some cases, plan a sequence of actions, depending on the response to each.)
The brainstorming phase can generate a long discussion with humorous and obviously wrong options. In the andysis phase, we might reject some options or decide that the claims of some stakeholders are irrelevant or minor. This does not imply the brainstorming effort that generated those options or claims was wasted. Brainstorming can bring out ethical and practical considerations and other useful ideas that one would not immediately think of. And it can be as helpful to think about why some factors do not carry heavy ethical weight as it is to know which ones do.
9.3.2 Protecting Personal Data
Your customer is a community clinic that works with families that have prob lems of family violence. It has three sites in the same city, including a shelter for battered women and children. The director wants a computerized record and appointment system, networked for the three sites. She wants a few tab lets on which staffers can carry records when they visit clients at home and stay in touch with clients by email. She asked about an app for these tablets and the staffers' smartphones by which they could access records at social service agencies. At the shelter, staffers use only first names for clients, but the records contain last names and forwarding addresses of women who have recently left. Currently, the clinic's records are on paper and in word process ing and spreadsheet applications on one of two shared desktop computers in the main clinic office. The clinic's budget is small.
The clinic director is likely aware of the sensitivity of the information in the records and knows that inappropriate release of information can result in embarrassment
476 Chapter 9 Professional Ethics and Responsibilities
for families using the clinic and physical harm to women who use the shelter. But she might not be aware of the risks of the technologies in the system she wants. You, as the computer professional, have specialized knowledge in this area. It is as much your obligation to warn the director of the risks as it is that of a physician to warn a patient of side effects of a drug he or she prescribes. (See, for example, ACM Code 1.7 and SE Code 2.07 and 3.12.)
The most vulnerable stakeholders here are the clients of the clinic and their family members, and they do not take part in your negotiations with the director. You, the director, the clinic employees, and the donors or agencies that fund the clinic are also stakeholders.
Suppose you warn the director about unauthorized access to sensitive informa tion by hackers and the potential for interception of records during transmission. You can make several recommendations to protect client privacy:
• identification codes for clients (not Social Security numbers) that the clinic will use when real names are not necessary
• security software to reduce the threat of hackers who might steal data • encryption for transmission of records
• encryption for records on tablets
• tablets that have extra security features (such as fingerprint readers, so that only authorized employees can access the data, or remote tracking or erasing features)
You warn that staffers might be bribed to sell or release information from the sys tem. (Suppose a client is a candidate for the city council or a party in a child- custody case.) You suggest procedures to reduce such leaks:
• a user ID and password for each staff member, coded to allow access only to information that the particular worker needs
• a log function that keeps track of who accessed and modified records • monitoring and controls on employee email and Web activity
You cite examples of incidents of loss and theft of sensitive data to support your recommendations. Note that your ability to provide these suggestions and examples is dependent on your professional competence, currency in the field, and general awareness of relevant current events.
The features you recommend will make the system more expensive. If you convince the director of the importance of your recommendations, and she agrees to pay the cost, your professional/ethical behavior has helped improve the security of the system and protect clients.
9.3 Scenarios 477
Suppose the director says the clinic cannot afford all the security features. She wants you to develop the system without most of them. You have several options:
• develop a cheap, but vulnerable, system
• refuse and perhaps lose the job (although your refusal might convince the director of the importance of the security measures and change her mind)
• add security features and not charge for them
• work out a compromise that includes the protections you consider essential
All but the first option are clearly ethically acceptable. What about the first? Should you agree to provide the system without the security you believe it should have? Is it now up to the director alone to make an informed choice, weighing the risks and costs? In a case where only the customer would take the risk, some would say yes, it is your job to inform, no more. Others would say that the customer lacks the professional expertise to evaluate the risks. In this scenario, however, the director is not the only person at risk, nor is the risk to her the most significant risk of an insecure system. You have an ethical responsibility to consider the potential harm to clients from exposure of sensitive information and not to build a system without adequate privacy protection.
The most difficult decision may be deciding what is adequate. Encryption of personal records on portable devices may be essential while monitoring employee Web access is probably not. There is not always a sharp, clear line between sufficient and insufficient protection. You must rely on your professional knowledge, on being up to date about current risks and security measures, on good judgment, and perhaps on consulting others who develop systems for similar applications (SE Code 7.08).
Note that although we have focused on the need for privacy protection here, you can overdo such protection. You also have a professional ethical responsibility not to scare a customer into paying for security measures that are expensive but protect against very unhkely risks.
9.3.3 Designing an Application with Targeted Ads
Your company is developing a free mobile app that searches Intemet data bases and news stories for data on food, recipes, and restaurants the user is interested in. It lets the user share this information and send text messages to friends who have the app. The app will include targeted advertising based on the content of messages, user searches, and searches done by friends (the app assumes someone's interests are similar to those of his or her friends). You are part of the team designing the system. What are your ethical responsibilities?
Obviously, you must protect the privacy of the searches and messages. The com pany plans a sophisticated text analysis system to scan searches and messages and
478 Chapter 9 Professional Ethics and Responsibilities
select appropriate ads. No humans will read the messages. Marketing for the free app will make clear that users will see targeted ads. The privacy policy will explain that the content of user activity will determine which ads appear. So, the market ing director contends, you have satisfied the first principle of privacy protection- informed consent. What else must you consider to meet your ethical responsibility in offering this service to the public?
The fact that software, not a person, scans the searches and messages and assigns the ads reduces privacy threats. But what will this system store? Will it store data about which ads it displayed to specific users? AMll it store data about which key words or phrases in messages determine the selection of ads? )Afill it store data about who viewed specific ads? Because the system selects ads based on content, the set of ads displayed to a user could provide a lot of information about that person. Some of it will be incorrect or misleading information because of quirks in the ad-targeting methods.
Should we insist that no such data be stored? Not necessarily, as some of it might have important uses. Some records are necessary for billing advertisers, others for analysis to improve ad-targeting strategies, and perhaps some for responding to complaints from app users or advertisers. The system design team needs to deter mine what records are necessary, which need to be associated with individual users, how long the company will store them, how it will protect them (from hackers, accidental leaks, and so on), and under what conditions it will disclose them.
Now, back up and reconsider informed consent. Telling customers that they will see ads based on the content of their searches and messages is not sufficient if the system stores data that can link a list of ads with a specific user. You must explain this to potential users in a privacy policy or user agreement. But we know that most people do not read privacy policies and user agreements, especially long ones. A person might give legal consent, but ethical responsibility goes further. Independent of what is in the agreement, the designers must think about potential risks of the system and build in protections.
There are ways to reduce potential damage from unintended disclosure of the ads selected for a person. For example, consider some sensitive topics: health (which might come up in searches or messages about eating disorders, diets for diabetics, vegetarianism, etc.), religion (kosher or halal food), or financial problems (which might come up in messages about the cost of expensive restaurants). If the system does not target based on these topics, then the records the system stores will have little or no information about them. Thus, for added protection, the designers should consider restrictions on the set of topics the system uses for targeting.
Should the app let users turn off ads completely? The app is free and the advertis ing pays for it. Anyone who objects to ads can find information in other ways. There is no strong argument that an opt-out option is ethically obligatory. Offering it is admirable, however, and it could be a good business decision, creating goodwill and attracting people who might then use other company services. You could consider developing a paid version of the app without advertising, as many companies do.
9.3 Scenarios 479
9.3.4 Webcams in School Laptops®
As part of your responsibilities at a tech company, you oversee the installation of software packages for large orders. A recent order of laptops for a local school district requires webcam software to be loaded. You know that this software allows for remote activation of the webcam.
Remotely operated cameras and microphones can be in televisions, game systems, tablets, mobile phones, and other appliances. Thus, issues similar to this scenario can arise in many other situations.
Is it your duty to know how your customers will use a product that you supply? Should you inform them, caution them, or even require them to take measures to protect the people who will use the product?
Perhaps one of the most challenging questions for anyone doing business is to whom am I responsible? The most obvious answer is the paying customer in this case, the school district. But as we pointed out in Section 9.2.1 and as the ACM Code points out (ACM Code 2.5 and 3.4), our responsibilities go beyond customers—to employers, users, and the public. In this situation, the stakeholders include not only the school district administration but also the students, parents, teachers, and our own company. Each party has an interest in the security and proper usage of the webcam software, whether they know it or not.
First, find out more about the order. Most likely, the laptops are going to stu dents. If so, then they and their parents need to know about the remote activation capability. If employees of the school district are the recipients, they may have agreed to some sort of privacy policy or have given informed consent.
Consider that the school district might not be familiar with the workings of the software package they ordered and is unaware the cameras can be activated remotely. Suppose a school employee activates several webcams and eavesdrops on students in their homes (as happened in at least one schooF). When the violation is uncovered, accusations fly. Parents want to know why the school would install such software and why it did not provide proper security measures. School admin istrators, caught completely off guard, want to know why you did not inform them about the risks and offer them additional security. Valuable trust between families and their schools and between you and your customer evaporates—trust that is hard to restore.
Your company is ethically responsible for informing your customers of the risks of a product it sells, whether the company or a third party designed and built it. Approach this responsibility not as a burden—an obligation that might jeop ardize the sale—but as a service to your customer. When you inform a customer about a security or privacy risk, suggest solutions or alternatives such as the ability to disable certain functions or an alternative product that might lower or eliminate the risk. Let your customers know that you are there to help them navigate the
480 Chapter 9 Professional Ethics and Responsibilities
risks and that your goal is to deliver a product that will meet the requirements of the stakeholders.
As with many scenarios, there might not be a happy ending. It is possible that the school district will turn down your proposal for better security or cannot afford a more secure product. In these cases, you and your company must further weigh the risks to the other parties. Sometimes, your only ethical course of action is not to accept the contract. Awareness and preparation in advance can help avoid such negative situations. Become familiar with all products your company offers. If the sale of some of these products can present ethical dilemmas (security, safety, pri vacy, etc.), then formulate contractual requirements beforehand and present them to any potential customer up front. In the case of the webcam software, you might have a policy in place that allows for installation only on systems meeting some minimum security requirements. Moving these concerns to the front of the nego tiating process helps to avoid ethical dilemmas later. In addition, it positions your company as one that is familiar with the risks and benefits of the systems it sells and as a company that subscribes to a high ethical standard.
9.3.5 Publishing Security Vulnerabilities
Three MIT students planned to present a paper at a security conference describing security vulnerabilities in Boston s transit fare system. At the request of the transit authority, a judge ordered the students to cancel the pre sentation and not distribute their research. The students are debating whether they should circulate their paper on the Web.* Imagine that you are one of the students.
What are some reasons why you might want to circulate the paper? You might think the judge's order violates your freedom of speech; posting the paper would be a protest. You might want to circulate the paper for the same reasons you planned to present it at a conference: to make other security experts aware of the problems, perhaps to generate work on a security patch, or perhaps to spur the transit author ity to fix the problems.
Publishing the vulnerabilities has several risks. You and your coauthors could face legal action for violating the order. The university could face negative con sequences because the work was part of a school project. Publishing the vulner abilities anonymously could reduce these risks, but many people at the university and in the security field already know who did the work. If you could publish anonymously, would you?
The transit system could lose a substantial amount of money if people exploit the information. If at some location in the network, the fare system is connected to
*The first part of the scenario is from an actual incident. We do not know if the students considered violat ing the judge's order; that part of the scenario is made up.
9.3 Scenarios 481
the system that interacts with the subway cars,* a hacker may gain access to that system, thereby endangering lives.
In the actual case, the transit authority requested a five-month ban to provide time for them to fix the problems, but the judge dissolved the order after a week. We have an established legal system where both parties to a disagreement have an opportunity to present their arguments. The system has plenty of flaws, but it is better than most. Maintaining a peaceful, civil society requires that we sometimes accept a decision of an impartial adjudicator. Ignoring a legal decision might be eth ical in some circumstances, but not merely because one does not like the decision.
Note that we have considered, mainly, the decision of whether or not to vio late the judge's order. The students still must decide whether and when to present their findings. In Section 5.5.3, we considered issues about responsibly disclosing security vulnerabilities.
9.3.6 Specifications
You are a relatively junior programmer working on software modules that collect data from loan application forms and convert them to formats required by parts of the program that evaluate the applications. You find that some demographic data are missing from some forms, particularly race and age. What should your program do? What should you do?
Begin by consulting the specifications for the program. Any project should have specification documents approved by the client or managers of the company devel oping the project (or both). Your company has an ethical and business obligation to ensure that the specifications are complete and to produce a program that meets them. Ethical reasons for this include, but go beyond, doing what the company has agreed to do and has been paid to do. When data collection activities (filling in a paper or online form) are separated from data entry activities as in this scenario, system designers should always expect missing or incorrect values for required data. Many systems have an option for indicating "unspecified" values.
Suppose you do not find anything in the specs that covers your problem. The next step is to bring the problem to the attention of your manager. Suppose the manager tells you, "Just make the program assume 'white' for race if it's miss ing. Banks shouldn't discriminate based on race anyway." Do you accept your manager s decision? You should not. The manager's quick and simplistic response suggests that he or she is not acting with informed responsibility.
What consequences could the manager's decision have? Suppose the com pany later uses some of your modules in another project, say, one that evaluates patients for inclusion in research studies on new drugs. Some diseases and drugs
Recall that hackers took over the brakes and other controls of a car after entering via the entertainment system. Systems that one might think should not be connected often are.
482 Chapter 9 Professional Ethics and Responsibilities
affect people in different ethnic groups differently. Inaccurate data could threaten the health or life of people in the studies and distort the conclusions in ways that harm other people who later use the drugs. But, you say, we emphasized in Chapter 8 and Section 9.2.3 that people who reuse existing software, especially in a safety-critical project, should review the software and its specifications to ensure that it meets the standards of the new project. That is their responsibility, you say. But if your way of handling missing data is not in the specifications, how will they know about it? Perhaps someone will notice that the specs are incomplete. Perhaps they will test the modules thoroughly before reusing them and discover what the code does. However, we have seen enough examples of human error to derive a lesson for a responsible professional: Do not count on everyone else to do their jobs perfectly. Do your best to make sure your part is not one of the factors that contribute to a failure.
In what other ways might your manager's decision be wrong? The manager might not know enough about the uses of the program to make a good decision. In this example, it is possible that the modules of the program that evaluate the loan application do not use the data on race at all. It is possible that the lender or the gov ernment wants data on race to ensure compliance with nondiscrimination policies and laws. This is an excellent time for you and the manager to discuss the situation with the customer since the application must meet that organization s needs. In addi tion, your company must document whatever decision it makes, especially when the specifications need a revision so that they will be complete (SE Code 3.11).
9.3.7 Schedule Pressures
A safety-critical application
Your team is working on a computer-controlled device for treating cancerous tumors. The computer controls direction, intensity, and timing of a beam that destroys the tumor. Various delays have put the project behind schedule, the dead line is approaching, and there will not be time to complete all the planned test ing. The system has been functioning properly in the routine treatment scenarios tested so far. The only testing that remains is for rare and unexpected situations. You are the project manager, and you are considering whether to deliver the sys tem on time, while continuing testing and making patches if the team finds bugs. Since the device has already received government approval, senior management in your company has left the decision to you, but they prefer to release it on time.
As we observed in Chapter 8, there are often pressures to reduce software testing. Testing is one of the last steps in development, so when deadlines approach, testing schedules often shrink.
The central issue here is safety. Your company is building a machine designed to save lives, but if it malfunctions, it can kill or injure patients. Perhaps the situa tion seems obvious: delivering the system on time benefits the company but could endanger the patients—a case of profits versus safety. But we will defer a conclu sion until after we analyze the case further.
9.3 Scenarios 483
Who does your decision aflFect? First, the patients who will receive treatment with the machine. A malfunction could cause injury or death. On the other hand, if you delay release of the machine, some patients it might have cured could undergo surgery instead. We will assume treatment with the new machine is preferable because it is less invasive, requires less hospitalization and recovery time, has a higher success rate, and overall is less expensive. For some patients, surgery might be impossible, and they could die from their cancer without the new device. A sec ond set of stakeholders is the hospitals and clinics who will purchase the machine. Delay could cause financial losses if they have planned on having the machine at the scheduled time. However, it is reasonable for them to expect that the design and testing are professional and complete. You are deceiving customers if you do not tell them that you have not completed testing. Third, your decision affects you and your company (including its employees and stockholders). The negative conse quences of delaying delivery could include damage to your reputation for manag ing a project (with possible impact on salary and advancement), loss of reputation, a possible fall in stock price for the company, and loss of other contracts, resulting in reduction of jobs for the company's programmers and other employees. As a project manager, you have an obligation to help the company do well. On the other hand, if the system injures a patient, the same negative consequences are likely to occur, in addition to the injury and the human feelings of guilt and remorse as well as significant monetary losses from lawsuits.
This brief examination shows that delivering the system without complete test ing could have both negative and positive impacts on patients and on other stake holders. The issue is not simply profits versus safety. We assume you are honestly trying to weigh the risks of delivering the system against the costs of delay. How ever, we must consider a few aspects of human nature that can influence the deci sion. One is to put more weight on short-term and/or highly likely effects. Many of the costs of delay are fairly certain and immediate, and the risk of malfunction is uncertain and in the future. Also, people tend to use the inherent uncertainties of a situation and the genuine arguments for one side to rationalize making the wrong decision. That is, they use uncertainty to justify taking the easy way out. It might take experience (with both professional and ethical issues), knowledge of cases like the Therac-25, and courage to resist the temptation to put short-term effects ahead of longer-term risks.
Now that we have seen that there are arguments on both sides, we must decide how to weigh them and how to avoid rationalization. First, the machine works well in the routine tests performed so far. The Therac-25 case illustrates that a complex system can function correctly hundreds of times but fail with fatal consequences in unusual circumstances. Your customer might not know this. You, as a computer professional, have more understanding about the complexity of computer programs and the potential for errors, especially in programs that interact with real-world events such as operator input and control of machinery. We assume that careful thought went into devising the original test plan for the machine. You should delay delivery and complete the tests. (See SE Code 1.03 and 3.10 and ACM Code 1.2.)
484 Chapter 9 Professional Ethics and Responsibilities
Some patients will benefit from on-time delivery. Should their interests bear equal weight with those of the patients whom a malfunction might harm? Not nec essarily. The machine represents an improvement in medical treatment, but there is no ethical obligation that it be available to the public on a certain date. You are not responsible for the care of people who rely on existing treatments. Your obliga tion to the people who will use the machine is to be sure that it is as safe as good professional practice can make it, and that includes proper testing. You do not have an ethical obligation to cure people of cancer, but you do have an ethical obligation to use your professional judgment in a way that does not expose people, without their knowledge, to additional harm. Also, if the machine is released without com plete testing and it fails, the damage to the company's and machine s reputations may prevent the machine from ever being released again, thereby denying future patients its benefits.
What about your responsibility to your company? Even if we weigh the short- term effects of the delay more highly than the risks of losses that would result from a malfunction, the ethical arguments are on the side of fully testing the machine. Yes, you have a responsibility to help your company be successful, but that is not an absolute obligation. (Recall the discussion of goals and constraints in Section 1.4.3.) Perhaps the distinction would be more obvious if the issue were stealing (from a competitor or a customer perhaps). Your responsibility to the financial success of the company is secondary to ethical constraints. In the present case, avoiding unreasonable risk of harm to patients is the ethical constraint (SB Code 1.02).
Getting a product to market
Most products are not safety-critical ones where flaws might threaten people s lives. Consider this scenario:
You are a programmer working for a very small start-up company. The com pany has a modest product line and is now developing a truly innovative new product. Everyone is working 60-hour weeks and the target release date is nine months away. The bulk of the programming and testing is done. You are about to begin the beta testing. (See Section 8.3.1 for an explanation of beta testing.) The owner of the company (who is not a programmer) has learned about an annual industry show that would be ideal for introducing the new product. The show is in two months. The owner talks with the project manager. They decide to skip the beta testing and start making plans for an early release.^
Should you protest? Students discussing this scenario generally recognize that the decision is a bad one and that the company should do the beta testing. They ask, however, if the programmer is even in a position to protest. Are you supposed to do
"There are many situations where patients knowingly ti^ risky drugs or treatments. Here, we are assuming that doctors and hospitals do not present the device as risky or experimental, but as a new, presumably safe treatment device.
9.3 Scenarios 485
what the project manager, your direct supervisor, says? Should you say nothing, speak up, or quit?
Consider this possible outcome: You ask for a meeting with the owner. You explain that the product is not ready, that beta testing is a very important stage of development, and that the company should not skip it. The owner accepts what you say and drops the idea of an early release. The new product, released when originally planned, is a success. You eventually become the head of quality control for the growing company.
This is not a fairy tale. It is an actual case, and the outcome just described is what actually happened. This case makes a very important point: Sometimes people will listen to you, provided, of course, you are respectful, thoughtful, and well prepared. In another actual case, a manager within a company, but not the software division, asked a programmer to do something the programmer knew was not a good idea. Although she feared that she might lose her job for refusing a manager s request, she said no and gave a brief explanation. The manager accepted the explanation, and that was the end of the incident. People often ask for things they do not necessarily expect to get. It is important to keep in mind that others might respect your opinion. You might be the only one who recognizes the prob lem or understands a particular situation. Your responsibilities to your company include applying your knowledge and skill to help avoid a bad decision. In the start-up scenario, speaking up might have had a significant impact on the success of the product and the company. Many people are reasonable and will consider a good explanation or argument. Many—but not all. The CEO of a small electron ics company proposed producing a new version of a product within three months. The director of engineering (an excellent, experienced software engineer) wrote up a detailed schedule of all the necessary steps and told the CEO that the project would take more than a year. Note that the software engineer did not simply tell the CEO that the three-month plan was unreasonable. He documented his claim. (SE Code 2.06 and 3.09 apply.) The CEO replaced him with someone who had a "can do" attitude. Although it might seem that the result for the engineer in this case was the opposite of the two previous cases, this is also a case where doing what is professionally responsible corresponds with doing what is good for oneself. The software engineer did not want the stress of working under an extremely unreason able schedule nor the responsibility for the inevitable failure. Leaving the company was not a bad thing.
Suppose that after hearing your arguments, the owner of the start-up company in our scenario decides the product must be ready for the trade show. Releasing the product later, as originally planned, will result in a major competitor gaining a significant market advantage that could result in your company's product not earn ing back its development costs. What are your options at this point? It is still not a good idea to cut the testing, but if you focus on solutions and look for alternatives, you might find one. Is it possible to reduce the number of features in the product? This can reduce development time and leave more time for testing. It also requires
486 Chapter 9 Professional Ethics and Responsibilities
less testing since there are fewer features to test. This has the potential to best serve both the company, by releasing the product at the trade show, and the customer, by releasing a fully tested, stable product.
9.3.8 Software License Violation
Your company had a trial Ucense for 10 machines for an expensive virtual reality and simulation program it was evaluating for purchase. Toward the end of the trial, your company began price negotiations with the vendor for 85 full licenses and started to copy the software onto the 85 machines that would use the applica tion. After several weeks, the negotiations broke down and the software licenses were not purchased. At this point, several departments in your organization are regularly using the unlicensed software and want to continue to do so.'
The first step here is to inform your supervisor that the copies violate the license agreement. Suppose the supervisor is not willing to take any action. What next? What if you bring the problem to the attention of higher-level people in the com pany and no one cares? There are several possible actions: Give up; you did your best to correct the problem. Call the software vendor and report the offense. Quit your job.
Is giving up at this point ethically acceptable? Some students believe it depends in part on whether you are the person who signed the original trial license agree ment. If so, you have made an agreement about the use of the software, and you, as the representative of your company, are obligated to honor it. Because you did not make the copies, you have not broken the agreement directly, but you have responsibility for the software. As practical matters, your name on the license could expose you to legal risk or unethical managers in your company could make you a scapegoat. Thus, you might prefer to report the violation to the vendor or quit your job and have your name removed from the license to protect yourself. If you are not the person who signed the license, then you observed a wrong and brought it to the attention of appropriate people in the company. Is that enough? What if the vendor sues your company for the illegal software use? What do Sections 2.02, 6.13, and 7.01 of the SE Code and 1.5 and 2.6 of the ACM Code suggest?
9.3.9 Going Public with Safety Concerns
Suppose you are a member of a team working on a crash-avoidance system for automobiles. You think the system has a design flaw that could endan ger people. The project manager does not seem concerned and expects to announce completion of the project soon. Do you have an ethical obligation to do something?
Given the potential consequences, yes (see SE Code 1.04; ACM Code 1.2,2.5). We consider a variety of options. First, at a minimum, discuss your concerns with the
9.3 Scenarios 487
project manager. Voicing your concerns is admirable and obligatory and is good for your company. Internal "whistleblowing" can help protect the company, as well as the public, from all the negative consequences of releasing a dangerous product. If the manager decides to proceed as planned with no examination of the problem, your next option is to go to someone higher up in the company.
If no one with authority in the company is willing to investigate your concerns, you have a more difficult dilemma. You now have the option of going outside the company to the customer, to the news media, or to a government agency. There is personal risk of course: You might lose your job. There is also the ethical issue of the damage you might do to your company and, ultimately, to the people who would benefit from the system. You might be mistaken about the flaw, or you might be correct, but your method of whistleblowing might produce negative publicity that kills a potentially valuable and fixable project. As the ACM Code (1.2) says, "[MJisguided reporting of violations can, itself, be harmful." At this point, it is a good idea to consider whether you are confident that you have the expertise to assess the risk. It could help to discuss the problem with other professionals. If you conclude that the management decision was an acceptable one (and that you are not letting your concern for keeping your job sway your conclusion), this might be the point at which to drop the issue. If you are convinced that the flaw is real, or if you are aware of a careless, irresponsible attitude among the company managers, then you must go further (SE Code 6.13). You are not an uninvolved bystander, for whom the question of ethical obligation might be more fuzzy. The project pays your salary and you are part of the team; you are a participant. Note, also, that this is the kind of situation suggested in SE Code 2.05 where you may violate a confi dentiality agreement.
There have been several dramatic cases where professionals faced this dif ficult situation. Computer engineers who worked on the San Francisco Bay Area Rapid Transit system (BART) worried about the safety of the software designed to control the trains. Although they tried for many months, they were not suc cessful in their attempts to convince their managers to make changes. Eventually, a newspaper published some of their critical memos and reports. The engineers were fired. During the next few years, several crashes occurred, and there were public investigations and numerous recommendations made for improving safety of the system.'®
One of the BART engineers made these comments about the process:
If there is something that ought to be corrected inside an organization, the most effective way to do it is to do it within the organization and exhaust all possibilities there ... you might have to go to the extreme of publishing these things, but you should never start that way.''
It is important, for practical and ethical reasons, to keep a complete and accurate record of your attempts to bring attention to the problem and the responses from
488 Chapter 9 Professional Ethics and Responsibilities
the people you approach. The record protects you and others who behave respon sibly and could help avoid baseless accusations later.
9.3.10 Release of Personal Information
We will look at two related scenarios. Here is the first:
You work for the IRS, the Social Security Administration, a medical clinic, a video streaming company, or a social networking service. Someone asks you to get a copy of records about a particular person and he will pay you $10,000.
Who are the stakeholders?
• You. You have an opportunity to make some extra money. Or be sent to jail. • The person seeking the records. Presumably, he has something to gain. • The person whose records the briber wants. Providing the information invades
his or her privacy and may threaten the person in other ways. • All people about whom the company or agency has personal information. If
you sell information about one person, chances are you will sell more if asked in the future.
• Your employer (if a private company). If the sale becomes known, the victim might sue the company. If such sales of information become common, the company will acquire a reputation for carelessness and will potentially lose business and lawsuits.
There are many alternative actions open to you:
• Sell the records.
• Refuse and say nothing about the incident.
• Refuse and report the incident to your supervisor.
• Refuse and report to the police.
• Contact the person whose information the briber wants and tell him or her of the incident.
• Agree to sell the information, but actually work with the police to collect evidence to convict the person trying to buy it.
Are any of these alternatives ethically prohibited or obligatory? The first option, selling the records, is clearly wrong. It almost certainly violates rules and policies you have agreed to abide by in accepting your job. As an employee, you must abide by the guarantees of confidentiality the company or agency has promised its cus tomers or the public. Depending on the use made of the information you sell, you
9.3 Scenarios 489
could be helping to cause serious harm to the victim. Disclosing the information is also likely illegal. Your action might expose your employer to fines. If someone dis covers the leak, the employer and the police might suspect another employee, who could face arrest and punishment. (See ACM Code: 1.2, 1.3, 1.7, 2.6; SE Code: 2.03,2.05,2.09,4.04,6.05,6.06.) What if you are under financial pressure at home and the extra money could help ease the stress on your family? Should you consider diat? What if the amount was higher, say $200,000? You would be able to help not just your family but others as well. Your plans for the money do not change the ethical character of the action; no matter how tempting, it is still ethically wrong.
What about the second alternative: refusing to provide the records, but not reporting the incident? Depending on company policies (and laws related to cer tain government agencies; see SE Code 6.06 and ACM Code 2.3), you might be obligated to report any attempt to gain access to the records. There are other good reasons for reporting the incident. Reporting could lead to the capture of someone making a business of surreptitiously and illegally buying sensitive personal infor mation. Reporting could protect you and other innocent employees if someone later discovers the sale of the records and does not know who sold them. (Some ethicists, e.g., deontologists, argue that taking an action because it benefits you is not ethically meritorious. However, one can argue that taking an action that pro tects an innocent person is meritorious, even if the person is yourself.)
ACM Code 1.2 and 1.7 suggest an obligation to report, but it is not explicit. There might be disagreement about whether you have an ethical responsibility to do more than refuse to sell the information. It is difficult to decide how much you must do to prevent a wrong thing from happening if you are not participating in the wrong act. A recluse who ignores evils and pains around him might not be doing anything unethical, but he is not what we would consider a good neighbor. Acting to prevent a wrong is part of being a good neighbor or good employee; it is ethi cally admirable—even in situations where it is not ethically obligatory.
Now, consider a variation of this scenario:
You know another employee sells records with people's personal information.
Your options include doing nothing, talking to the other employee and trying to get him or her to stop selling files (by ethical arguments or threats of expo sure), reporting to your supervisor, or reporting to an appropriate law enforce ment agency. The question here is whether you have an obligation to do anything. This scenario differs from the previous one in two ways. First, you have no direct involvement; no one has approached you. This difference might seem to argue for no obligation. Second, in the previous scenario, if you refused to sell the file, the buyer might give up, and the victim's information would remain protected. In the current scenario, you know that a sale of confidential, sensitive information occurred. This makes the argument in favor of an obligation to take action stronger (see SE Code 6.13 and 7.01). You should report what you know.
490 Chapter 9 Professional Ethics and Responsibilities
9.3.11 Conflict of Interest
You have a small consulting business. The CyberStufT company plans to buy software to run a cloud data-storage business. CyberStuff wants to hire you to evaluate bids from vendors. Your spouse works for NetWorkx and did most of the work in writing the bid that NetWorkx plans to submit. You read the bid while your spouse was working on it, and you think it is excellent. Do you tell CyberStuff about your spouse's connection with NetWorkx?
Conflict-of-interest situations occur in many professions. Sometimes the ethical course of action is clear, though at times it can be more difficult to determine.
In discussions among professionals and among students, we have seen two immediate reactions to scenarios similar to this one. One is that if you honestly believe you can be objective and fairly consider all bids, you have no ethical obli gation to say anything. The other is that it is a simple case of profits versus honesty, and ethics requires that you inform the company about your connection to the software vendor. Which is right? Is this a simple choice between saying nothing and getting the consulting job or disclosing your connection and losing the job?
The affected parties are the CyberStuff company, yourself, your spouse, your spouse's company, other companies whose bids you will be reviewing, and future customers of CyberStuff's cloud storage service. A key factor in considering con sequences is that we do not know whether CyberStuff will later discover your connection to one of the bidders. If you say nothing about the conflict of inter est, you benefit, because you get the consulting job. If you recommend NetWorkx (because you believe its bid is the best), it benefits from a sale. However, if Cyber Stuff discovers the conflict of interest later, your reputation for honesty—important to a consultant—will suffer. The reputation of your spouse's company could also suffer. Note that even if you conclude that you are truly unbiased and do not have an ethical obligation to tell CyberStuff about your connection to your spouse's company, your decision might put NetWorkx's reputation for honesty at risk. The appearance of bias can be as damaging (to you and to NetWorkx) as actual bias. If you recommend NetWorkx and one of the other bidders discovers your connection, similar negative results will likely occur.
Suppose you take the job and you find that one of the other bids is much better than the bid from NetWorkx. Are you prepared to handle that situation ethically?
What are the consequences of disclosing the conflict of interest to the client now? You will probably lose this job, but CyberStuff might value your honesty more highly, and you might get more business in the future. Thus, there could be benefits, even to you, from disclosing the conflict of interest.
Suppose it is unlikely that anyone will discover your connection to NetWorkx. What are your responsibilities to your potential client as a professional consultant? When a company hires you as a consultant, the company expects you to offer unbi ased, honest, impartial professional advice. There is an implicit assumption that
9.3 Scenarios 491
you do not have a personal interest in the outcome or a personal reason to favor one of the bids you will review. There should not be even an appearance of favoritism. The conclusion in this case hangs on this point. Despite your belief in your impar tiality, you could be unintentionally biased. It is not up to you to make the decision about whether you can be fair. The client should make that decision. Your ethical obligation in this case is to inform CyberStulf of the conflict of interest. (See SE Code Principle 4,4.03, and 4.05, and ACM Code 2.5.)
9.3.12 Kickbacks and Disclosure
You are an administrator at a major university. Your department selects a few brands of security software to recommend to students for their desktop computers, laptops, tablets, and other devices. One of the companies whose software you will evaluate takes you out to dinner, gives you free software (in addition to the security software), olfers to pay your expenses to attend a professional conference on computer security, and offers to give the university a percentage of the price for every student who buys its security package.
You are sensitive to the issue of bribery, but the cost of the dinner and software the company gave you is relatively small. The university cannot pay to send you to con ferences. Attending one will improve your knowledge and skills and make you better at your job, a benefit to both you and the university. The percentage from the sales benefits the university and thus all the students. This sounds like a good deal for all.
A similar situation arose in the student loan business. Universities recom mend loan companies to students seeking student loans. A flurry of news reports disclosed that several universities and their financial aid administrators gave spe cial privileges and preferred recommendations to particular lending companies in exchange for payments to the universities and consulting fees, travel expenses, and other gifts for the administrators. Some financial aid officers defended the prac tices. Professional organizations scurried to write new ethical guidelines. Some lenders paid heavy fines. The reputations of the universities suffered. The govern ment heavily regulates the lending industry, so we return to the security software scenario to discuss ethical issues, not primarily legal ones.
First, does your employer have a policy about accepting gifts from vendors? Even if gifts appear small to you and you are confident that they do not influence your judgment, you are obligated to follow your employer's policy. Violating the policy violates an agreement you have made. Violating the policy could expose the employer to negative publicity (and possibly legal sanctions). (See SE Code 6.05 and 6.06. SE Code 1.06,4.03, and 4.04 are also relevant to this case.)
Who does not benefit from the arrangement with the software company? Any company that charges less for software of comparable quality or any company that charges the same or perhaps a little more for a better product and, perhaps, all the students who rely on the recommendation. The university's obligation in making
492 Chapter 9 Professional Ethics and Responsibilities
the recommendation is primarily to the students. Will the benefits the administrator and the university receive sway their choice of company to the point where they do not choose the products best for the students?
People want to know when a recommendation represents an honest opinion and when someone is paying for it. We expect universities and certain other orga nizations to be impartial in their recommendations. When the university selects software to recommend, the presumption is that it is, in the university's opinion, the best for the students. If there are other reasons for the selection, the university should disclose them. Disclosure is a key point. Many organizations encourage their members to get a credit card that provides a kickback to the organization. This is not unethical primarily because the kickback is made clear. It is even a selling point; Use this card and help fund our good cause. However, even if the university makes clear in its recommendation that it benefits financially from sales of the software it recommends, there are good arguments against such an arrangement, arguments similar to those against what the loan administrators did. The cozy rela tionship between administrators and certain companies can lead to decisions not in the best interests of the students.
9.3.13 A Test Plan
A team of programmers at a small company is developing a communications system for firefighters to use when fighting a fire. Firefighters will be able to communicate with each other, with supervisors near the scene, and with other emergency personnel. The programmers will test the system in a field near the company office.
What is the ethical issue? Unlike earlier scenarios, there is time for testing, but here the test plan is insufficient and this is an application where lives could be at risk. Testing should involve real firefighters inside buildings or in varied terrain, perhaps in an actual fire (perhaps a controlled bum). The programmers who work on the system know how it behaves. They are experienced users with a specific set of expectations. They are not the right people to test the system. Testing must address issues such as: Will the devices withstand heat, water, and soot? Can someone manipulate the controls wearing heavy gloves? Are the controls clear and easy to use in poor light conditions? Will a building's structure interfere with the signal?
In an actual case, the New York City Fire Commissioner halted use of a $33 million digital communications system after a fireman called for help on his radio and no one heard. Firefighters reported other problems during simula tion tests. The commissioner commented, "We tested the quality, durability, and reliability of the product, but we didn't spend enough time testing them in the field or familiarizing the firefighters with their use."'^
Note that we did not indicate your role in this scenario. If you are a member of the programming team, your obligation to voice your concern is similar to that
9.3 Scenarios 493
in some of the previous scenarios. If you are in charge of testing, you need to recognize that the test described is only one small step in a good test plan. If you are responsible for purchasing the communications systems for a fire department, your role might include inquiring about the testing done by the manufacturer and working with both the manufacturer and the fire department to set up a plan for field testing by firefighters.
9.3.14 Artificial Intelligence and Sentencing Criminals
You are part of a team developing a sophisticated program using artificial intelligence techniques to make sentencing decisions for convicted criminals.
Such a program can take several different approaches. In Section 7.1.2, we described a system that examines a large number of factors about the convicted person and then produces a score to indicate the Ukelihood that he or she will commit future crimes. Judges consider this score when deciding on the sentence. Another approach, the one we consider here to illustrate different issues, analyzes previous similar criminal cases to "learn" how to make similar decisions.
Reviewing sentencing decisions from similar previous cases is helpful, but judges use judgment in deciding sentences (within bounds established in law). Prosecutors and defense lawyers present arguments that a judge considers, so these would need to be part of the input to the software. Years of experience provide insights that may be difficult to encode into software. A judge can consider unusual circumstances in the case, the character of the convicted person, and other factors that a program might not handle. Judges sometimes innovate creative new aspects of sentencing whereas a sentencing application would be more restricted in its options. On the other hand, some judges have a reputation for giving extremely tough sentences, while others are very lenient. Some people argue that software might be more fair than a judge influenced by personal impressions, fatigue or hunger,'^ and biases. On the other hand, again, critics of the software package we described in Section 7.1.2 argue that it produces racially biased results. Thus, for several reasons, we might not want the software to make the decisions. We modify the scenario by adding two words to the original description:
You are part of a team developing a sophisticated program using artificial intelligence techniques to help judges make sentencing decisions for con victed criminals.
Let's suppose your team's system will analyze the characteristics of the crime and the criminal to find other cases that are similar. Based on its analysis of cases, should it then make a recommendation for the sentence in the current case, or should it simply display similar cases, more or less as a search engine would, so that the judge can review them? Or should it provide both a recommended sentence and the relevant cases?
494 Chapter 9 Professional Ethics and Responsibilities
This is clearly an application where it is essential to have experts and potential users involved in the design. The expertise and experience of judges and lawyers are essential for choosing criteria and strategies for selecting the similar cases on which the program bases its recommendation. The system s recommendations, if it makes them, must comply with sentencing requirements specified in laws.
The involvement of lawyers can improve subtler decisions. Consider the ques tion of the ordering of the cases the system displays. Should it order them by rel evance, case date, or by the length of the sentence? If the latter, should the shortest or longest sentences come first? Perhaps you should order the cases according to an evaluation of their similarity or relevance to the current case. That is a fuzzier criterion than date or length of sentence. Again, it is important to include a variety of experts, with different perspectives, in the design process when making such choices.
Is the ordering of the selected cases so important? When you are researching some topic, how many pages of search engine results do you look at? Many people rarely go beyond the first page. We expect a judge making a sentencing decision to be more thorough. Experience, however, reminds us that people sometimes are tired or rushed. Sometimes they have too much confidence in results from com puter systems. Even when people are deliberate and careful in interpreting out put, the manner in which the viewers see the data can influence their perceptions and decisions. Thus, careful planning, including much consultation with relevant experts, is an ethical requirement in a system that will have significant impact on people's lives.
A company or government agency that develops or installs this system must consider how it will maintain and update the system. Clearly, there will be new cases to add. How will the system handle changes in sentencing laws? Should it discard cases decided under the old law? Include them but flag them clearly as predating the change? How much weight should the system give to such cases in its selection criteria?
We have not yet answered the question about whether the system should rec ommend a sentence. A specific recommendation from the system that differs from the judge's initial plan might lead a judge to give a case more thought. Or it might influence a judge more than it should. If the system presents a recommendation, legislators or administrators might begin to think that a clerk or law student, not a judge, can operate the system and handle sentencing. This is not likely in the short term—judges and lawyers would object. It is, however, a possible consequence of apparently sophisticated AI systems making apparently wise decisions in any pro fessional area. A potential drop in employment for judges (or other professionals) is not the main issue. The quahty of the decisions is. Thus, an answer to the ques tion will depend in part on the quality of AI technology (and the specific system) at the time of development and on the sensitivity of the application. (See Exercise 6.17 for another application area.)
9.3 Scenarios 495
Suppose judges in your state use a sentencing decision system that displays similar cases for the judge to review. You are a programmer working for your state government. Your state has just made it a criminal offense to use a smart- phone while taking a college exam. Your boss, a justice department adminis trator, tells you to modify the program to add this new category of crime and assign the same relevancy weights to cases as the program currently does for using a smartphone while driving a car (already illegal in your state).
The first question, one for your boss, is whether the contract under which the system operates allows the state to make changes. For many consumer products, guarantees and service agreements become void if the consumer takes the product apart and makes changes. The same can be true for software. Let's assume the boss knows that the state's contract allows the state to modify the system.
Suppose you know that your boss made the decision quickly and indepen dently. You should say no, with appropriate politeness and reasons. SE Code 3.15 states a very important, often ignored principle: "Treat all forms of software main tenance with the same professionalism as new development." That includes devel oping specifications—in this example, in consultation with lawyers and judges who understand the law and its subtleties. We raised a sampling of the complex and sensitive issues that go into the design of a system such as this. Modifications and upgrades should also undergo thorough planning and testing.
9.3.15 A Gracious Host
You are the computer system administrator for a mid-size company. You can monitor the company network from home, and you frequently work from home with some company files on your home computer. Your niece, a college student, is visiting for a week. Her phone battery is dead, and she asks if she can use your computer to check her email. Sure, you say.
You are being a gracious host. What is the ethical problem?
Maybe there is none. Maybe you have an excellent firewall and excellent anti- virus software. Maybe you remember that you are logged in to your company system and you log out before letting your niece use the computer. Maybe your files are password protected and you create a separate account on your computer for your niece. Maybe you think of these things because you are a system admin istrator. But maybe not. A typical employee for a company who works from home probably would not. Most people do not think about security when a relative asks to use a personal computer or other device.
Your niece is a responsible person. She would not intentionally snoop or do harm to you or your company. But after checking email, she might check in on her Facebook friends, then look for someone selling cheap concert tickets, and then ... who knows? Her activities could result in a virus being installed on your
496 Chapter 9 Professional Ethics and Responsibilities
computer that, in turn, infects your company's network. Maybe her own computer crashed several times in the past six months because of viruses.
Your company network contains employee records, customer records, and plenty of information about company projects, finances, and plans. Depending on what the company does, the system might contain other very sensitive informa tion. Downtime, due to a virus or similar problem, would be very costly for the company. In an actual incident, someone in the family of a mortgage company employee signed up for a peer-to-peer file sharing service and did not properly set the options indicating which files to share. Mortgage application information for a few thousand customers leaked and spread on the Web. Always be alert to potential security risks.
Exercises
Review Exercises
9.1 What are two ways professional ethics differ from ethics in general?
9.2 What part of a car did Volkswagen's "defeat device" defeat?
9.3 Why did a program developed by Microsoft programmers to read handwriting fail? 9.4 What is one important policy decision a company should consider when designing a system
to target ads based on email content?
9.5 Suppose you are a programmer, and you think there is a serious flaw in software your com pany is developing. Who should you talk to about it first?
General Exercises
9.6 Describe a case at work or in school where someone asked or pressured you to do some thing you thought unethical.
9.7 The management team of a mobile phone service company is debating options for cus tomer retrieval of their voice mail messages. Some managers argue for providing quick retrieval, that is, access to messages without a PIN when the system recognizes that the call is coming from the customer's own phone. Some managers argue that such access without a PIN should be an option the customer can turn on or off. Others argue that the company should always require the PIN. What are some risks of not requiring a PIN? Which of the options (or others you might think of) are ethically acceptable? Which is best?
9.8 Suppose the mobile phone service company in the previous exercise chooses to provide an option for quick retrieval of messages without a PIN. What should the default setting for this option be (on or off) when someone initiates service? Why?
9.9 Your company sells a device (smartphone, tablet, or other small portable device) for which owners can download third-party apps from your app store. The company's published policy says that the company will delete an app from users' devices if and only if the company discovers that the app contains malicious software such as a virus that compromises the security of the devices or of sensitive user data on the devices. The company discovers that an app has an undocumented but easily initiated component that displays extremely
Exercises 497
offensive video showing men insulting and violently attacking Chinese people. The com pany immediately removes the app from its app store and alerts customers to delete the app from their devices. Should the company remotely delete the app from the devices of all who downloaded it? Give arguments on both sides. Which side do you think is stronger? Why?
9.10 Many elderly people have trouble remembering words, people's names, and recent events. Imagine a memory-aid product. What features would it have? What devices would you design it for?
9.11 Suppose you are on a panel of software professionals who investigated Volkswagen's installation of devices to defeat emissions testing. What punishments would you recom mend for the engineers who designed, built, and tested the devices?
9.12 The scenarios in Sections 9.3.2 and 9.3.4 are about different situations, but they share many principles. Identify several principles that these scenarios have in common.
9.13 Consider the clinic scenario in Section 9.3.2. If you decline the job, are you responsible if the director contracts with another company to build a system the clinic can afford but is vulnerable? Present arguments on both sides and then tell what you think and why.
9.14 You work for a company that develops security products. You helped write software for a car door lock that operates by matching the driver's thumbprint. The manager for that project is no longer at the company. A local power station wants your company to develop a thumbprint-operated lock for secure areas of the power station. Your boss says to use the software from the car locks. What is your response?
9.15 Write a scenario to illustrate SE Code 2.05 and ACM Code 1.8.
9.16 You are a manager at a health maintenance organization. You find that one of your employ ees has been reading people's medical records without authorization. What actions could you take? What will you choose? Why?
9.17 In many cities, wills processed by courts are public records. A business that sells informa tion from local public records is considering adding a new "product," lists of people who recently inherited a large amount of money. Using the methodology of Section 9.3.1, ana lyze the ethics of doing so.
9.18 You are designing a database to keep track of patients while they are in a hospital. The record for each patient will include special diet requirements. Describe some approaches to deciding how to design the list of diet options from which a user will select when entering patient data. Evaluate different approaches.
9.19 You are an expert in speaker recognition systems. (See the box in Section 9.2.3.) A com pany asks you to help develop a system to sift through huge quantities of sound files from intercepted phone conversations to find the conversations of specific people. The company plans to sell the system to law enforcement agencies in the United States and other coun tries where it expects the system to be used in compliance with the country's laws. What questions, if any, will you ask to help make your decision, and how will they affect the deci sion? If you would accept or reject the job without further information, give your decision and your reasons.
9.20 You are an executive at a company that provides a voice-activated home control and per sonal assistant system similar to Amazon's Echo and Google Home. A police department asks for everything the system recorded in the home of a murder suspect. How will you respond? What guidelines from Appendix A are relevant?
498 Chapter 9 Professional Ethics and Responsibilities
9.21 A company that is developing software for a new generation of space shuttles offers you a job. You do not have any training in the specific techniques used in the programs you will be working on. You can tell from the job interview that the interviewer thinks your college program included this material. Should you take the job? Should you tell the interviewer that you have no training or experience in this area? Analyze this scenario, using the meth ods in Section 9.3.1. Find relevant sections from the ethics codes in Appendix A.
9.22 A small company offers you a programming job. You are to work on new versions of its software product to disable copy protection and other access controls on electronic books. (For this exercise, assume you are in a country that does not outlaw tools to circumvent copy protection as the Digital Millennium Copyright Act does in the United States.) The company's program enables buyers of ebooks to read their ebooks on a variety of hardware devices (fair uses). Customers could also use the program to make many unauthorized copies of copyrighted books. The company's Web page implicitly encourages this practice, particularly for college students who want to avoid the cost of e-textbooks. Analyze the ethics of accepting the job. Find relevant sections from the ethics codes in Appendix A.
9.23 Find at least two examples described in this book where there was a violation of Clause 3.09 of the SE Code.
9.24 Clause 1.03 of the SE Code says, "Approve software only if . . . [it does not] diminish privacy or harm the environment." Search engines can diminish privacy. Do they violate this clause? Should the clause say something about trade-offs, or should we interpret it as an absolute rule? The concluding sentence of Clause 1.03 says, "The ultimate effect of the work should be to the public good." Does this suggest trade-offs?
9.25 Clause 8.07 in the SE Code says we should "not give unfair treatment to anyone because of any irrelevant prejudices." The guidelines for Section 1.4 of the ACM Code say, "Dis crimination on the basis of... national origin... is an explicit violation of ACM policy and will not be tolerated." Analyze the ethical issues in the following scenario. Do you think the decision in the scenario is ethically acceptable? How do the relevant sections from the two codes apply? Which code has a better statement about discrimination? Why?
Suppose you came to the United States from Iraq 15 years ago. You now have a small software company. You will need to hire six programmers this year. Because of the devastation by the war in your homeland, you have decided to seek out and hire only programmers who are refugees from Iraq.
9.26 Consider the following statements.
(1) In addition to a safe social environment, human well-being includes a safe natural environment. Therefore, computing professionals who design and develop systems must be alert to, and make others aware of, any potential damage to the local or global environment.''*
(2) We cannot assume that a computer-based economy automatically will provide enough jobs for everyone in the future. Computer professionals should be aware of this pres sure on employment when designing and implementing systems that will reduce job opportunities for those most in need of them.'^
Compare the two statements from the perspective of how relevant and appropriate they are for an ethical code for computer professionals. Do you think both should be in such a code? Neither? Just one? (Which one?) Give your reasons.
Exercises 499
9.27 You are the president of a small computer game company. Your company has just bought another small game company that was developing three new games. You find that one is complete and ready to sell. It is very violent and demeaning to women. It would probably sell a few million copies. You have to decide what to do with the game. Give some options, and give arguments for and against them. What will you do? Why?
9.28 Consider the first scenario in Section 9.3.7. Suppose that the company has decided to deliver the device before completing the testing and that you have decided you must inform the hospitals that are purchasing it. Discuss ethical arguments about whether to include your name and job with the information you give to the hospitals or to send it anonymously.
9.29 The first case in Section 9.3.7 concerns a safety-critical system. Suppose the software prod uct in the second scenario is an accounting system, or a game, or a photo-sharing system. Which principles or ideas in the analysis of the first scenario apply to the second one? Which do not? Explain your answers.
9.30 You are a high-level manager at an automobile company. You must decide whether to approve a proposed project to add a screen on which the front-seat passenger will have full Internet access. The driver would not be able to see the screen easily or well from the driver's seat. What are the issues? Make a decision and explain it.
9.31 Suppose there are two large competing telecommunications firms in your city. The com panies are hostile to each other. There have been unproven claims of industrial espionage by each company. Your spouse works for one of the companies. You are now interviewing for a job with the other. Do you have an ethical obligation to tell the interviewer about your spouse's job? How is this case similar to and different from the conflict-of-interest case in Section 9.3.11 ?
9.32 In the conflict-of-interest case in Section 9.3.11, we mentioned that future customers of CyberStuff's cloud storage service are stakeholders, but we did not discuss them further. How does your decision affect them? What are your ethical obligations to them?
9.33 In Section 9.3.12, we discussed issues about accepting gifts from vendors. Give some rea sons why the policies about doing so might differ among different types of employers, for example, a small private company, a state university, a large corporation with many share holders, and a government agency.
9.34 You are developing an app to work with browsers on mobile devices that will tag game sites as safe or unsafe based on criteria about what data the sites collect from the user's device. What ethical responsibilities do you have to the game sites you will rate and to potential users of your app?
9.35 Several professional associations of engineers oppose allowing increased immigration of skilled high-tech workers. Is this ethical? Give arguments for both sides. Then give your view and defend it.
9.36 A television manufacturer has hired your company to develop a personalization system using a camera on front of the television set and face recognition software to suggest pro gramming and to target ads to the individual watching TV. What risks to privacy does this entail? What features should you include? How should the system or TV company inform buyers about the system? If the system recognizes that two people are watching television, which one's profile should it use to recommend programs or select ads to display?
9.37 Your company makes a system that controls household gadgets, from heating and air- conditioning to music players and garden sprinklers. The user issues commands to the
500 Chapter 9 Professional Ethics and Responsibilities
system by speaking in a natural voice and the receiver for the system is a small device that sits on a table or a shelf in the home. The device listens for its "name" and begins recording and processing speech when it hears its name. The system sends the voice commands to a cloud server for processing and logging. You work on the control module that responds to speech, and you discover that similar names and certain short phrases of ordinary words will also activate it. Is this a serious problem? Why? What would you do about it?
9.38 You are an experienced programmer working on part of a project that involves processing data from wearable fitness devices. You have figured out that you can do a part of your sec tion of the program in a way that is more efficient than the method described in the speci fications. You are confident that your method is correct, and you know that the change will have no impact on other parts of the program. You understand the importance of following specifications, but you also know that any proposed revision generates a long, bureaucratic process that will take weeks and require approvals from many people in both your company and the client company. Is this a case where the trade-offs make it reasonable to use the better method without a revision of the specifications? Explain your response.
9.39 It is early December. You are the manager of the IT department of a large retail chain, and you are ready to switch all the stores in the chain to a new system for processing customer credit card payments. The new system should be quicker and more secure. Give reasons for and against installing it now rather than waiting until after the hohday season.
9.40 Analyze the following scenario using the methodology of Section 9.3.1. Is the action ethical?
You work for a software company developing a system to process loan applications for mortgage companies. You will do maintenance on the system after delivery. You are considering building in a backdoor so that you can easily get into the system after it is installed at various customer facilities. (This is not in the specifications for main tenance; it is your secret.)
Assignments
These exercises require some research or activity.
9.41 Find estimates of how much the Volkswagen emissions scandal cost the company (in fines, lawsuits by customers, loss of stock value, or loss of business—whatever you can find).
9.42 Watch a science fiction movie set in the near future. Describe a computer or telecommu nications system in the movie that does not currently exist. Suppose, in the years before the movie takes place, you are on the team that develops it. Identify issues of professional ethics the team should consider.
9.43 Research how automobile manufacturers currently perform updates of driving-assistance software in cars (including, for example, software that keeps the car within its lane and software that causes automatic braking when the car detects an obstacle). Find out if there are any government regulations controlling how manufacturers handle such updates. Sup pose, a few years from now, you work for a manufacturer of fully self-driving cars and are developing policies and procedures for updates to the software in the cars. How would the update policies differ for different systems? For example, should the entertainment system have a different update policy than the steering or braking systems?
Notes 501
Class Discussion Exercises
These exercises are for class discussion, perhaps with short presentations prepared in advance by small groups of students.
9.44 You are the programmer in the clinic scenario (Section 9.3.2). The director has asked you to rank your suggestions for security and privacy protection measures so that she can choose the most important ones while still trying to stay within her budget. Group the suggestions into at least three categories: imperative, important, and recommended. Include explana tions you might give her and assumptions you make (or questions you would ask her) to help determine the importance of some features.
9.45 Which do you think is less risky: developing fair software for sentencing criminals or developing safe software for self-driving cars? Which would you be more comfortable working on? Why?
9.46 The faculty at a large university requested that the campus store sell an electronic device, Auto-Grader, for students to use when taking machine-scorable tests. Students enter test answers into the device. When done, they send the answers to the instructor's tablet in the classroom. Once the instructor's computer receives the answers, it immediately grades the test and sends each student's score back to the student's device.
Suppose you are a university dean who must decide whether to allow use of this sys tem. Analyze the decision as both an ethical and practical problem. Discuss potential ben efits and problems or risks of using the system. Discuss all the issues (of the kind relevant to the topics of this book) that are relevant to making the decision. Mention any warnings or policies you might include if you approve use of the system.
9.47 As we saw in Section 7.5.3, some people fear that development of intelligent robots could have devastating consequences for the human race. Is it ethical to do research aimed at improving artificial intelligence?
9.48 The Software Engineering Institute (SEI) and the computer security organization CERT have developed coding standards to guide software developers in creating robust, safe, and secure programs.'^ Do computer professionals have an ethical responsibility to follow these standards?
Notes
1. Information for this section came from the following articles: Jack Ewing and Graham Bowley, "The Engineering of Volkswagen's Aggressive Ambition," New York Times, Dec. 13, 2015, www.nytimes.eom/2015/12/14/business/the- engineering-of-volkswagens-aggressive-ambition.html; Guilbert Gates, Jack Ewing, Karl Russell, and Derek Watkins, "Explaining Volkswagen's Emissions Scan dal," New York Times, Sept. 12, 2016, www.nytimes.com/interactive/2015/ business/intemational/vw-diesel-emissions-scandal-explained.html; Jack Ewing, "VW Presentation in '06 Showed How to Foil Emissions Tests," New York Times, Apr. 26, 2016, www.nytimes.com/2016/04/27/business/intemational/vw-presentation- in-06-showed-how-to-foil-emissions-tests.html; Jack Ewing and Hirroko Tabauch, "Volkswagen Scandal Reaches All the Way to the Top, Lawsuits Say,"
502 Chapter 9 Professional Ethics and Responsibilities
New York Times, July 19,2016, www.nytimes.com/2016/07/20/business/intemational/ volkswagen-ny-attorney-general-emissions-scandal.html; Complaint filed by New York States Attorney General against Volkswagen, July 19, 2016, cdn. arstechnica.net/wp-content/uploads/2016/07/new_york_vw_complaint_7.19.pdf; Megan Guess, "Massachusetts, New York, Maryland Accuse Volkswagen Execs in Fresh Lawsuits," Ars Technica, July 19, 2016, arstechnica.com/cars/2016/07/ states-sue-volkswagen-execs-for-fraud-current-ceo-named-in-lawsuits/.
2. The somewhat outdated full names of the organizations are the Association for Computing Machinery and the Institute of Electrical and Electronics Engineers.
3. Bob Davis and David Wessel, Prosperity: The Coming 20-Year Boom and What It Means to You, Random House, 1998, p. 97.
4. Charles Filler, "The Gender Gap Goes High-Tech," Los Angeles Times, Aug. 25, 1998, p.Al.
5. Bill Gates, The Road Ahead, Viking, 1995, p. 78. 6. Julie Johnson contributed this scenario and much of its analysis. 7. Jacqui Cheng, "FBI, Grand Jury Now Probing High School's Webcam Spying,"
Ars Technica, Feb. 22, 2010, arstechnica.com/tech-policy/2010/02/fbi-grand- jury-now-probing-high-school-webcam-spying/.
8. I thank Cyndi Chie for giving me this scenario and telling me of the outcome in the actual case.
9. This scenario was inspired by David Kravets, "Batten Down the Hatches- Navy Accused of Pirating 585k Copies of VR Software," Ars Technica, July 23, 2016, arstechnica.com/tech-policy/2016/07/batten-down-the-hatches-navy-accused- of-pirating-585k-copies-of-vr-software.
10. Robert M. Anderson et al, Divided Loyalties: Whistle-Blowing at BART, Purdue University, 1980.
11. Holger Hjorstvang, quoted in Anderson et al, Divided Loyalties, p. 140. 12. Robert Fox, "News Track," Communications of the ACM, 44, no. 6 (June 2001),
pp. 9-10. Kevin Flynn, "A Focus on Communication Failures," New York Times, Jan. 30, 2003, p. A13.
13. One study showed judges more likely to be lenient early in the day or after a snack: Kurt Kleiner, "Lunchtime Leniency: Judges' Rulings Are Harsher When They Are Hungrier," Scientific American, Sept. 1, 2011, www.scientificamerican.com/article/ lunchtime-leniency/.
14. Guidelines of the ACM Code of Ethics and Professional Conduct, Section 1.1 15. Tom Forester and Perry Morrison, Computer Ethics: Cautionary Tales and Ethical
Dilemmas in Computing, 2nd ed., MIT Press, 1994, p. 202. 16. SEI CERT Coding Standards, www.securecoding.cert.org/confluence/display/
seccode/SEI+CERT+Coding+Standards.