It's a surprisingly urgent problem in a field that enables mass government surveillance, dark patterns, big data aggregation, and cyber warfare.
As an attorney, I wonder if software engineers should consider implementing some kind of rules for professional conduct and an organization to enforce it like the lawyers have.
Case in point: The way Aaron Schwartz was treated. The prosecution seriously overstepped the boundaries of what can be considered ethical behaviour. Even worse, they did it for shady political reasons and personal career considerations.
Thank you for sharing this!
Who are the most successful lawyers? Politicians. Try and think of an unethical one...too many to chose from. Hell, if religious laws don't prevent people from doing horrible things and then justifying it (and they don't), why would a code of conduct help anything?
If the heart of a profession is greed (and tech is or is getting there), then your code of conduct means nothing. You just gotta justify your actions, and tech companies already do that.
"We're changing the world for the better! (But don't mind us if we track, spy, manipulate, and price-gouge you along the way)."
Is that unfair? It feels unfair, but the actions of too many tech companies are deplorable and yet we've got tens of thousands of people working for them. Where do you draw the line? When do you become complicit (someone abuses data because you've built systems which allows and encourages it)?
It's really an argument of social norms, and how do you change those, especially (if like law was at one point), you are the industry to get into to make money? If that is the main reason lots of people get involved (from management on down), how do you build and maintain norms that say that quality and concern for the user comes before all else?
Obama, Clinton(s), Ghandi, Lincoln...none of whom were "successful" lawyers, but they all did just fine in politics.
As to your point about laws/code not preventing horrible things...they often times do. But no one is claiming laws always eradicate behavior (they can and have) that's why we put people on notice and create penalties because we know people violate the laws/rules anyway. Say Bill Clinton lying under oath, he was caught and the only one who disciplined home was the Bar of his home state: totally disbarred him. In other cases, the law itself might be immoral -take the British colonial law against Indian's making salt, and Ghandi violating it and being arrested, even after, as a politician he was able to change the law and the norms.
I think your main point is likely right, but your supporting examples are not. Wikipedia (at https://en.wikipedia.org/wiki/Abraham_Lincoln#Early_career_a...) says:
Lincoln became an able and successful lawyer with a reputation as a formidable adversary during cross-examinations and closing arguments
Likewise, we have https://en.wikipedia.org/wiki/Hillary_Clinton#Later_Arkansas...
She was twice named by The National Law Journal as one of the 100 most influential lawyers in America: in 1988 and in 1991. When Bill Clinton thought about not running again for governor in 1990, Hillary Clinton considered running, but private polls were unfavorable and, in the end, he ran and was re-elected for the final time.
A compliment on Lincoln's cross examination skills does not make a successful lawyer, though he did practice and litigate and unlike the others (that I know about) established case law. As far as Hillary, I wouldn't put to much stock in The National Law Journal - it's like the national dean's list, rising star lawyers, AV rating. What do you really know of her career? Did she take cases of first impression; set case law; argue before SCOTUS; set a record on a monetary judgment/damages; become partner at an AM100 firm or white shoe firm; hold a meaningful judicial clerkship; become a federal judge?
These are all smart people, successful politicians, but as lawyers I'm not sure anything ranks them in the upper echelons ...that certainly doesn't mean they were failures, which is being read into my statement, I think. Despite the thread opposing me, I don't see any merit based support they were the most successful lawyers.
You added the word "most" :) Your revised statement is probably right
The secret of great fortunes without apparent cause is a crime forgotten, for it was properly done
The key part that people keep omitting is "without apparent cause". If the cause is apparent, there is no need to speculate about possible crimes: just look at the cause and decide if it's criminal or not.
The most public ones, sure. But not necessarily the most successful.
I don't know about that. Judging by OliverJones' post, corrupt lawyers could well be even worse without the formal code of ethics.
Laws don't define ethics. They're only an implementation of justice. It's up to us to decide what's right and what's wrong.
I soon found other employment. It pays less, but I sleep a lot better at night.
At my work if you work more than 8 hours in a day, they just won't pay you for the extra. It looks bad on reports, and doesn't matter if the job must be completed by midnight you still can't work 12 hours on paper. What you have to do is split off anything you work in overtime, and put it on the next day's time sheet.
Legally, if your time sheets are inaccurate, you open yourself up for all sorts of legal action including significant fines and imprisonment, so what they've done to cover themselves here is require you to sign it as a true and accurate record of your hours worked. (They refuse to pay you if you don't, which in turn is illegal.)
I think I will follow your example, and find myself another job in a business that follows a basic code of ethics.
This is small print on timesheets anywhere I have worked. The point is that they have something that department of labor can see where employees asserted that the hours reported are correct. That's all DOL cares about if they check. It they are coercing employees to falsify time sheets DOL will have strong feelings. Record your hours independently and have those records ready for side by side comparison. After you leave for a better job, consider reporting their illegal practices so that hopefully others will no longer have to put up with it either. It does not help anybody to have a long history of lying on timesheets. ... Is this timesheet rule in writing anywhere? This would halo help a lot. Sorry I'm really interested in this. I'm a manager and I make sure my team records everything they are possibly entitled to be paid for because I'm a reasonable human being. End of rant ;)
I have also noticed, dissapointingly, that some people never seem to ask themseves moral questions. I think a room full of people in suits serves as a heuristic that tells them that someone else has already asked the requisite moral questions. This is partly how you end up with a city of 100,000 expats working for the government of Saudi Arabia, etc. Imagine living there. You could probably go years without anyone ever having a discussion about morality.
For example, he had a hip replacement a couple of years ago and received a handicap placard so he could park in the handicapped designated parking spots. He's much better now and doesn't really need it anymore, but he keeps getting it renewed (I guess they don't really check to make sure you're still "handicapped"). Sure, it's technically legal, but there are probably truly handicapped people (in wheelchairs etc.) that could use those spots much more.
(E.g. following a bad law like Jim Crow laws used to make profit or to exploit people etc).
This, for example, suggests that lying is absolutely immoral, because if lying were universally accepted as good, we would not be able to trust each other.
It seems odd that an absolute would depend on something subjective, doesn't it?
we would not be able to trust each other.
That sounds like a pretty utilitarian concern to me, rather than a contradiction.
Go deep enough and eventually everything is subjective. Even things like fundamental axioms.
That there exists more than one explanation for a phenomenon, like ethics and moral values, doesn't mean that choosing any of those at random yields a good explanation. It also doesn't mean that there is no valid explanation at all.
That's just lazy not-100%-sure-therefore-I-substituite-my-own-reality-ism.
For example, I would say that crossing the street on a red light when you can see that there are no cars for miles is going to be considered moral by a huge percentage of people. It will also be considered illegal in most places.
What is truly ethically absolute?
Nothing, as far as I know.
Their understanding of the thing was different, and wrong, the thing in of it self wasn't.
Let me ask you this: we can test theories about how light works by making predictions about how light will behave in some circumstance and then by running an experiment and checking if the prediction was correct.
If instead I have a moral theory which suggests something is absolutely moral, what prediction can I make based on that theory?
Hmmm, something tells me that their era was profoundly different in serious ways that aren't captured in recorded evidence that is available to us.
Before you even get to social interaction among peers, simply weather, disease, medicine, wild animals and poverty were all probably profound dangers to everyone across the face of the earth.
Nevermind literacy, and writing, just imagine how many normal human beings were completely feral, or mute, or inacapable of communicating verbally, for a wide range of reasons, including growing up in isolated wilderness and simply never learning organized speech, as part of a formal language.
Anyone who might help another person by sharing food and staying warm was probably of marginal pratical use, until the next period of hard times, either because of the random of marauders or nature taking its course.
I'm pretty sure healthy people who you could hold a conversation with were in short enough supply that once familiar, everyone made quick use of any luxuries available. No books or formal education, meant bootstrapping these things as new ideas which had no generational inertia, which means probably very nearly everything for most societies was very comfortably (or not comfortably at all) based on oral traditions.
Also people fucking died. Early. Lots of people's teeth were probably gone by 25. Blindness in an eye or both was probably kind of a little bit normal by 30 for many.
So, age was probably a different thing back then. In places where misery is coming from all directions, I'll allow for degrees of moral relativism. Especially for any period pre-dating the emergent modernity of ancient Rome. Any nomadic society that can't exactly distinguish diseases from curses and witchcraft, or even weather and plagues from punishing deities, kind of gets a hall pass.
Maybe, depending on other alternatives available.
> Deontology or absolutist moral theories prescribe that killing is always immoral.
Most real deontological systems prescribe situations in which murder is justified, and self-defense and defense of others are common examples, and the broad outline ends up looking a lot like what common utilitarian approaches would yield. (There's a good argument to be made that most moral systems are rationalizations from preferred treatments of common situations and that people don't really tend to reason forward from principles, anyway, so it's not that surprising that the radically different root principles of utilitarian and deontological approaches end up with similar results, because they are mostly alternate rationalizations for those results.)
I can say that the legal code of ethics has some bright lines in it.
If a client gives you funds to hold for some reason, and you put them into your own account, and you get caught doing that, you get disbarred : you lose the right to call yourself a lawyer and/or appear in court for your clients.
If you give another lawyer money to induce him to tell his client to sue your client so you both get fees, you get hauled up before the bar overseers on charges.
If you talk about your clients' business without their permission, you get hauled up on charges.
To say "lawyers are unethical" is to fall prey to the availability heuristic. We all know about scumbag pols who happen to be lawyers.
I think gregwtmnto has a point. If we software people had something like Professional Engineer (PE) registration (civil engineers have that), it would help. Companies gathering sensitive information could ask for a PE to sign off on the security measures. That would serve them as a defense should somebody sue them for damages after a leak.
The same is true for bridge designers. PEs sign off on the designs, after making sure the bolts are strong enough and the pilings are deep enough and all that stuff.
This cyber security subject is near to me; my present (small) company finished our PCI (payment card industry) audit yesterday. We've worked hard to avoid the stupid webdev tricks in Troy's article, and even some not-so-stupid vulnerabilities. These stupid tricks erode confidence in all of us.
Hold my beer. Watch this!
Would you like to know how many companies I have found serious vulnerabilities in which had previous audits for things like PCI and ISO 27001? Their CISOs had cute certifications, too. They could talk all day about what XSS is, what a good business continuity plan looks like, all the different types of "risk treatment"...
I've sat on the other side of an audit, as an internal security engineer for a bank. Our QSA literally said to my team one day, "That sounds great, now can we switch gears and talk about your cyber program?" I like to think we honestly did well on those PCI audits, but I also know that we didn't have to do well. We could bullshit our way through it. And even if you try hard, it has little to no signal. Requiring engineers to know OWASP, or to memorize organizational risk facts doesn't work. Requiring your company to get a third party audit sort of works, if you know what a reputable firm actually looks like. Requiring your company to get third party "network segmentation scans" is a waste of time that will leave you wondering how a company stays in business that reports false positives all over your infra.
The security industry is a rabbit hole of oblivion. Vendors don't know what they're doing. Consulting firms barely know what they're doing. What you suggest will not meaningfully change that. As I repeat time and time again, the most talented and effective individuals I've known in the security industry have no certifications, or reluctantly get them to shut HR up. Some of them never even went to college. You would need to dramatically rethink what an enforcing agency looks like to have effective certifications without allowing them to be the rent-collecting they currently are.
I would be genuinely interested in hearing a concrete proposal for what an effective certification or licensing body would look like and how it would fairly enforce its requirements. If it's a model that could work, then fine; hit reset on the current organizations or dramatically improve their processes. But comparisons to other industries aren't good enough, and thus far the evidence is stacked against it.
I guess part of the problem is the legalistic approach we take to security, in practice. A crude example: to be secure, passwords have to be changed every 90 days. Check.
If the QSA firm finds we're following all the rules, we get certified.
But rules lull us into complacency. Rules give cybercreeps an accurate roadmap of our cyberdefenses. If they know ways around our defenses, we're pwned. So, adhering to the letter of the security regulations, while not actually bad, isn't enough.
Dealing with the OWASP top ten is good. But, if I were a cybercreep, I'd be working on the down-chart problems, OWASP 13, 14, 15 etc.
A related question: How do we frame laws to outlaw corruption among politicians? Laws create loopholes.
As you point out, lots of charlatans and idiots hold themselves out as cybersecurity experts. How do we deal with the problem? My immediate objective is to keep cybercreeps outside my firewall and away from my customers. And if they get in, my objective is to expel them quickly.
I argue that transparency is key. We can only defend against what we can see. The open source movement helps. I argue that a registered professional engineer certification provides at least some transparency about qualifications and ethical motivation, a transparency our industry now lacks.
Snowden probably broke some laws, but we're all better off for it.
Fortunately, most people in tech understand this!
Isn't that a bit of a chicken and egg problem there? The way I see it, the system won't change if those who want change are waiting for the system to change first.
Ha! Show me your mettle.
I don't think I've ever been asked to do anything illegal (to my knowledge) but I've seen tons of things that have been very unethical. No matter what field you are in, if you open your eyes, you'll see what your company does to stay on top, how their lawyers will stretch things and often settle out of court, and how your industry will lobby for laws that do not protect consumers. I've only written about health care because I think that was the most blatant and currently affects the most people:
You should always leave if you're asked to do something illegal (and luckily that's never happened to me), but even if your company isn't an Uber or Wal-Mart, they're probably still doing something questionable, even if it's just to compete with the bigger players. It is a reality we have to deal with.
I'll say my favourite position was probably the University. I enjoyed working for a place that, although paid a lot less, was less about a product and more about supporting the staff, faculty and students. Don't get me wrong, I still saw a lot of problems and money wasted on stupid stuff, but overall it was a good, non-morally objectionable work environment.
I have known people that do bookkeeping who see transactions that give them pause. Family trips written off as business trips and things like that.
... how's that working out for you guys?
I mean, no offense, but the two professions require roughly the same mental acumen and amount of investment in learning materials (though lawyers go down a more academic path and must pass a bar exam, strictly there is more they "must" master) -- but out of "sleazy lawyer" and "sleazy programmer" which do you hear?
Likely because lawyers must represent their clients - some if whom are sleazy.
But I wouldn't take the ethical standard set by the legal profession as a paragon for other professions to emulate. Obviously it has severe limits.
They are just those outside the mainstream. The fact that those sleazy lawyers win cases should show they perform a valuable service from the ambulance chasers to the corporate defenders.
The general public doesn't hear enough about programmers to have much of an opinion on whether some of them are sleazy or not.
Don't you need to go to law school to become a lawyer in most places? That's a lot of money. You can learn to be a programmer using a cheap laptop and public library WiFi.
It has no teeth and I expect it never will, despite numerous attempts by national bodies to entrench an accounting/legal/medical style of enforceable professional standards.
In Canada it's known as the Ritual of the Calling of an Engineer.
This is something of a tangent, but I have started to wonder if the push to teach "everyone" to learn to code has resulted in a growing population of software developers who are not acquainted with professional ethics. Does anyone know, does the typical coding bootcamp or hacker school curriculum cover ethics? IIRC, ethics education is part of the accreditation requirements for both computer science and computer engineering programs.
Things got better, in the Western world bridge and building collapses are rare. But software on the other hand - data breaches are a common occurrence, and those who signed off on the weak security are never held accountable.
But legally? That's a whole other can of worms. Giving this document the force of law would just make it easier to shift the blame in a crooked organization onto the people writing its software. At most, I could see affirmation of this document and an oath to abide by it as the basis for membership in a voluntary professional organization.
Laws are not perfectly correlated with morality (regardless of your ideology), but they at least provide a methodology of implementation and disciplinary action.
If I stand to gain from unethical software, and the worst thing that happens to me is some vague entity with no power holds me in disrepute, why do I care? It's not an effective code at all, it just feels good for its proponents.
Hasn't this already been solved? Take a leaf out of Engineering or Medical licensing.
> diminish quality of life, diminish privacy or harm the environment.
Could you work at a targeted advertising company or at resource extraction (eg mining)?
> Consider issues of physical disabilities, allocation of resources, economic disadvantage and other factors that can diminish access to the benefits of software.
Seems like some economic SJW stuff, and would you break your oath if you didn't add blind accessibility to your GUI?
> 3.03. Identify, define and address ethical, economic, cultural, legal and environmental issues related to work projects.
This seems way outside the scope of a developer, especially if we are speaking of technical and deep fields like health care or finance.
The rest isn't too bad. I often fear things are this would just be used to best people over the head that disagree with "best practices" in the industry or work in unfavored industries.
You're on the right track. These moral codes are supposed to get people thinking whether their acts are really ethical, or just rationalized as such.
Since lawyers deal in argument, I think they are better at knowing where to draw lines like this. Reading HN or worse /. I don't think developers can do this well. I used to poke around legal forums a lot and their discussions were much better and well argued compared to dev forums
If you forgot about maybe ensuring blind accessibility, then you goofed. If you were informed of this issue, and refused to seriously consider the matter, then you broke the code of conduct. If you seriously consider the matter, and decide not to implement blind accessibility after estimating the cost/time for doing so, then you are in agreement with the code.
>> diminish quality of life, diminish privacy or harm the environment.
> Could you work at a targeted advertising company or at resource extraction (eg mining)?
Environmental: I would guess the typical example of unethical software engineering is the big VW diesel scandal. As far as I understood, the Bosch engineers who wrote the offending code clearly documented that it is for debug purposes only, and use in production would be unethical and probably illegal. Were these engineers in breach of the code-of-conduct? In my view this depends on whether there is a good debug justification for the code; if not, then they acted unethically by even writing it and should have refused. The code-of-conduct requires them to think about whether such a feature is justified for debug purposes.
Did the VW people who put this into production break the code-of-conduct? Absolutely.
>> 3.03. Identify, define and address ethical, economic, cultural, legal and environmental issues related to work projects.
>This seems way outside the scope of a developer, especially if we are speaking of technical and deep fields like health care or finance.
I think that the code-of-conduct just requires that you carefully think about these matters, and accept that your personal ethical responsibility cannot be discharged by "my boss/customer told me to do this".
I love how the existence of whiny college students becomes a shorthand excuse to write off anyone who wouldn't be chosen to appear in a Mentos commercial.
We had to study this code in my Computer Science program's ethics course.
A lawyer can be disbarred, and this is easy to enforce because they can't go into a courtroom and defend or prosecute afterwards.
Developers have no equivalent. There is no way to dictate who can and can't work as a developer. Perhaps you could create some sort of agency that every developer needs to be a part of to work, but I don't ever see developers all agreeing to give an organization that much power.
Also, since you mention doctors and lawyers, it is my feeling that many bar associations and state medical boards are more interested in protecting the finances of their senior professionals as well as their own organization than the public that they should be serving. That is not to say that I feel we would be better off without those organizations (certainly not in the short term), but it makes me hesitant to want to see such organizations brought to any more fields.
The software equivalent would be that you can't sign off on code for a safety critical system without proper credentials. Now that doesn't mean you can't write such code, just like the guy swinging the hammer and striking a nail doesn't need to be an engineer.
Here's how that situation is handled on the legal side in the US. Anyone is permitted to practice law for themselves, but to practice law on someone's behalf, you need to be admitted to the bar.
I'm not endorsing it, but I can imagine a situation where anyone can write code on their own, but to get paid to do it, you need a license (subject to ethics rules). Again, I'm not supporting the idea, but it could work that way.
Important caveat: companies must be represented by a licensed attorney. A non-attorney startup founder cannot represent his/her own company in court. This is technically legally compliant with "someone else" since the corporation is a distinct legal entity, but it means that if you can't afford a lawyer (and which of us working slobs can these days?) and someone sues your company you are SOL.
Courts are seeing a massive rise in pro se litigants over the last 15 years, entirely because legal services are stretching to costs that put them outside the reach of non-millionaires.
Law is a great example of the nightmare that software can become if we go overboard on regulation. There was once a time where becoming a self-taught lawyer was not all that different than becoming a self-taught programmer. You could learn just by "reading the law" and shadowing professionals, much like you can learn just by reading (and writing) code today. It was at least partially merit based and some of the best legal minds of the last generation came up this way.
Now, you have to sacrifice 6 years of your life and easily half a million dollars to be allowed to even try to sell legal services, and the market is so flooded with low-end graduates who are stuck in this desperate situation that many of them can't even sell their services anyway, due to the extreme competition in the lower rungs (driven by student desperation to find work to pay down that massive debt and the artificially constrained supply by the ABA's excessive licensing requirements).
This idea that all other engineers have a PE is rampant in the software field, but it's just not true.
Most software engineers don't provide services directly to the public either, but licensure would a necessary first step to regulating the field.
I don't think it's a good idea to require licensing for most software engineers, but I think this specific concern is not actually a significant issue.
1) Quite simply, software is much easier to learn than medicine, so you have a larger supply of capable software engineers than doctors. If the market for their services is being artificially suppressed, they will gravitate to wherever their services can make money.
2) There is a black market for medical services. Ever heard of a back-alley abortion?
The black market for exploits is already very lucrative. Devs willing to take that money are probably doing so already.
> There is a black market for medical services. Ever heard of a back-alley abortion?
Back alley abortions exist mostly because of restrictions on legal abortions, not because doctors aren't allowed to practice without license.
It's mind boggling to me that you'd even make this argument...taxes aren't even a good example. I can officially do my own taxes and I'm not an accountant. So would the aunt have to "unofficially" have her nephew write the code, then pretend to have written it herself and everything is fine? That's currently legal with taxes - I help my own family with them.
Furthermore, ask me how often I'm seen a company get hacked that had ISO 27001 certification from a security firm with more letters after their names than employees.
It makes sense to require some sort of accreditation for systems that must be failsafe against significant financial, legal, or physical harm. But it doesn't make sense to require it for the digital equivalent of a backyard shed.
And even safety-critical systems don't require the force of law.
I develop embedded software for safety-critical systems. There is no force of law governing that in the US, but there are industry-recognized service providers that will evaluate your design and provide a certificate affirming that it adheres to specific standards such as ISO13849 and IEC61508. No-one in this industry will buy an uncertified product, despite no law telling them they have to. There is no need to create a law that will have massive unintended consequences.
Except we don't have kings anymore but hundreds of thousands f corporations writing the rules to benefit their shareholders who collectively act as the brain.
That's an important point, but even so, not knowing a lot doesn't mean we know nothing. We certainly know that using source control is important, we know some languages, some APIs and some practice are inherently unsafe, and projects using those should implement stringent security audits in particularly vulnerable deployments. They largely don't, and it's hard to argue that this isn't unethical.
I'm just saying it's complicated, and part of that is because we don't really have a good grip on the problem.
Finally, classifying the creation of something as unethical doesn't necessarily entail its use is unethical. An unethically developed cure for cancer would certainly be widely prescribed and used, despite the long history of medical ethics.
I had this issue at a previous job, someone above me wanted access to some info they didn't need for their job and I ended up sending an email saying "As the Jr Developer, I have the authority to tell you to go through HR and prove your business need for this". The problem is that developers are put under IT and that's not exactly perfect.
By that logic, providing legal counsel to any number of federal government departments or agencies is a violation of professional conduct. Which, of course, it is not.
You seem not to admit that possibility in your phrasing.
It's far from obvious that these things are unethical or immoral.
Sure, that's the consensus among a vocal segment of the readership of HN, but I imagine that the security services have no problem finding people who think surveillance and cyber warfare are necessary and patriotic duties, or that adtech companies can find people who think targeted advertising is a glorious expression of efficient free market entrepreneurship.
You will find plenty of lawyers working for the Justice and Defense departments, and also defending tech companies against privacy-related lawsuits.
Or the DoJ lawyers filing uncontested FISA warrants for inappropriate things?
I know! You must mean the federal prosecutors who overcharge as a matter of course to have negotiating leverage for plea deals.
Or maybe the patent trolls? Upstanding folks those are!
Lawyers definitely don't (categorically) do anything besides what their client wants, externalities and ethics be damned.
As an example, look at the Prenda Law guy, who was basically using his status as a lawyer to run a high-tech extortion scam. He's had his license suspended, and will surely be disbarred:
Or look at Jack Thompson, famous hater of video games, who got disbarred for making "defamatory, false statements and attempted to humiliate, embarrass, harass or intimidate" people:
And of course there are plenty of people who have been disbarred for cheating and abusing clients.
I too would like the legal ethics to be stronger on the "do no harm to society" side. But there's no denying that legal ethics have real teeth. Our industry could learn something from them.
That's not what the post I was responding to was talking about. It was talking about "all immoral or unethical activity", and specifically about surveillance, dark patterns, data aggregation, and cyber warfare.
Lawyers have signed off on all of those behaviors at their organizations (particularly the surveillance and cyber warfare ones). They've done contortions to get them "approved" in contracts. If the lawyers at those organizations okayed it, it's fascicle to pretend engineering ethics would've stopped it.
Further, when talking about "all immoral or unethical activity" it's entirely germain to point out lawyers routinely engage in both without consequence.
tl;dr: Lawyer rules are about professional standards, not conduct. You can represent the devil in his suit to rule the world, you just need to be polite and bill fairly.
Most lawyers don't do bad things because they're decent people. Ethics codes don't stop unethical behavior any more than laws stop crimes. There is some small percentage of the population who will shy away from a crime specifically because of the potential punishment, but most people wouldn't steal or murder regardless of the law. Ditto for lawyers.
Being a decent person is a good start, but that's just not enough. It's a complicated world, and the obvious thing isn't always the right thing. Especially when people are embedded in an economic system that strongly rewards behavior that could easily be ethically dubious.
Ethical guidelines can be useful for times when the person wants to do the right thing and the area is gray (e.g. should I represent a client I believe is guilty), but people who are content with unethical behavior will not be swayed by a code they promised to follow. An imperative to honor a promise implies intrinsic ethics.
Most of the actions that would actually get you disbarred are pretty flagrant.
This is a false dichotomy. Some people are deeply unethical. Some people are deeply ethical. Most people are just getting along in their lives and can be pushed in either direction by the practical and social context. Codes of ethics are helpful for everybody except the ardently unethical.
Codes of ethics are helpful precisely when things are not clearly "bad", but in the gray areas.
Would you care to tell me where I said that? Because I don't see that at all.
Reviewing the bidding, gregwtmtno, a lawyer, said maybe we could use a professional code of ethics like his profession had. SomeStupidPoint suggested that ethics didn't matter to lawyers, and his proof was naming some things lawyers did that he thought were bad.
My point was that one can't say that legal professional ethics is totally worthless just because of when they've failed (or at least failed to prevent things you dislike). You have to look at its successes as well as its failures.
That's how I read this: But what you're ignoring is the great number of bad things that lawyers don't do because either a) they are afraid of the professional consequences, b) they can get their clients to easily back off because they say, "professional ethics!" and people know it's a real thing, or c) they get disbarred and can't act as a lawyer any more.
> My point was that one can't say that legal professional ethics is totally worthless just because of when they've failed (or at least failed to prevent things you dislike). You have to look at its successes as well as its failures.
That's fair enough. I don't think codes of ethics are worthless either.
The rules for professional conduct, and the organization to enforce it for lawyers, did not prevent the NSA/DOJ lawyers from determining that mass surveillance was legal, and could be implemented legally.
In the face of that, what rules for professional conduct and an organization to enforce it like lawyers have, could engineers have implemented that would have prevented those engineers from building that system?
They didn't build the surveillance system, nor did they pass the laws in the first place that would allow for such a system to be legally built.
Regarding the engineers here, it's not black and white. Looking at the ACM code of ethics, #1 is "Software engineers shall act consistently with the public interest." Is building a mass surveillance system "in the public interest?" That's grey. My personal opinion is "no", but I can see the point of view of "Protecting my country from terrorists is in the public interest."
If we're going to look at the NSA surveillance systems, the first place to look is at the legislators. If we want to prevent the government from building such systems, step 0 is to make these systems illegal. That ripples down all the way through this: the lawyers' analysis would have come up negative instead of positive, and it's clearly not in the public interest to build systems that have been democratically-determined to be negative.
Note that I specifically mentioned mass surveillance because the original poster pointed it out as "field that enables mass government surveillance", then wonders about the implementation of a "rules of conduct". The natural implication being that those rules of conduct would have helped stop the enabling of mass government surveillance.
I'm not convinced that what the NSA/DOJ lawyers did here was unethical. One of a lawyer's roles is to answer the question: "Is what I'm about to do legal? On what grounds?"
The lawyer says, "This is legal, here are the grounds for believing it is so. I'll go into court and defend it". The engineer says, "This is technically possible, there are the grounds for believing it is so. I'll build it and maintain it". What is the reasoning for saying then that a lawyer has acted ethically (even though mass surveillance is not in the public interest), but the engineer has acted unethically (because mass surveillance is not in the public interest)? What is the quintessential concept that allows lawyers to ignore the public interest, but precludes the engineer from doing so?
And if there is nothing that we can point to that differentiates lawyers and engineers in this manner, then how would a professional code of conduct (like lawyers have) prevent the actions that the original poster specifically highlights.
> This is technically possible, there are the grounds for believing it is so.
I don't see an ethical conundrum here. Determining whether a system could be built is amoral at worst, or in the public interest at best. If an engineer says "this could be built" and a lawyer says "this could legally be built", that's when you get into a spot where you can have real societal discussions about whether or not it should be built.
If something is legal to build, but impossible to build (given current technology), then it's mostly an idle curiosity. If something's illegal to build, but technically possible, then there's reasonably compelling evidence that you probably shouldn't build it (save for, e.g. civil disobedience).
> I'll build it and maintain it.
That's where the ethics comes into play, and the grey area. If something is both legal and feasible, then it's up to you to decide whether or not it's something you want to be part of. I can look at the folks who built the mass surveillance system and say "I don't believe that was ethical", and others can look at it and say "I'm so proud of these people for defending my country".
An opposing piece of technology would be end-to-end encrypted messaging. In my world view, end-to-end encrypted messaging is perfectly moral. I believe that people should be able to communicate without having their conversations eavesdropped. But I also recognize that this does enable immoral/unethical activity as well; it's just that, to me, the balance leans towards private communication. Others may (and do!) disagree.
Among the various professions that do have an ethical code of conduct, generally speaking lawyers/solicitors are not seen by a large amount of people as being particularly compliant with it.
Now of course it is very possible that it is a wrong perception by the masses, but it is in my opinion quite unlikely that at the moment the argument "engineers lack a code of conduct, they should take lawyers as an example" will gain much popularity.
It just so transparently doesn't work in that field it's hard to even take the proposal as in good faith, since it has to ignore newsmaking and routine behavior. Rather, it comes across as a self-righteous comment: we have ethical standards (even if we routinely don't adhere to them and do terrible things as a matter of course) so clearly those engineers would be better if they were more like us!
The sarcasm likely wasn't constructive, so I'll apologize for that.
Having enforceable rules may improve ethical standards in the field without solving the problem entirely.
I'd also like to point out that I did not propose a solution. I think it should be considered, but I'm a long way from supporting the idea fully. There are a lot of negatives that come with license requirements that attorneys have.
The only rules I've seen applied to lawyers with any regularity are those governing decorum (eg, don't be an ass in court) or client obligations (ie, don't be a shitty contractor) or those that are also criminal (eg, if you commit fraud, we'll yank your license too). Technology could do better there.
But to call out government surveillance or cyber warfare, which are both overseen by legal departments that work diligently to inventively authorize the acticity? Or dark patterns and data collection, where lawyers go through contortions to authorize it in "agreements"?
I would say all four of your chosen examples are more failings of lawyers than engineers. (Though both bear some responsibility.)
It just seems strange to suggest professional rules for engineers would've stopped something that clearly professional rules for lawyers did not.
You may be overstating that a bit. I've been doing tech for a while, and I can't recall anyone ever asking me to abuse my skills for ill-gotten gain.
A few years ago, a guy contacted me from HN, asking if I wanted to team up on some stuff. He sounded pretty convincing, and like an all-round decent guy.
For some reason, despite his likability, something seemed not quite right. I searched for a few variations on his name and email, and eventually stumbled across various reports of low-level frauds directly attributable to him. Really a very unpleasant individual, targeting the self-employed and taking them for ~$5,000 each.
If I'd spent less time researching, I'm certain two things would have happened:
1. He would've screwed me out of whatever agreement him and I came up with.
2. Whatever I worked on would have been used to defraud people one way or another.
When someone approaches you, it's not always immediately obvious that they're trying to do bad stuff.
EDIT: I'd nearly forgotten, a good few years ago, someone tried outright recruiting me for illegal work after seeing a LOOKING FOR WORK post I'd written here on HN.
Of all things, they asked me to hack some local authority's death records. Bless them, they'd taken the "hacker" part of Hacker News to be a literal news site for illegal hackers.
They went on to have a decent exit so that decision cost me roughly £1 million - I've never regretted it, I don't really have the temperament for a life of crime.... :-)
Funny enough, even the semi-technical ones are guilty of such requests too.
Over the course, I've learnt the hard way that saying no upfront is better than dealing with the fallout later
There are a lot of people interested that simply lack the technical insight to know exactly how to approach you or if what they want is even possible. If you are not the kind to boast about work at the pub, they will simply fail to find an opening that let them know: that their scheme is possible, that you can do it, and that you would do it.
Of course, I comes from a relatively bad area too. It is filled with people that share the spirit of Valley Startup Founders: nothing is ever really idle chat, every conversation is an opportunity and every minute must be productive. Their business model and area of expertise are a lot more shady though.
but I'm sure that's technically breaking some anti-spam law
Sometimes a matter of ethics can be reframed in the context of long-term reputational risk. "X bad incident related to our reputation" can be a lot easier to attach a dollar value to than "being unethical", and that is (in the end) what many engineer-employing companies care most about.
I've also told every company that has hired me, during the interview, that I refuse to do anything unethical. Of course they didn't bat an eye at it, but I wonder how many would have been surprised that I actually meant it and would stand up for it.
Back around the turn of the century I was offered a bit of cash to build a "Revenge Porn" site. The guy who called me sounded very mild and calm, even nice. He did say he'd been turned down a few times but he also seemed determined to make the site.
I had never heard of this idea at the time and was pretty surprised with the concept. I turned him down, of course, but what surprised me most was how many friends and acquaintances told me I should've taken the cash when I told them the story.
I'm 58 years old now and the number of people who've asked me to help with their scams, and have tried to scam me, is far more than I can remember. With all that experience I can spot them easily now but it never ceases to amaze me how willing some people are to do that.
This has been my experience as well. It doesn't inspire confidence in people.
Can't you order that stuff over the mail in the US?
A MP5 can be legally owned, with a few caveats:
* It must have been manufactured and registered with the ATF as a machine gun prior to 1986. Guns meeting this criteria are fairly rare and very expensive. I don't know the price for a registered MP5, but I would guess > $20000.
* You must apply for and receive a special approval to purchase a machine gun.
* You must apply for and receive a special approval to purchase a SBR.
However, a variety of companies make semi-auto (one trigger pull = one bullet) MP5 clones that can be purchased more easily. Clones are sometimes built with an extended barrel so they are not considered a SBR and can be treated like any normal rifle. A common strategy is to hide the extra barrel beneath a fake non-functional suppressor . Alternatively some are made as SBRs for people who are willing to get the SBR approval.
* You can get a Curio & Relic (C&R) license from the ATF which is basically a collectors license. It applies to eligible guns (i.e. not machine guns or SBRs) > 50 years old such as . When you do an online/mail order the seller will require you to send a copy of your C&R license before shipping.
* Some guns aren't legally considered to be firearms by the ATF. This primarily (only?) applies to replicas of black powder guns .
Any other purchase must be sent to a licensed dealer, and when you pick it up from them you'll do the same paperwork as when purchased directly off their shelves.
There's lots more details than that, but it isn't a free for all.
I ordered one years ago and the delivery service left it with my neighbor who's id they did not check.
Granted it's not a sub-machine gun and takes a bit to load but it is a repeating firearm every bit as deadly as one that uses conventional shells.
Fully automatic weapons are more heavily regulated. Large taxes, permits, etc.
If you have a choice of being able feed your family or “just say no” to modifying an odometer, what would you choose?
You can always create some hypothetical narrow situation that will justify a bad action. But so what? If you do the bad action, you are still morally responsible for the bad action. And you have still fucked up enough in your life that you let bad people put you in a position of having to choose between one bad action or another.
In the early days of the consumer Internet, I'd often call up spammers and talk with them. A lot of the time I heard this blame-shifting, self-justifying nonsense. They had bills to pay! Families to feed! They were just going through a bad patch! They were good people, it wasn't their fault, they had to spam!
Circa 2009 there were a lot of people who were losing their suburban homes because they took out loans to cover "bills". And in the sympathetic articles about them, you'd see the house with the picture of two nice cars and a boat and they'd be wearing nice, name-brand clothes. Ah, those bills. And sure, I get that consumer capitalism ruthlessly exploits the primate status drive. But c'mon, people: you have no good choices now because you made some pretty bad choices before. Own your shit.
You see the same exact moral vacuity in startup founders who get in over their heads. "I'm a good person! But we just had to sell your personal data to the highest bidder! But I'm a good person!" Well sure, but you also took millions of OPM to start a tech company with no clear revenue model while simultaneously telling your users that you were the most ethical company ever. Water runs downhill, genius.
TL;DR: Ethics aren't cheap. If you really want to have them, you have to prepare.
Then again, maybe this is just an ethical divide.
I can't tell if you're trolling or not, but at this point I'm not sure it matters.
What about if you ran an online store that held credit card numbers, or any other sensitive data?
It's much more to lose your family and life by going to jail than it is to use public services to get assistance for food and shelter. Even if you don't go to jail, the amount lost in legal expenses are going to far outweigh the money brought in from said activities. Moreover, it's going to seriously impair your ability to get a job in the future, in the particular field that you've currently been experiencing failure in.
That's exactly the point. If you didn't have a family, didn't have a career, if you were already broke and don't have money for rent, maybe you have a drug habit or some other personal demons, what's to stop you? What other opportunities do you have? What do you have to lose? The calculus is completely different.
It certainly isn't always _just_ say no.
> It might seem that there's everything to gain and nothing to lose.
There's almost always more to lose, it just might take time. If you think providing for your family is hard today, how much more difficult would it be for them if you were in prison, or were paying restitution, or were unable to find work due to a past conviction?
We can certainly justify stealing a loaf of bread during hard times to keep your child from starving after you've tried everything else you could, but not making a career out of turning back speedos. One speedometer, maybe, but not one a week. That's a racket.
Let me generalize that for you: If you have a choice of being able to feed your family or "just say no" to commit a crime, what would you choose?
If it's a Robin Hood scenario it can be morally justifiable.
If the crime is stealing from anyone, rich or poor, so I can live easier, then no.
The low point was finding their adware on my mom's computer.
Personally, I made it a rule after that to avoid business relations with the morally questionable. They drag you down.
We didn't remain together much longer.
To this day, the value of a relationship with another businessperson = sum(assets) * EthicsFactor. EthicsFactor is 1 or 0. There is no in-between.
Nice post, Jacques. It sure feels nice to comment in one your threads again.
It also sounds like you'd need to be inconsistent in your value judgement or accept being lonely with your ideology. You cut off someone you trusted enough to be a cofounder, who you considered brilliant, because he disconnected the speedometer? It doesn't sound like a pattern of behavior here so...what do you do if your closest friend shoplifts but is otherwise okay? What if your significant other doesn't do the dishes? Do you ask people why they do things you consider reprehensible, or give them a chance to explain themselves and understand the chain of events that led to their decisions? I'm assuming not if you really do mean "binary"...
Think of the most minor unethical thing you can. Would you cut ties with your parents because they did that? If not, your ethical system is not actually binary. The real world is messy, and your philosophy frankly doesn't seem to work.
I can't wrap my head around how naive this sounds. You've never come across morally-grey situations?
All a binary EthicsFactor does is reward pure goodness (doesn't exist) or pure evil (hopefully doesn't exist). That's also why video games with Karma meters don't work. If you can't achieve an EthicsFactor of 1 (spoiler alert: you can't), then you might as well go for 0 and try and benefit from that as much as possible. So your binary EthicsFactor thinking incentivises people towards bad behaviour. Fail.
Luckily, most people and the law is more nuanced than that.
I'd like to hear your opinion on the following:
1)Is capital punishment 1 or 0?
2)Is euthanasia 1 or 0?
3)Is abortion 1 or 0?
For example, I would never steal a car! I can afford one, and to be quite honest, I don't need one.
If I was deep into poverty, and needed a car for a job or to be able to provide some function to my family, that temptation might be there. It might be so great that it distorts the ethics of the person so much so they don't see it as unethical.
Instead of stealing a car, they're borrowing it or the other person can just get another one. They would legitimately not see wrong because they feel like they have been wronged when they do not have the ability to get a car.
TL;DR: Ethics are not binary. To even suggest that undermines the entirety of the philosophy dedicated to studying it.
I put it in quotes, because in the real world morality is subjective, despite what the privileged hackers in this thread will tell you with formulas.
I had done a few projects for a small agency, and the owner was having me spec & quote work for potential new customers. One of these customers wanted us to build a "dashboard" to control a fleet of machines that would generate fake reviews for sites like Yelp or Amazon. I'm not even sure if that is illegal, but it didn't seem good. I told him it didn't sound like work we could do. If he had been just my customer, it would have been easy, but it raised my anxiety to say it to my customer's customer.
I think Jacques's conclusion about "a bad beginning" is very wise, and I'm glad he had to foresight to see all that. I hope his story helps keep other people out of trouble. His writing it up is really a gift to them.
I could go on but all these had many many engineers involved. And best of it all, most of it was .. legal. When something is outright illegal, it's easy to say no.
I suspect lots of people would like to go back and change things they did.