This is tough to read. I've railed and yelled in meeting about ethics and have ultimately discovered that in nearly every case the money talks louder. I remember this company I worked with that had a sign up with a "add me to the newsletter" check box. When leading a ux review it was decided to switch it off by default. One day a friend of mine buzzed me to say she was annoyed at receiving mail even though she specifically made sure that that box was unchecked when signing up. I assumed it was a dev error and checked with the dev team and was told to go check with the CTO. When I did, the CTO said that it was exactly how he wanted it. I wasnt even manager level but I lost it and yelled at the CTO. I was simply told "we need our email signups and dont dare tell me how to do my job". I tried to look for support elsewhere in the company and all I discovered were at best some hushed mutterings in corners. Even laughs of me being on some kind of moral high horse. It hurt to know that the same people I know who did these things are now working on startups that scoop up massive amounts of people's location data. The same people who wrote tiny scripts to collate customer data to give to the sales teams who would give it to clients as part of a sales package even though the terms specifically said we don't share personal info. It bothers me that I don't even know how to fight it since all it takes is the next dev to come along and say yes to end months of protests against something unethical. I don't want regulation and lobbyists pushing their tech onto me as a solution. If anyone has advice, I think this is a great thread to share thoughts.
This is one of the reasons some industries create professional associations or trade unions. It is hard to argue against pressure from your boss, so when ethics issues start to become common, you need a reasonably reliable way to apply opposing pressure.
A professional association with a code of ethics offers a standard excuse that you swore an oath against e.g. knowingly creating software that is designed to be fraudulent.
Alternatively, a minimal trade union that was chartered to only address ethics problems can create an incentive (under threat of collective action by the union) to not even ask for anything unethical. I know that it's popular to have a low opinion of unions, but it's important to remember that they are just a tool. If all you need is pressure against unethical requests, that should only need a tiny, mostly hands-off union.
> all it takes is the next dev to come along and say yes
Sure, but that's at least it wouldn't be your ethical problem anymore. Even if a more willing replacement is found, that takes at least some time and resources, and it sends a clear message that some behavior isn't appropriate. If you don't send that message, you're just conditioning the responsible people to do more ask for more unethical things it the future.
> I don't want regulation and lobbyists pushing their tech onto me as a solution.
If regulation could work well as a solution to a specific type of problem, it might be a good idea to get there first. Get to the politicians before the lobbyists carrying cash, a clear and brief explanation of the problem, and your proposed regulation.
However, this may not be a useful approach in some situations. I think some sort of collective organization is usually a better approach, but it's worth at least considering the regulatory approach.
I've been thinking about this recently. Less on the trade union (even if that might make more sense, in the vein of actual leverage), and more on the professional association side. I've been long-enamoured with the Canadian Engineering 'Iron Ring' ceremony. I don't know how much actual leverage that bestows, but something similar in such an infrastructural discipline as software development seems appropriate.
I'm currently an undergrad studying software engineering at a Canadian university, and I'm going to go through the whole Iron Ring ceremony when I graduate. The program here does seem to focus more on ethics, albeit in a somewhat generalized 'engineering' be-careful-when-you-build-a-bridge way, but I've still had some good takeaways that apply to building software.
The Iron Ring ceremony was one I didn't realize existed until our graduating class of nuclear engineers were told "Oh, by the way, you're all going." This was in The South in the USA.
I love it. I have yet to take the ring off. It's a great way to initiate conversations about ethics and a great way to tangibly emphasize my personal pursuit in being ethical.
The ceremony is symbolic, the Iron Ring committee has no real power. There are professional engineering associations with actual power, unrelated to the ring, but software engineers are not usually part of them.
I'm a software dev. with a background in a different engineering discipline and there isn't much reason for me to join an engineering professional association in Canada. Unlike, say, civil, where you have to be licensed to perform some of the duties, nothing in a software engineer position actually requires a license.
Just wanted to chime in and say that I am in a position similar to yours, and agree with everything you have said, but would add that I believe the iron ring is a very good 'nudge' towards ethical decision-making.
Canadian engineering unions are basically a mafia. Their sole purpose is basically ensuring that their members pay dividends and preventing them to do any job if they dont.
Wouldn't the union only be composed of the same colleagues who were resigned to 'hushed mutterings in corners' and laughed at the grandparent poster for 'being on some kind of moral high horse'?
A better approach might be to have a consumer advocacy organization/site that allows devs to anonymously leak and publicly shame the bad practices of their employers. Somewhat like the proliferate Business Software Alliance ads that used to say, "If your employer is using pirated software, report them in confidence at ~place. If we catch them, you'll get a reward".
> Wouldn't the union only be composed of the same colleagues who were resigned to 'hushed mutterings in corners' and laughed at the grandparent poster for 'being on some kind of moral high horse'?
The answer is "yes". There is no reason to assume that a union representing employees would be any more motivated by customers' interests than the employers themselves would be. (And there are plenty of actions by real-life unions in other industries suggesting otherwise.)
Many European countries have IT trade unions and you are only legally allowed to have an Engineer title when the university is certified by the Engineering Association, which is also another door to knock to disclose such behaviors.
So they add email addresses to a newsletter mailing address even when the user specifically opted out of the newsletter?
If that's true, then they're almost certainly violating federal law. Instead of ranting about ethics, you should calmly explain to the CTO that what they are doing might be in violation of federal laws and regulations. Possibly laws related to spam. But if this practice contradicts the company's privacy policy (or if the privacy policy is vague enough and the user's intention and expectation of an opt-out is clear enough), then the company you worked for is almost certainly in violation of its contractual obligations to its users. The FTC is starting to take this sort of thing more seriously -- see https://www.ftc.gov/news-events/media-resources/protecting-c... for examples of enforcement actions.
If I ever find myself in a situation where I'm tasked with making the commit on a "feature" like this, I would explain that I can provide technical assistance (up to and including writing/testing the code), but due to my professional ethical responsibilities, management will have to find another engineer to actually make the commit, deploy the code, and close the ticket. And I would also print out an email that proves I expressed my dissent and management dismissed my concerns.
Companies violate federal or state (or country, in my case) laws all the time.
I've read about Y Combinator actually encouraging some of its startups to violate laws (in the "hack the system" sense, not in criminal violations sense).
If you think about it, many of the top startups do: Uber, AirBnB (and others that are losing like Zenefits, FanDuel or DraftKings).
It's, sadly, one of the only effective ways to get them to be discussed or modified, laws have a lot of inertia going for them.
I'm definitely not happy about the ethics in the above case, though.
Another thing I was going to add is that some CEOs knowingly violate the laws and incorporate that into their risk models (cost of fine + lawyers weighted by chance of it happening), it's usually a lot more cost effective to violate them (The CTO in the above example might have done such cost/benefit calculation).
Note that this would be... Well, stupid. People sometimes opt in for newsletters they care about and with this scheme they would opt out. Not only that, you would get tons of "subscribers" who explicitly don't care for your mails.
I am not arguing that dark patterns don't work in general, I just don't think this is a good example.
My interpretation was that the box just doesn't do anything; i.e., you can click it or not click it, but either way, welcome to the news letter mailing list.
SO many anecdotes we could share. Mine is, I contracted out to do work on an 80211 radio. The company wanted quicker connections on bands reserved for emergency communications in many countries. The FCC rule was, listen before you talk. But its quicker to ping the access point immediately. Quicker but illegal, and obstructive to emergency communications.
I refused flatly. Phrased it as 'as a contractor I'd be liable. I don't have deep pockets'. So they just got an employee to do it, who had absolutely no compunctions about it.
Its not so much that a company wants to do wrong things. Its that there's always an engineer willing to do them.
>Under the 2010 Dodd-Frank Act, whistleblowers who provide the FCC with original information that leads to a successful enforcement action in which monetary sanctions exceed $1 million will receive an award of not less than 10% and not more than 30% of the monetary sanction. In August 2012, the FCC issued its first award under the Whistleblower Bounty Program. The award was $50,000, or 30% of the amount collected by the FCC, the maximum allowed. [0]
Even if you're not interested in the financial reward you should still report it because you could be literally saving someone's life (possibly even that of your own) down the road.
Completely agree. While I like the idea that we all share some responsibility about the decisions we make, and I applaud you for yours, it shouldn't be on the implementor to fix. The companies/heads demanding this should be the ones liable, and heavily so.
To make a crude and polarizing comparison, especially since I happen to land somewhat on the other side of that argument:
You can't blame a tool (bat/knife/gun) for what its agent does with it. If one tool doesn't work for them, they'll get it done with something else.
Sadly I suspect corporate decisions get made in a microcosm. Whatever is good for the next quarter or next product. A middle manager would be fired for doing anything else. Or at least reviewed badly. "Sure you did the right thing; but your numbers were down. Sorry no raise/promotion"
So there is no particular person in a corporation that has direct incentive to be responsible.
Yes, I understand that this is the logical followup, but there were individuals standing up to orders and being executed, and it didn't make a lick of difference when the problem was systemic.
As I opened with, yes, to some extent we all share the blame, but appealing to everyone to individually make the difference will never work, because it only takes a few to still get the (dirty) job done. If everyone played nice we wouldn't need any laws.
Still, if there's nobody at the 'top' making decisions (and unless the CEO micromanages there isn't) then we've just moved the problem from Engineers to Middle Managers.
Somebody has to take a stand. In Canada they have an Engineering oath and code of ethics. We should all aspire to be our better selves. After all, we're not being executed; we'll just have to find another contract.
Sure, but I as an engineer can't control a middle manager, but a CEO most definitely can. If you make the CEO liable, he/she sure as hell will move the incentives towards better practices.
Ideally I absolutely agree with you, and we should all strive for the best and make a stand wherever possible, but the cynic in me believes that it can never completely solve the issues, just shift the burden to someone else down the line.
> I don't want regulation and lobbyists pushing their tech onto me as a solution. If anyone has advice, I think this is a great thread to share thoughts.
This is a prime example of how free capitalism will never regulate itself. Sure, you can vote with your dollar from what you know, but odds are you'll never find out about most of the crap a company pulls.
Too much regulation is obviously stifling to innovation as well. I don't have an answer, but I believe the solution lies somewhere in the middle, as with most things.
That regulation is stifling innovation is in no way obvious. It is a commonly repeated talking point but I am unaware of any factual arguments that back this assertion up.
Well, it can at least be in situations where incumbants lobby for needlessly complex regulation to stifle competition. See: for example tax code and fda process for epipen alternatives.
And just for an, albeit small, recent example [1], where there could easily exist better solutions, and the regulation could be worded more generally instead of giving specific mandates.
I'm sure there are more and much better examples, but as with everything we humans do, there are good practices and bad practices.
Just to give you one example that hits very close to home: the EU parliament recently start this push for companies that provide OTT communication services (Whatsapp, Skype, Viber, etc...) to comply to phone companies regulations.
Among other things, this would mean that all of the companies that provide end-to-end encryption would simply have to stop doing it, given that phone companies need to be able to provide "Lawful Interception".
The issue with that is not that innovation is being stiffled though, it's rather an issue of privacy.
For instance, there's nothing in that sort of regulation that prohibits any innovation on encryption that would reconcile the user's reasonable expectation of privacy with the authorities' wish to have access to the user's communications.
And the issue of appropriate and adequate safeguards of such innovation so that the authorities themselves don't misuse it, is yet another issue altogether.
> The issue with that is not that innovation is being stiffled though, it's rather an issue of privacy.
Encryption was an innovation. Communication that's private as a matter of technology rather than as a matter of legislation is an innovation.
Along the same lines: recording and time-shifting video and audio was an innovation. Enshrining the state of copyright law at the time would have prohibited it.
Innovation often does things that existing developers, users, and regulators didn't anticipate.
> For instance, there's nothing in that sort of regulation that prohibits any innovation on encryption that would reconcile the user's reasonable expectation of privacy with the authorities' wish to have access to the user's communications.
There's nothing in that sort of regulation that prohibits perpetual motion machines or time travel, either. The resolution of those two expectations is that one side loses and the other wins; the only question is which.
Trying working at a startup in a heavily regulated industry, such as finance or telecommunications. It becomes obvious very quickly why those industries converge around large players, and that reason is a huge regulatory hurdle to even get started.
Your claim that Uber is being banned because "taxi companies are mad" ignores several documented issues around driver safety, background checks, and driver pay (to name a few) that have been cited as cause for bans.
The best way to encourage innovation is to "stifle" it by producing unusual and complex situations that require creativity to circumvent. Regulation, because it is at least theoretically a codification of the desires of a large population, forces whatever innovation happens into a set of forms that are expected to be in line with the good of the people, while simultaneously making anything achieved more innovative in proportion with how much more intellectual and creative effort was required to achieve it.
That's encouraging innovation, but it's innovation specifically related to the regulation. It's a bit like saying, the best way to help people climb to higher ground is to first drop them into a pit.
We really need some way for whistleblowers to reveal all the dysfunctions within their company, and a way for consumers to easily get access to this information while they are surfing the web. Some combination of wikileaks + Glassdoor + yelp, in a fraud-resistant manner, that's easily accessible on-the-fly without too much effort. If companies knew they would be held accountable for breaking user trust, they would really think twice.
The problem is that the general public doesn't care as much as you'd care about these things. If one were to call oneself a whistleblower by announcing that a company made the email signup 'opt-out' instead of 'opt-in', in all likeliness, no one will take it seriously.
And as long as people are willing to give attention, time, money or a combination in exchange of something, it's highly likely that this 'something' will remain profitable and there lies the incentive to keep doing it.
For instance, if one were to work on a browser, who do you think has a greater incentive to allow adblocking: Firefox or Chrome?
Under our old management I had to fight tooth and nail to get security problems in production prioritised over things that might make money, and I caved in far more times that I care to admit (too many times I threatened to hand in my notice over it, and backed down due to promises of change and/or guilt trips about leaving my colleagues in the lurch).
Luckily the current regime seems to take a view far closer to mine, hopefully that will last beyond the current honeymoon period.
> If anyone has advice, I think this is a great thread to share thoughts.
The problem seems to be more-or-less endemic. Often the only solution is to break ranks and do the right thing against orders, or up sticks and go elsewhere, but these are very high risk strategies that most people wouldn't be able to justify when there is a mortgage to pay, especially as there is little chance the next place is much better.
I think a lot of us faced these kinds of situations. When I was just starting out I was writing drivers, and asked to write code to detect that a driver benchmark program was running (as opposed to an end-user's application), and if so, route the benchmark to a special code path who's sole purpose was to perform well in the benchmark. I didn't think that was right and expressed my concerns to management. The result was I could just move on to fixing other bugs and they got one of the contractors to do the benchmark detection instead. This echoes what others have said in this thread: for any ethical issue you feel uncomfortable with, there are plenty of other programmers lined up to do it if you won't.
When I'm a customer on the receiving end of spam like this I often write a reply to the company in question congratulating them on losing my business permanently, and that of anyone who I happen to talk to about their business arena.
Probably doesn't achieve much but it makes me feel better.
Name and shame them? Make very sure your anonymity is preserved lest they try to sue you, but exposing these practices on here might be a start to get the word out on it.
Just a casual naming online stating that these practices are on purpose and not a bug, so when I search for the company and the issue on google, I'll know to not give them the benefit of the doubt.
Ethical violations are an endemic problem. If everybody named and shamed companies for every ethical violation they encounter, every company would end up named and shamed. And the really bad stuff would get buried in an avalanche of comparatively trivial violations.
Well, if they don't provide a way to unsubscribe it is actually illegal to do what they did, and could be fined per email sent. Given the situation you described I kind of doubt they did.
As for the terms and conditions violations, aka selling / using information - you're not going to get them. People stopped expecting privacy a while ago, and every conversation ive had on the subject the past three years always goes something along the lines of: "I always expect all my data to be given out and used"
If you don't want that to occur don't use the internet or use a company you trust. For example, I trust a university to keep my data secure because it's legally obligated to. Similarly, I trust most products I pay for, I don't trust pretty much any other app.
It's a numbers game once they subscribe, even if the link is there. Some people, myself included, won't hit that unsubscribe button. I'll just forever mark it as spam until it no longer shows up in my inbox.
Isn't this better? I know at my company we'd rather a person unsubscribe rather than delete without reading or god-forbid mark it as spam. Saves us money.
> It bothers me that I don't even know how to fight it since all it takes is the next dev to come along and say yes to end months of protests against something unethical. [...] If anyone has advice, I think this is a great thread to share thoughts.
Also, it's worth remembering that whether something is the right thing to do or not does not depend on whether you can prevent it from happening or from being carried out by someone else (you can note similar vile sentiments when people say things like "if I don't do it, someone else will" ). In other words, you should refuse to do something you know is wrong because it's wrong, end of story. The fact that someone willing can or will take your place is irrelevant. Concerns over prevention are distinct from concerns over where you should act in some manner. Where prevention is concerned, kareemsabri's suggestion is a viable option.
Sending unwanted emails - this is a great way to get added to spam filters... Do it to too many gmail users and no one will receive any of your emails.
It's not fraud. At best, it's a violation of CAN-SPAM, but I doubt it.
Don't get me wrong: it's unethical. But I don't think, "I didn't check the box that said 'add me to the newsletter' and they sent me a newsletter anyway" is particularly powerful.
>I advised her to get off the drug ASAP. Thankfully, she listened.
This bothers me, this isn't how medicine works. While there's very, very legitimate reasons to be critical of over prescribing and marketing, "I heard about an adverse outcome in someone else that may or may not be related to a drug she was taking" is not a good reason to recommending another person to stop treatment.
All medical interventions are a cost-benefit analysis and all medical interventions have risk, some more than others. Forgoing medical interventions also has risks and benefits. For all we know the risks were very minimal and the drug helped the sister. This could have been very harmful advice if the drug required, say, tapering down and the sister went off of it without assistance of a medical provider.
The author is themselves handing out incredibly rash and potentiality harmful advice.
The author is themselves handing out incredibly rash and potentiality harmful advice.
The author answers this objection [0] on the Reddit thread [1] about his "Code I'm Still Ashamed Of" post:
devmastery[S] 15 points 4 days ago
I hear you. To clarify...
What actually happened is that she spoke to her doctor about being uncomfortable with the way the medicine was making her feel and he was able to recommend a more traditional medication that had been on the market much longer and did not end up having the same effect. Her transition was medically supervised. And she's doing great.
Yes! That line bothered me, too. I like the overall message, but the brother is not a medical professional and absolutely should not be giving out medical advice like that.
True, the author is no doctor, but in this case this is not the only drug available.
In the article:
“The quiz doesn’t work,” she said.
“Oh. What’s broken?” I asked.
“Well, it seems that no matter what I do, the quiz recommends the client’s drug as the best possible treatment. The only exception is if I say I’m allergic. Or if I say I am already taking it.”
What does that have to do with anything at all? The morale of the story is he or she heard something on the six o'clock news and recommend the sister stop treatment based on that. That's extremely improper advice.
The author is apparently upset about assisting in giving what they believe to be improper medical advice so they proceeded to give improper medical advice themselves.
There's also a huge logical flaw to go from "this drug had a side effect that may have caused death in one person" to "this drug is inappropriate for my sister"
Yes. While programmers being asked to do unethical things is a salient topic, the posted article feels pretty weak on all fronts. He admits that the site as designed was compliant with medical advertising law. Its goal was to get people thinking about a medication that still required a doctor's approval to obtain. His "infraction" was writing code that would indicate this prescription is a good solution to the various problems that, presumably, the medication addressed. I personally don't see any ethical problem with that.
The author should probably speak to a professional therapist who can help him process this event and understand that he shares no responsibility for the complication that caused a user of the drug, who may have benefited substantially before the complication occurred, to commit suicide.
> His "infraction" was writing code that would indicate this prescription is a good solution to the various problems that, presumably, the medication addressed. I personally don't see any ethical problem with that.
The problem with the quiz was that no matter how you answered, unless you said you were already taking the drug or explicitly allergic to it, the recommended solution was the drug. In other words, this was presented as a way to suss out which of various treatments would be appropriate, but it actually only recommended one.
I don't think that's deceptive. Do you really need a label that says "an online quiz is not a diagnosis"? Obviously marketers are going to create such content with the intention of demonstrating how their product can be useful to people. I doubt anyone was under the false impression that they weren't on a marketing site or that the online quiz was a definitive medical device capable of providing diagnostic data.
If this was OTC I may see more cause for concern, but as an Rx drug, any such suppositions would still require a doctor's signoff.
We'd all prefer not to be involved in the mass manipulation of marketing/advertising at all, but that's not real life. As far as this goes, from the details in the article, it doesn't sound like an egregiously wrong thing.
It also sounds like the author was at peace with it until he learned that someone who took the medication had committed suicide. That's certainly some misdirected angst. This was almost definitely an antidepressant medication, and those require careful balancing and coordination by medical professionals. The guy who helped put together a marketing site for a drug that helps hundreds of millions of people is not responsible for the cases where incompetent medical practitioners prescribed it incorrectly.
This is why Software Engineering as a profession should be regulated and licensed just like other engineering fields - mechanical, civil, electrical, etc. Professional Engineers are bound by a code of ethics stressing first and foremost the welfare of the public. Engineers who behave unethically have their licenses revoked which can be a career-ending event. It is our responsibility as engineers to ensure that the code we ship does not negatively impact anyone's health or safety; especially as software becomes more and more pervasive in society.
"This is why Software Engineering as a profession should be regulated and licensed just like other engineering fields"
I may agree, reluctantly, with the first half of this sentence, but I don't agree with the second half.
Whatever happens with code and how we regulate it, we must start with the understanding that it is not like other engineering fields. It's so different that I believe it should be considered a separate field entirely. Actuaries and engineers both need to know a lot of math, but they are not the same fields, and there's no need to regulate them similarly. Engineers don't get to tell actuaries what to do. They shouldn't get to tell software developers what to do either.
One reason I'm so resistant to this is that I was a math major (though I did get an MS in industrial engineering), and I've seen what are essentially mathematical innovations patented under a legal regime that considers mathematics unpatentable to the point where it specifically excludes mathematics from the academic background that qualifies a person to review patents. The quality of patent review reflects the deliberately self-inflicted absence of advanced mathematics degree holders. I guess our best hope is that some of the physics majors will handle this?
This is exactly what you should expect from a cartel: expanding domain, limiting competition.
I am positive that the governing bodies for the "other engineering" fields would be delighted to get control over software, but they shouldn't get it.
This is also why I resist the term "software engineer". Some consider it an appropriation of the title "engineer", and sure, I agree, that's fine (I'm sure they'll get all up in arms about sound engineers in recording studios next, right?). But the appropriation that really concerns me here is the term "software". It ain't yours. Paws off.
> It is our responsibility as engineers to ensure that the code we ship does not negatively impact anyone's health or safety; especially as software becomes more and more pervasive in society.
I agree 100% with the above sentence. But I do not think that implies regulation and licensing to be the appropriate solution, at least not universally. Perhaps it is appropriate to require licensing to write code for life-support systems, vehicles, or other systems on which all other engineering requires licensing. But not to write code for Twitter. Not to tweak the PHP on your Wordpress site. Not for the vast pile of code that may be meaningful to the author, but is trivial when considering its risk to the health of the general public.
I worry that this moral gray area stuff is hard to solve with clear rules that people can agree on. Is a sketchy quiz advertising prescription drugs unethical? Probably. Is a sketchy quiz trying to get kids to eat their vegetables unethical? Probably not. It's going to be really hard to find a clear line between things like that, even without worrying about politics getting all over it.
For comparison, the prescription drug market is extremely heavily regulated, but that doesn't seem to have helped in this story.
I used to disagree with you entirely, but I'm beginning to see the value of having an excuse to be ethically better that holds weight in large organizations.
Sounds good, but the vast majority of software eng does not require this, and i think it's just a different problem with a different solution then licensing
I'm the chairman of the board of a local society of computer scientists. We have bylaws that describe a code of conduct for members governing their work.
1. Let honesty govern your work
2. Heed professional responsibility
3. Do not accept gain from a third party, except with full knowledge of your employer/contract partner
4. Do not ever use confidential information from an employer of contract partner without informed consent
5. Increase your professional capabilities
6. Make sure your conduct is an exemplar of membership
7. Share your experience with other members
We host meetings once or twice a month where members or guests hold lectures on varying IT topics.
I don't know if tech in Iceland is such a small community that it tends to keep people honest or that transgressions like this happen all the time and are not spoken of. I like to think our members are ethical in their work.
I actually don't see any rule in there about being ethical towards your userbase. The integrity encouraged here is towards the employer, which will be the one to insist on screwing over the users.
What you really mean is that it's hard to be upfront about saying "Cause your employer trouble over client needs that screw over the user" and still keep a job. The message itself can be crystal clear; broadcasting it where it actually means something is the challenge.
I'd rather take at face value the parent comment author's claims that the translation is hard than I would assume incompetence or some sort of intentional loophole.
The employment relationship points could also be rolled up into "let honesty govern your work."
The question was why only the employment points were broken out. Why not also break out the most important points regarding user-focused ethics instead of just relying on the catch-all for them?
Touched this in your sibling. It's not straight forward to translate from Icelandic. The meaning anyone would convey from the original text is that honesty cuts both ways.
An awkward situation, for sure. However, after a lady in my community killed herself (she was on some prescribed drug), a friend of mine in the industry explained his view.
Apparently, these drugs can cause some people to kill themselves. But they also cause some users to recover, meaning they're less likely to commit suicide. It wasn't clear how exactly this balance was measured, but the net effect can be positive.
Still raises some hard questions along the lines of the trolley experiment. Who gets to live, and who gets to die? And what about the fact that we don't even know who it is that will get better or worse?
Regarding coding, the coder is only really able to quit because the market is good. Plenty of people along the same economic chain that led to this are in more precarious job circumstances.
I think the real ethical issue from the author's perspective is not whether or not the drug should be allowed to exist and be prescribed even though it causes some deaths, but rather the loss of informed consent (a quiz that purports to make a personalized recommendation but actually just always recommends the drug) and the skirting of legal regulations (the country forbids marketing drugs to consumers but this supposed "general information" site is actually stealth marketing).
Similar thought: should you have a moral quandry about doing work for a car company, given that 1.25 million people per year are killed in road traffic incidents.
This takes you down a never-ending and unproductive rabbit hole. We really aren't equipped to encompass the totality of the effects of any particular action we take, which will invariably, at some point in the chain of consequences, have adverse impacts on someone, somewhere.
It depends. If the people are dying because the cars we make have break pads that haven't been certified as safe, and the reason they aren't certified is my boss said to not do it coz certification raises our costs by $1000 per car, yeah, I'd be bothered. Big as they come moral quandary.
I'd focus on the difference you're making. Are you making drivers, passengers and bystanders more or less safe than they'd be if someone less skilled was doing your job? Given that new cars tend to be substantially safer all round than older cars, I'd say most of the industry is in the clear. OTOH anyone encouraging people to buy heavier cars than they need should probably think things through pretty carefully.
> It wasn't clear how exactly this balance was measured, but the net effect can be positive.
That can certainly be the case; of course, once we develop websites with the purpose of having as many people as possible take those drugs, their likelihood of being harmed grows and their likelihood of recover go down.
I just wanted to say I hope the OP isn't beating themselves up about what happened. In terms of moral integrity I feel they did very well to, at a relatively young age, take the decision to quit. I understand the point of the article (we may be developers at the end of the chain, and there maybe lots of people legally and ethically responsible above us, but we can still stand up for what is right) but at the same time, until you read something like this, or are in the situation yourself, it is common for people not to appreciate the knock on of what we do. If the OP hadn't made the quiz, someone else would have, this isn't to say people can't take a stand, but it is more to say no matter what they did that person would still be dead.
So my respect to the developer in question, I'm fairly sure I would have continued to work there. I would have just said to myself that these things happen, there are laws in place to protect people, if the laws aren't good enough we should campaign for change, I'm just a developer move data around a machine, etc. But I sort of assume by time I get to my death bed, I'll probably look back over my life and decide I made most decisions wrong, rather than work hard for success, fortune, etc. perhaps favouring compassion, helping others, charity work, etc. would have actually be a life better spent. So for the time being I'll give credit to those who take the moral high ground!
Here is mine. The company was going to pitch investors very soon but its product is not ready yet. The CTO copied our competitor's code (well, mangled javascript), replaced their name with ours, updated some public API to our company name. Then asked me to build upon that.
I said this is not acceptable but they said it is ok because they are not releasing it publicly, it is just for demo for investors. I am sure we are either violating copyright or telling lie to investors, and am surprised no one in the company think it is a problem. After all I have to do it, because I was just an intern.
If you can, refuse. Tell them that you believe that you get into a big trouble, if this comes out and you are not sure anyway that it does not.
Based on your description they are looking for a scapegoat. If this comes out, they definitely point towards you while saying that they were not aware of this, must be interns initiative.
I have code I'm ashamed of as well. I was very young, and told the app was for a fairly innocent cause. After the fact, it became apparent the company was also selling it to a fairly controversial foreign government entity.
I think it's worth standing up to this sort of thing, but good luck getting that new job if you stipulate they inform you before hand who they're going to sell your code to. I'm not sure what the solution is if you don't have a ton of leverage (and if you choose to turn down the job, someone will gladly take your place in this economy).
I note the BCS (a professional body of sorts for British technologists) has a "public interest" clause in its code of conduct for members, which arguably prohibits the sort of behaviour described by you & in the submission:
That said, there's no real obligation to be a BCS member, and most people aren't, which somewhat defangs their CoC: like you say, if you refuse the work, someone else will do it. Still, it's a good symbolic gesture, and perhaps points the way to go.
What I've discovered over the years is simply if you refuse to build it they'll get someone else to do it, and someone else certainly will. That's not too say you should, just that you as a developer have very little power to actually stop it.
good read. and kudos for coming out and opening the subject.
i personally think this is not just a developer issue, but affects every person living in a society. the quality of the society we live in depends on all of us doing as much as we can to achieve it. unfortunately, the living today is too precarious, and too many people cannot afford to be too ethical.
the sad thing about our industry to me is that sometimes it seems we give up before putting up any fight. we know how hard it is to control complex systems, how impossible it is to create a perfect system. so a lot of us decide, like that fox in Aesop's fable, that it's actually wrong to even try to do anything. if she can't reach the grapes, then the grapes must be sour. this happens everywhere, but it strikes me in IT particularly if you look at a simple example - most IT people find it obvious, and live with it, that everything we do online is recorded and that it's not that hard to spy on anyone. most regular people don't fully grasp this, and get occasionally outraged. how many of us (i count myself in here) will then just wave their concerns away, and explain that they simply have no choice but to accept this future?
What do you do if your boss asks you to do something which you believe to be legally questionable or unethical? For example, if you're asked to do something which you thought might be illegal, but you don't know for certain, would the best course of action be to hire a lawyer? Based on what I saw from the recent Volkswagen fiasco, it seems like the developer himself can be held liable. Is this correct?
I have been asked a couple of times to do things that were unethical, never illegal but certainly unethical. I resigned on the spot in both cases. I feel this is how professionals should act.
When asked in my interviews why I left I stated clearly that I was asked to do something unethical and resigned as a result when "forced", it was taken positively.
Obviously not something you can do in most of the established industries, but IT is in its golden age, and we should take advantage of that while we can. It will end eventually, and we'll have the same "go evil or go hungry" dilemma most people face in their day jobs.
The market for developers in many locations currently seems to be such that developers make good money and should be able to have some saving and finding a new job isn't terribly difficult.
The key word there is "currently". I've lived through several cycles now, and I can assure you that there are times when you will take any job that comes because you want to eat or pay rent this month.
Now that I am experienced I am confident that I can get a new job fast. When I was just starting out it took a few months to get my first job everyone wanted experience (I live far away from San Fran). Now I can quit my job on the spot (it helps my spouse also works) but I couldn't have quit my job on the spot back when I had student loans.
I'm not sure about your last question, but regarding if they ask you to do something that may be unethical or illegal:
I'd get advice. It doesn't mean you need to spend money on a lawyer necessarily, you can often write college/uni professors and get decent answers. If not, heck, I'd even ask the relevant Reddit sub-forum. At any rate, the idea is to go ask people who are more likely to objectively answer your concerns as opposed to the employers.
First up, you should resign if you're asked to do something unethical (assuming you're in a situation where you can survive for a few months while you get a new job). Because if you don't resign, you're signalling that you're okay with being asked to do things that are unethical.
As for legal recourse, yes you should consult with a lawyer if you've been asked to do something you think is illegal (they can help you report your company to the appropriate authorities). Some larger companies have internal methods of reporting issues, but given the recent activities of Wells Fargo I wouldn't recommend outing yourself as someone who is considering reporting on your company.
As for developers being held responsible, I don't think that most cases will pan out like that (it's not your job as a developer to question whether your manager has checked with your company's legal team). However you should definitely not "just follow orders" if you've been asked to do something you find to be shady or illegal.
> What do you do if your boss asks you to do something which you believe to be legally questionable or unethical?
Easy: I ring the anonymous freephone number that's on posters around our offices expressly set up for this exact purpose.
To anyone who is concerned about these questions, and has a position of influence at your company: could your reports answer this question so quickly and easily? If not, why not?
I was asked a couple of time to write illegal code or hand over log data to management which they are not allowed to see. In Europe we still have working privacy protection laws, you know.
I always said no, and management always reacted professionally and accepted it. Maybe they just don't know software or privacy laws that well.
Having a clean conscience trumps all, and in the end you will have troubles, not your management.
I took a CS ethics class. We generally read better things, with a more interesting conclusion.
The conclusion of this? If you said NO, someone in India would have made it, for likely less money. The only winning end game would be to e-mail the FDA and hope that the right political party and lobbyists are currently in control of the agency.
This reminds me of issues we face in the legal profession. Lawyers have convinced ourselves, through elaborate rationalization, that every person deserves legal representation. Yet lawyers clearly make decisions about what kind of work they want to do, and what kind of clients they are comfortable representing. For example, most divorce lawyers tend to specialize in representing husbands or wives (not both), and most employment and labor lawyers either represent the company or the employee consistently, etc. But on the other hand, many defense lawyers become prosecutors, and vice versa. The key is that whatever role we like to take, we make ethical decisions within that role. If I am a prosecutor, I work for the people and my job is to "do justice". If I defend accused criminals, my job is to advocate zealously for the accused b/c anyone may be falsely accused. This system relies on discretion -- that is, the individual professional is free to decide whether to pursue a matter or take on a client. Unfortunately discretion does not exist in most software development efforts. Unless you are contributing to free software on a voluntary basis, it is likely that you will be called upon from time to time to support businesses that you don't like. This is a hard problem and I don't think there is an easy answer. If anything, the answer may require that you forego many of the economic trappings of success if you wish to live an ethical life. I don't expect anyone to make that decision, although I admire those who do. Not so much the Richard Stallmans who can live on their celebrity, but the people who adhere to those ideals and do not have celebrity to fall back on when they can't make their rent.
I was asked to scrape details of 50k+ people from LinkedIn and load them into essentially a spam cannon because, you guessed it, we needed the e-mail signups. And follow-up sales calls. So, probably illegal (because spam), generally horrible behaviour, and also a huge violation of LI's terms of service. I said no. Fortunately if I didn't program it in that company nobody was going to do it and all I had to put up with was snark.
I mean yes, sure, I realize the author blames himself for the death of that poor girl. But how could he possibly have known? It's neither his job nor his responsibility to know anything about the side effects of this drug. His job was to built a website, according to the wishes of his employer. And so he did.
Hindsight is 20/20, it's easy to say afterwards that what he did was unethical. But to me this seems more like bad luck.
On the one hand, it was clear that the website wasn't meant to be informative, since it always recommended the client's drug no matter what the questionnaire returned. Clearly that was a bit shady.
On the other hand... as a general rule, I don't really want software developers deciding what to code based on their personal medical opinions. That can cut both ways.
If the author felt it was unethical at the time (and he says it didn't really cross his mind), the best he could have done would have been to quit. Then, of course, someone else would have taken his place. Perhaps his conscience would have been cleaner, but I doubt any girls would have been saved. The stark reality is that ethical quandaries like this call for an all-or-nothing approach; either you're disturbed enough to report their actions to the authorities, or you don't do anything at all. You can quit, but that won't save anyone, so you're not really helping. (Unless you're irreplaceable, of course.)
There's another important element to the author's story: the sketchy questionnaire and the drug's harmful side effects weren't really linked in any way. Marketing is marketing; as the author says, he knew the job of the site was to promote the drug. Shady questionnaire or not, that's not inherently problematic. If the pharma company misled its customers on the side effects or knew the drug wasn't safe, that's an entirely separate issue that the author simply could not have known of. Drugs are complicated business, and they can be helpful, dangerous, important, and abused all at the same time.
The "last line of defense" statement was a powerful one, but not one I feel I can really agree with. It's often said that pharmacists are the last line of defense for prescription drugs, and that's how it should be; they actually have the training to know what they're doing. Software engineers might be a knowledgeable bunch, but they're not so knowledgeable they should be making calls outside their expertise.
I agree with you totally. I'm sure the author feels some responsibility for having some played some part of this, but it's the pharma company that should be ashamed.
With regards to advertising, I'm from the UK so we don't get much medical advertising, but in the US it is crazy. Half the adverts in commercial breaks seem to be for medicines with half a dozen potential side effects.
> Then, if a visitor could prove they had a prescription, they were given access to a patient portal with more specific info about the drug.
I assume that it was just further information about the drug. In the UK only a doctor can prescribe controlled medicines. I assume it's the same in Canada... if so it's for the doctor, who has had years of training in this field, to prescribe the correct drug. Yes, some drugs cause side effects for some people, and medicines need to be adjusted/changed as a result. We don't know how many people died as a result of the medicine, but that's what government regulation should deal with not allowing untested drugs to be sold.
> We’re approaching a time where software will drive the vehicle that transports your family to soccer practice. There are already AI programs that help doctors diagnose disease. It’s not hard to imagine them recommending prescription drugs soon, too.
For me this was the most (and only) important paragraph of the post.
However, I should add that:
> Perhaps his conscience would have been cleaner
Is a big deal. Obviously, it is up to the individual to determine the proper course of action for themselves, but I disagree with the line of thought that 'you should stay in unethical situations because someone else will be there and at least this way you can create change.' Rather, you ought to act authentically and with honestly.
I assume the point is as both a warning to others (us) and as a reminder to him. As someone who subscribes to the PKD definition of "hero," I quite like the article for this purpose. Had the author known a bit more about the drug beforehand, he may well have refused to build the site.
"The authentic human being is one of us who instinctively knows what he should not do, and, in addition, he will balk at doing it. He will refuse to do it, even if this brings down dread consequences to him and to those whom he loves. This, to me, is the ultimately heroic trait of ordinary people; they say no to the tyrant and they calmly take the consequences of this resistance. Their deeds may be small, and almost always unnoticed, unmarked by history. Their names are not remembered, nor did these authentic humans expect their names to be remembered. I see their authenticity in an odd way: not in their willingness to perform great heroic deeds but in their quiet refusals. In essence, they cannot be compelled to be what they are not."
The survey is a trick to make the site look unbiased. To look like it just happened to tell you to take that particular drug from that particular company, with other options available if you selected different things.
The ethical way to implement it would have been to just have a website that was obviously by that company, no survey, just saying "do you have problems with {x}/{y}/{z}? {Our product} may be right for you. Not to be taken if you have {some allergies etc}."
Applying the term engineer to software is a problem here, there is a lot of law attached to the term, and proper lines between being a Software "Developer" and being a Software "Engineer" have not been drawn yet. I have found that some corporate entities insist on calling an engineer anyone developing software, just so they can point the blame and liability at some employees, like VW tried. Liscensing as an engineer requires at least an ABET BS degree in Engineering, plus tests and years of junior time, but corporations throw this word about like confeti, conferring it on any employee they like. In the licensed world this title indeed means both criminal and civil financial liability in the case of errors. It is strongly advised to use the title Developer, and avoid the title Engineer, unless one wishes to work in harms way of prosecution from some error that harms someone.
There is a problem with software engineers. Narcissism.
Its disturbing how many software discussion boards routinely refer to other people as dumb or ignorant.
It's as if everyone should leave their area of expertise and become software engineers.
This kind of hubris that allows some to think they are better than others only paves the way for people to dehumanize others and behave unethically.
And we have seen after decades of posing as champions of freedom and liberty nearly the entire industry has been co-opted into the surveillance economy or state surveillance programs without so much as a murmur with Snowden left holding the baby of these pretensions.
I have been asked to do unethical-but-not-illegal things in the past, and in response I (unwittingly) delivered something ethical under the guise of being the requested item. Still dubious ethics, but just between me and the client, not anybody outside.
The most common request is to knock off another site. You can hit the save button, or copy code, but what I do is code up a better similar design from scratch. The result is a superior product so everybody is happy, but I would never take code that wasn't open source. I don't even peek at their code during this process!
> As developers, we are often one of the last lines of
> defense [sic] against potentially dangerous and
> unethical practices
I think this article is a prime example of how professional institutions can be just as important in software engineering as other fields more typically associated with such bodies.
Just because software isn't a physical entity like a bridge that can physically collapse on someone, it seems to be the view of many that a professional body with guidance on ethics, best practice, et al. has no relevance.
I have seen bad code in my life. Some cases developers don't care about the code ethics OR they are not intelligent/experienced enough to write a good code.
But in many cases its the mistake of product managers or leads. When the product goals/specs are not clear, the design changes very often and you have to meet the tight deadlines. This leads to redundant and inefficient code which is very difficult to clean up and maintain.
A lot of drugs have severe side effects. And of course, if a drug is popular enough, there always will be a couple of extremely severe cases.
Does it mean that those drugs are bad? Does it mean that the recovery of millions of patients is outweighted by one where the doctor probably shouldn't have prescribed it in the first place because the patient was already predisposed to depression or depressed in the first place?
Your argument sounds like a false dichotomy to me. We can have drugs with potentially bad side effects and make efforts to make sure they're not incorrectly prescribed.
I saw nothing in the article that indicated the drug discussed was incorrectly prescribed or promoted.
Honestly, the article could be written about someone doing a marketing campaign for facebook and then hearing about a teenager committing suicide due to facebook. We would all find that absurd, but it is functionally equivalent here. Facebook has been sued for the suicide of teenagers, just like the drug company.
What I find very disturbing in US, that I haven't seen in France for example is marketing push (including TV ads) for prescription drugs.
Is it something people do, go to their doctors and say "that drugs looks great because I've seen it on TV/some online quiz told me I need it, please write me a prescription"?
I saw nothing in the article that indicated the drug discussed was incorrectly prescribed or promoted.
You don't think presenting a questionnaire and having every answer being the drug in question, regardless of the choices made, at the very least hints at it being incorrectly promoted?
The article also mentioned nothing about the drug being sold on the website either. I presume they must have had to go to a doctor to get a prescription which they would then take to a pharmacy to get the drug... so going to the doctor and saying "I took this questionnaire and it said I have X. I need drug Y" means there are problems elsewhere in the system.
I agree, but it's perfectly valid to hold it against a company to exploit those problems in the system for profit, if this goes at a cost of human life.
(The problem likely being that doctors don't want to argue with their patients too much)
The major side effect of making coding easier is more people will. Some will have fewer scruples about ethics. So as coding tools get easier to use, more such dishonest coding will show up.
I think a solution, alongside our personal integrity, is watching for it. Whether we be Google, or a lone, random programmer, we could any of us chance to ferret out such a nasty site and shine the bright light of day on it.
Earlier this year while looking for work, I received an offer to start on a project that would scan innocent travelers (through client's airports) and build dossiers on them looking for criminal connections.
I'm proud to say I declined and included the fancy word "repugnant" in my reply.
This is a very tough thing to address if you're a security researcher say for the government. The likes become blurry on what is ethical and what's needed for keeping weapons that can protect us..
In practice, liability is the yardstick of ethics. Anyone caught in the "unethical/not liable" zone is alone. Which for most of us results in shame. For a few others, it results in pride.
I feel this has been an issue for other types of jobs so far, but this example points out how easy is to be borderline with ethics...which may itself be a non-ethical choice IMHO
I was reading the comments of the article and I came across an interesting thought.
Whilst we in first world countries may be able to protest against our employers or try and steer them away from non-ethical actions.
What happens when the employer takes away the assignment in question and gives the work to an off-shore company, who's only obligation is to get paid? Where the developers of said off-shore company's obligation is to get paid so they can eat?
Do you think off-shore developers are going to have the same moral stances of a first world developer? I don't think so.
I know there are a couple of voices in this thread who think they can be that knight in shining armor, a bit like Don Quixote. However, you can't rail too much. Lest you find yourself outcast, side-lined or even fired?
I thought it was an interesting situation to ponder.
Ultimately though, we can only speak for our own moral choices. If you're happy with doing something unethical or illegal, then go ahead. If you're not prepared to, then don't. If you refuse though, then what happens afterwards isn't up to you and doesn't impact on your morals and/or character. The best you can hope for is to know that you played no part in the wrongdoing.
Unfortunately, the ethical chain here is only as good as it's most unethical link.
Then again, most people really don't have a good feeling being the corrosive link.
I don't know what you mean by "ethical chain", but whether something is the right thing to do is independent of whether other people are acting morally or not. Just because others are morally corrupt does not justify one's own moral corruption.
> Do you think off-shore developers are going to have the same moral stances of a first world developer? I don't think so.
It's not as if first world developers (or employers) are on average more ethical than off-shore ones. You could have made the same point without being derisive of off-shore developers.
Amazing how much backlash there was at the idea of legally requiring software to explain its decisions, but this is one example out of many that makes it clear that we either require it or people will die from software with bad intentions. To me, the idea of trusting software authors or companies without the accompanying legal framework to ensure that it isn't blind trust is absolutely insane. I should hope VW (amongst many other companies) has proven that beyond any doubts.
If he hadn't coded it, someone else would have. The most effective way to change the world, in my opinion, is to push for political and social changes that change incentives in a manner that reduces the number of unethical economic niches that exist. Sacrificing your own employment opportunities out of principle has next to no effect on the larger picture, and if anything, will reduce your own ability to shape things in a positive direction in the future.
I disagree. Even if the boss found somebody else to do it, the fact that somebody had stood up and said no would make a difference. It still would provide an example to other employees. Behavior is contagious. You have more power than you think. If everyone sits back and says "I can't act ethical until we have big political and social changes", I can guarantee you that those changes will never occur. Somebody somewhere has to start the ball rolling, even at some personal cost, or nothing will ever change.
It sure would provide an example to other employees. Mike was replaced because he wouldn't write the code he was asked to write. Lesson learned: Write the code you're asked to if you want to keep your job.
At his level at the time, sure. Anyone can write a web quiz. But I would think that a lot of the most significant ethical challenges developers face would be in much more specialized areas.
Safety-critical systems often have real-time and embedded components, for example. The regulations for safety-critical software vary a lot between industries, too, which makes it even harder to find a replacement for someone who leaves for ethical reasons.
if he didn't murder the guy, someone else would have
well you can all down vote me, but we could all decide to just be nice to each other, we have enough tech and resources to house and feed everyone in the world
If we lived in a society where murder happened on a massive scale, that might not be an absurd statement. Imagine if we treated humans the way we treat farm animals for instance..
That being said, sometimes (more often than not?) acting on principle and making the strategically best decision for the world, align, so I'm not saying one should never act according to principle.
My take on this: If someone reads garbage advertisement information on a random website and takes this medication solely because of that, they fail to do the most basic thinking and scrutiny. The gene pool won't miss these people. I know, it's harsh and cynical, but it's the truth (oh boy, this opinion will be unpopular, I already feel it in my bones). If everyone had to take responsibility for such thoughtless behaviour of other people, we couldn't do anything anymore.
However, I do see major moral implications of writing code for things like cars, rockets, robots, pacemakers, etc. This is where the true responsibility of software engineers lies.