Look! Computer Professionals Have An Ethics Code!

A new Code of Ethics was recently released by the Association for Computing Machinery (ACM), a professional organization for programmers and technology companies that has aimed to set the tone for ethics in the industry for decades. Its previous ethics code was last updated in 1992, before social media, e-commerce, widespread GPS tracking, the epidemic pf network hacking, bots, trolls, artificial intelligence, and the proliferation of wired cameras on store fronts, house entryways, and family cars, just to name a few of the ominous new developments that has made expanding technology the single greatest ethical challenge in the history of mankind. Most professional codes of ethics have not kept pace with technology, but for a computer organization to be so far behind is embarrassing.

The ACM committee surveyed the international association’s approximately 100,000 members as part of its process. The result is a list of principles and guidelines rather than rules: there is no enforcement mechanism. Nor is there any way to force members to read the thing, much less use it. I’ll say this: the code is ambitious. For example, the Code addresses”The Terminator’s” Skynet scenario, urging members  to take “extraordinary” care to avoid the perils of artificial intelligence, and robots that learn from experience and modify their own actions without the need for re-programming by a human being.

The new code addresses the Big Data ethics issue, and holds that tech companies should collect only the minimum amount of personal information necessary for a task, protect it from unauthorized use, and give users the opportunity to give informed consent regarding their data’s use. This and other provisions in the Code I would mark as “aspirational,” or perhaps “cover” or even “pie in the sky.” Without enforcement, such “rules” amount to lip service at best, deception at worst.

As with most ethics codes, this one indulges in convenient vagueries that purport to give guidance, but really don’t. For example, the Code’s “first principle” states that  the primary obligation of all computer professionals is to “to use their skills for the benefit of society, its members, and the environment surrounding them.” And who determines THAT pray tell? The technicians who made Skynet thought that it would be a boon to humanity, and it ended up destroying humanity. “Benefits” is the most subjective of concepts. Similarly, the code exhorts the technical community to mitigate the negative effects of technologies they are responsible for, and if that can’t be done, perhaps to even  refrain from marketing some products.


To help companies and tech workers apply the ethical code’s principles, ACM is launching an“Integrity Project,” which will produce case studies about particular ethical dilemmas, and an “Ask an Ethicist” advice column.

I’m available.


8 thoughts on “Look! Computer Professionals Have An Ethics Code!

  1. As a member of the ACM for the past 18 years, I did review earlier drafts and submitted comments. I was especially critical of the vagueness, but in general welcomed the update, as the old code was pretty outdated by now.

    I did not think about the enforcement mechanism, but that is because I still don’t see Software Engineering/Programming as a profession. This has been a very contentious point for years. On the one hand, “hackers” (I use this in the original sense of the word, as it describes a very common ethos in the occupation) are terribly skeptical of any authority, and pride themselves that you can become a proficient programmer without formal training. Funny enough, programmers subscribing to this point of view are very supportive of apprenticeships and mentoring… go figure.

    On the other hand, corporations will *strongly* resist any sort of licensing, and use the current, informal, certification system as a first filter only. Formal requirements would make software engineers more expensive and possibly lead to some system to deal with liability. Much better to keep to current system with the ability to outsource to the lowest bidder.

    Reform will have to come from inside the industry. The problem is that herding cats, err, programmers is really hard. A couple of years ago I was involved in discussions to professionalize the occupation, but the interested quickly formed into two groups. Hard left “let’s unionize” types with no interest in setting standards for practitioners and wannabe cowboy entrepreneurs who saw themselves as the next Bill Gates/Mark Zuckerberg/Jeff Bezos and just wanted an artificially scarce piece paper to increase their market value. As expected, nothing came out of it.

    My hope is that some university will start a professional certification program that may have actual meaning and value for both practitioners and employers. I had hopes that CMU’s SEI would take that role, but it hasn’t and by now is just one more possible certificate in the pile, if more valuable than the others.

    Or we may need to start small and grow bigger (see INCOSE for Systems Engineers) while not taking the full-licensing route for the time being. In the end, after years in the industry, I believe that software engineering should be like Civil Engineering, Medicine, or Law. You may still have your cowboy coders, but for some developments (life critical, safety critical, large scale and impact, security related, etc.) you’d be expected (maybe even required, but that might be too ambitious to begin with) to have at least a licensed Software Engineer as your project lead, overseeing a number of other engineers (some licensed, some in training, some “code monkeys”) whose name is in the line for the project. Oh look, Civil Engineering works JUST LIKE THAT! Will that require higher pay? Yes. Malpractice insurance is a given, but it works for other professions.

    It’s a mess, and I don’t see an easy way out. For now, I appreciate what ACM is doing, and will support it. Any other software engineers out there interested in ethics and licensing? Maybe. In my experience most don’t want to go that route and will take the simplicity and freedom of being “just a programmer”.

    • Great comment, Alex.

      I think the real problem is that to see this become a reality, industry has to decide to place value on the professionalization of programmers. As you correctly point out, they are happy not to do that because it reduces costs to them and increases their employment flexibility.

      Failing that, programmers themselves would be forced to bootstrap this into a meaningful effort, and that requires a change in how they think about their skills. Part of the reason that hasn’t happened is that programming can take so many forms, and affect so many diverse industries that there only a limited number of skillsets that could be appropriately grouped into meaningful designations. Sure, you could group them by language/technology type, but that would not really be something industry would pay for.

      The biggest reason coders are facing this conundrum is because there is no clear pipeline to employment, like say an engineer, who generally must be a degreed professional. Coders and other computer engineers need not be, and although having designations from various industry certification bodies does help, that’s rarely a hard-and-fast job requirement except in the largest of companies. Not only that, non-degreed programmers have historically and are still are fully capable of creating their own companies around their work, which gives the impression that credentials in this industry are relatively meaningless, which again, disinclines industry to place value on credentialed professionals.

      Cutting this Gordian knot will be hard, especially because there are so many diverse technologies that can be mastered, with more coming on line every day. I remember the old days when languages were limited to maybe five or six major variants. Now, the language landscape alone is hard to even keep up with, there are so many, and each one brings it’s own unique abilities to be exploited. When I was young, you could take classes in FORTRAN, COBOL, BASIC, and even some assemblers but there were none to be found for C. Now, you can take courses in all but the very newest languages, and there are literally hundreds of them. All this diversity where anyone can learn to become proficient in one or another language only makes the problem of professionalism more profound.

      I wish you all the luck.

    • I was working to upgrade my certifications after my first major post-college employer combined several flavors of self-destuction. But there was no clarity in path and cost was prohibitive to prevent the waste of a wrong choice. Another friend chose almost randomly for one task and was miserable on the career track that did not fit his personality. Finding a mentor in a chaotic and exploding field is a matter of luck.

      I had to drop out of the industry from multiple non-professionally related conflicts, and regret I could not afford to get back on the horse when they passed. I would love if there was some widespread standard, but one of my computing professor’s slogan in the 80s was ‘the nice thing about standards, is that there is so many to choose from.’ Too bad I didn’t understand that was not just a technical comment, but a criticism of the profession.

      I’d welcome licensing and an ethics code with teeth. Too many lives are at stake with software for this Wild West to be wise. And a better standard will also give developers some push with impossible and unsustainable demands. Software is too big, and no longer lone wolf and that takes longer and costs more.

  2. And since you want a case study, one suggestion would the brouhaha over Microsoft providing infrastructure services for ICE after the family separation scandal. Many engineers threatened to quit over that, but I don’t think any followed through. Gives you an idea of how mature the ethics are with the current crop of practitioners.

  3. I let my ACM membership lapse many years ago because I found it to be largely irrelevant to my day-to-day work as a software developer. It’s just not a good fit for my place in the computing world. And for the most part, neither is the new Code of Ethics.

    The parts of the code that address things like diversity are largely redundant to the policies of my employer. The discussions of things like respecting privacy, robustness, security, and monitoring how an application fits into society are better addressed at the product design level or at higher management levels that help decide the direction of the enterprise. There are undoubtedly individuals that need to keep these things in mind, but modern software development is a team effort, and like any other requirement, ethics will be the result of teamwork. Many of the remaining guidelines — such as honesty, competence, and openness — are components of good teamwork that any software development team should practice.

    I am highly skeptical of efforts to professionalize or license software development. During my lifetime, the field has been far too dynamic to be able to codify requirements to a meaningful and operationally usable way without getting left behind by new technology and new methodologies. When I started, computers were expensive resources, and a single one would be shared by many people and have a full-time system administrator to manage it and keep it running. Now we spin up virtual computers by the dozens (or thousands) in something called “the cloud.” The degree of knowledge and skill required to be a system manager might have seemed like something worth licensing back then, but it would be foolish now. The same sort of thing has happened in software development, although it is harder to characterize. But what we don’t want is for software development to go the way of the hair styling industry, where licensed practitioners are required to demonstrate skills that are no longer in demand, and in-demand skills are not yet covered by licensing (e.g. hair braiding).

    It would probably make sense, as Alex suggests, to have a Software Engineering license (or family of licenses) for safety-critical systems, both to ensure that the software engineer has the necessary knowledge of safety-related issues and to provide for accountability in the event of failure. This is, however, a small niche in the software ecosystem.

    By the way, I have long resisted using the term “Software Engineer,” because I worked with actually licensed engineers — civil, electrical, mechanical — who worked hard to get to call themselves “Engineer,” and it seemed disrespectful to just appropriate the term to encompass a broader sense of responsibility than “programmer.” I’ve kind of had to give that up in the face of the reality of job titles.

  4. How can an industry and professional practice continually update an ethics code when the developing capabilities present new considerations faster than any code could be updated? This must be a troubling notion for ethical professionals and practitioners in computing and genetics. Almost all the energy is on what can we do and far less is on what should we do.

  5. When I was young and programmers coded in ‘C,’ the code of ethics was seens as something you hoped your competition followed.

    It gave you an edge if they did.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.