Slashdot Mirror
First, Do No Harm - A Hippocratic Oath for Coders?
rhysweatherley asks: "With the increase in spyware, spam, etc, is it time for a Hippocratic Oath for Programmers? Should programmers be able to refuse to write code that harms the public more than it helps? Should they code defensively to prevent software and information being misused for unintended purposes? And how do we protect such programmers from being dismissed unfairly for standing on principle?"
they'd just fire you and hire someone else. If you are unwilling especialy now there will be 10 other people willing to do it and take your job if you aren't.
Help Brendan pay off his student loans
...coders can refuse to write such code, its called quitting. The real problem is that prospective employers are not all that keen people who quit their jobs for reasons of personal ethics.
Just like there are doctors who ignore the Hippocratic oath, there would continue to be plenty of developers only concerned with bucks. The hypotethical oath described wouldn't do anything more than programmers' consciences do right now.
The goatse guy for president. Win one for the gaper!
A Hypocritic Oath is more appropiate...
blame the companies who tell the programmers what to do.
You have to remember that even if you have the money and values to stand up and refuse to code a application, there will be a person right behind you with no money and no values willing to take your place. All you are doing is delaying the process. I know its a bitter view, but its a truthful one.
A "oath" like this could lead to ommendoms with stuff like "I will follow the DMCA", and other digital rights management junk. I'd be cautious to the threats this could cause. And hey, there's plenty of spam software out already, merely stopping the production of more wouldn't stop spam.
"And we have seen and do testify that the Father sent the Son to be the Savior of the World"
1 John 4:14
Coders are human, and therefore assholes. Exactly how much spamware do you think is written by enslaved hackers, bewailing the evil they're forced to write? And how much of it is written by people who don't give a shit?
An hippocratic oath is all very well, but it's not going to accomplish anything. Conscientious programmers will refuse to write stuff to which they object, other programmers won't. That'll always be the case, irrespective of any resolution.
I believe teh British Computer Society has a clause in its members' charter which is akin to this sort of thing; it says something along the lines of programmers having to bear in mind the social impact of their work, but I don't know whether they've every kicked any spamware programmers out. I kinda doubt it.
Once you accept the GPL, you are pretty much in that field. That would, in my eyes, be the equivilent.
Yet another signature that refers to itself. The irony and humor is dead.
"I am hired because I know what I am doing, not because I will do whatever I am told is a good idea. This might cost me bonuses, raises, promotions, and may even label me as "undesirable" by places I don't want to work at anyway, but I don't care. I will not compromise my own principles and judgement without putting up a fight. Of course, I won't always win, and I will sometimes be forced to do things I don't agree with, but if I am my objections will be known, and if I am shown to be right and problems later develop, I will shout "I told you so!" repeatedly, laugh hysterically, and do a small dance or jig as appropriate to my heritage."
-- Abigail, as reworked by Mike Sphar
First of all - please read the Modern Hippocratic oath to get a feel of the sheer gravity that the oath actually represents. Then imagine the programmers oath
"Wherever I can, I will code many hidden easter eggs without the project managers consent or knowledge to provide the end users something to do. Also, I shall endeaver to ingest large quantities of mountain dew."
I mean, I can think of a few professions above programmers I want to take an oath (How about the short order cook that spit in your food last week huh?)
Second of all - How can you even compare the concept of upholding the ability to save and improve physically the life of an indivdual without corruption to a programmer? How is coding spam similar to endangering a life for unethical pursuits?
Third of all - WHO CARES? Oaths are meaningless in a captalistic society such as ours. Want proof? Lets take a quick tour down career avenue and look at the professions that take oaths - Lawyers (hmm, they seem to be a respectable bunch), Elected Officials (don't get me started), Judiciaries (Not too bad in his arena) and Public Safety officals (Rodney King, Malice Green, etc. etc.) Not to open a can of worms but the ORIGINAL Hippocratic Oath actually had a section condeming a doctor to perform an abortion so theoretically doctors that perform abortion break their oaths (I agree to the modern version expressed above and my political viewpoints on abortion are hopefully not reflected!)
To compare the importance of upholding the importance of ethics in the medical profession to a coder writing spam, spyware or other such "annoyances" is ABSURD.
Jesse Wolfe Sr. Manager Systems Integration
What an apt comment, even if it was meant as a joke. One could easily say that this is (unfortunately) a problem with many more places in society than just programmes and their software. More and more, people are merely in their profession for the money - NOT for the love of doing it. And as such, they will do anything, such as write spyware, to get more money or keep their job.
We do need people with some morals left, to stand up and say that exploiting the consumer is WRONG. We all know it is, we all hate being exploited, but somebody out there keeps writing the code that does it. Personally, as a programmer, I could not let myself write a program that does that (partially because I am best at programming underlying utilities, not end-user applications).
Anyway, my point is there doesn't seem to be enough in the way of people willing to stand up for their beleifs and/or morals and say that something is just plain wrong. This is the case in many fields, and not least in politics. If we could just stand up and truly protest, something might get changed - but there have to be ENOUGH, and that is a common problem that we're seeing both here and in other areas of society.
I've heard it said before that the downfall of every great civilization (such as Rome) was preceded by a moral decline. And if this isn't a wonderful example of that happening here in America. We need to return to the values that too few of us never left.
One point in your favour.
b) We made the uninstall as painless and obvious as possible
Two points in your favour.
c) We never hid the fact that we were sending back listening statistics
Three points in your favour.
Plus, you provided an interesting and useful service. You didn't mention anything about what you did with the data once it was in your servers, but I choose to believe, lacking evidence to the contrary, that you would have been as open, upfront, and intelligent about dealing with the data once you had acquired it as you say you were when you were obtaining it - and if you were, I might well have used that service (if I cared to have personalized news of any sort delivered to me - which I dont; I don't even like having to 'dig' for all the stories /. posted today, not just the ones that are the biggest. It's not a privacy thing in this case - just a preference thing) and been quite happy with it.
And I don't think that code violates the hypothetical "Geek Oath". Your code is neither malignant nor curmudgeonly.
This flies in the face of science.
Of course. In the USA and most western countries, nobody is required to engage in conduct they believe is illegal, unethical, unsafe, or unpleasant -- with the exception of certain positions in the military, who are required to follow the chain of command in most circumstances.
Of course, there are economic pressures: if the only living-wage job in your community for which you are qualified is to work in a coal mine, or in a prison, or writing virus code, then you must make an economic decision: Balancing.
Nobody has to write bad code. If you believe that your shop should never release code unless it includes sixteen types of "defensive code" (resisting viruses and privacy-invading applets and so on), then you tell your employer those terms, and your employer will decide which action to pursue: ending your employment, or changing its practices.
We have all had those "moments" in our lives where we had to make a decision about Right and Wrong. If I do this, is it Right or is it Wrong? If I do this, can I accept the consequences? If I do this, will I be able to respect myself as a person? If I do this, how can I explain myself later to my child?
Sometimes, the decisions are easy: your employer assigns you to load toxic waste into drums and to pour it into a river. Sometimes, the decisions are really hard: your team has spent 1,000 hours testing your code and you are pretty sure that it's good, but you really wish that you had more time for testing, or a different regimen for testing, and now your team leader announces that he's going to release the code -- it certainly makes a difference if the code we are talking about is Doom III or the operating program for a nuclear reactor.
Everybody has a different benchmark. I've heard lots of stories, all of them quite respectable:
- I can't do this because if I ever run for public office, this would ruin my chances
- My religion prohibits this
- This violates the "golden rule" (do unto others...)
- My professional ethics prohibit this
- I cannot do this and still be a role model for my child
- This violates my personal beliefs
- This is just, plain wrong, and I won't do it.
In my opinion, you should use whatever test makes you pause and refuse as often as possible. When someone suggests that the problem is that "we might get caught," I lose all respect for that person: that statement already accepts that the action is wrong (nobody ever says "I'd love to help you rescue that child from the burning building, but I'm afraid I might get caught").Sure, there are things we do that we wouldn't want to discuss with our kids -- not because they are "wrong" but because they are personal or unpleasant or simply not appropriate to discuss with a child.
Life is full of hard choices. I think that 99% of the time, we know what is the "right" thing to do. We often recognize that we are doing something 'wrong' and we have lots of excuses, and some of them feel quite tolerable (I need this job, my kids need health insurance, little harm will come, or harm is quite unlikely).
A long time ago, I found that when I was in certain kinds of situations, I found it "necessary" to do certain things. It was my job, it was legal, it was appropriate -- but it was unpleasant and people disliked me because of it. I had to decide whether I wanted to be the kind of person who did those things. I decided that I did not want to be that kind of person, and I recognized that I could not do my job competently without being that kind of person. I quit my job and changed my profession.
And now, to the question at hand:
> "Should [programmers] code defensively to prevent software and information being misused for unintended purposes? And how do we protect such programmers from being dismissed unfairly for standing on principle?"
Okay, now we are looking at something much less clear. What kind of application are we talking about, and what kind of abuse or misuse are we worried about?
There are various issues to balance, including potential legal liability, potential adverse publicity and adverse market response, and of course potential harm to the public.
Legal liability is a good starting point. If I am writing the code for a new version of a Microsoft operating system, and I already know that there are 1,000 viruses that attack Windows systems, I probably would be legally liable for releasing a product that is vulnerable to one of those existing viruses, if I could easily and inexpensively block them. An internet-ready operating system with no protection against known viruses, would be a defective product, and I'd probably be legally responsible for the damages, at least to consumers. Even if legal liability were avoided (for example, through enforceable contracts), the adverse publicity and of course the complete failure of the operating system to work, would result in complete market failure: people would not buy this product or my other products.
Now, let's look to the harder case. Suppose I am responsible for the coding for Doom III, a complex computer game that (I assume) includes internet-play. I know there are viruses out there, and I know that there are malicious people out there. I also suspect that someone could write a virus that would target my widely software, attaching itself and perhaps even trying to propegate to other users or distribute private data or system-access information by modifying the code that allows internet play. Must I write code to resist that potential virus? No matter what I do, a clever cracker will find a way to circumvent my efforts -- but what must I do? How much time, what portion of my budget, should be spent to fighting crime?
Basically, it's a balancing act.
Try another example: your employer asks you to write a database or accounting program. You know that it is quite likely that your program will be purchased and used by drug traffickers to track their shipments and profits. What duty do you have to prevent such uses, or to detect such uses and report them to law enforcement?
Try another example: your employer asks you to write a Napster-like computer program that will allow people to share files. You know that some people will misuse the program (sharing copyrighted materials), but you also know that many people will use the program lawfully.
Now, suppose you work for one of these latter two companies, and you decide that your employer is not doing enough to prevent misuse, and you refuse to write certain code, but you also refuse to resign. Maybe your employer's attorneys present you with a "severance agreement" that includes a generous cash severance and a confidentiality clause. Or maybe you already signed a confidentiality agreement, and your employer fires you with no severance.
Damn, I have to side with the employer. There's nothing illegal going on, and you aren't being asked to do something unsafe or improper -- you simply have chosen a set of personal ethical standards that conflict with your employer. So I'd probably agree that your employer could fire you, but I might be uncomfortable enforcing the confidentiality agreement, at least insofar as it might seek to prevent you from talking to appropriate law-enforcement agencies.
-- http://www.MarkWelch.com/ Pleasanton California
Seriously. How would your boss like it if he found out that you wouldn't add a feature like banner ads on an ICQ window because you took some kind of oath? I realize that the question asked in the submission, probably doesn't include things like this, but still.
This is why we need some sort of association (I don't think the term "union" is really applicable) to point out breaches of the ethics code, and if nothing else publicly shame companies which fire employees for refusing to violate it.
Writing up a standard employment-contract term that obligated companies to not allow/coerce their employees to break the code, and urging programmers to demand it, would help a lot, too.
--
Benjamin Coates
Comment removed based on user account deletion
Oath or not, there is always going to be someone willing to do something, specially when money is involved. And given the current so called 'Slump' in the industry, there will be a lot more programmers willing to 'go there' and write code to their employer's spec's, even if it is to obtain information, legally or not, from an unsuspecting user.
But even without a low in employment numbers, there is no sort of test of virtues to be a coder.
======
Talk sense to a fool and he calls you foolish. - Euripides
There are far too many people who will do just about anything for money. Hell, under the right circumstances, I would write spamming software, even though the very idea makes me sick. I am a family man. I have a wife and daughter to take care of. My first responsibility is to them. "Social responsibility" doesn't even come close. If I had to choose between buying food and paying rent for my family or being socially responsible - fuck society.
-- Will program for bandwidth
I've done this several times.
They weren't terrible things, but parts of my company have wanted to do a few things over the years that would be bad for our customers. I've refused to work on them, but always with clearly-presented objections. They've not gone ahead, or have been killed around deployment time.
It actually works better to delay refusal and start with the objections. Those early phases of design will drag out as you work to build consensus on your objection. If you refuse immediately, you lose your involvement, you lose your voice on the matter. Also, you don't want people to start disrespecting and ignoring you for seemingly arbitrary obstructions.
I always start with the explanation of long-term damage to the company, as this is the best way to counter the typical motivation. Someone says that this will increase long-term profits, and you need to point to the way that this is actually an illusion. This approach is valid for the very large fraction of destructive projects that are really trading off long-term success for short-term success.
However, there will be times when the company will actually make greater profits from a questionable practice, or else ignores the arguments in the first bit. This is where the hard personal decisions and possible sacrifice would come in. Yes, if you don't want to work on it, you will have to continue to refuse or else quit. I have not had to escalate to this point. However, if I were to get that far, I expect I would prefer quitting to being fired, and would make it very clear to the other programmers and to senior management why I was leaving.
The keys to any of this working are that you are correct, the management is willing to listen to you, is sensible, and has their own motivation to be reasonable above and beyond the profit motive. If they didn't fit that description, I'd start looking for alternate employment. Finally, I don't find these situations to be a bad sign; only if the company doesn't respond well is the company unhealthy.
In my profession (SQA Engineer) the opposite happened during this recession. Companies no longer wanted experience but tried to cut financial corners by only hiring junior engineers. I went six months without a job, but started one today with a sharp company. Keep your eyes peeled, and good luck.
OK.. I'm gonna rant now.
Coders.. your not holy men.. your not preachers.. you write code.. you a job like anyone else does a job.. why should you need or take a an oath? thats just plain dumb and silly.. if someone doesn't take this oath would that mean they can't get access to development tools? Would'nt that go against the very spirit of open source and the GNU license and the whole spirit of sharing..
sure most people hate adware and spyware stuff as much as i do(a ton). but fact of the matter is thats the current support(MONEY) system for some "free" software out there.. perhaps if people paid for the software there would'nt be all that crap added on..
Its up to you to use that software or ad laden website.. free choice.. stop whining about extras on free software.. its free for a reason, especially the companies that aren't in it for a "greater good" they're in it for making money.. we live in a capitalist society.. get used to it.
end rant
"And how do we protect such programmers from being dismissed unfairly for standing on principle?"
a tion (or a squirrelly spyware dev house) if you plan to turn down projects because they are "morally offensive". It's up to YOU to exercise your pie-in-the-sky youthful idealism and don't take the friggin' job to begin with.
This topic is asinine, and this question comes frighteningly close to proposing some kind of workplace legislation. (I can't see what else it could refer to.)
Can't anyone see the total, complete hypocrisy in this? Everyone here always screams "keep your laws off my code," when we're talking about the DMCA and other legislation. But when we start talking about stuff that no one likes (spyware, spam programs), there's some kind of moral bandwagon to propose intrusive workplace legislation to "protect programmers from being dismissed".
To solve this problem, people have to stop installing this crap on their computers. Period. There will always be programmers out there who are willing to write this dreck -- and they should be able to, because the bottom line is that programming should be constitutionally protected speech . I thought we were all in agreement on that issue?
If your employer hires you to write spyware, and then you refuse on moral grounds, then you should get fired. It's that simple. The employer should have the right to do that. Don't take a job at Penthouse Magazine if you don't like nudity. Don't get a job working for Howard Stern if you can't handle drunken midgets vomiting in the hallway. And don't take a job at a mega-ultra-multinational-conglomerate-supercorpor
There can be NO good legislative solution to this problem. The idea of some kind of "code of ethics" is fine, but I think the best way to handle it is the creation of a new alliance, an industry standard, some kind of brand or label which identifies companies and products which follow that code of ethics. (I guess kind of like TrustE, except not sucking.)
You're missing the point. OK, we don't have many buildings falling down but then again no one is paying engineers to build faulty buildings. If you want to talk about ethics and holding paramount public safety and welfare ask yourself how many engineers work for the major tobacco companies, major gun companies, how many engineers were busy helping design new nuclear weapons when we already had enough to pave the planet, etc. There are engineers out there doing plenty of stuff that you or I would likely consider ethically dubious, but they're doing what they're told to do by the folks writing the cheques...and then they go home to their families and pay the rent.
:)
Don't get me wrong, I'm not against engineering...I am one after all. (EE class of '93) But the guidelines of the professional society do not make us any more or less ethical than the next profession. In the end we do what we're told or we get replaced.
As a side note, one of my favorite classes in university was "Ethics in Engineering". The class had a large section on 'whistleblowing' with examples such as the shuttle explosion, etc. The sad part was that in every major case of whistleblowing we studied the engineer who blew the whistle never worked in their former field again. The theme of the section seemed to be "blowing the whistle is the right thing to do in these types of situations....but it will cost you your career". It wasn't a very popular section.
My second question is, why were you not a member of the union?
From your post, yes unions are known to be corrupt and desrutive. But the good that they did and can do is evident. You work a 40 work week, Yes? You receive overtime (if not salaried) Yes? You don't work in a sweatshop Right? You have health/dental/etc Right? You receive a certain wage based upon contract and work you have done, Right? You have a pension, or retirement plan, Right? You unfortunely don't know your history.
These are all things fought for with blood, by UNIONS. Many people fought for and died for those "RIGHTS" that you claim in your right-to-work state. I agree not everyone should be in a union, but you can not claim what they have worked for without due credit.
And I also believe that if IT workers unionized, they would have a better say in contract neg, salary, etc. Right now programmers that have 20 years exp. are being fired, just because they are older....
Just wait until you can't get what you need or have forcibly taken from you benefits that your company promised you. Then I'm sure you'll be part of a group of voices complaining about your situation, trying to get Congress to enact some law to make your life easier....sad....
Secure multi-mediation is the future of all webbing...
Hmm yes I was about to point that out as well :-).
The problem with guideliens such as this, however, is that they are perhaps not applicable to a wide-enough range of people and they can't be strictly enforced. A practicing professional in the UK (who is probably a member of the BCS) is certainly obliged to comply with the guidelines (or risks "expulsion" from the professional community) but such a person (or company) is unlikely to deliberately write harmful software such as viruses etc. anyway. And to people that do write virues, the BCS is unlikely to represent an authority.
In general, breaking BCS guidelines also means breaking the law - whether that is (or can be) enforced to a sufficient extent, is a different matter.