
Programmers confess unethical, illegal tasks asked of them - zeapo
http://uk.businessinsider.com/programmers-confess-unethical-illegal-tasks-asked-of-them-2016-11?r=US&IR=T
======
jknoepfler
After seeing the amount of shoddy, insecure, dangerous code that gets shipped
into production at a supposedly high-quality code shop, I've become
increasingly of a mind that software engineers need to professionalize. I try
to project a professional ethic in the workplace of not shipping broken or
harmful shit, which extends to refusing to cut corners on testing, automation,
and maintainability.

I think it's important that I exercise professional integrity because I
personally have the luxury of being able to afford being fired. If I lose my
job because I refuse to do something, nothing bad will happen to me:

\- I am a citizen in my country of residence (can't lose green card / etc.)

\- I have a deep financial safety net

\- I live in an area with high demand for my skills (if I spent more than a
month looking for a job I would be shocked).

Not everyone is in this position. I respect that, so I'd like to use my
privilege to make it more of a professional norm.

I think not shipping shit extends to everything from the obviously immoral to
code that will hurt the customer (or their customers) because it is insecure
or unmaintainable.

~~~
ebiester
Here's the question, though. By professionalization, does that mean that only
members who have a CS degree can get a job? Does that mean that we have to
carry insurance? What does that mean for access to compilers -- is it illegal
for anyone but a certified professional to put up a website? How big does it
have to be before it has to have certified developers?

~~~
ars
Here's how I would do it:

No degree, but rather a programmer publicly signs off on his code, and gets
both credit and blame for it.

Anyone who wants can register for a programmer ID (in practice a public key).
There is no test, just an administration fee.

When you write code you sign off on it, perhaps with some accompanying text
describing what parts you worked on.

No more anonymous code shipped by a company entity, instead do it like how
movies are done: Every single person gets credit (including QA and
administration), every tool used gets credit.

~~~
notmything
Sounds dangerous - mistakes happen - will I get thrown under the bus by the
media if a bug in my code causes an accident that no QA process could have
reasonably picked up on?

~~~
ars
Yes, that will happen.

Consider an analogous situation: You made a mistake designing a building.
Should you be able to shrug it off as "mistakes happen"?

This has actually happened in the real world with buildings, and when it does
if you are responsible and work diligently to correct the problem people are
understanding.

Do the same here.

~~~
notmything
I'm not saying you should shrug it off - I'm saying you should't have your
life ruined over a mistake in some code you wrote.

I'm yet to see a building collapse around me in my city - I see software fail
all the time though - I think we are better at building tall buildings than we
are building software.

~~~
ars
Or, it might be the exact opposite: For a building the engineer and builders
are required to take personal responsibility.

Not so for software.

Perhaps if you change that software might change.

~~~
notmything
Nothing would ever get built if individual devs were held liable by the
public.

The liability sits with your employer.

~~~
MyNameIsFred
Sorta. The basis for your concern underlines one of the problems. When such
gaffs happen in engineering, the firm is blamed. Within the firm, individual
actors are blamed. In software, on the other hand, your major system might
have responsibility for a critical system spread across a total of 1 persons,
so he gets all the blame. Is that really okay for one hip-shooter to take this
on in the first place?

------
g051051
I used to work for a place with serious ethics issues. We'd sell customized
software packages along with a hardware solution, used by cities and counties.
Once I was told that, per the contract, we were supposed to hand over the
hardware and software for a system the next day. The software hadn't been
customized or prepared in any way. Because of a loophole in the contract, it
specified only delivery, not installation. So I was ordered to rent a van,
load up the hardware, drive it and the software down to the county in
question, and hand it all over. They handed me a data tape with the name of
the county printed on it, we loaded the van, and sent I headed down.

You can imagine how well it went. I got there, and the two heads of the
project down there were waiting, and expecting not only to take delivery, but
to see it all installed and working. I had to explain that wasn't my task, and
they got more and more upset with me. I had to tell them to call my boss to
get answers, because I was just a drone. After yelling at my boss, I was
instructed to do minimal setup to verify the hardware worked. I did so, but
then they insisted that I prove that the tape had the software. When I did, it
unfortunately showed the wrong county name, because whoever had made the tape
just took another installation tape and put the "wrong" name on it. I had to
tap dance a bit there, but I finally got to leave. So, unhappy me (which meant
nothing to my boss) and unhappy customers (which I got blamed for).

Another time, they told me to put a label on a blank tape and ship it to a
customer, to pretend to meet a delivery milestone. I refused. I think my boss
did it himself.

~~~
devoply
At the end of the day is the managerial class. They are the ones making the
stuff go down, and then the code monkey gets blamed for their lack of ethics.
Really? You tell us to jump, and we ask how high, and that's generally
expected. And you expect us to bear the burden of ethics too. I don't think
so. You want to hold anyone responsible, hold the people who gave the orders,
who signed the contracts. Not the code monkey whose entire life is predicated
upon carrying out orders as they are given.

~~~
jeffbush
The middle managers are given directions by the CEO. The CEO needs to meet
profit targets, or she'll be fired by the board. The board is beholden to the
shareholders. There's always someone to pass blame to.

When you go to work, you don't give up your moral agency.

~~~
devoply
The consequences for each higher level on that ladder are significantly less.
Those with the least to lose, shareholders, have most of the power. Therefore
those should be held to the greatest account. Those with the most power. The
reason the system is structured this way is exactly that, those with most
power make the rules. And pass the responsibility down the chain to the lowest
peons. The recent disasters, well 6 years old disaster, like the Deep Horizon
Well fire come to mind.

~~~
aianus
> Those with the least to lose, shareholders, have most of the power.

The shareholders have the most to lose, not the least.

Ontario Teachers' Pension Plan's $100 million stake in your company (for
example) is worth a lot more than all of those jobs put together. That's why
they have all the power.

~~~
devoply
Not sure how I should respond to this. On one hand yes that's true. But on the
other hand to what extent do the Board of Directors of any of the companies
that it invests in respond to the stock holder? The stock holders in that
sense are divorced from the running of the company and can't be held to
account, because they can't influence the company at all. Their stock managers
might be to some extent be liable. Again it's about the amount of power that
you have in what the company does that determines your culpability in my
opinion.

------
anigbrowl
Many years ago I automated an accounting procedure for Banker's Trust company,
a large international financial firm. I was somewhat surprised they entrusted
such a complex task to a mere contract worker. Essentially it looked at
exchange and interest rates in the firm's many different operating
jurisdictions each month so as to figure out the _least_ efficient allocation
of expenses/liabilities...so as to maximize deductible expenses for taxation
purposes...or so I was told. This seemed odd to me but I was still in my early
20s and didn't know anything about finance - though I couldn't help noticing
that I was being paid a few thousand pounds a month to automate a system that
seemed to be saving the bank many millions. After I was done They relocated me
to a tiny basement room and kept 'forgetting' to give me any new tasks until I
quit out of boredom.

Some years later it emerged that Banker's Trust had been ripping off their
corporate clients wholesale. I've often wondered if I unwittingly helped them
construct the tools with which to do so.

[https://en.wikipedia.org/wiki/Bankers_Trust](https://en.wikipedia.org/wiki/Bankers_Trust)

My point here is not only that managers often request unethical behavior of
their tech staff, but that the tech people often have no way of assessing the
probity of what they're being asked to do. At the time I was only about 21 or
22 and all I knew was how to make big spreadsheets that ran really really
fast; I had no insight into the integrity or otherwise of the accounting
procedure they asked me to automate and I didn't really think about it until I
had a functioning prototype a month or two in and realized that my little
project was shuffling very large amounts of money around. I had been out of
the job for a good while before I learned enough to wonder whether the
underlying process was in fact fraudulent.

~~~
pmoriarty
_" After I was done They relocated me to a tiny basement room and kept
'forgetting' to give me any new tasks until I quit out of boredom."_

That sounds like a reward to me. If it weren't for the ethical cost you
mention in the rest of your post, I'd take that job in a heartbeat.

If someone wants to pay me for doing nothing, I can find plenty of things that
interest me to do on their time.

On the other hand, I guess "doing nothing" doesn't look too great on your
resume. And if you don't learn new skills or work with new tech, that would
cost you in the long run. But I could at least work on some open source
projects or learn a new language or something. That way I could have something
to show for my time, and have fun as well.

~~~
anigbrowl
This was way long ago, prior to the existence of web browsers. I suppose I
could have just gone to work and read a book but it was literally a hard chair
in a broom cupboard and a 'desk' that was barely big enough to hold a monitor
and keyboard. There's a limit to how much fun you can have with only a copy of
Excel 3.0, especially when I could do the same thing in greater comfort at
home.

~~~
andrewflnr
Would they actually have fired you for not showing up at all?

~~~
anigbrowl
Don't know but if it ever happens again I'll give hat a try XD

------
throwanem
Other engineering disciplines provide infrastructure for their members to
include ethical considerations in their analysis of their work, e.g. the Iron
Ring [1].

There's a strong argument that our discipline can profit by their example.

[1]
[https://en.m.wikipedia.org/wiki/Iron_Ring](https://en.m.wikipedia.org/wiki/Iron_Ring)

~~~
auxym
The Iron Ring is mostly symbolic and a tradition, but protection of public is
the whole idea behind the Professional Engineer licenses in a lot of countries
(I'm mostly familiar with Canada).

Unfortunately, laws seem awefully traditional and outdated, and at least some
of the system has turned into a form of rent seeking. Even as a mechanical
engineer, most of my work is not really considered as engineering work to the
letter of the law, because the law was written in the 1960s with mostly civil
works in mind. I get the feeling it's either going to take a long time or a
huge catastrophy for legislators to catch up to licensing for professional
software work.

[https://en.wikipedia.org/wiki/Regulation_and_licensure_in_en...](https://en.wikipedia.org/wiki/Regulation_and_licensure_in_engineering)

~~~
throwanem
Do we need legislators and regulators to tell us to do our work with due care
for those whose lives we affect in so doing?

There's a role for them, to be sure. But as you say, and as we see from the
history of other disciplines, that role is generally after the fact. We can,
and I think must, ourselves create professional societies which can develop
codes of ethical conduct and put incentives in place to uphold them. To a
certain extent, that comes after the fact, too. But we're at the very least
rapidly approaching a sufficiency of horrible examples from which to derive
salutary lessons. I'd like to see us develop a sense of professional culture,
as an industry, which gives us to think long and cautiously in those cases
where we might produce yet another.

~~~
michaelt

      Do we need legislators and regulators to tell us to do
      our work with due care for those whose lives we affect
      in so doing?
    

Easier to tell your boss "We have to do this the expensive quality way,
because that's the law" than to tell them "We have to do it the expensive
quality way, because I say so" \- especially if he's used to be the one giving
the orders.

------
throwaway2016a
When I was earning my CS degree, Ethics was a mandatory course. As it was for
other engineering majors as well.

Having been in the industry a while I think the worst thing I have been asked
to do was participate in a program that installed our software on the user's
machine without their consent. The CEO argued they did give their consent,
which was technically true... they could uncheck the "Install partner apps"
checkbox before clicking next but it wasn't very obvious.

Thing is, that practice is (was? I hope) common everywhere from Yahoo, AOL,
etc... so it was one of those "Everyone is doing it" things.

I pushed back pretty hard but ended up losing the battle. In hindsight I wish
I had walked. Ethics aside, none of the customers who got our app this way
gave us very good reviews and their lifetime value was way less than customers
acquired other ways.

~~~
hash-set
They ought to teach a history class as well--how IBM helped Hitler kill off
Jews and Gypsies. And how the NSA and CIA illegally surveil us (and everyone
in the world), and how technology doesn't give a single shit if we all live or
all die. Then maybe people wouldn't go to work making Hellfire missiles or the
drones that they get attached to because you are an accessory to murder when
you do that.

~~~
throwaway2016a
We actually had a choice to take a class called "The History of Computing" but
it was an elective and I didn't take it so I can't say if it covered these
sort of historical issues.

------
agentultra
I believe the future of this industry lies with us building it into a
capital-P profession and all that it entails.

I don't buy the O'Hanian view that we should continue innovating, "without
their permission." I don't think software necessarily has to come with the
risk of killing people in order for it to cause significant harm. We've seen
how innocuous software can cause significant harm to civil liberties and put
under-represented people at risk. We've seen how software vulnerabilities put
the financial industry and peoples' future at risk. At best we inconvenience a
user. At worst... well we don't have to imagine that. I think it's enough that
we take some responsibility for what we create into our own hands.

We're going to be bad at regulating our industry at first. It may harm
startups for a while. However I think it's important for professional software
developers to be licensed, projects insured, and liability enforced. How will
self-taught developers fit into the system? I don't know... I'm self taught
myself. However I am looking towards going back to school and seeing what I
need to do to be licensed... there is a government-backed program where I
live.

I just hope that when the time comes and I stick to my guns that there will be
an organization behind me with the power to litigate for my job. Too many
times I've been asked to put my professional opinion aside... as it's just an
opinion after all... in the name of business/progress/innovation. I'd rather
be beholden to the profession than to my employer (and I think many employers
are smart enough to realize the benefits of this arrangement).

~~~
microcolonel
What are you even talking about? Regulating the "software industry" is like
regulating the "literature industry". The potential for harm is entirely based
on where the product is used.

If somebody runs Microsoft Windows XP on the main brake control computer on a
high speed train, that is irresponsible.

If somebody runs Microsoft Windows XP in a VM to try out Bonzi Buddy one more
time, that is hilarious.

If you speak a mean letter on stage as a comedy act, that is hilarious.

If you send a mean letter to a depressed person, that is irresponsible.

If you use computers to retain PII, then it is your managerial responsibility
to ensure that the PII is stored responsibly. Just as you have the
responsibility not to leave printouts of that PII in public dumpsters, or post
them on Bristol Board in the public square.

This is a very personal topic to me, because I am being paid handsomely to
write software for the financial industry at the age of 19, because I can
create massive wealth for them; and if software were a regulated profession, I
may never have become a software developer at all. I may have just offed
myself after failing in school.

>...while hundreds of people have been killed from faulty software during air
travel. Notably, some of the points mentioned in the talk referenced in the
article are already basically "solved issues". There hasn't been a software-
attributed catastrophic aircraft failure in quite a while, and the most recent
one we know about was the crash of a pre-production Airbus test aircraft. That
aircraft's software hadn't yet passed the standard verification procedures and
standards.

Every industry has its own priorities and needs, regulating the hard skill
will only lower the quality of software developers.

~~~
ihsw
These are excellent points and it correctly shifts the responsibility onto
those in decision-making positions.

Frankly I think we are well passed the point of no return -- there most
definitely is no means to regulate the industry. Hundreds of thousands of
businesses across the planet need a steady stream of code pushed out and they
all need to keep costs down, there is no legal entity that can reach across
the planet to provide necessary legal protection to the ethically inclined.

Repeat: there is no legal entity that can reach across international
jurisdictions for this.

At best we can rally around national voluntary accreditation facilities (eg:
Canadian Medical Association, American Medical Association) but it would be
difficult because the best of us can simply opt out with little to no personal
loss.

The world really is held together by duct tape and bailing wire with
occasional sections of steel and concrete. I'm sure we are all familiar with
this where we try (as hard as we might) to seal the cracks every chance we
get.

~~~
microcolonel
I think the world is better when it's held together with duct tape and bailing
wire; because the alternative is politics. Politics is inherently sick, and
any chance to avoid it will ultimately save lives, even for something as silly
as whether or not to regulate portfolio websites.

I think the medical associations have done a bang-up job, and perhaps the
software industry could learn a bit from that.

------
platz
"He refused to do it but says, "there's always an engineer willing" to simply
follow orders"

Chad and Brad. Do you think doctors and engineers could have such high
standards for themselves if, they didn't restrict access to their profession
somehow?

There is no desire to get rid of coding bootcamps on any side—negative costs
are externalized to the consumer.

~~~
TeMPOraL
It's not so much about limiting access as simply if Chad and Brad are too
bound by law to refuse doing unethical things, there will be no (legally
employable) engineer willing to "simply follow orders".

~~~
platz
> bound by law

yes, this amounts to more or less, the same thing-at least interpreting in
terms of adding constraints.

------
volkanh
What makes a programmer different than any other person who needs to ask the
same question to himself/herself? What about unethical weapons, medicine,
sales practices?

~~~
hash-set
Pretty much the whole Military Industrial Complex is unethical and I have
avoided them in my career. But here's the thing I realized: There isn't a
single industry out there that isn't getting some kind of government subsidy,
tax break, or major handout. So we're all ethically compromised! But I still
won't work for the war machine directly. I'd rather go hungry.

~~~
platz
Stepping in to alter what the 'free market' desires is not de-facto unethical.

------
cperciva
To borrow a line: Software Engineering would be a very good idea.

Every time I talk to "real" engineers about what goes on in computing, they're
completely dumbfounded. Nobody has ultimate responsibility for signing off on
a design? Changes get made without any independent analysis, or without any
analysis at all beyond "well it seems to work"? When something fails, people
routinely shrug their shoulders and move on without performing any post-
mortem?

------
mrweasel
Why is the focus on the unethical work of programmers?

How about addressing the root cause: People are doing unethical thing as part
of their job. Either because they either don't understand the issue or due to
their financial situation.

Apparently we have all accepted that business people in general are going to
be unethical to the point where there is no fighting it or expectation that
it's fixable. How about we address the real issue: The unethical business
practises of some company and the people who run them.

But no, let us once again leave it to the developers to fix the problems.

~~~
TeMPOraL
Ethics is unfortunately a privilege of workers who can afford it. Programmers
are in demand, so they can stand up to their managers and refuse to do
something they deem unethical. Most of the world doesn't have that choice
however. The grocery shop clerk can't refuse to wash meat with detergent
because they can't afford to lose the job. The customer support person on the
phone can't refuse to blatantly lie to customers because they can't afford to
lose the job. The more friends I have in "normal" jobs, the more I see that
it's not an exception - very many, if not most, small businesses are run by
liars and frauds, and are forcing their workers to do unethical things.

~~~
grzm
I'm with you on the tension between employment and professional ethics. The
small business characterization... given the number of small businesses,
"many" can be true but the implication that it's a large is off. You do make
the qualification "if not most". Is your impression that it's close to 50%?
Larger than in larger businesses?

In some ways I'd think large business might have an easier time with forcing
workers to behave in some way unethically. Losing a single worker for refusing
to do something unethical doesn't have as much impact on their business as a
whole. I wouldn't go too far with this argument without doing some research,
thought. Just a thought experiment.

I'm not denying the experience of your friends. I just am unsure of how far
this goes towards advancing an argument that an interestingly large number of
"small businesses are run by liars and frauds", which I'm admittedly not sure
you're making. Which is why I'm asking :)

~~~
TeMPOraL
I don't know how the situation looks like in larger businesses. As for small
businesses, I base my qualification of "very many if not most" based on the
sample I have from personal experience - the companies I've worked with, and
companies people I know worked in who trust me enough tell me the stories of
what things look internally. Still, I'm just saying small business are - in my
experience - bad; I'm not saying they're _worse_ than big businesses :).

Maybe saying that many small business are run "by liars and frauds" is too
much; I admit I get emotional over that sometimes. After all, I don't know
those managers/bosses well enough to judge the state of their consciousness.
But what I observe is that, nevertheless, the workers are often directly asked
to do unethical things that go against the interest of customers.

A charitable way of viewing that is that the bosses are forced to cut corners
to deal with the pressure[0] or to stay competitive, or that eventually some
unethical conduct becomes a standard practice in the industry (I believe that
for example washing meat with detergent is such a thing).

As for the impact of losing a single worker - when we're talking about regular
people doing regular jobs, losing an employee often doesn't have much of an
impact on the company, but it has a lot of impact on the employee itself. For
people outside of very specialized fields, finding a new job is a nontrivial
task. Finding a new job that pays comparably to the one you just left making a
stand is doubly nontrivial. Quadruply, if you live in a smaller town. I know
first-hand of a particularly successful online book seller who uses this fact
to overwork and underpay his staff while forcing them to lie to customers - he
knows that none of his employees can afford losing this job.

I guess what I'm trying to say is that most of the working class is pretty
screwed when it comes to disobeying unethical commands - people in IT often
forget that our industry is in a (temporary) golden age, and we can _afford_
to make a stand.

\--

[0] - I run a non-profit and I know how much pressure can fall on you when
things get messy while various deadlines for deals or paperwork approach. I
can only imagine a competitive business is even more difficult to manage.

~~~
grzm
Thanks for the thoughtful response.

 _" As for the impact of losing a single worker - when we're talking about
regular people doing regular jobs, losing an employee often doesn't have much
of an impact on the company, but it has a lot of impact on the employee
itself."_

Completely agree. I meant from the perspective of the company. For the
employee depending on an income is a different matter all together.

~~~
TeMPOraL
Depends on the company. If we're talking places like grocery stores or
restaurant waiters, the new employee can be brought up to full potential
within a week of on-the-job training. After that, they don't meaningfully
improve, so it's no surprise places like these have high turnover - they can
very much afford it. On the other hand, if you have people who gain experience
with your very specific in-house tools and procedures, losing an employee can
indeed be a high cost for a small company. If you can maneuver yourself into a
position of being needed for the hard-gained experience, you have much greater
bargaining power.

------
maxander
Short of a totalitarian technophobic regime taking power [1], there will
always be idiots with compilers willing to do any terrible thing. There's no
(non-dystopian) hope of regulating things at that point, but we don't really
need to.

Where regulations, or professional society codes or whatever else, could be
usefully applied is where software gets loaded onto something important. You
can write all the terrible code you like if it doesn't leave your office, but
the moment you package it up and send it out to be installed on a thousand new
aircraft (or a million internet-enabled toasters), you're at a ripe point for
scrutiny. Can you attest who is responsible for what portions of the code?
Have experts signed off on reasonable guarantees of security, safety, and
correctness? At that stage, having your engineers be recognized members of a
professional society that will hold their feet to the fire to stand by their
word is useful. Not all code needs to have an engineer's stamp, but it doesn't
make it into a specified set of "serious applications" without stamps.

[1] Albeit not implausible, either.

------
Michie
> "But what developers really need is an organization that governs and
> regulates their profession like other industries have, both Martin and
> Sourour believe. Currently nothing like that exists although both the
> Association for Computer Machinery and the IEEE have made a start, with
> ethics documents and, in some cases, training."

I don't think the solution for this is to have an organization that regulates
programmers to make sure a programmer will become ethical. No matter how much
ethics you teach someone to become ethical, it is in their own volition to act
upon a task that is provided.

What will you do it if a programmer suddenly decides to be unethical or agreed
upon doing an unethical task related to work? Remove their license to become
programmers? Ban them to use the computers? Put them in jail? Shouldn't the
management be responsible for their decisions, too? Why are all the blame here
being focus on the programmers? Why don't you teach "Ethics" to those who are
pushing the programmers to do such a task? Yes, the programmers have the big
decision to do it or not. But regulating them isn't the solution that would
make their decisions ethical.

What if the younger generation wanted to code? Will you stop them from
learning it because they are not allowed to learn it unless they are in
school? Or they are not even allowed to ship code because they don't have a
license or it is not under the standards made by the organization?

Remember programmers are people. Same with all the human beings in this world
who makes moral decisions on their own. Their beliefs, attitude and principles
in life are nurtured based on how they were brought up not because they took
an ethics class in College.

If a programmer violated a law because of his actions, then treat them as a
person who has violated the law.

------
markharris99
> "He refused to do it but says, "there's always an engineer willing" to
> simply follow orders"

It's not just about that. If you are not in a first world country, then
feeding your family and ensuring you have a roof over your head are more
important than breaking your own ethics with developing software.

As someone who lives in a first world country, the UK. I have I found ethics
to be a sliding scale.

We live in a world where gaps in the market will always be filled by someone.
Frackers, Oil companys, GMO companies, Chemical companies, the list can go on
and on. One side will say they are doing a public good. One other side will
argue they are harming the planet and it's unethical for them to operate.

The only way to really change things, is make a movement and vote with the
collective wallet. The market will dictate what is acceptable and what is not.

Per the article: I think the more programmers will adopt this attitude,
companies will simply stop asking and move the project offshore. I know from
experience, they have no such qualms.

~~~
sandworm101
>> ... feeding your family and ensuring you have a roof over your head are
more important than breaking your own ethics with developing software.

That's why recognized professionals (ie lawyer/doctors etc) expect to be well-
compensated. They are expected to quit, to walk away from unethical situations
even where doing so means they loose out on work. This is why many professions
do try to limit the number of members as flooding the market, lowering wages,
will push some members to do things that damage the profession.

~~~
arjie
Well, it hardly works. If you want to find a doctor who'll give you Propofol
so you can sleep, you can find one. There are enough doctors who'll also
recommend you for a medical marijuana licence without actually diagnosing you
with a condition that requires it. The rampant practice of advising you to get
tests you don't need is also a sign that restricting supply does not mean
doctors adhere to their ethical principles.

Don't think I have a vendetta here against doctors. My parents are both
surgeons, so trust me when I say my general feelings about medical
professionals are overwhelmingly positive. Your argument just strikes me as
disingenuous.

~~~
sandworm101
Nobody claims that it eliminates the problem. But paying professionals does
alleviate the argument that they must take unethical work to make ends meet.
It also makes it easier to make demands on them to do uncompensated work
(training) or maintain their own liability insurance. I spend a few dozen
hours every year, unpaid, to keep my license and have walked away from couple
clients. That's the minimum, but should anything go wrong (malpractice
allegations) I am also expected to have done things like attend conferences
and write articles. I wouldn't be able to do any of that on minimum or simply
low wages.

------
wccrawford
I was once asked by a boss to write code that I felt was unethical. I don't
remember exactly what it was now. I do remember that I managed to convince
them not to do it by finding a (probably) better way that didn't challenge my
ethics. Had I not managed to convince them to do it ethically, I don't know
what they'd have done. But I'd already told them that I wouldn't do anything
unethical when they hired me, and I told them that their solution to that
problem was unethical.

It wasn't even anything important. It was only "a little unethical" and
wouldn't have really affected many people negatively. But the line for me
isn't _how_ unethical it is, just that it's unethical at all. I simply don't
need that in my life, no matter the price.

I wish more people would draw the line where I do, but I do understand the
conflict and why they might choose otherwise.

------
ocschwar
This is why we have the concept of a "professional engineer." This is why we
require building designs and other engineering documents to be signed by a PE.

It's not just that you know enough of your field for your signature to matter.
It's that by signing, you are putting your reputation and even your freedom at
risk.

As it is right now, if you write code that does something illegal or
unethical, the blame WILL go to you. There may or may not be an email record
of you being told to do this, but there will be no question of YOUR intent,
and you can be sure that your bosses will do whatever it takes to get all the
liability put on you, because with source code, there can be no question of
intent.

(Well, in older times you could obfuscate intent in the source code, but that
option went away with K&R C)

So it might as well be time to standardize the software engineering form of
the professional engineer exam and licensing procedure, and start requiring
that software PEs review code.

------
sandworm101
The article has completely missed several points. Computer Programmer, or
coder, or whatever we want to call it, is not at this point a recognized
"profession" with special protections/duties that come along with such a
designation. Comparisons to engineers/doctors/lawyers is therefore nor
appropriate.

Professions are fields that grant members special abilities and protections
beyond lay persons. They are officially trusted by society to do things that
normal people are not allowed to do. Doctors cut people open. Engineers put
their stamp on bridges carrying people. Lawyers hold client secrets. Nurses
handle dangerous drugs. These professions are officially recognized in law.
They have societies that too are recognized in law (State Medical/Bars etc).
With this then comes the ban on anyone outside the profession performing such
tasks.

What would a world look like should "computer programmer" become a recognized
profession as the article suggests? Will non-professionals be forbidden from
writing code? Will we have state boards deciding how and by whom computer
programing may be taught as they do law schools? Would hardware with open
firmware be sold only to licensed professionals as we do with medicines?
That's an absurd world.

Programming isn't a profession because it simply could not exist as a
profession. Professional associations and ethical standards certainly have a
place in educating, but they should not be given the power to actually
regulate behavior.

~~~
throwaway2016a
You may notice that Software Engineering indeed does have a Principles and
Practice of Engineering (PE) exam, although most jobs do not require it.[1] So
SW Engineers can indeed be certified. Although I am not aware of any place
with licencing requirements. Likewise for electrical engineers / mechanical /
civil / etc you can often work for decades without one as long as the company
has one PE to sign off on your work.

I think that Software Engineers should be held to the same standards as other
kinds of engineers (and yes, I am aware I am implying Software Engineers are
Engineers). The industry just hasn't caught up yet.

[1] [http://ncees.org/engineering/pe/](http://ncees.org/engineering/pe/)

~~~
RandomOpinion
Yes, but the blocking factor is the precursor to the PE exam, namely the
Fundamentals of Engineering exam. Even the generic FE exam contains topics
that most CS majors are not likely to have encountered. See
[http://ncees.org/wp-content/uploads/2015/07/FE-Other-CBT-
spe...](http://ncees.org/wp-content/uploads/2015/07/FE-Other-CBT-specs-1.pdf)
for a summary.

The other major blocker is that the Professional Engineer licensure process
requires "four years of progressive engineering experience under a PE" (see
[https://www.nspe.org/resources/licensure/what-
pe](https://www.nspe.org/resources/licensure/what-pe)). There being few, if
any, software PEs, there is something of a chicken-and-egg problem.

~~~
throwaway2016a
> The other major blocker is that the Professional Engineer licensure process
> requires "four years of progressive engineering experience under a PE" (see
> [https://www.nspe.org/resources/licensure/what-
> pe](https://www.nspe.org/resources/licensure/what-pe)). There being few, if
> any, software PEs, there is something of a chicken-and-egg problem.

Agreed, this is a big issue.

Also, it requires that the school have a specific accreditation that is
unusual for Computer Science. My school has it but it didn't have it until 3
years after I graduated because it was so new. Although I had to take all the
same courses as the eventually accredited version. (my year was the first year
to do so but it takes a few years to get the accreditation)

So I'm not sure if I'm even eligible to take it because of that.

Not just accreditation (many schools have that), it needs a specific type that
is for engineering.

Either way, as someone pointed out. It is a process. It won't happen
overnight.

------
pascalxus
The main point of this article is absolutely completely wrong. The product
owner is responsible for every product feature specification that happens in
their product, not the engineer. The engineer is just a tool you use to
construct the product. He follows the spec to the letter. He's no more guilty
than a hammer would be. It's not up to the hammer/engineer to know what or
what shouldn't be implemented, they're not the ones making the judgement call.
They're job is to execute the roadmap/product specification as it's written.
They can provide feedback, make suggestions and inform the owner of any risks
both moral and technical, but ultimately it's not their decision and not their
responsibility.

Now, if the engineer were the product owner, then of course, he is
responsible.

I think this author doesn't fully understand how software is developed and
doesn't understand or differentiate between the roles of product
managers/product owners and software engineers.

~~~
gyardley
Nonsense. 'Just following orders' does not remove your moral culpability.

~~~
pascalxus
There are limits of course. An engineer shouldn't program a printer to explode
and kill anybody. But, the volkswagon disaster is still firmly within the
realm of product owner responsibility.

------
lifeisstillgood
You cannot be a profession if you have a hiring manager, a boss who can fire
you or no central professional body that can take away your right to program.

Software engineering is not not not a profession. It is a form of literacy.
People write down lies and untruths and abominations, using the great gift of
literacy.

And society assumes that as everyone else it literate those who write down
lies do not automatically have an advantage

We do, but creating a software literacy profession is not the right solution

Edit: let me adjust this. Professionalism is meant to be about minimum
standards of performance expected from any member of the profession (it is a
way of saying we the profession ensure you get at least the baseline service
no matter who you hire)

The ethics of professionalism are usually well enforced in areas of individual
criminal mesbehaviour (i.e. Accountants who dip into their clients accounts
get barred)

However the issues discussed here are more areas of regulation than
criminality. Yes making software that drives a tesla into a truck is bad, but
that was not an actual requirement - it was a failure in the whole industry to
decide what is the right thing to do. Different regulators in different
industries and countries will let different standards (i.e. With LIdar /
without) - and unethical companies can play arbitrage.

Arguing that a spec for a online game fails to meet regulations _might_ work,
but individually saying younundersrand the regulations better than the various
hierarchies above you is unlikely to work.

So I have lost my trainnof thought but

\- TPP is actually supposed to be where regulatory arbitrage is defeated. We
need something like it back

\- All professions face ethical issues at all levels (I would argue that most
issues in software (privacy, self driving cars, armoured robots) are issues we
as societies have not decided upon yet so individuals are just applying their
own judgement (this is the don't work for a tobacco company question)

\- and other professions stuff this up as well - banking did it spectacularly
so.

So, yes we should raise the minimum standards but questions of ethics are
something for the profession as a whole to decide, (I will not code a self
driving car that does not have LIdar out to 100 yards behind, and my
professional body will support me, is an ethical stance yes, but really it's a
post hoc regulation)

------
exo762
This is just typical case of responsibility erosion in hierarchical
structures. Upper management devices a scheme, their underlings execute the
scheme. One claim "we didn't really do that", other claim "we were just
following orders and we don't know whole picture". Nothing new.

------
Anthony-G
For those who read the comments first, this article essentially consists of a
synopsis of a previous HN submission:
[https://news.ycombinator.com/item?id=12965589](https://news.ycombinator.com/item?id=12965589)

------
jjawssd
I find secret forum censorship including up/down vote rigging, post visibility
weighting targeting a specific group, and secret shadow banning to be some of
the most egregious ethics offenses programmers can commit. It's below bribe-
taking on the ethics ladder, because at least one person directly benefits
from a bribe.

~~~
kefka
Are you trying to say something about Hacker News?

~~~
jjawssd
I believe the administrators and moderators of HN are more ethical than those
of other popular social media sites, but of course I don't know how much I
don't know about the inner workings of these organizations, so I'm just
leaving you with something to think about.

~~~
kefka
Oh, indeed.

I've had my own.. disagreements with the people here running the place. One of
those very disagreements was what I thought was active targeting was in fact
me triggering a spam filter or something.

The underlying problem is HN should be more transparent in how people get on
"shit lists"\- hellbanning, no submit, and other statuses.

I tended to like the Kur5hin style model, where every mod is linked to the
user, and everyone can see it. Albeit, K5 is dead...

------
partycoder
Shipping broken software is a business model in many companies. Features are
easy to sell, non-functional requirements are harder to sell.

I am against shipping broken software. If you bought a car that is
malfunctioning and you are expected to take it to the mechanic to get it
working, would that not be unethical?

~~~
grzm
Depends on how you define broken and what the company's priorities are. I know
I lean towards "fix bugs first, then new features", but bugs/features need to
be prioritized just like which bugs to fix first, and which features to
implement first. And you have to ship something sometime.

------
h4nkoslo
"Ethics" codes are in practice a mechanism for a formal institutional body to
exercise power over a profession. Case in point:

"But what developers really need is an organization that governs and regulates
their profession like other industries have"

What this inevitably turns into is a collection of content-free truisms (eg
"programmers shouldn't write programs that break the law") combined with
credentialism ("we won't let you join the Society of Programmers without a
degree in computer science, and it's 'unethical' to hire a non-SOP programmer
to work on your project") and politically motivated de-credentialing ("we have
determined your work on the Trump advertising program targeting white voters
was implicitly racist; you're disbarred").

If you think the last part is silly, here's an article citing architects
claiming it would be "unethical" to work on the border wall.

[http://www.businessinsider.com/trump-wall-impossible-
build-a...](http://www.businessinsider.com/trump-wall-impossible-build-
architects-2016-11)

~~~
pmoriarty
_" If you think the last part is silly, here's an article citing architects
claiming it would be "unethical" to work on the border wall."_

That reminds me of the American Psychological Association's (APA) position on
torture:

 _" Any direct or indirect participation in any act of torture or other forms
of cruel, inhuman, or degrading treatment or punishment by psychologists is
strictly prohibited. There are no exceptions."_[1]

This might seem unfortunate to some, or may smell to them of unwarranted
political meddling. But I for one am glad these professions are taking these
strong and clear ethical stances, and doing so on what I consider to be the
"right" side (ie. anti-torture and anti-xenophobia).

I'm also not sure how one could separate ethics from politics. Some people
even believe that every action is political.

[1] -
[http://www.apa.org/ethics/programs/position/](http://www.apa.org/ethics/programs/position/)

~~~
h4nkoslo
You evidently think your livelihood should in principle be contingent on the
desires of whomever controls the governing apparatus. If tomorrow you need a
certification of racial purity, or a Temple recommend, in order to practice
your profession, that's just how it shakes out. If everyone agreed on ethical
codes, after all, we wouldn't need them.

Why are people like you so desperate to hand someone else the whip hand? Do
you actually think Your Kind Of Guy is going to be in power in perpetuity?
Does it actually seem to you like these guys are reasoning from some set of
elucidated & unchanging moral principles?

Ironically the nightmarish story of how ineffective the APA's "ethics code"
was should permanently disabuse you of the notion that they're useful for
anything other than economic protectionism and occasionally crushing the
outgroup du jour.

------
erikb
Anybody knows what you can do if your boss asks something illegal of you like
stealing money from other people, or if he basically asks to steal money from
yourself? Would be interested in US and German law, if someone knows.

------
lambdasquirrel
Once I worked with a company that didn't use cross-validation, and gave
accuracy numbers based on its training data.

I guess that's more on what's now called data science though, rather than
programming.

------
Pica_soO
Code and architecture could be anonymously peer-reviewed like in science, but
then of course everyone is paranoid of having his secret sauce in the open.
Open sauce, that would be a great idea.

------
eklavya
Reading the comments posted on the AWS vs GCE thread, I would say trolling the
competitor? It's so obvious they are not even trying to hide it.

------
ClearAsMud
Programmers are not lawyers, and this isn't Edward Snowden. There is a logical
train of legality and one can debate the ethics of a task most likely with the
owner, or legal counsel. The other option is to get release of liability which
is not uncommon in realms where developers are asked to do things that are
shady. If they don't have the fortitude to stand up and say something .. then
just walk away.

------
projektfu
Journalistically, what are the ethics of scraping HN comments for your story?
Was each commenter contacted to follow up in any way? Obviously you can't
check out these stories very well.

~~~
ikeboy
If they don't do it then buzzfeed will, and then they'd get the scoop.

------
naevius
I work in e-commerce, have for 10+ years now. Without a doubt I'm going to
Hell, even though, literally, every day, I refuse to do what everything
customer's ask of me. Eventually, because of pressure from management or the
customer, you will do something you're ashamed of or worse. When you have two
small children to feed and your jobs on the line or you need the money it's
hard to hold the line. Now that I'm older and the stakes are lower I can give
the fuck-off more frequently, and I feel better about myself on the whole, but
early on I wasn't so resolute.

Here are the things I've been asked to do and refused, so they just went to
someone else to get it done.

\- Disable the back button coming from a Google search (Don't want them going
to a competitor's site).

\- Change the default selection for being included in spam list from no to
yes.

\- Export email lists ignoring the "include me in spam lists" selection.

\- If someone has purchased before, save their credit card information, and if
they add something to their cart ever again, charge them immediately, and them
make refunds difficult.

\- Make the RMA / refund page throw an error the first time, to try and
discourage returns. It'd work the 2nd time.

\- Add a "pay with cash discount" wish is really a credit card surcharge
because the request to pay in cash is never approved.

\- Doctor the math for discounts so unless a customer double-checks they won't
notice the ~25 cent discrepancy.

\- Take donations for a cause with fine print (literally, like 3pt type) that
says only a small percentage gets donated.

\- Intentional violation of credit card rules, such as storing the customer's
credit card without their knowledge, sending credit cards numbers through
email unencrypted, refusing to honor recurring payment cancellations, and so
on.

\- Ship by a slower shipping method than what the customer is charged for.

This list could go on for literally hundreds of entries. The point is that,
yes, as the programmer, we are the last line of defense. The stories here with
people working in the health care industry just break my heart - so much more
at stake then people's money.

One piece of advice I can offer. When you refuse, and they go hire someone
somewhere else to do the dirty work, you can always report them anonymously
afterward. The satisfaction of seeing them having their credit card processing
or merchant account yanked can give you some solace.

But in the end, I don't know if it's a winnable war. I want to say this very
carefully, because I in no way wish to disparage programmers from other
countries, but what I've seen, over and over, is that if I won't do it, there
is always someone in another country, for cheap, who will. I'm sure they've
got two kids too, and they need the money. There will always be someone ready
to do the wrong thing, for whatever reason.

------
mooneater
"dozens of people have already been killed by faulty software in cars, while
hundreds of people have been killed from faulty software during air travel"

If facebook really did cause T. to get elected, fb programmers may be
responsible for orders of magnitude more suffering and/or death than the
above.

~~~
erikb
Please don't misunderstand the lack of support as lack of anti-Trump support.
The comment just reads quite illogic and not very constructive.

~~~
mooneater
But truth is inherently constructive.

What I am saying, is that software with political implications, can have far
greater effects than software which directly controls physical objects. Not
sure how this is illogical, but open to hearing views.

It would be nice if downvoters explained their view, in addition to
downvoting.

