Slashdot Mirror
First, Do No Harm - A Hippocratic Oath for Coders?
rhysweatherley asks: "With the increase in spyware, spam, etc, is it time for a Hippocratic Oath for Programmers? Should programmers be able to refuse to write code that harms the public more than it helps? Should they code defensively to prevent software and information being misused for unintended purposes? And how do we protect such programmers from being dismissed unfairly for standing on principle?"
Coders are human, and therefore assholes. Exactly how much spamware do you think is written by enslaved hackers, bewailing the evil they're forced to write? And how much of it is written by people who don't give a shit?
An hippocratic oath is all very well, but it's not going to accomplish anything. Conscientious programmers will refuse to write stuff to which they object, other programmers won't. That'll always be the case, irrespective of any resolution.
I believe teh British Computer Society has a clause in its members' charter which is akin to this sort of thing; it says something along the lines of programmers having to bear in mind the social impact of their work, but I don't know whether they've every kicked any spamware programmers out. I kinda doubt it.
"I am hired because I know what I am doing, not because I will do whatever I am told is a good idea. This might cost me bonuses, raises, promotions, and may even label me as "undesirable" by places I don't want to work at anyway, but I don't care. I will not compromise my own principles and judgement without putting up a fight. Of course, I won't always win, and I will sometimes be forced to do things I don't agree with, but if I am my objections will be known, and if I am shown to be right and problems later develop, I will shout "I told you so!" repeatedly, laugh hysterically, and do a small dance or jig as appropriate to my heritage."
-- Abigail, as reworked by Mike Sphar
What an apt comment, even if it was meant as a joke. One could easily say that this is (unfortunately) a problem with many more places in society than just programmes and their software. More and more, people are merely in their profession for the money - NOT for the love of doing it. And as such, they will do anything, such as write spyware, to get more money or keep their job.
We do need people with some morals left, to stand up and say that exploiting the consumer is WRONG. We all know it is, we all hate being exploited, but somebody out there keeps writing the code that does it. Personally, as a programmer, I could not let myself write a program that does that (partially because I am best at programming underlying utilities, not end-user applications).
Anyway, my point is there doesn't seem to be enough in the way of people willing to stand up for their beleifs and/or morals and say that something is just plain wrong. This is the case in many fields, and not least in politics. If we could just stand up and truly protest, something might get changed - but there have to be ENOUGH, and that is a common problem that we're seeing both here and in other areas of society.
I've heard it said before that the downfall of every great civilization (such as Rome) was preceded by a moral decline. And if this isn't a wonderful example of that happening here in America. We need to return to the values that too few of us never left.
One point in your favour.
b) We made the uninstall as painless and obvious as possible
Two points in your favour.
c) We never hid the fact that we were sending back listening statistics
Three points in your favour.
Plus, you provided an interesting and useful service. You didn't mention anything about what you did with the data once it was in your servers, but I choose to believe, lacking evidence to the contrary, that you would have been as open, upfront, and intelligent about dealing with the data once you had acquired it as you say you were when you were obtaining it - and if you were, I might well have used that service (if I cared to have personalized news of any sort delivered to me - which I dont; I don't even like having to 'dig' for all the stories /. posted today, not just the ones that are the biggest. It's not a privacy thing in this case - just a preference thing) and been quite happy with it.
And I don't think that code violates the hypothetical "Geek Oath". Your code is neither malignant nor curmudgeonly.
This flies in the face of science.
"I was just following orders." Frankly, I'll blame both. And the fact that programming has the least sense of professional responsibility of any profession I can think of, even less than lawyers. (Gasp! But it's generally true.)
Of course. In the USA and most western countries, nobody is required to engage in conduct they believe is illegal, unethical, unsafe, or unpleasant -- with the exception of certain positions in the military, who are required to follow the chain of command in most circumstances.
Of course, there are economic pressures: if the only living-wage job in your community for which you are qualified is to work in a coal mine, or in a prison, or writing virus code, then you must make an economic decision: Balancing.
Nobody has to write bad code. If you believe that your shop should never release code unless it includes sixteen types of "defensive code" (resisting viruses and privacy-invading applets and so on), then you tell your employer those terms, and your employer will decide which action to pursue: ending your employment, or changing its practices.
We have all had those "moments" in our lives where we had to make a decision about Right and Wrong. If I do this, is it Right or is it Wrong? If I do this, can I accept the consequences? If I do this, will I be able to respect myself as a person? If I do this, how can I explain myself later to my child?
Sometimes, the decisions are easy: your employer assigns you to load toxic waste into drums and to pour it into a river. Sometimes, the decisions are really hard: your team has spent 1,000 hours testing your code and you are pretty sure that it's good, but you really wish that you had more time for testing, or a different regimen for testing, and now your team leader announces that he's going to release the code -- it certainly makes a difference if the code we are talking about is Doom III or the operating program for a nuclear reactor.
Everybody has a different benchmark. I've heard lots of stories, all of them quite respectable:
- I can't do this because if I ever run for public office, this would ruin my chances
- My religion prohibits this
- This violates the "golden rule" (do unto others...)
- My professional ethics prohibit this
- I cannot do this and still be a role model for my child
- This violates my personal beliefs
- This is just, plain wrong, and I won't do it.
In my opinion, you should use whatever test makes you pause and refuse as often as possible. When someone suggests that the problem is that "we might get caught," I lose all respect for that person: that statement already accepts that the action is wrong (nobody ever says "I'd love to help you rescue that child from the burning building, but I'm afraid I might get caught").Sure, there are things we do that we wouldn't want to discuss with our kids -- not because they are "wrong" but because they are personal or unpleasant or simply not appropriate to discuss with a child.
Life is full of hard choices. I think that 99% of the time, we know what is the "right" thing to do. We often recognize that we are doing something 'wrong' and we have lots of excuses, and some of them feel quite tolerable (I need this job, my kids need health insurance, little harm will come, or harm is quite unlikely).
A long time ago, I found that when I was in certain kinds of situations, I found it "necessary" to do certain things. It was my job, it was legal, it was appropriate -- but it was unpleasant and people disliked me because of it. I had to decide whether I wanted to be the kind of person who did those things. I decided that I did not want to be that kind of person, and I recognized that I could not do my job competently without being that kind of person. I quit my job and changed my profession.
And now, to the question at hand:
> "Should [programmers] code defensively to prevent software and information being misused for unintended purposes? And how do we protect such programmers from being dismissed unfairly for standing on principle?"
Okay, now we are looking at something much less clear. What kind of application are we talking about, and what kind of abuse or misuse are we worried about?
There are various issues to balance, including potential legal liability, potential adverse publicity and adverse market response, and of course potential harm to the public.
Legal liability is a good starting point. If I am writing the code for a new version of a Microsoft operating system, and I already know that there are 1,000 viruses that attack Windows systems, I probably would be legally liable for releasing a product that is vulnerable to one of those existing viruses, if I could easily and inexpensively block them. An internet-ready operating system with no protection against known viruses, would be a defective product, and I'd probably be legally responsible for the damages, at least to consumers. Even if legal liability were avoided (for example, through enforceable contracts), the adverse publicity and of course the complete failure of the operating system to work, would result in complete market failure: people would not buy this product or my other products.
Now, let's look to the harder case. Suppose I am responsible for the coding for Doom III, a complex computer game that (I assume) includes internet-play. I know there are viruses out there, and I know that there are malicious people out there. I also suspect that someone could write a virus that would target my widely software, attaching itself and perhaps even trying to propegate to other users or distribute private data or system-access information by modifying the code that allows internet play. Must I write code to resist that potential virus? No matter what I do, a clever cracker will find a way to circumvent my efforts -- but what must I do? How much time, what portion of my budget, should be spent to fighting crime?
Basically, it's a balancing act.
Try another example: your employer asks you to write a database or accounting program. You know that it is quite likely that your program will be purchased and used by drug traffickers to track their shipments and profits. What duty do you have to prevent such uses, or to detect such uses and report them to law enforcement?
Try another example: your employer asks you to write a Napster-like computer program that will allow people to share files. You know that some people will misuse the program (sharing copyrighted materials), but you also know that many people will use the program lawfully.
Now, suppose you work for one of these latter two companies, and you decide that your employer is not doing enough to prevent misuse, and you refuse to write certain code, but you also refuse to resign. Maybe your employer's attorneys present you with a "severance agreement" that includes a generous cash severance and a confidentiality clause. Or maybe you already signed a confidentiality agreement, and your employer fires you with no severance.
Damn, I have to side with the employer. There's nothing illegal going on, and you aren't being asked to do something unsafe or improper -- you simply have chosen a set of personal ethical standards that conflict with your employer. So I'd probably agree that your employer could fire you, but I might be uncomfortable enforcing the confidentiality agreement, at least insofar as it might seek to prevent you from talking to appropriate law-enforcement agencies.
-- http://www.MarkWelch.com/ Pleasanton California
Seriously. How would your boss like it if he found out that you wouldn't add a feature like banner ads on an ICQ window because you took some kind of oath? I realize that the question asked in the submission, probably doesn't include things like this, but still.
This is why we need some sort of association (I don't think the term "union" is really applicable) to point out breaches of the ethics code, and if nothing else publicly shame companies which fire employees for refusing to violate it.
Writing up a standard employment-contract term that obligated companies to not allow/coerce their employees to break the code, and urging programmers to demand it, would help a lot, too.
--
Benjamin Coates
There are far too many people who will do just about anything for money. Hell, under the right circumstances, I would write spamming software, even though the very idea makes me sick. I am a family man. I have a wife and daughter to take care of. My first responsibility is to them. "Social responsibility" doesn't even come close. If I had to choose between buying food and paying rent for my family or being socially responsible - fuck society.
-- Will program for bandwidth
OK.. I'm gonna rant now.
Coders.. your not holy men.. your not preachers.. you write code.. you a job like anyone else does a job.. why should you need or take a an oath? thats just plain dumb and silly.. if someone doesn't take this oath would that mean they can't get access to development tools? Would'nt that go against the very spirit of open source and the GNU license and the whole spirit of sharing..
sure most people hate adware and spyware stuff as much as i do(a ton). but fact of the matter is thats the current support(MONEY) system for some "free" software out there.. perhaps if people paid for the software there would'nt be all that crap added on..
Its up to you to use that software or ad laden website.. free choice.. stop whining about extras on free software.. its free for a reason, especially the companies that aren't in it for a "greater good" they're in it for making money.. we live in a capitalist society.. get used to it.
end rant