IOT: Code of Ethics for Software Developers and Engineers

  • Article

There is a certain car manufacturer that has admitted to “cooking” their software so that it would run one way during tests and then another way during normal operation.  Software designers or engineers have a model for the Code of Ethics that would assist these professionals in how to make correct decisions.

The ACM Code of Ethics can be found at: https://www.acm.org/about/code-of-ethics

In general, the ACM Code of Ethics are only applied to members of the ACM, but if you are like me, I am no longer a member of IEEE nor ACM, mostly to save a few bucks.  But this does not mean that I don’t review the ethics from time to time.  With respect to working for a corporation, a corporation works best when there is a culture that supports ethical behavior by all members, from executive to recent college hire.

With IOT, Ethics becomes an important idea as the impact can affect lives.  For instance, the case can be made that people died because of the increase in the Nitrous Oxide output from the vehicle’s manufacturer fooled the tests.  In other IOT devices, water purity could be affected, toys could harm children, security may be breached if designers don’t act in ethically.

Let’s take a look at a scenario that I have encountered, not at Microsoft, seriously the culture at Microsoft values ethics.

Scenario: Your team is designing a test harness for evaluating the gaseous output from a system that will be widely used worldwide.  During the final design, the standards of acceptable gas output are not going to be met by the system you are working on in normal use.  During a team meeting someone points out that the system would have the correct output during testing, and then using machine learning the system would change to the normal operations.  Normal operation means that the gaseous output is must higher than the government standards.

How could you handle this?

  1. Make sure you have your emergency fund with 6 months of living expenses saved.  Being ethical is not necessarily going to lead to long term job security.  If you going to be ethical and you don’t have a 6 month of living expenses saved, you should still proceed, but be prepared to have to live off the unemployment funds in your state or country. 
  2. When you sense that something is wrong, in this case, the idea that the team you are on would modify software to pass a test and then change the system to function normally but with bad outputs, should indicate that is something is wrong.
  3. Do not proceed till you have reviewed the corporate ethics, make sure that you understand the reporting system, and review the ACM Code of Ethics, in this case the highest level titles indicate that you need to act:
    • Paragraph 1: General Moral Imperatives, sub paragraph: Avoid Harm to others
      • Yep, looks like the bad gas output could harm others.  Why? Harm is defined as injury or negative consequences
      • You might think: I am just a code monkey, what can I do?  Even a code monkey performing well-intended actions such as assigned duties would lead to harm in this instance. 
      • What you should do:
        • You are obligated to undo or mitigate the negative consequences
        • If the company you work for has an Ombudsmen or similar organization, you need to contact them and ask them to assist you with evaluation of the issues you perceive.  Your view could be wrong, and it is a good idea to discuss the problem with an external person.  At Microsoft you cannot be punished for implementing this process and some US states have rules against retaliation to workers with respect to  this kind of reporting.
  4. What process should you follow if your working within the corporation does not yield results, you expect?  Whatever you do, proceed carefully and with an open attitude, it does you no good to be an “ahole” that angers others (trust me on this one).  So if your evaluation indicates that you should proceed, then:
    • The ACM Code of Ethics states:
      • “If one's superiors do not act to curtail or mitigate such dangers, it may be necessary to "blow the whistle" to help correct the problem or reduce the risk. However, capricious or misguided reporting of violations can, itself, be harmful. Before reporting violations, all relevant aspects of the incident must be thoroughly assessed. In particular, the assessment of risk and responsibility must be credible. It is suggested that advice be sought from other computing professionals.”
    • Speaking from my own experience, you really need to talk to others if your “moral compass” has been triggered.  You maybe emotional, you may not have a full perspective of the situation.  Also, you need to follow your NDA, which can make things tricky, but the legal situation could get expensive.  Expensive Legal fees means that there is at least one person harmed: you. 
  5. Evaluation of the process:
    • From 2.5 of the Code of Ethics, your evaluation should include the following:
      • “Computer professionals must strive to be perceptive, thorough, and objective when evaluating, recommending, and presenting system descriptions and alternatives. Computer professionals are in a position of special trust, and therefore have a special responsibility to provide objective, credible evaluations to employers, clients, users, and the public. “
      • “…any signs of danger from systems must be reported to those who have opportunity and/or responsibility to resolve them.”
  6. Finally, if you follow all of these guidelines, if you are like me, you may still feel that not enough is being done.  In this case, you must find someone you trust and ask them to help you determine if your feelings are emotional or fact.  Usually, if you have followed the corporate ombudsmen processes, spoke with your management, and stayed within your NDA, things will work out and you will see that your actions were either correct, or that the processes that you were concerned about were not harmful.

However, during the process you may have stepped on toes, acted badly (became emotional in a meeting for instance), or communicated poorly during the process.  In this case you may find that you were successful, but now are looking for a new job.  This is not the fault of the employer if they made the changes or proved that there was no harm.  This is the reason you need to have 6 months of expenses saved up.  Doing the ethical thing is not always a way to build a career, although it doesn’t hurt!  But society is built on this kind of behavior and falls apart if good people do not act ethically.

Back to the vehicle scenario:

  1. Evaluate the requests in your work assignment, what is the outcome, organize your thoughts into documents
    • If your evaluations indicate that your work team or work product is unethical, then you need to pull others into your decision making process.  Attempting this alone is unlikely to work or have a positive outcome for your team, corporation or humanity. 
    • The “others” might be your teammates, internal organizations that assist with your ethical evaluation and help with communications.
    • Be prepared for negative consequences from your questioning.  In the tech society, ethical behavior is often consider “heroic”, but our archetypical “heros” usually have to go through hard times.  You don’t get to be a “hero” ethically without proceeding through difficulties to prove your point.  Expect this to be a long difficult process. 
  2. Corporations of most sizes have a way to help you evaluate your concerns, and you should use these processes, even if you don’t trust them.  Your mistrust may be misplaced or these process will help you evaluate your observations.  Acting within the structures set up usually will give you a way to evaluate your observations.
  3. Expect the resolution to be different than what you expected initially.
  4. Do not expect a Gold Medal for your “whistle” blowing, but as a professional the effort you put into blowing the whistle is just part of the job description.
    • Make sure you are acting professionally
    • Respect the rest of the team’s input
    • Use the highest and best communications practices at all time

Conclusion

As a software professional, most executives, product users and government officials have no idea how you make things work.  You build black boxes that the users that use your software, documentation depend on you to do the “right thing”.  As a software professional, society requires that you act ethically.