professional ethics in computingafkjm/csce470/handouts/ethics.pdfacm code of ethics and professional...
TRANSCRIPT
1
Professional Ethics in
Computing
Who are these guys and what are
their purported ethical lapses?
2
2
Other Motivation
• Tanaina Database
• http://www.unemployedprofessors.com/
Ethical Drivers
• Legal
– Government regulations, intellectual property,
health and safety, data protection
• Professional
– ACM/IEEE/BCS code of conduct
• Broader personal values
– Individual moral issues
3
Legal Examples
• Legislation still a moving target
– Stop Online Piracy Act (SOPA)
• Postponed Jan. 2012 after widespread concerns,
especially from search engines
• Existing legislation
– Digital Millennium Copyright Act
• Criminalizes production and dissemination of
technology, devices, or services intended to
circumvent measures that control access to
copyright works
Government and Privacy
• Patriot Act on collecting personal information
– Snowden leak
• HIPAA requires encryption of health data
• European Union Data Protection Directive
– Notice. Users should be given notice when their data are being collected.
– Purpose. Data should only be used for the purpose stated and not for any
other purposes.
– Consent. Data should not be disclosed without the data subject’s consent.
– Security. Collected data should be kept secure from any potential abuses.
– Disclosure. Users should be informed as to who is accessing their data.
– Access. Users should be allowed to access their data and make corrections
to any inaccurate data.
– Accountability. Users should have a method available to them to hold data
collectors accountable for following the above principles.
4
ACM Code of Ethics and
Professional Conduct
• General Moral Imperatives
– Contribute to society and general well being
– Avoid harm to others
– Be honest and trustworthy
– Be fair and do not discriminate
– Honor property rights
– Give credit where due
– Respect privacy of others
ACM Code of Ethics
• More Specific Professional Responsibilities– Strive to achieve the highest quality, effectiveness and dignity in
both the process and products of professional work
– Acquire and maintain professional competence
– Know and respect existing laws pertaining to professional work
– Accept and provide appropriate professional review
– Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis of possible risks
– Honor contracts, agreements, and assigned responsibilities
– Improve public understanding of computing and its consequences
– Access computing and communication resources only when authorized to do so
5
ACM Code of Ethics
• Organizational Leadership Imperatives– Articulate social responsibilities of members of an organizational
unit and encourage full acceptance of those responsibilities
– Manage personnel and resources to design and build information systems that enhance the quality of working life
– Acknowledge and support proper and authorized uses of an organization's computing and communication resources
– Ensure that users and those who will be affected by a system have their needs clearly articulated during the assessment and design of requirements; later the system must be validated to meet requirements
– Articulate and support policies that protect the dignity of users and others affected by a computing system
– Create opportunities for members of the organization to learn the principles and limitations of computer systems
IEEE Code of Ethics
1. To accept responsibility in making decisions
consistent with the safety, health and welfare of
the public, and to disclose promptly factors that
might endanger the public or the environment;
2. To avoid real or perceived conflicts of interest
whenever possible, and to disclose them to
affected parties when they do exist;
3. To be honest and realistic in stating claims or
estimates based on available data
6
IEEE Code of Ethics
4. To reject bribery in all its forms
5. To improve the understanding of technology, its
appropriate application, and potential
consequences
6. To maintain and improve our technical competence
and to undertake technological tasks for others only
if qualified by training or experience, or after full
disclosure of pertinent limitations
7. To seek, accept, and offer honest criticism of
technical work, to acknowledge and correct errors,
and to credit properly the contributions of others
IEEE Code of Ethics
8. To treat fairly all persons regardless of such
factors as race, religion, gender, disability, age,
or national origin
9. To avoid injuring others, their property,
reputation, or employment by false or malicious
actions
10.To assist colleagues and co-workers in their
professional development and to support them
in following this code of ethics
7
Ethics
• Code of ethics is good, but they are general
principles
• There are many personal and societal issues related
to computing and information
• Decisions regarding these issues should be well-
informed and well-reasoned. What is a more
general approach to make such decisions?
Ethical Reasoning Techniques
• Utilitarian Consequentialism
• Deontological Arguments
• Analogies
A runaway trolley is hurtling down the tracks
toward five people who will be killed if it
proceeds on its present course. You can save
these five people by diverting the trolley onto a
different set of tracks, one that has only one
person on it, but if you do this that person will
be killed. Is it morally permissible to turn the
trolley and thus prevent five deaths at the cost
of one?
8
Case Studies
• Case 1: The story of MP3 – compression
codes, musicians, and money
• Case 2: PGP: The U.S. Government vs. Phil
Zimmermann
• Case 3: Hackers: Public enemies or gadflies?
Case 1: The Story of MP3 –
Compression Codes, Musicians,
and Money
• MP3 protocol
– Compresses digital files that store audio
information
• Napster
– Enabled peer-to-peer file sharing
– Allowed users to share music files with other
users and obtain music files from other users
9
• Recording companies filled a suit against Napster on grounds of copyright infringement
• Napster lost the case and subsequent appeals• Ethical question
– Is it ethically right to swap copyrighted MP3 files?
• Ethics– The study of how to decide if something is
morally right or wrong
Case 1: The Story of MP3 –
Compression Codes,
Musicians, and Money
• A consequentialist focuses on the
consequences of an act to determine if the
act is good or bad
• Utilitarians
– The most well-known consequentialists
– Focus on the consequences of an act on
everyone to determine if it is good or bad
Case 1: The Story of MP3 –
Compression Codes, Musicians,
and Money (continued)
10
Utilitarians
• Cosmic calculator that can measure
happiness of all humans
• Act in question is good if:
– Happiness_After > Happiness_Before
• Otherwise, the act is bad
• “The needs of the many outweigh the
needs of the few or the one”
• Utilitarian argument #1: MP3 copying is OK
• Utilitarian argument #2: MP3 copying is not
OK
Case 1: The Story of MP3 –
Compression Codes, Musicians,
and Money (continued)
11
• A dialectic– Move back and forth between different
viewpoints, criticizing each and trying to learn
from each
– Goal: both sides move closer to the truth from
two different perspectives
– Check the facts for MP3 case, sales up or
down?
Case 1: The Story of MP3 –
Compression Codes, Musicians,
and Money (continued)
Case 2: PGP: The U.S.
Government vs. Phil
Zimmermann
• Phillip Zimmermann
– Concerned about bills introduced in the U.S.
Congress to allow the government to restrict
the use of encryption
– Developed the PGP (Pretty Good Privacy)
encryption algorithm
– Made PGP freely available to anyone
12
• U.S. Government started a criminal
investigation against Zimmermann
– Claim: Zimmermann had released a
technology that would allow criminals and
terrorists to avoid detection by law
enforcement agencies
Case 2: PGP: The U.S.
Government vs. Phil
Zimmermann (continued)
• Ethical question
– Was it right for Zimmerman to distribute his encryption program, or was the government right to try to prohibit its distribution?
• Analogies can be used to explore the similarities and differences of ethical questions– Have to make sure the analogy is appropriate
Case 2: PGP: The U.S.
Government vs. Phil
Zimmermann (continued)
13
25
• A dialectic argument that uses analogies
– One analogy supports a particular view of the
situation
– Another analogy supports an opposing view
of the situation
– The participants in the discussion explore the
strengths and weaknesses of each argument
Case 2: PGP: The U.S.
Government vs. Phil
Zimmermann (continued)
• Simplification for exploring the PGP controversy
using analogies– The discussion is limited to the use of the PGP
algorithm for email security
• Analogy #1: Email is like a private conversation
• Analogy #2: Email is like phone conversations
• Analogy #3: Email is like the postal system.
Case 2: PGP: The U.S.
Government vs. Phil
Zimmermann (continued)
14
• Analogies give a better understanding of the
ethical issues behind the PGP debate
– A decision about PGP affects security and
privacy
• Catching criminals and stopping terrorists are
two good things
• Having personal privacy is a good thing
Case 2: PGP: The U.S.
Government vs. Phil
Zimmermann (continued)
• The utilitarian perspective:
– What would be the consequences of enforcing a ban on PGP? In its most fundamental form, PGP is just an idea.
– What would be the consequences of allowing people to use PGP?
Case 2: PGP: The U.S.
Government vs. Phil
Zimmermann (continued)
15
• Using analogies and a utilitarian analysis:
– The increased security of a PGP ban would
be bought at a very high price
Case 2: PGP: The U.S.
Government vs. Phil
Zimmermann (continued)
Case 3: Hackers: Public
Enemies or Gadflies?
• Definition of “hacking” for this discussion
– Gaining unauthorized access to someone
else’s computer system
• Ethical question
– Is there an ethical case to be made in support
of computer hackers?
16
• Analogy
– Breaking into a computer is like breaking into
someone’s house
• The similarities and differences between
burglars and hackers should be analyzed
• Utilitarian analysis
– What is gained/lost when a computer is
hacked
Case 3: Hackers: Public
Enemies or Gadflies?
(continued)
32
• Two challenges when using a utilitarian
argument
– It is sometimes hard to predict consequences
with any accuracy
– There seems to be a distinction between
“good hackers” and “bad hackers”
Case 3: Hackers: Public
Enemies or Gadflies?
(continued)
17
• A deontological argument can be used to try to meet these challenges that may arise in a dialectic utilitarian argument
• Deontological arguments focus on
– Intent of an act
– How that act is/is not defensible
– Not the result of the act
• Kant: Never treat a fellow human merely as a means to an end. Actions are morally wrong if they are inconsistent with the status of a person as a free and rational being, and that, conversely, acts that further the status of people as free and rational beings are morally right
Case 3: Hackers: Public
Enemies or Gadflies?
• Hacker Ethic– Information sharing is a powerful positive good, and it is
the ethical duty of hackers to facilitate access to
information and computing resources wherever possible
– System cracking for fun and exploration is ethically OK as
long as the cracker commits no theft, vandalism, or breach
of confidentiality
• Deontological perspective on hacking– Is the act of hacking into another person’s computer
system inherently unethical?
• At the end of the analysis, questions are raised
about the claims of the hacker ethic
Case 3: Hackers: Public
Enemies or Gadflies?
(continued)
18
35
Thinking Straight about
Technology and Ethics
• A “paramedic method” for computer ethics
– Goal is not to become a research ethicist, but
to gain skills in:
• Recognizing ethical questions regarding
computing
• Reasoning carefully about answers to those
questions
Thinking Straight about
Technology and Ethics
(continued)• Questions to ask in dealing with an ethical
problem
1. Who are the stakeholders in this situation?
2. What does each stakeholder have to gain or
lose?
3. What duties and responsibilities in this
situation are important to the stakeholders?
19
• Questions to ask in dealing with an ethical
problem (continued)
4. Can you think of an analogous situation that
does not involve computing? If so, does that
analogous situation clarify the situation that
does involve computing?
5. Either make a decision or revisit the steps
Thinking Straight about
Technology and Ethics
(continued)
38
What We Covered
• Existing codes of ethics for software
professionals
• Introduced a few of the issues involving
technology and society
• Discussed how to apply the following to
computer ethics– Utilitarian ideas
– Deontological ideas
– Analogies
20
Example – Stopping Music
Piracy• You work for a music company and people are
pirating your music
– Supposed to only copy music files a limited number of
times
• Proposed technical solution
– Include a player on music CD’s that when installed,
also installs a superuser program
– Superuser program enforces copy limitations and
hides itself to prevent the user from removing it
• Is this an ethical approach?
Example – Collecting System
Info• Your application can experience problems
depending on the state of the user’s
system
– To better refine your app you could write a
second program that is installed with your app
that collects usage info, system info, and
anonymously sends this data to your server
– Programmers can analyze the received data
and make improvements
• Is this an ethical approach?
21
Case Study
• Peter and Allan, who both share the same office, are systems
designers at QBase, a company that specialisez in the development
of computer databases. Peter is a newly converted Muslim and is
committed to perform his prayers regularly. Unfortunately he is
having difficulty saying his prayer around 1:00 pm in the afternoon.
His prayer takes only 2-3 minutes and does not require any special
rituals or arrangements. He could offer his prayer in the office by
standing and facing in one direction and mutely reciting a few
verses, but he is afraid Allan might not feel comfortable about that.
He could offer his prayer at his house which is close by his office
but the return-trip takes usually 20-25 minutes and that time is taken
from work.
• What are relevant principles from the ACM or IEEE code of ethics?
Ethical Simulator
• http://seeri.etsu.edu/Ethics/EthicalSimulato
r/1024/index.html
22
Fictitional Case Study
• Derek Evans used to work for a small computer
firm that specializes in developing software for
management tasks. Derek was a primary
contributor in designing an innovative software
system for customer services. This software
system is essentially the "lifeblood" of the firm.
The small computer firm never asked Derek to
sign an agreement that software designed
during his employment there becomes the
property of the company. However, his new
employer did.
Software…
• Derek is now working for a much larger
computer firm. Derek's job is in the customer
service area, and he spends most of his time on
the telephone talking with customers having
systems problems. This requires him to cross
reference large amounts of information. It now
occurs to him that by making a few minor
alterations in the innovative software system he
helped design at the small computer firm the
task of cross referencing can be greatly
simplified.
23
Software…
• On Friday Derek decides he will come in early Monday
morning to make the adaptation. However, on Saturday
evening he attends a party with two of his old friends,
you and Horace Jones. Since it has been some time
since you have seen each other, you spend some time
discussing what you have been doing recently. Derek
mentions his plan to adapt the software system on
Monday. Horace asks, "Isn't that unethical? That system
is really the property of your previous employer." "But,"
Derek replies, "I'm just trying to make my work more
efficient. I'm not selling the system to anyone, or
anything like that. It's just for my use -- and, after all, I did
help design it. Besides, it's not exactly the same system -
- I've made a few changes."
Software
• What follows is a discussion among the
three of you. What is your contribution?
24
Software
• Derek installs the software Monday morning.
Soon everyone is impressed with his efficiency.
Others are asking about the "secret" of his
success. Derek begins to realize that the
software system might well have company-wide
adaptability. This does not go unnoticed by his
superiors. So, he is offered an opportunity to
introduce the system in other parts of the
company.
Software…
• Now Derek recalls the conversation at the party, and he
begins to wonder if Horace was right after all. He
suggests that his previous employer be contacted and
that the more extended use of the software system be
negotiated with the small computer firm. This move is
firmly resisted by his superiors, who insist that the
software system is now the property of the larger firm.
Derek balks at the idea of going ahead without talking
with the smaller firm. If Derek doesn't want the new job,
they reply, someone else can be invited to do it; in any
case, the adaptation will be made.
• What should Derek do now?
25
GM
• Charged with installing computer chips that resulted in
emitting excessive amounts of carbon dioxide from their
Cadillacs, General Motors agreed in December 1995 to
recall nearly 500,000 late-model Cadillacs and pay
nearly $45 million in fines and recall costs. Lawyers for
the Environmental Protection Agency and the Justice
Department contended that G.M. knew that the design
change would result in pollution problems. Rejecting this
claim, G.M. released a statement saying that the case
was "a matter of interpretation" of complex regulations,
but that it had "worked extremely hard to resolve the
matter and avoid litigation."
GM…
• According to EPA and Justice Department officials, the
$11 million civil penalty was the third largest penalty in a
pollution case, the second largest under such penalty
under the Clean Air Act, and the largest involving motor
vehicle pollution. This was also the first case of a court
ordering an automobile recall to reduce pollution rather
than to improve safety or dependability.
26
GM…
• Government officials said that in 1990 a new computer
chip was designed for the engine controls of Cadillac
Seville and Deville models. This was in response to car
owners complaints that these cars tended to stall when
the climate control system was running. The chips
injected additional fuel into the engine whenever this
system was running. But this resulted in tailpipe
emissions of carbon dioxide well in excess of the
regulations.
GM…
• Although the cars are usually driven with the climate control system
running, tests used for certifying the meeting of emission standards
were conducted when the system was not running. This was
standard practice for emission tests throughout the automotive
industry.
• However, EPA officials argued that, under the Clean Air Act, G.M.
should have informed them that the Cadillac’s design was changed
in a way that would result in violating pollution standards under
normal driving conditions. In 1970, the officials said, automobile
manufacturers were directed not to slip around testing rules by
designing cars that technically pass the tests but that, nevertheless,
cause avoidable pollution. G.M.’s competitors, the officials
contended, complied with that directive.
27
GM…
• A G.M. spokesperson said that testing emissions with
the climate control running was not required because, "It
was not in the rules, not in the regulations; it’s not in the
Clean Air Act." However, claiming that G.M. discovered
the problem in 1991, Justice Department environmental
lawyer Thomas P. Carroll objected to G.M.’s continued
inclusion of the chip in the 1992-5 models: "They should
have gone back and re-engineered it to improve the
emissions."
GM…
• In agreeing to recall the vehicles, G.M. said it now had a
way of controlling the stalling problem without increasing
pollution. This involves "new fueling calibrations," G.M.
said, and it "should have no adverse effect on the
driveability of the vehicles involved.“
• If you were a computer engineer working on this project
what ethical responsibilities would you have?
28
Reddit user, Violentacrez
• Slate.com– Gawker’s Adrian Chen revealed the real-life identity of one of
social news site Reddit’s most notorious users. Online, the man
known as Violentacrez has been active in such Reddit forums as
“Chokeabitch,” “Misogyny,” “Incest,” “PicsofDeadKids,” and
“Creepshots,” a subreddit that encouraged men to snap
sexualized stalker photos of women in public, then share them
online with creeps everywhere. IRL, Violentacrez is a 49-year-
old computer programmer at a Texas financial services company
named Michael Brutsch. His outing on Gawker has reopened a
longstanding debate surrounding anonymity, freedom of
expression, and harassment online.
Violentacrez
• Reddit… where the only community value more
important than saying whatever you want is not saying
who anyone else is…
• “Under Reddit logic, outing Violentacrez is worse than
anonymously posting creepshots of innocent women,
because doing so would undermine Reddit's role as a
safe place for people to anonymously post creepshots of
innocent women,” Chen wrote. After Chen outed the troll,
many subreddits banned all Gawker links.
• Does inappropriate behavior trump the right to privacy?