After seeing the amount of shoddy, insecure, dangerous code that gets shipped into production at a supposedly high-quality code shop, I've become increasingly of a mind that software engineers need to professionalize. I try to project a professional ethic in the workplace of not shipping broken or harmful shit, which extends to refusing to cut corners on testing, automation, and maintainability.
I think it's important that I exercise professional integrity because I personally have the luxury of being able to afford being fired. If I lose my job because I refuse to do something, nothing bad will happen to me:
- I am a citizen in my country of residence (can't lose green card / etc.)
- I have a deep financial safety net
- I live in an area with high demand for my skills (if I spent more than a month looking for a job I would be shocked).
Not everyone is in this position. I respect that, so I'd like to use my privilege to make it more of a professional norm.
I think not shipping shit extends to everything from the obviously immoral to code that will hurt the customer (or their customers) because it is insecure or unmaintainable.
Here's the question, though. By professionalization, does that mean that only members who have a CS degree can get a job? Does that mean that we have to carry insurance? What does that mean for access to compilers -- is it illegal for anyone but a certified professional to put up a website? How big does it have to be before it has to have certified developers?
All good questions. What I have in mind in the short term is much more in line with the ACM doc linked below by nullc.
The idea of a professional degree has crossed my mind. There's enough of a gap in knowledge and ability required to transition from writing static web content to writing high quality (maintainable, operationally sound, scaleable) enterprise backend code that it starts to look like a paralegal/lawyer, LPN vs. RN, etc. distinction. The difference is that the public has little interest in regulating engineers, but it does have an interest in regulating lawyers and nurses.
I'm personally deeply suspicious of degrees. I'm returning to school to get a professional masters in CSCI, but the program explicitly requires work experience as a pre-requisite for entry (which seems like a no-brainer to me). It also has a high price, which is not something I would foist on the community.
I don't think "programming" should ever be tied to professional institutions as such (much less academic computer science). It has strong roots in free, open-source, decentralized, hacker-minded culture, and I don't think we should ever give that up.
So I guess I'm of two minds about the idea of a professional engineering degree. On the one hand it would help raise expectations about professionalism and accountability in software, which seem pitifully low right now, and on the other hand, it seems like a path no one in their right mind would want to go down.
My ideal would be something like the actuarial exams. You start with exams on math, calculus, linear algebra, DEs, probability theory, numerical analysis, and so forth. Eventually it moves on to more industry specific exams. There are quite a few, different levels to pass.
It is highly rigorous, but one very key feature of all this is that you don't have a specifically proscribed academic path. There isn't a situation like law school, where aspiring professions are essentially forced to spend $120k+ on tuition to join the profession. You can major in math, I think that's most common, and graduate degrees are not unusual either, but you can major in a related field or, as far as I understand, just study math really hard on your own. You are free to decide how to prepare.
Looking at these tests, I can't possibly imagine that anyone who can pass hasn't learned very rigorous coursework.
Something like this could work for programming. We could set up a series of exams, similar to the actuarial math exams, but covering the essential CS work (another bonus: we could do this once, and it would be graded consistency and fairly, rather than being subjected to repeated "interviews" where we are randomly quizzed on data structures every time we apply for a new job). As it moves on, it might get to more industry specific things.
CS would be an advantage, sure, but a math major who has taken some CS and plugs the gaps through self-study would be perfectly free to join the profession. This is essential, in my opinion, it's very important not to allow a cartel like the law schools to take over. That would be extremely harmful.
I'm sure I haven't thought it all through, but this seems to be the most promising approach.
Oh, and lastly, it's not engineering! The licensing bodies for professional engineers are honorable organizations that have no domain over software, no more than they do over actuarial work. Software is its own thing, it isn't engineering.
It's good for programmers to be competent. But what
About those who are competent but still cut corners.
I'm all for training unless it becomes a requirement
Which you absolutely need to get a job.
No degree, but rather a programmer publicly signs off on his code, and gets both credit and blame for it.
Anyone who wants can register for a programmer ID (in practice a public key). There is no test, just an administration fee.
When you write code you sign off on it, perhaps with some accompanying text describing what parts you worked on.
No more anonymous code shipped by a company entity, instead do it like how movies are done: Every single person gets credit (including QA and administration), every tool used gets credit.
This happens to various degrees in the clinical research industry, depending upon the nature of the work (partly thanks to 21 CFR Part 11!). Several years ago I worked in data management on a maintenance team for clinical trial databases.
Company-wide, there was a rigid system in place that captured electronic signatures as change requests were documented, code was modified, and tests were completed.
Anything that was done flowed through at least those three distinct groups (data team lead, maintenance programmer, & QA). We could easily tell how a study's database had been modified in the past (including who had requested the change, who programmed the change, and who tested the change)...there was always an expectation that every i was dotted, t was crossed (or semicolon was in place) before anyone signed off on their work since it would permanently enter the record and couldn't be erased.
Sounds dangerous - mistakes happen - will I get thrown under the bus by the media if a bug in my code causes an accident that no QA process could have reasonably picked up on?
Consider an analogous situation: You made a mistake designing a building. Should you be able to shrug it off as "mistakes happen"?
This has actually happened in the real world with buildings, and when it does if you are responsible and work diligently to correct the problem people are understanding.
I'm not saying you should shrug it off - I'm saying you should't have your life ruined over a mistake in some code you wrote.
I'm yet to see a building collapse around me in my city - I see software fail all the time though - I think we are better at building tall buildings than we are building software.
Sorta. The basis for your concern underlines one of the problems. When such gaffs happen in engineering, the firm is blamed. Within the firm, individual actors are blamed.
In software, on the other hand, your major system might have responsibility for a critical system spread across a total of 1 persons, so he gets all the blame. Is that really okay for one hip-shooter to take this on in the first place?
Doctors have malpractice insurance, paid for by their employers. Also, from what I've read, the malpractice insurance companies are largely doctor-owned.
Either the key can be replicated easily without signing, or there is the probability of an overlap between different keys. Either way there is the probability for forgery.
I suspect that if we wanted to require a formal degree pursuant to licensure for software development (not to mention installation and operation of computers and software), that degree doesn't exist today. The closest thing might be electrical engineering.
We don't even know what computers or software would look like under such a scenario.
Do you disagree with the content of the standards posted, or with the professional ethos of the ACM? There's a substantive distinction to be made there.
I like the Code of Ethics. I have trouble with ACM's handling of ethical issues. With my comment I more or less wanted to point out the difference between both but should have elaborated on this.
Indeed. I should have clarified this in my comment instead of just ranting.
The ACM Code of Ethics is important.
It was one of the reasons I joined ACM.
However, (IMHO) ACM [1] has not necessarily practiced what it preaches in the past.
Given that much of the discussion in this thread is about unions and professional organizations, I wanted to clarify that ACM might not be the best organization to join if you are concerned about ethics.
[1] I'm talking about its administration and committees, not its members. There are quite a few highly ethical and motivated people in the SIGs.
If you lose your job because you are asked to do something illegal, can you sue? Do you know about that? If you can afford not having a job, maybe you can afford a lawyer. If it's possible and affordable I think doing that would help giving more power to people who can't easily afford to lose their jobs.
I used to work for a place with serious ethics issues. We'd sell customized software packages along with a hardware solution, used by cities and counties. Once I was told that, per the contract, we were supposed to hand over the hardware and software for a system the next day. The software hadn't been customized or prepared in any way. Because of a loophole in the contract, it specified only delivery, not installation. So I was ordered to rent a van, load up the hardware, drive it and the software down to the county in question, and hand it all over. They handed me a data tape with the name of the county printed on it, we loaded the van, and sent I headed down.
You can imagine how well it went. I got there, and the two heads of the project down there were waiting, and expecting not only to take delivery, but to see it all installed and working. I had to explain that wasn't my task, and they got more and more upset with me. I had to tell them to call my boss to get answers, because I was just a drone. After yelling at my boss, I was instructed to do minimal setup to verify the hardware worked. I did so, but then they insisted that I prove that the tape had the software. When I did, it unfortunately showed the wrong county name, because whoever had made the tape just took another installation tape and put the "wrong" name on it. I had to tap dance a bit there, but I finally got to leave. So, unhappy me (which meant nothing to my boss) and unhappy customers (which I got blamed for).
Another time, they told me to put a label on a blank tape and ship it to a customer, to pretend to meet a delivery milestone. I refused. I think my boss did it himself.
At the end of the day is the managerial class. They are the ones making the stuff go down, and then the code monkey gets blamed for their lack of ethics. Really? You tell us to jump, and we ask how high, and that's generally expected. And you expect us to bear the burden of ethics too. I don't think so. You want to hold anyone responsible, hold the people who gave the orders, who signed the contracts. Not the code monkey whose entire life is predicated upon carrying out orders as they are given.
The middle managers are given directions by the CEO. The CEO needs to meet profit targets, or she'll be fired by the board. The board is beholden to the shareholders. There's always someone to pass blame to.
When you go to work, you don't give up your moral agency.
The consequences for each higher level on that ladder are significantly less. Those with the least to lose, shareholders, have most of the power. Therefore those should be held to the greatest account. Those with the most power. The reason the system is structured this way is exactly that, those with most power make the rules. And pass the responsibility down the chain to the lowest peons. The recent disasters, well 6 years old disaster, like the Deep Horizon Well fire come to mind.
> Those with the least to lose, shareholders, have most of the power.
The shareholders have the most to lose, not the least.
Ontario Teachers' Pension Plan's $100 million stake in your company (for example) is worth a lot more than all of those jobs put together. That's why they have all the power.
Not sure how I should respond to this. On one hand yes that's true. But on the other hand to what extent do the Board of Directors of any of the companies that it invests in respond to the stock holder? The stock holders in that sense are divorced from the running of the company and can't be held to account, because they can't influence the company at all. Their stock managers might be to some extent be liable. Again it's about the amount of power that you have in what the company does that determines your culpability in my opinion.
I was following orders, or I would lose my employment and have to go hungry, not pay my mortgage, not feed my kids. End up in a divorce. Ruin my entire life. You are right, it's hardly an excuse. Managers often get fired for not managing the people under them properly. They are responsible for the underlings, that's why they make more money and are held to a higher standard. I did not know what was going on underneath me in my organization is not an excuse for a manager.
Perhaps. If they did fire you for refusing to follow unethical (or illegal) orders, there might be judicial remedies. As we can see with this article and the HN threads for this story, reporting the problem to the public may open up other options and may deter future unethical behavior
> not pay my mortgage, not feed my kids
That's why unions and other parts of a social safety net are for. Do you want management to continue utilizing this power they have over you? Or are you willing to join with your peers and push back? If enough people across the software industry show their power by joining in a direct action (e.g. a strike) to tell management that unethical orders are not acceptable, future managers will have to reconsider if the gains from an unethical plan outweigh the risk of triggering another strike.
Also, while your mortgage[1] may be a problem, feeding your kids after suddenly losing your job is what government welfare problems are for. Yes, it can be humiliating to use - I know from personal experience - but it should only be a temporary situation until you can find another job.
> End up in a divorce.
Really? For standing up against unethical behavior? Is a few months of penny-pinching sufficient reason for a divorce?
> Ruin my entire life.
The only way your life would be ruined is if you let it be ruined. Yes, losing your job sucks but it could be a lot worse.
By following the unethical orders, you are conditioning management to believe they can get away with more unethical orders in the future. The longer this is allowed to continue, the harder it will be to correct. We already see this effect in how widespread and normalized unethical behavior has become across the industry.
So yes, you might be forced into a bad situation if you fight back against unethical orders. It may require a significant sacrifice. Do you want to pay that cost now, or do you want to wait for the difficulty and cost to go up as management gains even more power?
[1] If you don't have the savings to cover a couple months while you look for another job, then you probably shouldn't have bought that house.
The point is - are you going to guarantee a better world for your family.
You can get paid and live comfortably till your family is magically at the back of the que because you've been "mis-tagged" in a system.
Like it or not, right now the people awake in any way to the danger are people who write code day in and day out. That means you, who knows how an if statement, or a filter of a join can screw results.
So I'm supposed to say this to my wife when I lose my job? The world will move on and I will struggle to pay the mortgage and pay for the kids school supplies all because of some rant on HN News. Jesus christ...
Pardon the thought experiment, but how far does that apply in your opinion? Suppose it's your job to execute the children of political prisoners (I know this is an extreme example) - would you still say that despite it being your hands doing the deed, culpability would lie elsewhere, as the order to do so did not originate with you? Or is there a line?
Also... who is a manager, exactly? Is it the guy who does the strangling's boss? His boss? His boss? Where does the buck stop?
There's a line, definitely this side of executing children, but probably the other side of quitting your job at Subway because the six inch sub is only 5 inches long.
Management has the ability in case of war to even diffuse that responsibility. So who fries for the execution is the person who gave the orders. In a hierarchical system, the person who gave the order and all his higher ups are responsible. That's how it works in the military. There is a chain of command, and those who are doing the commanding are the ones responsible.
Except what I remember is something about finding a scapegoat at the bottom, and all the higher ups seem to have never been involved, and you blame the goat, and everyone else goes home happy but the goat. The military thrives on goatism.
> I was following orders, or I would lose my employment and have to go hungry, not pay my mortgage, not feed my kids. End up in a divorce. Ruin my entire life. You are right, it's hardly an excuse.
Indeed. What you allege is called cowardice, and it is most definitely not an excuse.
Then again, bullies do not prey on those who stand up to them. Those who attempt to rationalise their pusillanimity attract them like flies though.
Please do yourself and everyone else a favour, stop blaming other people for your own weaknesses, and start to act in a way that can be an example and an inspiration to your kids. If nothing else, you owe it to them.
Well I have been fired for standing up. So honestly you don't know what you are talking about. I have no cowardice. I took a few people down with me, managers above me. But at the end of the day the problem is systemic, taking down a few higer ups still did not change the situation. Because the rules were wrong and the people responsible for them kept their job.
You can not do that. The the end of the day the employee is beholden to money and a job. If they blow the whistle and get big daddy government involved, other companies will not hire that person. As simple as that. You can't make anyone hire anyone. You can't give them a replacement job. All you could do for such a person who has become unemployable is guarantee them an income for essentially the rest of their lives. Are governments willing to do that?
No Sir, it isn't. I was a manager for years, then a contractor, and nowadays run my own show. Never once did I acquiesce to a request that I had the slightest concern about. Not to falsify data, not to take operational shortcuts, not to infringe the privacy of employees (my own or my client's) or third parties.
When such things are brought up, I do three things:
1. Say no.
2. Tell the other party that it is not a good idea: at worst will get them into a lot of trouble, at best they will lose any trust and respect they may have or hope to have one day.
3. Ask them what the real problem is, and try to help them find a real solution. It's surprising how often people go for the worst idea first without even considering other options.
In all fairness, I do come from a regulated profession background (two of them, actually), where if I screw up I respond with my licence, but I also learned the ropes at a company that were very strict with this sort of thing.
Code monkeys, or programmers, don't have that luxury... The model used by modern management for managing programmers is managing factory workers. They are told what to do, often by people who are completely clueless about what they are actually doing, and they are expected to perform at risk of firing. That's how it is. So I am glad you have had the opportunity to take the high ground. But many code monkeys don't have that privilege.
Many years ago I automated an accounting procedure for Banker's Trust company, a large international financial firm. I was somewhat surprised they entrusted such a complex task to a mere contract worker. Essentially it looked at exchange and interest rates in the firm's many different operating jurisdictions each month so as to figure out the least efficient allocation of expenses/liabilities...so as to maximize deductible expenses for taxation purposes...or so I was told. This seemed odd to me but I was still in my early 20s and didn't know anything about finance - though I couldn't help noticing that I was being paid a few thousand pounds a month to automate a system that seemed to be saving the bank many millions. After I was done They relocated me to a tiny basement room and kept 'forgetting' to give me any new tasks until I quit out of boredom.
Some years later it emerged that Banker's Trust had been ripping off their corporate clients wholesale. I've often wondered if I unwittingly helped them construct the tools with which to do so.
My point here is not only that managers often request unethical behavior of their tech staff, but that the tech people often have no way of assessing the probity of what they're being asked to do. At the time I was only about 21 or 22 and all I knew was how to make big spreadsheets that ran really really fast; I had no insight into the integrity or otherwise of the accounting procedure they asked me to automate and I didn't really think about it until I had a functioning prototype a month or two in and realized that my little project was shuffling very large amounts of money around. I had been out of the job for a good while before I learned enough to wonder whether the underlying process was in fact fraudulent.
"After I was done They relocated me to a tiny basement room and kept 'forgetting' to give me any new tasks until I quit out of boredom."
That sounds like a reward to me. If it weren't for the ethical cost you mention in the rest of your post, I'd take that job in a heartbeat.
If someone wants to pay me for doing nothing, I can find plenty of things that interest me to do on their time.
On the other hand, I guess "doing nothing" doesn't look too great on your resume. And if you don't learn new skills or work with new tech, that would cost you in the long run. But I could at least work on some open source projects or learn a new language or something. That way I could have something to show for my time, and have fun as well.
This was way long ago, prior to the existence of web browsers. I suppose I could have just gone to work and read a book but it was literally a hard chair in a broom cupboard and a 'desk' that was barely big enough to hold a monitor and keyboard. There's a limit to how much fun you can have with only a copy of Excel 3.0, especially when I could do the same thing in greater comfort at home.
My first paid job as a programmer turned to be taking the source code of some long forgotten app and changing all the text so it appeared to be written by my new employer. This was back when you bought a program you literally got the program source. Needless to say I balked and ended up at job #2 a few days later. Turns out my boss and every employee except myself were all ex-convicts.
Other engineering disciplines provide infrastructure for their members to include ethical considerations in their analysis of their work, e.g. the Iron Ring [1].
There's a strong argument that our discipline can profit by their example.
The Iron Ring is mostly symbolic and a tradition, but protection of public is the whole idea behind the Professional Engineer licenses in a lot of countries (I'm mostly familiar with Canada).
Unfortunately, laws seem awefully traditional and outdated, and at least some of the system has turned into a form of rent seeking. Even as a mechanical engineer, most of my work is not really considered as engineering work to the letter of the law, because the law was written in the 1960s with mostly civil works in mind. I get the feeling it's either going to take a long time or a huge catastrophy for legislators to catch up to licensing for professional software work.
Management does not nor will they ever want to pay for that. That's enough for them, the managerial class, to make sure something like this never happens. As it is they already complain about shortage of cheap factory workers, I mean software engineers, that they can exploit. So you really think they want scarcity in that supply? The end issue is not the code monkey, that's doing the work. It's the generals ordering those things to be done. They need to be reigned in.
1. Works that potentially affect public security need to be approved by licensed Proffessional Engineers.
2. Therefore, businesses and managers need to be hire Professional Engineers, or be punished by law.
3. Professional Engineers are held to an ethical code of conduct, else they lose their license.
There are some important additional steps, in that mgmt can't just hire any bum off the street to be a fall guy psuedo-P.E.. There is a mutually accepted and understood system where the very boring and static profession can be verified by mere years of experience (all jobs being similar) and a test no one seriously argues about based on what everyone agrees is very typical work for a P.E.
I can't even begin to imagine the sheer flamewar load even thinking about a "professional programmer" certification would cause.
I always liked the idea of an apprenticeship - journeyman - master system. It sidesteps the theoretical definition of what is a masters work by simply having existing masters vote to see if you make the cut, or not. Master level work in the field seems like it should be inherently different in the center of the CRUD app universe vs the center of the financial universe vs the center of the aerospace universe, for example.
In Canada, the test required to be passed to obtain the PE license does not have a single question concerning actual matters or competency. Rather, it concerns the legal framework, the deontology, the ethics and the responsibilities of the profession.
The obligation of competency is part of the Deontological Code. Or at least, so it is in Quebec. The Engineer (note that Engineer is a legally reserved title in Quebec, rather than "Professional Engineer" in most other places) is obligated to perform mandates only if he is competent do to them. It is his own resposibility to make sure he's competent.
If he is later shown to have performed work for which he was incompetent, he is liable to fines and/or to have his license revoked temporarily or permanently.
The PE licensing system here also requires a certain period (3 years) under which the EIT (or jr engineer in QC) must work under the direct supervision and direction of a licensed PE, before applying to obtain his PE license. This is similar to the apprenticeship system you propose, from what I understand.
You're entirely correct that today'd global economy is one of the many imperfections of the system I alluded to in my original post.
It's mostly easy to constrain for civil works, once again. You design a bridge in a given province, you have to be licensed in that province (state, country, what have you).
It's much harder, say, for an automotive engineer, who works in Canada, using designs from German engineers for cars sold in the US and manufactured in Mexico.
Yes, but in the case of the auto industry, there are very clear and objective standards under which the final product is held up, and there are real liability concerns if the company in question or its engineers fail to live up to those standards.
If you started being held legally liable for the code you write I bet the tune would change really quickly for a lot of people.
Do we need legislators and regulators to tell us to do our work with due care for those whose lives we affect in so doing?
There's a role for them, to be sure. But as you say, and as we see from the history of other disciplines, that role is generally after the fact. We can, and I think must, ourselves create professional societies which can develop codes of ethical conduct and put incentives in place to uphold them. To a certain extent, that comes after the fact, too. But we're at the very least rapidly approaching a sufficiency of horrible examples from which to derive salutary lessons. I'd like to see us develop a sense of professional culture, as an industry, which gives us to think long and cautiously in those cases where we might produce yet another.
Do we need legislators and regulators to tell us to do
our work with due care for those whose lives we affect
in so doing?
Easier to tell your boss "We have to do this the expensive quality way, because that's the law" than to tell them "We have to do it the expensive quality way, because I say so" - especially if he's used to be the one giving the orders.
> Do we need legislators and regulators to tell us to do our work with due care for those whose lives we affect in so doing?
We do, for our own protection. Doing so strikes the weapon from the hands of our managers - they can't push us into doing unethical work that easily because they know we're bound by law to refuse it. This is a case of Schelling-style strategy, where limiting your choice/freedom actually boosts your bargaining power.
They do, I graduated with a degree in Computer Engineering from a Canadian university and receiving your iron ring was part of the graduation ceremony for all engineering students.
When I was earning my CS degree, Ethics was a mandatory course. As it was for other engineering majors as well.
Having been in the industry a while I think the worst thing I have been asked to do was participate in a program that installed our software on the user's machine without their consent. The CEO argued they did give their consent, which was technically true... they could uncheck the "Install partner apps" checkbox before clicking next but it wasn't very obvious.
Thing is, that practice is (was? I hope) common everywhere from Yahoo, AOL, etc... so it was one of those "Everyone is doing it" things.
I pushed back pretty hard but ended up losing the battle. In hindsight I wish I had walked. Ethics aside, none of the customers who got our app this way gave us very good reviews and their lifetime value was way less than customers acquired other ways.
They ought to teach a history class as well--how IBM helped Hitler kill off Jews and Gypsies. And how the NSA and CIA illegally surveil us (and everyone in the world), and how technology doesn't give a single shit if we all live or all die. Then maybe people wouldn't go to work making Hellfire missiles or the drones that they get attached to because you are an accessory to murder when you do that.
We actually had a choice to take a class called "The History of Computing" but it was an elective and I didn't take it so I can't say if it covered these sort of historical issues.
> When I was earning my CS degree, Ethics was a mandatory course. As it was for other engineering majors as well.
Many of us didn't major in engineering, as the article states. There are no ethics classes in Math (what I studied in school).
> In hindsight I wish I had walked.
I have not yet had to make this choice, but I am specifically making sure my financial situation is in order enough that I wouldn't be tempted to go along with something blatantly illegal or unethical. I'm not completely sure if, in the moment, with the ability to pay rent on the line, if I could refuse in a situation like you mentioned. Luckily, I've never been asked to do anything too questionable.
> Many of us didn't major in engineering, as the article states. There are no ethics classes in Math (what I studied in school).
That is a good point. To expand on that, many software developers don't have formal training at all. I didn't mean to imply that my experience is typical or even common. I know CS programs at other schools that do _not_ require ethics or have it as an optional elective so it's certainly not universal even within CS.
I had an ethics course as part of my CS degree as well. The thing is, it's not there to teach you how to deal with unethical or illegal business practises. It's main goal it to teach you how to behave in an academic setting.
It different from country to country, but CS degrees are training you to be a scientist first and for most, even if most of us leave the universities and will never work as a scientist. The ethics courses are designed to teach us not to fudge our research data, how to behave towards our academic colleagues and how to properly give credit to the work of others. And the well meaning professors that teaches these courses have no experience dealing with unethical managers.
In countries where unions are strong and work, I would let them help their members in these cases instead. In Denmark, unethical behaviour observed by a computer scientist working in the private sector is best left in the hands of the engineering union.
I believe the future of this industry lies with us building it into a capital-P profession and all that it entails.
I don't buy the O'Hanian view that we should continue innovating, "without their permission." I don't think software necessarily has to come with the risk of killing people in order for it to cause significant harm. We've seen how innocuous software can cause significant harm to civil liberties and put under-represented people at risk. We've seen how software vulnerabilities put the financial industry and peoples' future at risk. At best we inconvenience a user. At worst... well we don't have to imagine that. I think it's enough that we take some responsibility for what we create into our own hands.
We're going to be bad at regulating our industry at first. It may harm startups for a while. However I think it's important for professional software developers to be licensed, projects insured, and liability enforced. How will self-taught developers fit into the system? I don't know... I'm self taught myself. However I am looking towards going back to school and seeing what I need to do to be licensed... there is a government-backed program where I live.
I just hope that when the time comes and I stick to my guns that there will be an organization behind me with the power to litigate for my job. Too many times I've been asked to put my professional opinion aside... as it's just an opinion after all... in the name of business/progress/innovation. I'd rather be beholden to the profession than to my employer (and I think many employers are smart enough to realize the benefits of this arrangement).
What are you even talking about? Regulating the "software industry" is like regulating the "literature industry". The potential for harm is entirely based on where the product is used.
If somebody runs Microsoft Windows XP on the main brake control computer on a high speed train, that is irresponsible.
If somebody runs Microsoft Windows XP in a VM to try out Bonzi Buddy one more time, that is hilarious.
If you speak a mean letter on stage as a comedy act, that is hilarious.
If you send a mean letter to a depressed person, that is irresponsible.
If you use computers to retain PII, then it is your managerial responsibility to ensure that the PII is stored responsibly. Just as you have the responsibility not to leave printouts of that PII in public dumpsters, or post them on Bristol Board in the public square.
This is a very personal topic to me, because I am being paid handsomely to write software for the financial industry at the age of 19, because I can create massive wealth for them; and if software were a regulated profession, I may never have become a software developer at all. I may have just offed myself after failing in school.
>...while hundreds of people have been killed from faulty software during air travel.
Notably, some of the points mentioned in the talk referenced in the article are already basically "solved issues". There hasn't been a software-attributed catastrophic aircraft failure in quite a while, and the most recent one we know about was the crash of a pre-production Airbus test aircraft. That aircraft's software hadn't yet passed the standard verification procedures and standards.
Every industry has its own priorities and needs, regulating the hard skill will only lower the quality of software developers.
Software has very little in common with literature, so what are you talking about?
The regulation I believe is necessary wouldn't require every programmer to be licensed and wouldn't require every commercial project to be insured and signed off by a licensed software engineer. So what would have prevented you from working in your current situation? Nothing.
It's no less personal an issue to me. My first programming job came to me when I was 17. I was paid more than either of my parents ever made to do something I liked doing (something I used to get yelled at for spending so much time doing...). I helped make gambling websites in the 90s before there was any regulation of such activities. I had no code of ethics and I probably helped enable more than a few addicts relieve themselves of their future prospects. Had there been a requirement that at least someone working on the team to be a licensed professional then at least someone had to be conscious of what we were doing.
Personally I don't trust corporate interested to decide what is ethical. As many programmers here have lamented if they didn't do it someone else would and now we're stuck with an industry whose sole purpose it to circumvent privacy protections in order to track behaviour online and sell it to the highest bidder.
Fortunately we do pretty well when writing flight control software. But it's not a good enough system when it comes to web services or trading services. Or a myriad of other things that can cause harm without risking lives.
I don't have the answers for how it should work. And as I said I suspect we'll be bad at it for a number of years. But that shouldn't be an excuse for not trying.
These are excellent points and it correctly shifts the responsibility onto those in decision-making positions.
Frankly I think we are well passed the point of no return -- there most definitely is no means to regulate the industry. Hundreds of thousands of businesses across the planet need a steady stream of code pushed out and they all need to keep costs down, there is no legal entity that can reach across the planet to provide necessary legal protection to the ethically inclined.
Repeat: there is no legal entity that can reach across international jurisdictions for this.
At best we can rally around national voluntary accreditation facilities (eg: Canadian Medical Association, American Medical Association) but it would be difficult because the best of us can simply opt out with little to no personal loss.
The world really is held together by duct tape and bailing wire with occasional sections of steel and concrete. I'm sure we are all familiar with this where we try (as hard as we might) to seal the cracks every chance we get.
I think the world is better when it's held together with duct tape and bailing wire; because the alternative is politics. Politics is inherently sick, and any chance to avoid it will ultimately save lives, even for something as silly as whether or not to regulate portfolio websites.
I think the medical associations have done a bang-up job, and perhaps the software industry could learn a bit from that.
We don't know enough about programming to professionalize it yet. In comparison to the development of civil engineering as a profession we're somewhere around the "don't put big heavy shit on top of small flexible shit and expect to stand up" stage
"He refused to do it but says, "there's always an engineer willing" to simply follow orders"
Chad and Brad. Do you think doctors and engineers could have such high standards for themselves if, they didn't restrict access to their profession somehow?
There is no desire to get rid of coding bootcamps on any side—negative costs are externalized to the consumer.
It's not so much about limiting access as simply if Chad and Brad are too bound by law to refuse doing unethical things, there will be no (legally employable) engineer willing to "simply follow orders".
I've worked with doctors that have been low on ethics. I used to be an EEG tech, and we got a cover neurologist in to diagnose some EEG recordings (the regular neuros were on leave). Despite the tech reports stating exactly when and where the abnormalities occurred in the 20-min recordings, along with annotations in the recording itself, this fucker just looked at the first minute, and if the abnormality wasn't there, just diagnosed it as 'normal', no abnormality. We had to get his batch of reporting redone by a neuro with a conscience.
However, doctors hold together very strongly. This doctor and another doctor we worked with were acknowledged by our neuros as terrible and doing their patients a misservice, but none of our doctors even contemplated reporting them in any way. Long story short, there's 'bad orders' in medicine as well.
What makes a programmer different than any other person who needs to ask the same question to himself/herself? What about unethical weapons, medicine, sales practices?
That's what the article is saying, but in last sentence. According to author we should have associations like doctors, IEEE and Association for Computer Machinery is already starting to do this.
Everybody should ask these questions but in reality most people don't and go along with their leaders. Standing up for your values is inconvenient and often comes at a high cost if you are not independently wealthy.
Exactly. The problem is that everyone is beholden to money. If you do the right thing, you lose your job. And maybe even get blacklisted so you don't work again. Stuff like this is stuff of nightmares but it happens over and over again. Enough to make people think twice or thrice about going against the status quo.
It's not difficult to do at least some research of a company before you accept a job. Take the extra month to find a job with a company that's never had any scandals that you're uncomfortable with, one whose business model isn't built on violating their customer's privacies or being otherwise ethically dubious, and one who emphasizes ethical responsibility in their code of conduct. In other words, pay the cost upfront.
It's not a sure way to ensure you never encounter these problems, but it will reduce the likelihood.
The market is either a supply market or a demand market. If you are in a job supply market, where there is more supply than demand, perhaps you can do that. If you are in a job demand market you can not do that. And sure this should be how a person exercises his morality. But I think most ethically dubious situations are not evident outright. Big companies spend a lot of money through P/R department to keep their images clean.
Nothing really. I think that providing a general ethics lesson then combining it with industry specific examples helps give people a more complete understanding of what these conflicts look like.
Pretty much the whole Military Industrial Complex is unethical and I have avoided them in my career. But here's the thing I realized: There isn't a single industry out there that isn't getting some kind of government subsidy, tax break, or major handout. So we're all ethically compromised! But I still won't work for the war machine directly. I'd rather go hungry.
Immoral yes. Unethical no. They do horrible things, but they do abide the rules placed upon them. Those rules are scant and toothless but that is a different question.
To borrow a line: Software Engineering would be a very good idea.
Every time I talk to "real" engineers about what goes on in computing, they're completely dumbfounded. Nobody has ultimate responsibility for signing off on a design? Changes get made without any independent analysis, or without any analysis at all beyond "well it seems to work"? When something fails, people routinely shrug their shoulders and move on without performing any post-mortem?
Why is the focus on the unethical work of programmers?
How about addressing the root cause: People are doing unethical thing as part of their job. Either because they either don't understand the issue or due to their financial situation.
Apparently we have all accepted that business people in general are going to be unethical to the point where there is no fighting it or expectation that it's fixable. How about we address the real issue: The unethical business practises of some company and the people who run them.
But no, let us once again leave it to the developers to fix the problems.
Ethics is unfortunately a privilege of workers who can afford it. Programmers are in demand, so they can stand up to their managers and refuse to do something they deem unethical. Most of the world doesn't have that choice however. The grocery shop clerk can't refuse to wash meat with detergent because they can't afford to lose the job. The customer support person on the phone can't refuse to blatantly lie to customers because they can't afford to lose the job. The more friends I have in "normal" jobs, the more I see that it's not an exception - very many, if not most, small businesses are run by liars and frauds, and are forcing their workers to do unethical things.
I'm with you on the tension between employment and professional ethics. The small business characterization... given the number of small businesses, "many" can be true but the implication that it's a large is off. You do make the qualification "if not most". Is your impression that it's close to 50%? Larger than in larger businesses?
In some ways I'd think large business might have an easier time with forcing workers to behave in some way unethically. Losing a single worker for refusing to do something unethical doesn't have as much impact on their business as a whole. I wouldn't go too far with this argument without doing some research, thought. Just a thought experiment.
I'm not denying the experience of your friends. I just am unsure of how far this goes towards advancing an argument that an interestingly large number of "small businesses are run by liars and frauds", which I'm admittedly not sure you're making. Which is why I'm asking :)
I don't know how the situation looks like in larger businesses. As for small businesses, I base my qualification of "very many if not most" based on the sample I have from personal experience - the companies I've worked with, and companies people I know worked in who trust me enough tell me the stories of what things look internally. Still, I'm just saying small business are - in my experience - bad; I'm not saying they're worse than big businesses :).
Maybe saying that many small business are run "by liars and frauds" is too much; I admit I get emotional over that sometimes. After all, I don't know those managers/bosses well enough to judge the state of their consciousness. But what I observe is that, nevertheless, the workers are often directly asked to do unethical things that go against the interest of customers.
A charitable way of viewing that is that the bosses are forced to cut corners to deal with the pressure[0] or to stay competitive, or that eventually some unethical conduct becomes a standard practice in the industry (I believe that for example washing meat with detergent is such a thing).
As for the impact of losing a single worker - when we're talking about regular people doing regular jobs, losing an employee often doesn't have much of an impact on the company, but it has a lot of impact on the employee itself. For people outside of very specialized fields, finding a new job is a nontrivial task. Finding a new job that pays comparably to the one you just left making a stand is doubly nontrivial. Quadruply, if you live in a smaller town. I know first-hand of a particularly successful online book seller who uses this fact to overwork and underpay his staff while forcing them to lie to customers - he knows that none of his employees can afford losing this job.
I guess what I'm trying to say is that most of the working class is pretty screwed when it comes to disobeying unethical commands - people in IT often forget that our industry is in a (temporary) golden age, and we can afford to make a stand.
--
[0] - I run a non-profit and I know how much pressure can fall on you when things get messy while various deadlines for deals or paperwork approach. I can only imagine a competitive business is even more difficult to manage.
"As for the impact of losing a single worker - when we're talking about regular people doing regular jobs, losing an employee often doesn't have much of an impact on the company, but it has a lot of impact on the employee itself."
Completely agree. I meant from the perspective of the company. For the employee depending on an income is a different matter all together.
Depends on the company. If we're talking places like grocery stores or restaurant waiters, the new employee can be brought up to full potential within a week of on-the-job training. After that, they don't meaningfully improve, so it's no surprise places like these have high turnover - they can very much afford it. On the other hand, if you have people who gain experience with your very specific in-house tools and procedures, losing an employee can indeed be a high cost for a small company. If you can maneuver yourself into a position of being needed for the hard-gained experience, you have much greater bargaining power.
Short of a totalitarian technophobic regime taking power [1], there will always be idiots with compilers willing to do any terrible thing. There's no (non-dystopian) hope of regulating things at that point, but we don't really need to.
Where regulations, or professional society codes or whatever else, could be usefully applied is where software gets loaded onto something important. You can write all the terrible code you like if it doesn't leave your office, but the moment you package it up and send it out to be installed on a thousand new aircraft (or a million internet-enabled toasters), you're at a ripe point for scrutiny. Can you attest who is responsible for what portions of the code? Have experts signed off on reasonable guarantees of security, safety, and correctness? At that stage, having your engineers be recognized members of a professional society that will hold their feet to the fire to stand by their word is useful. Not all code needs to have an engineer's stamp, but it doesn't make it into a specified set of "serious applications" without stamps.
> "But what developers really need is an organization that governs and regulates their profession like other industries have, both Martin and Sourour believe. Currently nothing like that exists although both the Association for Computer Machinery and the IEEE have made a start, with ethics documents and, in some cases, training."
I don't think the solution for this is to have an organization that regulates programmers to make sure a programmer will become ethical. No matter how much ethics you teach someone to become ethical, it is in their own volition to act upon a task that is provided.
What will you do it if a programmer suddenly decides to be unethical or agreed upon doing an unethical task related to work? Remove their license to become programmers? Ban them to use the computers? Put them in jail? Shouldn't the management be responsible for their decisions, too? Why are all the blame here being focus on the programmers? Why don't you teach "Ethics" to those who are pushing the programmers to do such a task? Yes, the programmers have the big decision to do it or not. But regulating them isn't the solution that would make their decisions ethical.
What if the younger generation wanted to code? Will you stop them from learning it because they are not allowed to learn it unless they are in school? Or they are not even allowed to ship code because they don't have a license or it is not under the standards made by the organization?
Remember programmers are people. Same with all the human beings in this world who makes moral decisions on their own. Their beliefs, attitude and principles in life are nurtured based on how they were brought up not because they took an ethics class in College.
If a programmer violated a law because of his actions, then treat them as a person who has violated the law.
> "He refused to do it but says, "there's always an engineer willing" to simply follow orders"
It's not just about that. If you are not in a first world country, then feeding your family and ensuring you have a roof over your head are more important than breaking your own ethics with developing software.
As someone who lives in a first world country, the UK. I have I found ethics to be a sliding scale.
We live in a world where gaps in the market will always be filled by someone. Frackers, Oil companys, GMO companies, Chemical companies, the list can go on and on. One side will say they are doing a public good. One other side will argue they are harming the planet and it's unethical for them to operate.
The only way to really change things, is make a movement and vote with the collective wallet. The market will dictate what is acceptable and what is not.
Per the article: I think the more programmers will adopt this attitude, companies will simply stop asking and move the project offshore. I know from experience, they have no such qualms.
>> ... feeding your family and ensuring you have a roof over your head are more important than breaking your own ethics with developing software.
That's why recognized professionals (ie lawyer/doctors etc) expect to be well-compensated. They are expected to quit, to walk away from unethical situations even where doing so means they loose out on work. This is why many professions do try to limit the number of members as flooding the market, lowering wages, will push some members to do things that damage the profession.
Well, it hardly works. If you want to find a doctor who'll give you Propofol so you can sleep, you can find one. There are enough doctors who'll also recommend you for a medical marijuana licence without actually diagnosing you with a condition that requires it. The rampant practice of advising you to get tests you don't need is also a sign that restricting supply does not mean doctors adhere to their ethical principles.
Don't think I have a vendetta here against doctors. My parents are both surgeons, so trust me when I say my general feelings about medical professionals are overwhelmingly positive. Your argument just strikes me as disingenuous.
Nobody claims that it eliminates the problem. But paying professionals does alleviate the argument that they must take unethical work to make ends meet. It also makes it easier to make demands on them to do uncompensated work (training) or maintain their own liability insurance. I spend a few dozen hours every year, unpaid, to keep my license and have walked away from couple clients. That's the minimum, but should anything go wrong (malpractice allegations) I am also expected to have done things like attend conferences and write articles. I wouldn't be able to do any of that on minimum or simply low wages.
The idea that markets are a force of nature indifferent or unbeholden to government policy, regulation and subsidies (Often told from the point of view from the benefiting side), is a fiction.
I was once asked by a boss to write code that I felt was unethical. I don't remember exactly what it was now. I do remember that I managed to convince them not to do it by finding a (probably) better way that didn't challenge my ethics. Had I not managed to convince them to do it ethically, I don't know what they'd have done. But I'd already told them that I wouldn't do anything unethical when they hired me, and I told them that their solution to that problem was unethical.
It wasn't even anything important. It was only "a little unethical" and wouldn't have really affected many people negatively. But the line for me isn't how unethical it is, just that it's unethical at all. I simply don't need that in my life, no matter the price.
I wish more people would draw the line where I do, but I do understand the conflict and why they might choose otherwise.
This is why we have the concept of a "professional engineer." This is why we require building designs and other engineering documents to be signed by a PE.
It's not just that you know enough of your field for your signature to matter. It's that by signing, you are putting your reputation and even your freedom at risk.
As it is right now, if you write code that does something illegal or unethical, the blame WILL go to you. There may or may not be an email record of you being told to do this, but there will be no question of YOUR intent, and you can be sure that your bosses will do whatever it takes to get all the liability put on you, because with source code, there can be no question of intent.
(Well, in older times you could obfuscate intent in the source code, but that option went away with K&R C)
So it might as well be time to standardize the software engineering form of the professional engineer exam and licensing procedure, and start requiring that software PEs review code.
The article has completely missed several points. Computer Programmer, or coder, or whatever we want to call it, is not at this point a recognized "profession" with special protections/duties that come along with such a designation. Comparisons to engineers/doctors/lawyers is therefore nor appropriate.
Professions are fields that grant members special abilities and protections beyond lay persons. They are officially trusted by society to do things that normal people are not allowed to do. Doctors cut people open. Engineers put their stamp on bridges carrying people. Lawyers hold client secrets. Nurses handle dangerous drugs. These professions are officially recognized in law. They have societies that too are recognized in law (State Medical/Bars etc). With this then comes the ban on anyone outside the profession performing such tasks.
What would a world look like should "computer programmer" become a recognized profession as the article suggests? Will non-professionals be forbidden from writing code? Will we have state boards deciding how and by whom computer programing may be taught as they do law schools? Would hardware with open firmware be sold only to licensed professionals as we do with medicines? That's an absurd world.
Programming isn't a profession because it simply could not exist as a profession. Professional associations and ethical standards certainly have a place in educating, but they should not be given the power to actually regulate behavior.
I agree with a lot of this. Without some kind of official sanctioning, programmers lack a mandate to push back on management, which makes it much harder. On the other hand, programmer is such a diverse topic that any kind of sanctioning is bound to be inappropriate for the vast majority of programmers. Kind of like making an electrical engineer know about civil engineering to get sanctioned as an "engineer" (I know this happens, but it doesn't make it very right; there even many different kinds of EE and so on...). Heck, when I was at Microsoft, we were subjected to yearly generic ethic training that was very difficult for us researchers to relate to.
I would prefer some kind of universal professional ethics and responsibilities that wouldn't be related to your specific profession. Heck, being ethical applies to mathematicians, economists, journalists, musicians, programmers, engineers, and so on.
I've passed the Fundamentals of Engineering exam for EE. There was a civil engineering portion, and I passed it despite never having done any schoolwork in civ-e. It's not hard.
Sure, but I'm not sure why that applies to the many other Es (ChemE, MaterialE, MechE, ...), or why it would just focus on what is done with respect to civ-E (given the other Es, just because it was second oldest?), or do they include other Es as well?
The CivE questions are not much of a departure from Mech-E at all.
That still leaves chemical engineers and material engineers, and that is partly because Civ-E is older, and the need for licensing in Civ-E was established first, by the Quebec bridge disaster.
But ultimately the whole thing is an exercise in social engineering, to make you care about your honor as much as about money (the money for being a PE is not that big a bonus), and making you look at Civ-E for a day in this fashion, well, it works.
You may notice that Software Engineering indeed does have a Principles and Practice of Engineering (PE) exam, although most jobs do not require it.[1] So SW Engineers can indeed be certified. Although I am not aware of any place with licencing requirements. Likewise for electrical engineers / mechanical / civil / etc you can often work for decades without one as long as the company has one PE to sign off on your work.
I think that Software Engineers should be held to the same standards as other kinds of engineers (and yes, I am aware I am implying Software Engineers are Engineers). The industry just hasn't caught up yet.
Yes, but the blocking factor is the precursor to the PE exam, namely the Fundamentals of Engineering exam. Even the generic FE exam contains topics that most CS majors are not likely to have encountered. See http://ncees.org/wp-content/uploads/2015/07/FE-Other-CBT-spe... for a summary.
The other major blocker is that the Professional Engineer licensure process requires "four years of progressive engineering experience under a PE" (see https://www.nspe.org/resources/licensure/what-pe). There being few, if any, software PEs, there is something of a chicken-and-egg problem.
> The other major blocker is that the Professional Engineer licensure process requires "four years of progressive engineering experience under a PE" (see https://www.nspe.org/resources/licensure/what-pe). There being few, if any, software PEs, there is something of a chicken-and-egg problem.
Agreed, this is a big issue.
Also, it requires that the school have a specific accreditation that is unusual for Computer Science. My school has it but it didn't have it until 3 years after I graduated because it was so new. Although I had to take all the same courses as the eventually accredited version. (my year was the first year to do so but it takes a few years to get the accreditation)
So I'm not sure if I'm even eligible to take it because of that.
Not just accreditation (many schools have that), it needs a specific type that is for engineering.
Either way, as someone pointed out. It is a process. It won't happen overnight.
Building up the infrastructure to support a new profession takes generations. Lawyers have been doing it for centuries, doctors slightly less. It will take a very long time to iron out the details of licensing and cross-state recognition of qualifications. It's not a thing just for industry but for the entire society to adopt.
Responding to my own post because I wound this interest...
Based on that page I linked, the SW Engineering PE has the lowest passing rate and an average passing rate of repeat test takers of any of the exams. I presume because most schools and careers do not prepare people properly for this exam.
Hospital administration software tell nurses what drugs to deliver at what dosages.
In each of these fields, as practiced today, professional and ethical conduct on the part of software engineers is a necessary precondition for the successful outcomes downstream.
>> In each of these fields, as practiced today, professional and ethical conduct on the part of software engineers is a necessary precondition for the successful outcomes downstream.
But in none of those fields do the engineers building the tools have any real knowledge of the ethical obligations, nor are they held responsible should their innovations be misused. Their services are not relied upon directly by the patients/clients but by other professionals. The Doctor is responsible to the patient because he is the one telling the patient to trust the robot. The engineer is only responsible to the Doctor as the Doctor is the one buying the product.
A coder's ethical duties end once his invention is fit for purpose. He does not control how his invention is used. A coder cannot know how his work will be used by others, nor is he expected to supervise how his innovations are used once sold. Many innovations will eventually be released into public domain (copyright). A doctor or lawyer's professional obligations do not end, continuing even after death. Doctors/lawyers/teachers/carpenters also retain absolute control over how their services are used and can withdraw at any time. They are not creating products for sale.
(A doc can invent and sell a product, as a lawyer can write a book, but such products are something different than providing professional services to a client.)
> What would a world look like should "computer programmer" become a recognized profession as the article suggests? Will non-professionals be forbidden from writing code?
No.
> Will we have state boards deciding how and by whom computer programing may be taught as they do law schools?
No.
> Would hardware with open firmware be sold only to licensed professionals as we do with medicines?
No.
> That's an absurd world.
Yes, because you've tried to make it sound absurd. The reality is that in medicine, engineering, and law, restrictions are based on knowledge, skill, and ability, which is reasonable and would also be reasonable to apply to software.
I can buy some medicine at the store, like Advil. I need a prescription for others, like Oxycontin. And some medicines can only be administered by professionals, like chemotherapy.
Likewise, anyone can teach in medical school or law school. They just need to demonstrate that they are qualified to do so. And there is plenty of medical training that does not have to meet that standard, like CPR, basic first aid, even EMT.
How would similar approaches for software be absurd? Some software is more critical than others, just like some engineering, medicine, and law is more critical than others.
Here's an example of something that is actually absurd: the physical systems of a car are engineered by professional engineers, to comply with known safety standards and regulations. Meanwhile the code controlling those physical systems can be written by someone with no training, and is held to no standards whatsoever.
The main point of this article is absolutely completely wrong. The product owner is responsible for every product feature specification that happens in their product, not the engineer. The engineer is just a tool you use to construct the product. He follows the spec to the letter. He's no more guilty than a hammer would be. It's not up to the hammer/engineer to know what or what shouldn't be implemented, they're not the ones making the judgement call. They're job is to execute the roadmap/product specification as it's written. They can provide feedback, make suggestions and inform the owner of any risks both moral and technical, but ultimately it's not their decision and not their responsibility.
Now, if the engineer were the product owner, then of course, he is responsible.
I think this author doesn't fully understand how software is developed and doesn't understand or differentiate between the roles of product managers/product owners and software engineers.
There are, of course, systems that can be used in both good and evil ways. But when your boss says 'just write code that detects when the car is being tested, and when it's being driven normally', you know it's sketchy, and you should refuse.
I know this is easy to say and hard to do. But it's still something we should talk about, and that programmers should think about, before we get asked to do something, not after.
There are limits of course. An engineer shouldn't program a printer to explode and kill anybody. But, the volkswagon disaster is still firmly within the realm of product owner responsibility.
You cannot be a profession if you have a hiring manager, a boss who can fire you or no central professional body that can take away your right to program.
Software engineering is not not not a profession. It is a form of literacy. People write down lies and untruths and abominations, using the great gift of literacy.
And society assumes that as everyone else it literate those who write down lies do not automatically have an advantage
We do, but creating a software literacy profession is not the right solution
Edit: let me adjust this.
Professionalism is meant to be about minimum standards of performance expected from any member of the profession (it is a way of saying we the profession ensure you get at least the baseline service no matter who you hire)
The ethics of professionalism are usually well enforced in areas of individual criminal mesbehaviour (i.e. Accountants who dip into their clients accounts get barred)
However the issues discussed here are more areas of regulation than criminality. Yes making software that drives a tesla into a truck is bad, but that was not an actual requirement - it was a failure in the whole industry to decide what is the right thing to do. Different regulators in different industries and countries will let different standards (i.e. With LIdar / without) - and unethical companies can play arbitrage.
Arguing that a spec for a online game fails to meet regulations might work, but individually saying younundersrand the regulations better than the various hierarchies above you is unlikely to work.
So I have lost my trainnof thought but
- TPP is actually supposed to be where regulatory arbitrage is defeated. We need something like it back
- All professions face ethical issues at all levels (I would argue that most issues in software (privacy, self driving cars, armoured robots) are issues we as societies have not decided upon yet so individuals are just applying their own judgement (this is the don't work for a tobacco company question)
- and other professions stuff this up as well - banking did it spectacularly so.
So, yes we should raise the minimum standards but questions of ethics are something for the profession as a whole to decide, (I will not code a self driving car that does not have LIdar out to 100 yards behind, and my professional body will support me, is an ethical stance yes, but really it's a post hoc regulation)
This is just typical case of responsibility erosion in hierarchical structures. Upper management devices a scheme, their underlings execute the scheme. One claim "we didn't really do that", other claim "we were just following orders and we don't know whole picture". Nothing new.
I find secret forum censorship including up/down vote rigging, post visibility weighting targeting a specific group, and secret shadow banning to be some of the most egregious ethics offenses programmers can commit. It's below bribe-taking on the ethics ladder, because at least one person directly benefits from a bribe.
I believe the administrators and moderators of HN are more ethical than those of other popular social media sites, but of course I don't know how much I don't know about the inner workings of these organizations, so I'm just leaving you with something to think about.
I've had my own.. disagreements with the people here running the place. One of those very disagreements was what I thought was active targeting was in fact me triggering a spam filter or something.
The underlying problem is HN should be more transparent in how people get on "shit lists"- hellbanning, no submit, and other statuses.
I tended to like the Kur5hin style model, where every mod is linked to the user, and everyone can see it. Albeit, K5 is dead...
Shipping broken software is a business model in many companies. Features are easy to sell, non-functional requirements are harder to sell.
I am against shipping broken software. If you bought a car that is malfunctioning and you are expected to take it to the mechanic to get it working, would that not be unethical?
Depends on how you define broken and what the company's priorities are. I know I lean towards "fix bugs first, then new features", but bugs/features need to be prioritized just like which bugs to fix first, and which features to implement first. And you have to ship something sometime.
"Ethics" codes are in practice a mechanism for a formal institutional body to exercise power over a profession. Case in point:
"But what developers really need is an organization that governs and regulates their profession like other industries have"
What this inevitably turns into is a collection of content-free truisms (eg "programmers shouldn't write programs that break the law") combined with credentialism ("we won't let you join the Society of Programmers without a degree in computer science, and it's 'unethical' to hire a non-SOP programmer to work on your project") and politically motivated de-credentialing ("we have determined your work on the Trump advertising program targeting white voters was implicitly racist; you're disbarred").
If you think the last part is silly, here's an article citing architects claiming it would be "unethical" to work on the border wall.
"If you think the last part is silly, here's an article citing architects claiming it would be "unethical" to work on the border wall."
That reminds me of the American Psychological Association's (APA) position on torture:
"Any direct or indirect participation in any act of torture or other forms of cruel, inhuman, or degrading treatment or punishment by psychologists is strictly prohibited. There are no exceptions."[1]
This might seem unfortunate to some, or may smell to them of unwarranted political meddling. But I for one am glad these professions are taking these strong and clear ethical stances, and doing so on what I consider to be the "right" side (ie. anti-torture and anti-xenophobia).
I'm also not sure how one could separate ethics from politics. Some people even believe that every action is political.
You evidently think your livelihood should in principle be contingent on the desires of whomever controls the governing apparatus. If tomorrow you need a certification of racial purity, or a Temple recommend, in order to practice your profession, that's just how it shakes out. If everyone agreed on ethical codes, after all, we wouldn't need them.
Why are people like you so desperate to hand someone else the whip hand? Do you actually think Your Kind Of Guy is going to be in power in perpetuity? Does it actually seem to you like these guys are reasoning from some set of elucidated & unchanging moral principles?
Ironically the nightmarish story of how ineffective the APA's "ethics code" was should permanently disabuse you of the notion that they're useful for anything other than economic protectionism and occasionally crushing the outgroup du jour.
Anybody knows what you can do if your boss asks something illegal of you like stealing money from other people, or if he basically asks to steal money from yourself? Would be interested in US and German law, if someone knows.
Code and architecture could be anonymously peer-reviewed like in science, but then of course everyone is paranoid of having his secret sauce in the open. Open sauce, that would be a great idea.
Programmers are not lawyers, and this isn't Edward Snowden. There is a logical train of legality and one can debate the ethics of a task most likely with the owner, or legal counsel. The other option is to get release of liability which is not uncommon in realms where developers are asked to do things that are shady. If they don't have the fortitude to stand up and say something .. then just walk away.
Journalistically, what are the ethics of scraping HN comments for your story? Was each commenter contacted to follow up in any way? Obviously you can't check out these stories very well.
I work in e-commerce, have for 10+ years now. Without a doubt I'm going to Hell, even though, literally, every day, I refuse to do what everything customer's ask of me. Eventually, because of pressure from management or the customer, you will do something you're ashamed of or worse. When you have two small children to feed and your jobs on the line or you need the money it's hard to hold the line. Now that I'm older and the stakes are lower I can give the fuck-off more frequently, and I feel better about myself on the whole, but early on I wasn't so resolute.
Here are the things I've been asked to do and refused, so they just went to someone else to get it done.
- Disable the back button coming from a Google search (Don't want them going to a competitor's site).
- Change the default selection for being included in spam list from no to yes.
- Export email lists ignoring the "include me in spam lists" selection.
- If someone has purchased before, save their credit card information, and if they add something to their cart ever again, charge them immediately, and them make refunds difficult.
- Make the RMA / refund page throw an error the first time, to try and discourage returns. It'd work the 2nd time.
- Add a "pay with cash discount" wish is really a credit card surcharge because the request to pay in cash is never approved.
- Doctor the math for discounts so unless a customer double-checks they won't notice the ~25 cent discrepancy.
- Take donations for a cause with fine print (literally, like 3pt type) that says only a small percentage gets donated.
- Intentional violation of credit card rules, such as storing the customer's credit card without their knowledge, sending credit cards numbers through email unencrypted, refusing to honor recurring payment cancellations, and so on.
- Ship by a slower shipping method than what the customer is charged for.
This list could go on for literally hundreds of entries. The point is that, yes, as the programmer, we are the last line of defense. The stories here with people working in the health care industry just break my heart - so much more at stake then people's money.
One piece of advice I can offer. When you refuse, and they go hire someone somewhere else to do the dirty work, you can always report them anonymously afterward. The satisfaction of seeing them having their credit card processing or merchant account yanked can give you some solace.
But in the end, I don't know if it's a winnable war. I want to say this very carefully, because I in no way wish to disparage programmers from other countries, but what I've seen, over and over, is that if I won't do it, there is always someone in another country, for cheap, who will. I'm sure they've got two kids too, and they need the money. There will always be someone ready to do the wrong thing, for whatever reason.
We've banned this account. HN is not a place for political and ideological battle, and several of this account's comments went way beyond even that. Not cool.
Muslims and Mexican immigrants (admit it, that's who all the "illegal immigrants" rhetoric is aimed at) aren't a threat to the USA. If anything, they'll make the USA greater than its ever been, just like the millions of other immigrants have come before them have.
Aside from the Native Americans, who the settlers genocided, virtually every "great" American has been either an immigrant or the descendant of immigrants. Everything you see around you in the USA was built by immigrants or their offspring. Whether they had some paperwork when they achieved what they did is beside the point.
Jewish immigrants, Irish immigrants, Italian immigrants, Polish immigrants, Chinese immigrants, or Japanese immigrants were all widely vilified and discriminated against in the past (and some still are) and seen as threats to the country. Mexican immigrants and Muslims are just the latest target in this long and ugly history of xenophobia.
Some people somehow can't see past sensational headlines and tired anti-immigrant rhetoric recycled from the mouths of the Ku Klux Klan and Neo-Nazis through the right-wing media, whose nudge-nudge, wink-wink racism and bigotry can not conceal their hatred from anyone with a modicum of knowledge of the history of this country, or the others where their ilk have shown their face.
It's really a sad and shameful day when such KKK rhetoric is not only given a hearing in the mainstream media, but is starting to become the mainstream, to the extent of electing a President who might as well be wearing a white hood and burning a cross.
Automobile accidents in the US kill 32,000 people a year. Cancer kills about 500,000 per year. Heart disease kills over 700,000 per year.
Yet people fixate on a once in 200 year tragedy that killed 3,000 people. That many people die like clockwork just from automobile accidents every single month.
If you are concerned with saving American lives (never mind all the other lives around the world that are just as worth saving), why would you not try to prevent something that's very preventable and happens every single month, every single year, on a far larger scale, and that doesn't involve hating anyone?
You know, at first you were talking about defending the US. Now, you want to do what? Save lives in the rest of the world?
Well, ISIS is still going to have to get far in the back of the line in terms of world-wide deaths and displacements, both from war, disease, poverty, and malnutrition.
But you know what ISIS has that the rest don't have? The media as its PR team. Just like every other word out of the media's mouth during the election was "Trump", so every other word out of its mouth is "ISIS". It's no wonder some now think that ISIS must be the most important problem in the world. But it's far from even being in the running.
I know of someone who did that with one workplace. Massive taxpayer fraud going on, millions taken from public funding and redirected to business bank accounts. Evidence provided included where and when to look, amounts stolen, that kind of thing.
What they didn't know at the time was the person who was signing the checks was an ex-employee who had moved up the rung into regulatory, and was responsible for receiving the letter. No investigation, in fact they got a big increase in the level of funding. The fraud still goes on.
Nobody there knows who sent the letter, because if they did the author would have received a visit from some associates and probably be in a care facility somewhere, or possibly even dead.
"dozens of people have already been killed by faulty software in cars, while hundreds of people have been killed from faulty software during air travel"
If facebook really did cause T. to get elected, fb programmers may be responsible for orders of magnitude more suffering and/or death than the above.
In addition to downvoting me, please let me know why.
Is it:
a) You do not agree that fb (and its fake news epidemic) contributed to Trump's victory
b) You do not agree that Trump will increase suffering and/or death
c) You do not feel the above points are worth considering or relevant to the topic at hand
d) Something else?
What I am saying, is that software with political implications, can have far greater effects than software which directly controls physical objects. Not sure how this is illogical, but open to hearing views.
It would be nice if downvoters explained their view, in addition to downvoting.
I think it's important that I exercise professional integrity because I personally have the luxury of being able to afford being fired. If I lose my job because I refuse to do something, nothing bad will happen to me:
- I am a citizen in my country of residence (can't lose green card / etc.)
- I have a deep financial safety net
- I live in an area with high demand for my skills (if I spent more than a month looking for a job I would be shocked).
Not everyone is in this position. I respect that, so I'd like to use my privilege to make it more of a professional norm.
I think not shipping shit extends to everything from the obviously immoral to code that will hurt the customer (or their customers) because it is insecure or unmaintainable.