Maybe it's time to create a Hippocratic Oath for developers to publicly commit to?
A future Path developer could then refuse to implement an unethical "feature" by pointing out that the company had hired them with the full knowledge that the oath had been undertaken.
I don't think the company would pink slip the developer, as they would probably want to avoid any attention being drawn to the unethical "feature" in a tribunal or other legal setting.
A "Hippocratic Oath for developers" sounds like a great idea, but we vastly underestimate the number of jerkbags in the world.
People want validation. Line-level employees want praise from coworkers and bosses. Executives want praise from their peers, investors, industry, and press. Concepts like ethics, "right," or even this-is-good-for-thie-world isn't a concern when faced with "X will increase my social status and happiness with my peer brogrammers." What's X? It's anything possible, regardless of legal, right, wrong, or ethical.
A nontrivial number of companies use unethical methods (spam, false invites, false installs, phone and email address book capture, fake attractive profiles) to increase their vanity metrics. Employees see those methods as either: "this is bad, but it's sooooo good for us — look at all the lame n00bs who fall for our tricks" or "this is bad, and I'm ashamed to work here."
The ones who feel shame would take the Hippogrammer Oath. Those who revel in manipulating others and standing on their broken bodies will rake in all the profits while the good guys just sit around and "play nice."
Even the tech darlings of today used spammy methods to grow their initial user base. How do you grow your userbase to ten million when you're growing at a constant 5,000 per day? Obviously you want to "go viral." How does one just on a whim "go viral?" You can either become a meme, a social phenomenon, or spam and manipulate unsuspecting people. Spam is less work than creativity.
A lot of the things mentioned there are good reasons for a curated App Store approach. It's almost impossible to stop arbitrary programs from abusing features of the OS on which they run, unless you have control over which ban poorly behaving programs from ever reaching end users.
Alternatively, you can think of it as a good argument for open source. Take abuse of the notification area, for example: in Ubuntu this was eliminated by modifying every package in the archive. That's something a system like Windows with closed components belonging to dozens of different manufactures can't really do.
wow, I (like many others, obviously) have experienced many of the things described in the msdn blog article you linked to, yet never really thought critically that those things don't have to be there!
Things are going to look different to me now when I'm on a windows machine.
Nice post, but putting shortcuts in Quick Launch bar seems pretty standard these days and I like it as long as the installer asks. Also, he mentions the fact a programmer would have to hard code the file path ... I don't see why they couldn't write an algorithm to discover it instead.
I remember having to put my job on the line a few times for refusing to program / setup something awful.
One of the worst was when I was asked to combine all divisions email lists and send out a marketing email selling some overpriced book, this was against the Privacy Act (AU), against our privacy policy and highly unethical to boot, refused and was given a written warning.
It was a contract web development company I was working for, about ten years ago. One of our clients wanted some SEO work done, and my supervisor had recently been reading a lot about SEO. He started out reading white-hat stuff, but by this point he was delving into some black-hat research, and he essentially asked me to program a message-board spam-bot. I just told him straight up that I believed that would be unethical and I refused to do it, knowing full well that simply refusing to do assigned work could cost me job.
Thankfully, not only did this not cost me my job, it caused my supervisor to re-evaluate his own position and he decided to go back into completely white-hat SEO. And in the end, he actually thanked me for refusing to do that work.
> The ones who feel shame would take the Hippogrammer Oath. Those who revel in manipulating others and standing on their broken bodies will rake in all the profits while the good guys just sit around and "play nice."
I think it is important that we should realize this kind of mentality won't work. You might see bad people making money, but eventually it will be no good for them. Either they don't sustain, or the money is no good for them, or they can't sleep with all that money under their pillow. You will see lot of examples of this from history.
I have seen people who are ethical and right also make a lot of profits. May be not in the short term, but in the long term. The idea is, you don't go behind money, instead you do what you do best, and money will come behind you.
I am not a jerkbag yet multiple times I have put my beliefs to one side to implement something I really didn't want to do. It made me sad and demoralized for weeks. Yet the choice between sticking to values and feeding family is not a difficult one to make in the end.
This is why we got mad at the top of the Nazi regime, not the bottom. The workers just needed to feed their families, the ones at the top orchestrated the evils.
There were plenty people at the lower levels of the Nazi regime who were put in trial if they were considered to have committed crimes (e.g. concentration camp guards).
Computers attempted various guises of "can't we all just get along".
At one time, it was cooperative multitasking and memory management. Programs were supposed to behave themselves and get out of one anothers' way. Except that, due to bugs or malice, some didn't. We called this world "DOS" (or pre OSX Macs).
Microsoft still attempts to allow vendors to install programs whereever the hell they want, and to, pretty please, not overwrite other program's infrastructure or system-level DLLs. Yeah. Right.
In the Linux world, we've solved this problem, if done right, though distro-managed, well, distributions. Any program can be included if it meets qualifications (generally limited to licensing requirements), and a sponsor steps up. Once included, the package gets the benefits of being included in the package lists, distributed over archive mirrors, and included in bugtracking and support systems. However it's also got to play along with the requirements of Debian Policy as to how it behaves on a system.
The proper way to address the issues of app privileges is to control privileges centrally on the device and grant them to specific apps. If a user doesn't wish to give an app, say, addressbook access, then they can deny it (or feed it a bogus addressbook). The app vendor can decide what they're going to do at this point, but what they can't do is override the user's explicitly stated limits.
>Maybe it's time to create a Hippocratic Oath for developers to publicly commit to?
This is silly. Stop trying to add grandeur to writing some code at X,Y startup/company.
People don't die or get harmed when some social-messaging application spams someone. Code is a way to implement an idea. Most applications exist to make money. If this a shock to you, read the user agreement before installing/upgrading, uninstall the application, or realize that in social networking, your personal data what the company uses to make a profit.
I disagree. As a computer engineer in Canada, I must swear by the Code of Ethics because what I do (or potentially don't do) can cause harm.
Ethics in computer-science-related fields are important and I think we do need a set of rules we can dogmatically follow like the Hippocratic Oath. Of course, the HO is different in that failing to follow can cause physical harm. However, the world is progressing quickly and more and more information is hosted online -- personal information.
I think it's our jobs to make sure we don't promote poor practice and un-ethical behaviour.
>I think it's our jobs to make sure we don't promote poor practice and un-ethical behaviour.
No, it's our responsibility as decent people. I don't need to sign some online pledge to keep myself from pushing people in front of trains. If I was the sort to harm others, why would I care about some meaningless online campaign?
Well, yes. But there is a reason that every profession that has tackled this problem has used a system of oaths and certification. Engineers, Doctors and Lawyers are the canonical examples.
You need something that is given and can be taken away for bad behaviour in order to change behaviour at this level. Damn human brains.
Taken away by whom and on what basis? I would dispute that you need the ability to take away other individuals' ability to lawfully write software. That ability is bound to be abused for political reasons (which is also what it looks like when people have reasonably different ethical systems and one imposes his by force).
Anyway, the issue at hand is bad corporate behavior, not bad programmers. I don't see why we need to start licking our chops about the prospect of forming a blacklist against individual programmers.
This is just a bonding/licensing arrangement, it's in use by every other profession that has this exact problem.
So go ahead and try and stop bad corporate behaviour, everyone else can use a proven system so that programmers can easily say "no" when asked to do something unethical and not be fired for it.
I'm often confused by how often programmers completely reinvent the wheel when faced with social problems. The idea of looking to other similar industries never comes up, even if the problem is exactly the same.
There's nothing to sign and it's not a campaign. You're right, it is our responsibility as decent people to uphold a certain level of moral and ethical behaviour, especially when the software we write is in control of sensitive information.
The Oath is there to remind you to act in the best interest of the user. There are no formalities and although it seems common sense to people like you and me, others might not see it so clearly.
An engineer holds a license such that they can profess, which license is conditional to the respect of their code of ethics (and a bunch of rules). If they do not follow those conditions, their license can be revoked.
So what if they lose their license? They can still write code and do harm.
Yes, indeed. As it stands right now, the reality of the engineer's license is such that it doesn't fit very well the software world. The vast majority of companies couldn't give less of a damn whether you are licensed or not. However, it depends.
Regulations might eventually come in place to force software producers to hire only licensed engineers if the nature of their business is prone to put the public in danger. And as technology grows ever deeper into our lives, the danger that consumer apps can cause on the public is ever growing as well. For instance, breaching a user's privacy can be enough info to grant an ill-intended operator access to the user's e-mail through social engineering, from which it is then often trivial to gain access to that user's bank informations. You don't need that much imagination to figure out a scenario where a user's life can be turned to shit by some software abuse.
Given that this risk is ever growing, the possibility of a code of ethic on software business is plausible. Say in X months, the government of country Y decides that companies hoping to run a social network available on their territories must hire licensed software-engineers, and have them all sign-off any code that is presented to the public. That software engineer they'd hire would have to put their license and career in jeopardy if they were to implement some evil feature.
Before Québec's bridge, engineers didn't need a license to build infrastructure. The parallel between the current situation and the past isn't too hard to make.
So in Canada, software engineers never cause harm to anyone? Nice to know.
>>>> I think we do need a set of rules we can dogmatically follow like the Hippocratic Oath.
So you don't actually have to employ your own brain and your own moral judgement, because somebody already did it for you and wrote this nice set of rules, that you swore by Apollo to faithfully execute, without thinking, not unlike that box of wires and silicon chips you are paid to play with? Nice arrangement, I suppose.
>>>> I think it's our jobs to make sure we don't promote poor practice and un-ethical behaviour.
I think you're missing the point. The oath is to remind you to use your head, your best judgement and a body of ethics and to act in the interest of the public. Sure engineers still make mistakes, but the code of ethics isn't some magical document that eliminated human error.
Also, I think you're sort of merging the HO with the Code of Ethics for engineers in Canada -- two very different documents and I suggest you give them a read. And no, no one still thinks they're swearing to Apollo.
>>>> The oath is to remind you to use your head, your best judgement and a body of ethics
Why you need an oath for that - shouldn't it be always the default behavior?
>>>> and to act in the interest of the public.
"Interest of the public" is a very dangerous thing. I can remember a lot of very bad things that were done "in the interest of the public". You can make almost anything pass as "in the interest of the public" if you want to. Murder? Millions were murdered "in the interest of the public", because they were of the wrong ethnicity, class, physical features or just in the wrong place in the wrong time. Robbery? Millions were stripped of their property and reduced to utter poverty because it was claimed it is "interest of the public" to do so. And so on, and so forth.
I would rather steer clear of anything that has "interest of the public" written on it, at least until it's very clear what is underneath. Too many things that were underneath such writing proved to be a disaster.
>>> no one still thinks they're swearing to Apollo.
Swearing to a document composed by a faceless bureaucracy is no better. If you have code of ethics, live by it, if you do not - get one. What Apollo or his modern equivalent, the almighty bureaucracy, has to do with it?
One more variation: Nina, On, and Ariely conducted a similar experiment. But, one group was asked to write down 10 books they had read in high school, and the other group was asked to try to recall and write down the 10 Commandments.
When cheating was not possible, the average score was 3.1
When cheating was possible, the book group reported a score of 4.1 (33% cheating)
When cheating was possible, the 10 Commandments group scored 3.1 (0% cheating)
And most of the subjects couldn't even recall all of the commandments! Even those who could only remember 1 or 2 commandments were nearly as honest. "This indicated that it was not the Commandments themselves that encouraged honesty, but the mere contemplation of a moral benchmark of some kind."
Perhaps we can have people sign secular statements--similar to a professional oath--to remind us of our commitment to honesty. So Ariely had students sign a statement on the answer sheet: "I understand that this study falls under the MIT honor system."
Those who signed didn't cheat. Those who didn't see the statement showed 84% cheating.
"The effect of signing a statement about an honor code is particularly amazing because MIT doesn't even have an honor code."
Interesting experiments, the question is if this persists - i.e. if you read the 10 commandments at the beginning of the semester and take the test at the end - would the difference still remain.
"So you don't actually have to employ your own brain and your own moral judgement, because somebody already did it for you and wrote this nice set of rules, that you swore by Apollo to faithfully execute, without thinking, not unlike that box of wires and silicon chips you are paid to play with? Nice arrangement, I suppose."
So I assume you never use any open source code in any of your programming projects, since you are fundamentally opposed to adopting any ideas that are not exclusively your own?
You assume wrong, this in no way follows from what I have said and I never said that I am "fundamentally opposed to adopting any ideas that are not exclusively your own". You must have by accident commented in a wrong branch.
What happens if an app for job seekers texts your boss? What if a casual hookup site texts your new girlfriend--even though you signed up a year before meeting her? What happens if your app calls an old person and they crack a hip trying to answer a phone--when everyone that knows them personally knows not to call until they're awake and their caretaker is in?
These may sound far-fetched, and we all mostly don't pretend we're as disciplined as structural engineers, but "we do it for the money lulz" is a shitty and stupid argument.
I'm okay with this. I'd rather be calculating than have my head in the sand about the business models of social networking what-have-you applications.
>What if a casual hookup site texts your new girlfriend--even though you signed up a year before meeting her?
While I don't and won't have to experience this, your imagined relationship suffers more from lack of trust and honesty than "some dumb app does some dumb, annoying thing."
>"we do it for the money lulz" is a shitty and stupid argument.
Don't Straw Man me. If my code was going to be used for something I perceive as evil, I'd leave the job.
Our industry doesn't need yet another pointless, embarrassing ethics/integrity campaign when the people writing the code don't care.
> People don't die or get harmed when some social-messaging application spams someone.
Of course they get harmed: their time is wasted, and perhaps their concentration disturbed. This is a small harm to each victim, no doubt about it, but if you write code that makes your social-messaging application spam people then you're delivering that small harm to a large number of people. If your code wastes 10 seconds each, just once, for a million people, that's about three person-months of aggregate time you've stolen that will never come back.
It's quite true that "in social networking, your personal data what the company uses to make a profit". But if it were near-universal practice for new software engineers to swear a solemn oath not to use their powers for evil, who knows? perhaps some other business model for social networking might have had a chance to succeed.
People don't die or get harmed when some social-messaging application spams someone.
I disagree. This case reminds me of Geni. You would put a relative's email address in to invite them, and they'd then receive a torrent of spammy "updates", until they registered to unsubscribe.
My less tech-savvy father added many relatives from his address book to Geni. Lots of hate from deranged relatives, and some less technically-inclined relatives are probably still being spammed, 6 years later-it made family gatherings awkward for a while. There are real-world, harmful consequences to this kind of scummy, unethical tactic.
This response assumes that joining all social networks is user choice. Unfortunately, we live in a world where it hurts consumers NOT to be on some networks. LinkedIn (which also has had a history of horrible spamming in the past) is an example - sure, you can choose not to be on it, but you'll probably get dinged by hiring managers because your credentials somehow seem less legitimate if not corroborated by LinkedIn.
if there were such an oath, programmers would write the code and the business will fill it with content..
//It should be noted that no ethically-trained software engineer would ever consent to write a DestroyBaghdad procedure. Basic professional ethics would instead require him to write a DestroyCity procedure, to which Baghdad could be given as a parameter.
Engineers have this system already and have had it forever. In Canada (the one I'm familiar with) it is the P.Eng (Professional Engineer) license.
I think the system should be licensing and involve losing that license if you commit an ethics violation.
There would be unlicensed developers of course, but connecting the incentive to not do unethical things with the incentive to be part of the elite class in your profession has worked pretty damn well for Engineers, Doctors and Lawyers.
This is an important sticking point. Maybe a Professional Engineering certification isn't the solution, but let's not get hung up here.
Example: P.E. certified people should have no problem creating weapons systems for a nation-state at war. Does that make it ethical? Depends on who writes the history books afterward.
Example: P.E. certified people might refuse to participate in experimental, unorthodox methods. But especially in software these often become the runaway successes.
In other words _you_ have to own _your_ personal ethics. You won't be able to point and say "I was just following orders!" The pointy-haired boss who gave the orders isn't going to be able to exonerate you of the guilt. Often he doesn't even congratulate you for "doing the right thing." Maybe he'll fire you or give you a bonus – or join you in prison! – but my point is: it's orthogonal to your personal ethics.
Ethics may sometimes appear to conflict with rapid progress. That doesn't necessarily imply an existential crisis, just a lack of forethought. So many ethical problems arise due to overflowing ignorance / lack of forethought combined with a sudden rash of malice (when it comes time to pay the piper). Ethics are a way of expressing realities about the world that conflict with the general Adam Smithian "enlightened self-interest." I view ethics as meta-enlightened self interest – like how Apple is more than just industry-leading, they carved new niches where no one thought to go.
Engineers (software engineers or otherwise) have untangled things much more complicated than this. It's only overwhelming if it blows up in your face.
Path seems like a classic case of all of the above.
Of course. The _whole point_ of _any_ ethical or moral principle is that it directs you to do things that are right even at some possible cost to yourself.
If you believe that standing up for your strongly-held beliefs will get you fired, you should look for a new job _now_. Sure, that incurs the trouble and uncertainty of a job switch, and possibly a pay cut (though perhaps less of that than you think). But if it means that you don't have to be ashamed of what you do all day --- it's generally worth it.
> has worked pretty damn well for Engineers, Doctors and Lawyers.
... and has pretty much screwed over the rest of society, at least in the latter two cases. The legal and medical cartels have done incredible harm to their customers over the years.
I have to say that your link about medicine is short of laughble.
Even if there was some bad "allopathy" back in the day, there is more bad eclictics and homeopathy right now. And to practice medicine you have to understand scientific method, especially falsifability.
And I also have to say that the "free market" idea isn't falsifable. "Let it to free market" rarely works.
They assume rational actors (people making decisions based on their own self interest). That's been falsified (when applied to humans).
Most variations of the efficient market hypothesis have been disproved as well, for the same reasons:
Humans have cognitive biases and other types of irrational behaviour.
But anyone linking to mises.org is probably a follower of the church of the free market. And they generally strongly disagree with the idea that humans have cognitive biases (because their faith requires it not to be true).
I'm glad someone else laughed at the pro-homeopathy / conspiracy theory around the history of snake oil salesmen content on there.
> That's untrue of some schools of economics that advocate free markets, e.g. Austrian.
I took the term "free market 'idea'" to be specifically talking about those for which it's true. That seemed to be the point, and the site linked to was Austrian. Both articles make the assumptions in question about the ability to self-regulate that assumes rational actors. So yes, my statement was not true of all schools, but it seemed like those types of Austrians were not in the scope of the discussion.
> That's an ... interesting ... claim. Care to justify it?
Subjective opinion. I read economics news and neuroscience news because it's interesting. Comment threads, especially here, frequently have two types of subjects that start the vocal libertarians arguing and proclaiming: government regulation and the phrase "humans are irrational".
This may vary by province, but our provincial engineering board will not stand up for you if you get fired due to upholding your code of ethics (they even told us so in ethics class).
Furthermore, whistleblowers are often unemployed for extended periods of time, due to corporations not wanting to hire them as they could be a liability.
The patent language says it's "a commitment from Twitter to our employees that patents can only be used for defensive purposes." Extending this more broadly would say "a commitment to our employees that the code they write can only be used for non-spamming purposes."
The problem, of course, is that it's pretty easy to tell whether a patent is being used defensively or offensively. Defining spam (or more difficult yet, privacy) is a bit more slippery.
This assumes that Path (or any company) would be foolish enough to make their intentions clear.
If a developer refused to implement a feature due to their ethics then the company would do the following:
* Move engineer to different project
* Set unrealistic goals/deadlines/expectations
* After engineer fails, voice concern about performance
* Set up performance review and improvement plan
* After causing engineer to fail a second time due to unrealistic expectations, fire them due to poor performance
Even if that engineer writes a blog post, enough has happened between his initial refusal and termination as to make conclusive proof impossible. The discussion will be a he-said-she-said affair as his former employer makes a counter-blog post explaining the engineer's poor performance.
A lawsuit is similarly out of the question as most companies have sufficient funds to cause delays in court, thereby causing you to spend all your money on attorney fees and bleeding you dry.
Yup. SOP in the food service industry is to give employees who are underperforming 4 hours per week, on the slowest shift, and just leave them there until they quit.
Honestly, if you refuse to do something on ethical grounds and then are moved around, you know what's going on. Most people aren't clueless to office politics and at that point it's your decision to blow the whistle or shut up and watch it happen in spite of your oath.
It's not like hospitals haven't contended with this exact thing for a very long time. The wills of surgeons/doctors and their hospital administrators do not always match up.
How would this be any different from the situation today, where he writes a blog post titled, "Path fired me for not spamming millions of people's phones" and the community rallies around the whistle-blower?
Maybe not, but Apple changed their practices pretty darn quick. They now review suppliers much more closely than they did before, and Foxconn's practices have changed a bit as well. You can argue it didn't have ENOUGH effect, but you can't claim it made no difference.
The goal was not to tank apple, but to improve the working conditions at the factory floor and transparency on apple's part. Apple' supply chain is much more transparent after the noise.
On another note, our outrage/disagreement cannot be outcome based. We hope the bad publicity will change things. many times it does not.
I get your point, but these guys don't have anywhere near the same clout that Apple has.
Path is young (and building a service, not a device/OS) and it can be abandoned for something similar since all they're keeping is data. Once you buy a gadget, that's an investment on your part which will make a lot of people hesitant to give it up and the culture it that surrounds it.
And I wouldn't bet that Apple will be able to survive scandal after scandal and still survive unscathed. Cook is no Jobs.
Arguably, the root cause of Turing’s persecution was that his privacy got invaded, and subsequently the government did not think he had a right to his private conduct.
Though admittedly, no technology was involved in the whole matter.
Also, Turing’s wartime exploits involved a breach of privacy in the service of a good cause.
Arguably, the root cause of Turing’s persecution was that his privacy got invaded, and subsequently the government did not think he had a right to his private conduct.
Actually, come to think of it, if viewed in that way, he's the perfect name for an ethics oath regarding privacy. I hadn't considered it that way.
It would be interesting to combine this with an open source license which links to the Oath, and forbids use of the code in any project or system which breaks the Oath.
For developers who have undertaken the Oath, the challenge would then be to write the best code, so that it sees widespread adoption. This might potentially make it harder for companies like Path to engage in activities which break the Oath.
Once Congress puts a bill forward to deal with this issue, it will be the beginning of the end for this type of behavior. I'm sure Obama will get behind it as well, as it will help the computer market immensely.
"Don't be evil" has never really worked, despite best intentions, depending on your vantage point.
You don't need an official Oath or for the company to know or base their employment on such an Oath. Either way, the bottleneck is the employee drawing attention to the company doing something unethical; no Oath has to get in the way of that. There's already a sub-thread on top-secret/weapons/armaments jobs. What about political ethics? And religious? Marriage / gay rights? Porn? "Sexism?"
So should a software developer's code include armaments, or not?
If it does, it would never get mainstream acceptance; if it doesn't, but does cover the topic of this post, it will be ethically absurd.
I don't see how this is a straw man; when building a professional code, one has to choose what actions to allow or disallow, and this seems like a topic that would obviously come up. What do you think about this scenario misrepresents the idea of a developer's professional code?
This is an internal debate I've had with myself since reading Bernard William's Objections to Utilitarianism [0].
I've never had to actually face the ethical dilemma of developing weapons, but what if the development improved precision on a missile? If we can ignore the question as to whether a missile is ethical or not, developing a better guidance system for a missile will help limit collateral damage, but could increase the "comfort-level" of using the weapon for those who decide such things, therefore increasing overall death/destruction. Utilitarianism is hard, because taking all factors into account is impossible. Kind of like machine learning.
I will never scoff at someone who turns down work for ethical objections, but some people are more pragmatic than others.
Both of Williams examples are really hard to wrap your head around if you accept the situations as presented. They are similar to a Sophies Choice [1]
This is a divergence, but it seems to ignore the value that comes from propagating the meme that building armament systems is unethical by refusing to participate in it.
While the idea of an oath may be flawed, I do think it's about time some segments of the tech field showed a little less contempt towards users. I don't know how that would happen, but launching your own startup shouldn't give you carte blanche to exploit your users however you see fit.
As a programmer, I don't want a bunch of charlatans in SF to give my career an unsavoury reputation because of these antics.
> The case originated with two lawsuits claiming that Classmates.com had sent out millions of deceptive e-mails telling users that an old friend was trying to contact them, and had viewed their profile or signed their "guestbook." For the great majority, that wasn't true; no one at all had shown an interest in their profile. About 60 million users were contacted, and about 3 million actually took the bait, paying between $10 and $40 to Classmates.
Another hook might be a violation of the Telephone Consumer Protection Act (TCPA) which has been interpreted to prohibit automatically sending text messages without the recipient's consent. The statutory damages are $500 per incident.
Classmates.com was sued in 2008 for sending emails claiming former classmates were searching for you. Similar, but Classmates.com was actually requiring a paid subscription before telling you there wasn't actually anyone on the other end.
Simple math is all it takes to understand why this is pervasive. In the classmates.com example, they collected upwards of $75 million in revenue from this scheme, and only had to dish out $2.75 million for the settlement several years later. So for any newcomers, this type of bait is an attractive business proposition; the potential lawsuit years down the line can simply be attributed to cost of revenue. And you'll obviously only get sued if there's money to be won, which means the scheme was a success, so in other words, you want to get sued. The real problem is the judgments/settlements are an order of magnitude lower than they should be.
There's the hidden cost of permanently alienating potential customers, though, which will show up silently in reduced conversion on all subsequent advertising efforts.
Apps can't send text messages without the user knowing it on iOS, you have to tap Send for each one of them, so this couldn't have affected App Store rankings.
You presume the app sent it and not their servers or a partner service provider. They already grab your address book, including phone numbers. They don't need you after that.
In that case don't you think we would have seen many more reports of this shady practice? This seems to me a combination of purposefully bad UI and the user not paying attention.
Still the same practice spammers use, but very different from "covertly uploading my contacts data and texting everyone without telling me".
See, I am not convinced that it was an innocent "automated mistake". This is equivalent to the anecdotal old excuse one always hears from the government officials: "the computer did it". When some spamming process like this is automated, all it means is that it is being inflicted on lots of people and most likely deliberately, so automation is not something that can be accepted as an excuse, on the contrary, it is an aggravating circumstance.
I incline towards the opinion that these sharks do it quite deliberately. They just don't care how many people they embarrass and annoy, as long as some of those tech-innocent grannies and plumbers join up and thus put figures on their business projection sheets that get these sharks closer to cashing in big on an FB style IPO.
Facebook does that exact thing by the way - my boss came back from a week of vacation and wondered how I found him on Facebook. Facebook had sent each one of us in the office a link, that he didn't know about. Anytime you send email as a user - it needs to be very explicit.
"The Privacy Act gives you the right to make a complaint if you believe an Australian or ACT government agency, or a private sector organisation covered by the Act, has mishandled your personal information contained in a record."
There's no way to sue, but I suppose the FTC could take action and fine.
They will claim it's a "bug"... albeit one of those "viral bugs" that seems to lead to topping the App Store download charts. These tactics make me think there's no such thing as organic growth within the app stores.
You can sue for anything; just not always successfully. That said ...
This appears to be trespass which I think is a tort (entering a part of property, the phone, that was off limits and without consent). You can sue for that.
It's also in the same respect contrary to the UK Computer Misuse Act (crime) AFAICT [story appears to be in the UK, or is it just UK entries in the addressbook]. That would probably hinge on the consent to access the particular files duplicated.
Then there's database rights (tort?), a sort of copyright for databases. [Copyright wouldn't apply as it's not a creative work].
Harassment (tort I think) and infringement of the right to a private life as enshrined in the ECHR (crime) seem to be causes to object as well.
As the calls were business motivated then failure to check against a telephone cold-call blacklist could also generate extra fines.
Reminds me of the emails Facebook sends me telling me that I've missed important notifications when I don't log in for a while. I log in, and there are no notifications waiting.
And the messages Facebook sends me telling me about an event and letting me know that one of my friends is a guest, when they've been invited but haven't actually confirmed.
Well, I don't think we should look for malice when is just incompetence.
LinkedIn keeps asking me to share my mail user/password so I can connect with more people, and says that X and many others already did it. I can't tell about others, but X is my wife and I'm certain she didn't do it.
So well, as I said I think that this is just a matter of incompetence (ie. automated message gone wrong).
How about another detail — the fact that – according do another comment here, the only one that seems to actually have looked at how the app behaves before jumping the gun – the app tells you it's going to invite everyone on first launch and you need to tell it not to?
This is proven (and risky) way to grow. I really cannot blame them: they have to pay their rent and VCs are nervous.
This approach might burn them completely but also can get them to some significant number of users (after which they will issue an apology and pay all fines if needed).
Shitty behavior does not stop being shitty behavior because you have bills to pay. And it's not even in the "understandable under duress" area of shitty; Path isn't a person with a starving child and that dude's contact list isn't a loaf of bread.
If your company can't exist without being shitty, your company shouldn't exist.
I completely agree with you on "If your company can't exist without being shitty, your company shouldn't exist.". However, here in VC-stanm the behavior like this is considered "hacking the growth" and something which is not considered a bad thing. So unfortunately, you cannot play the game here (ok, you can play but no big money will bet on you) if you not ready to do things like this.
I'm OK with that game not being played. That spam-calling random people at 6AM is not an immediate "get the fuck out of my office" is probably a pretty good indication that something is deeply rotten in, as you put it, "VC-stan."
But you can get on TechCrunch, so it's gotta be okay, right? :(
And we also need to understand that all these social networks are in business of spamming people ("growing the network"). Hey I remember back in 2006 (maybe 2005?) Facebook invited all my all my Gmail contacts to Facebook (including people who interviewed me ...).
That is the key of their existence, so I'm not sure how anybody in right mind can expect anything else. Maybe I'm too old and see these things as they are...
I'm all for the moral high ground, but it becomes a lot less simple when "pressured" means something like a combination of "sole breadwinner" and "ethical choice." Reality doesn't bend to our idealism, and businesses are grounded solely in reality (often to our detriment).
Definitely not. I'm saying it's never "right" in a moral/ethical sense, but when you're put in certain (fairly common) positions, the moral high ground is not a feasible option for most people. It comes down to whether you consider stability for those who depend on you more or less important than doing or refusing to do something based on whether you consider it right or wrong... that's something that's easy to judge until you're in such a position.
This isn't the hypothetical where you're stealing a loaf of bread from the market to feed your starving family. I certainly respect that taking the moral high ground isn't always easy and that some people are going to be in situations where it is more difficult for them to do so than for others.
But the standard for acting like an asshole has to be greater than simple expediency. The necessity of breaking the social contract has to be roughly proportional to the community inconvenience; that's why firemen get to use the siren and everyone is supposed to yield when they are headed to, well, fight a fire, but I don't get to use one when I'm headed to the grocery store.
If I bang on a stranger's door at 6am because their house is on fire and I'm trying to warn them, then that's great, because the "don't harass strangers at six in the freaking morning" social norm is less important than the "OMG THE FLAMES THEY BURN!" social norm. In contrast, if I bang on someone's door at 6am trying to sell Amway products, then I'm an asshole. Finally, If I bang on someone's door at 6am, insist that their buddy, whose name I found by going through the trash, has photos to share with them, and only later reveal that there never were any photos, then I'm an unbelievable jackass.
Unfortunately, your analogy is excessively dramatic and misses the reality of the situation. It's easy to create surreal situations in which absolute visions of your own morals apply. Sorry, but you just don't get it.
Apologies for trying to make a point. If anything, my analogy seems pretty much on point, as it barely changes the reality around the events here as described:
banging on door <=> text/phone call, which likely causes an audible alert
stranger <=> contact/acquaintance/vendor/client/boss/relative/lover/ex-lover/dentist of a new user
6am <=> 6am
their buddy <=> their contact
the trash <=> a new user's cell phone contacts
has photos to share <=> has photos to share
there never were any photos <=> there never were any photos
unbelievable jackass <=> unbelievable jackass
Seems close enough.
But my real question for you is which is it? Did a developer/Path act unethically, but you believe those actions are justified because people have families they need to care for? Or do you believe that Path/the developers did nothing wrong and I'm just applying my own morals to the situation? One or the other is a legitimate position to take (though I may disagree with your view), but you can't have both.
This sounds patronizing. As adults, you make your choice and face the consequences. That you may have dependents does not reduce your moral responsibility one bit.
Clearly you don't know how it feels to actually have "dependents" or what that responsibility entails. This will sound patronizing, but it's absolutely valid: Come back and comment on this in 10 to 20 years. At that point you might have the perspective you clearly lack now.
[edit]To be clear: I do not have dependents, but I also don't have an employer (who isn't me), and I do have people that depend on me. What I also have is a lot of experience in a lot of situations that are very much "gray" in terms of what less-experienced people seem to consider moral/ethical absolutes, which simply do not exist. That last part is what you don't understand but are likely to figure out as life teaches you the things your parents and teachers would like to but simply can't.[/edit]
It sounds patronizing because it is. It sounds silly because it's that, too.
Doing the right thing is sometimes difficult. That's not an excuse to do the wrong thing. Indiscriminately spamming hundreds of contacts is always the wrong thing.
It doesn't, but it might mean we need to look into how the pressure is being applied.
We can bitch at Path all day, but there exists strong incentive to do this, and people who don't do this will have unilaterally disarmed and be at a disadvantage. We need to encourage the first group to not do this, and encourage the second group to keep it up and not feel like suckers for respecting their users.
Would it also be okay to murder people in order to pay your rent and your backers are nervous? What about just hitting them over the head? What about just threatening to hit them?
Ethical justification isn't easy, but it's also not this hard. The entire point of being ethical is that you might lose out as a result of being ethical. If you opt to discard ethics in order to get ahead, you are being unethical. That is what it means to be unethical.
I think a better solution is to make fines exponential (for repeated reasons), for e.g. 1st time $10, 2nd time $100, third time $1000 dollars and so on.
Fines are meant to discourage behaviour found unacceptable by society[0]. That obviously fails to work if the net outcome of a ‘discouraged’ action is still positive even after taking into account the fine (and compensation for damage, if any).
So, really, the (first) fine was not high enough. For a very similar reason, non-trivial fines[1] are usually given as a percentage of turnover or daily fines.
[0] Note that jail time also serves to rehabilitate the offender in case of serious crimes. That obviously doesn’t really work with companies, and unfortunately, carelessness with other people’s data is not considered a serious crime in many places.
Yeah, that's why I think exponential grow in fines for repeated offenses by a company is a good idea, it will eventually be net negative for the company so they will stop doing it.
Because you can't know the net positive in advance; is way too dependent of the context and that includes the size of the company.
It also discourages the searching of flaws in the system because even if you get away with it once (net-positive) you know the next time the fine will make unviable.
BTW this is similar to how already the civil justice system works in many countries, where after repeated minor offenses you go to jail.
There's annoying spam, and then there's straight-out-lying spam -- the "x has sent you a message, you need to create an account to view it" type.
Just curious, is there a way to sue/fine a company like this for false advertising, essentially?