I shall respect the physical, mental and digital wellbeing of a person. I shall respect their personhood, both physical and digital. I shall do no harm, neither direct or indirectly. And I shall willingly assist those in need, wherever and whenever I can.
I say look no further than the Oath of the Engineer.
Sometimes the simplest is the best. There'll always be differences in everyone's moral fiber, but generally speaking, be professionial, be efficient, come up with a plan to build every project that comes your way, ybe willing to say "No" when everyone else wants you to say "Yes" when put in a position in opposition to the interests of the Public.
It'll change from country to country, but the essence of it is universal to the field of endeavor, and legalism should have nothing to do with it.
Note discretion is nowhere included in that except maybe implied in professional. That's intended; as Engineers, we all must be on guard for those building things harmful to the public, and be willing, if Fate deems it necessary to inform other Engineers of the danger, and educate the non-Engineer enough that they can come to a reasonable conclusion on the matter, even if they don't end up swinging the way we think they should.
For ours is a postion of systemic guardianship and stewardship of the Will, made manifest through artifice, of humanity. Every nut and bolt fastened, every line of code written, compiled, interpreted, and executed; every transmission, transaction, every automated task, and task left unautomated is another fold in the delicate structure of the societies in whose service we ply our trade.
1. The ethical decisions that happen in the industry aren't made by the software engineers.
2. The boundaries around those decision are very grey. Can I create a feature that breaches user's privacy? What if I don't build the feature but just write documentation for it? What if I do pure research but then my research is used for a morally questionable purpose by the company? What if my company does a bunch of shady things but not my department? What if my company respects its users but mistreats its employees? What if my company treats employess and users fairly but it's in a questionable industry like gambling for example? Or what if I make a game that's perfectly fine for most players but a small number of them get addicted to the point that it ruins their lives? And so on, these questions go on forever and it's not as straightforward as "do no harm".
These days a lot of doctors also cannot make independent decisions due to pressure from insurance companies, hospital board etc. Interesting to compare with software engineers.
Which would also mean that, by extension, a hippocratic oath only move the legal responsibility from the groups that make the decisions to the doctor, in a practical sense, right? Or am I missing something in the whole micro management style of thinking that is the modern medical system?
Wouldn't the first point also be applicable to the medical field? Decisions can be made by anyone but ultimately it's the practitioner's job to actually carry out those decisions and they are able to refuse.
While there is a certain amount of personal responsibility in the field, often component-wise construction limits the visibility of the systems ethics as a whole, and the higher level unethical strategy is not decided by an implementer
Many would argue this occurs in the medical field too - how ethical are the insurance companies of the US or the drugs companies of just about anywhere? (That being said, research is expensive and a national health system has its downsides too.)
> Can I create a feature that breaches user's privacy? What if I don't build the feature but just write documentation for it?
More pertinently, most of the time: What if I think that feature would be a net-positive for everyone? There obviously cases where a product literally couldn't exist without collecting user data, and so long as they're up-front about it, I'm fine with that. It's sneaky data collection that's the problem.
That first point could be a case for a code of ethics, not against one.
Right now decision makers tell you to build the thing, and you speak up saying that seems sketchy, but you both don’t know what the people who don’t speak up think. You are told to conform or leave.
With a code of ethics, they tell you to build the thing and you say it’s against your industry’s code of ethics, and you both know that applies to everyone. They can’t tell you to change your profession’s code of ethics, so you have a stronger position.
>That first point could be a case for a code of ethics, not against one.
It is most loudly a case for a union.
But if you don't like that word, how about an AMA-like or state bar like association to which you pay dues, are subject to ethical review, and where sanction impacts your right to work? Doctors and lawyers self-regulate in this way to our great collective benefit.
Well, anyone who is a member of a professional society (ACM, IEEE, etc.) or has a professional certification (PMI's PMP certification) has already agreed to abide by their respective Codes of Ethics by virtue of being an accredited member. In theory, people can be stripped of their membership or certification if it's reported although I doubt that ever happens in practice.
> The ethical decisions that happen in the industry aren't made by the software engineers.
Software engineers decide whether to participate in or enable them, just like other professionals with codes of ethics that work in supporting or advisory roles for employers/clients. Other professions that do this have real codes of ethics, so this reason is BS.
> The boundaries around those decision are very grey.
And they aren't in law? Medicine? Again, that doesn't prevent a real code of ethics.
What does prevent such a thing from meaningfully existing for software engineering is the fact that it's not a regulated profession with a professional licensing and enforcement body.
> What does prevent such a thing from meaningfully existing for software engineering is the fact that it's not a regulated profession with a professional licensing and enforcement body.
You're mixing up the Hippocratic oath with actual standards and regulation on practitioners. The Hippocratic Oath is only a tradition. It just happens to overlap to some extent with the actual enforceable laws for medical malpractice.
1. However, the SW engineer is the one who actually executes the decisions, and they can refuse (and for example in cases when the decisions are illegal, they are actually required to refuse), and in extreme cases even quit the job. Ethical judgment of this of course depends on situation, for example whether they can handle the loss of income, however, at least in my country, there are lots of free job openings in IT, and switching jobs is very easy.
> at least in my country, there are lots of free job openings in IT, and switching jobs is very easy.
Subtract all the companies that you can't work for due to ethical reasons and you might be surprised by how bad the job market in your country looks like.
That's an interesting starting point, though I do see some potential issues, especially in the human rights provision. Namely, who defines human rights? The UN has its own definition that has received some attention (and indeed, it appears this is the definition used), but it defines things such as social security, paid time off, food, clothing, housing, and a whole laundry list of other things; I along with some others scorn the UN's concept of rights because I don't believe one can possess a positive right.
So we reach the age-old question of, "Who decides?"
Another potential problem is the mention of promoting "equitable relationships". While this may be confusion due to translation, "equitable" has recently been taken to mean equal in outcome, which I will never actively encourage.
The "ethicality" of any given program is a non-trivial semantic property. It follows that any software engineering "Hippocratic Oath" is an undecidable concept.
There's lots of good things mentioned so far. I'd like to add something to the effect of -
"I shall not attempt to manipulate user behaviour in order to increase revenue or metrics. The usage of my product shall be driven entirely by the user's conscious and deliberate desire to engage with it."
Yeah, I know — it's vague and completely unrealistic. Still... a man can dream.
Advertising doesn't have to be manipulative. If advertising went missing overnight, we would have quickly noticed that it also serves another function: informative.
I find it sad that advertising implies manipulation outright.
No cute company logos and no photos or adjectives in descriptions of products. Everything is manipulation at some level. Amazon would need to be a blank search page, and you’d have to tell it exactly what you want, and the only thing it could say back is “no” or “yes” and the price.
I can see how my comment could be interpreted to mean no advertising at all but that wasn't my intent. I was more thinking about how apps surreptitiously manipulate your engagement (frequency + duration) with them.
On the point of advertising though, if advertising focused entirely on factual information around features and benefits, I'd consider that a win. Kind of like how it used to be before Edward Bernays and similar thinkers came along.
Yeah, the problem is not that these codes of ethics don't exist, it is that it is nearly impossible for them to become a requirement for software development. You would have to change the entire legal landscape of software including certifying and licensing developers as well as banning a lot of hobbyist open source development in order for these code of ethics to be anything more than voluntary. And anyone who is willing to voluntary agree to a code of ethics probably wasn't the person who was doing ethically questionable work anyway.
I am a strong proponent of software ethics being taught in schools, but I don't think an Hippocratic type oath makes any sense in our profession.
I thought about it a lot, and i really can't see a way. Being an independent developer or running a custom development company we all always face the problem of building knowingly hopeless software: that cannot exist, targets nonexistent market, and is built for a client who with full confidence unable to make any benefit out of it - Dunning-Kruger effect being on our side. I spent my entire career seeing stuff built which shouldn't be built because it makes no sense, from ICQ clones in 2000 to Chatroulette clones in 2010 to Tik-Tok clones in 2020. And i can't see any probable way out of it: pick projects that make even the remote semblance of sense and you have to work for much smarter clients -> won't make any money...
While I think an effective code of ethics is essential at this point, I think broader professional practices, organisations and boards will have a larger impact on the field and the perception of the field to others.
I'm surprised no one (including the IEEE and NPSE, linked in another comment) has mentioned that software engineers should be responsible for disclosing knowledge of any data breaches (and probably security vulnerabilities) that they know about. This would be at the top of my list.
And the actual translation for reference from the wiki link:
--
I swear by Apollo Healer, by Asclepius, by Hygieia, by Panacea, and by all the gods and goddesses, making them my witnesses, that I will carry out, according to my ability and judgment, this oath and this indenture.
To hold my teacher in this art equal to my own parents; to make him partner in my livelihood; when he is in need of money to share mine with him; to consider his family as my own brothers, and to teach them this art, if they want to learn it, without fee or indenture; to impart precept, oral instruction, and all other instruction to my own sons, the sons of my teacher, and to indentured pupils who have taken the Healer’s oath, but to nobody else.
I will use those dietary regimens which will benefit my patients according to my greatest ability and judgment, and I will do no harm or injustice to them.[7] Neither will I administer a poison to anybody when asked to do so, nor will I suggest such a course. Similarly I will not give to a woman a pessary to cause abortion. But I will keep pure and holy both my life and my art. I will not use the knife, not even, verily, on sufferers from stone, but I will give place to such as are craftsmen therein.
Into whatsoever houses I enter, I will enter to help the sick, and I will abstain from all intentional wrong-doing and harm, especially from abusing the bodies of man or woman, bond or free. And whatsoever I shall see or hear in the course of my profession, as well as outside my profession in my intercourse with men, if it be what should not be published abroad, I will never divulge, holding such things to be holy secrets.
Now if I carry out this oath, and break it not, may I gain for ever reputation among all men for my life and for my art; but if I break it and forswear myself, may the opposite befall me.[6] – Translation by W.H.S. Jones.
Any opinions on the matter completely ignore the fact that the software engineers are NOT the shot callers.
And the fact that changing jobs -- in case you have an ethical disagreement with your employer -- is awful abs hugely taxing on both your physical and mental health. And yes, that goes to programmers as well. It ain't all sunshine and rainbows as many claim.
In short: having an ethical code is irrelevant. It will be overridden by the business anyway so why waste your time composing it?
For traditional engineering disciplines, we have one already!
I am an Engineer. In my profession, I take deep pride. To it, I owe solemn obligations.
As an engineer, I pledge to practice integrity and fair dealing, tolerance and respect, and to uphold devotion to the standards and dignity of my profession. I will always be conscious that my skill carries with it the obligation to serve humanity by making the best use of the Earth's precious wealth.
As an engineer, I shall participate in none but honest enterprises. When needed, my skill and knowledge shall be given, without reservation, for the public good. In the performance of duty, and in fidelity to my profession, I shall give my utmost.
Security researchers act in a very ethical manner.
Product engineers are, in average, the most unethical of the bunch: the ones that will release broken software and charge the customer as if it was finished, the ones that will wait for the customer to find bugs before fixing them, the ones that will market their software as safe and fill their page with words like "secure, safe" and security related imagery like lock icons without actually backing it up with good practices... etc.
Turns out I wrote one a few months ago. This is its first outing. I just put it there without accompanying explanations, so it may seem a bit obscure. And it is clearly unfinished, if finishable. It is more a moral code in the sense of the ten commandments. And I am not native english speaker. So here it is:
Do not make computer programs that force humans into repetitive tasks. Computers are made for automating tasks, not enslaving humans.
Do not pass onto users a responsibility that is on the program side.
When the user has a responsibility, make it clear. The computer program must warn users when their input could cause a valid output for which they would be held responsible.
Programs must never silently fail.
Once users have used a computer program, you must not remove it from them, render it useless or make it available at a price higher than agreed beforehand. Once users have used a feature of a computer program, you must not remove it, hide it from them or make it available at a price higher than agreed beforehand.
Programs must not override users inputs solely based on a probability of them being wrong.
Users can always override program outputs that are based on probability or incomplete information.
You must document all the features of the computer program accurately and make the documentation available to all users. Documentation is written in good faith.
Documentation must at a minimum describe the program inputs and the valid program outputs. If the output is based on probability, the documentation must explicit the probability for the program giving a valid output, and the probabilities of giving whatever invalid output.
When the program performance varies between users, any user can obtain the program performance in his/her particular case.
Every citizen is a user of a computer program used for law enforcement. Every citizen is a user of a computer program operating in the public space. Every citizen is a user of a program collecting its inputs.
No program shall force a human into repetitive tasks.
"Computers are made for automating tasks, not enslaving humans."
A program must not require inputs from a user, that have no effect on the output.
"No deceptive programs."
A program must warn the user when its inputs are ignored.
"Split of responsibility."
A Program must never silently fail.
A program is provided to a user at a predetermined price. It cannot subsequently be removed from the user without its consent, made to produce invalid outputs, rendered useless or less valuable.
"Programs do not wear and cannot be used to extort money from users."
Programs must not ignore users inputs solely based on a probability of them being wrong.
"Unusual input is not necessarily invalid"
Users can always override program outputs that are based on probability or incomplete information.
"In autonomous vehicles, justice, profiling"
Documentation for the program must be provided to the user. It is written in good faith, describes all the features, the program inputs, and the valid outputs.
If the program output is based on probabilities, the documentation must explicit the probability for the program to give a valid output.
When program performance varies between users, a user can know the probability of a valid output in its case.
A human providing inputs to a program, voluntarily or involuntarily, is a user of said program.
"And as such has access to documentation".
63 comments
[ 4.5 ms ] story [ 90.3 ms ] threadDo not create hidden/activated functions.(Think of VW diesel scandal, or other triggered back doors).
Respect peoples privacy.
Sometimes the simplest is the best. There'll always be differences in everyone's moral fiber, but generally speaking, be professionial, be efficient, come up with a plan to build every project that comes your way, ybe willing to say "No" when everyone else wants you to say "Yes" when put in a position in opposition to the interests of the Public.
It'll change from country to country, but the essence of it is universal to the field of endeavor, and legalism should have nothing to do with it.
Note discretion is nowhere included in that except maybe implied in professional. That's intended; as Engineers, we all must be on guard for those building things harmful to the public, and be willing, if Fate deems it necessary to inform other Engineers of the danger, and educate the non-Engineer enough that they can come to a reasonable conclusion on the matter, even if they don't end up swinging the way we think they should.
For ours is a postion of systemic guardianship and stewardship of the Will, made manifest through artifice, of humanity. Every nut and bolt fastened, every line of code written, compiled, interpreted, and executed; every transmission, transaction, every automated task, and task left unautomated is another fold in the delicate structure of the societies in whose service we ply our trade.
I shall forego code of conduct for the users of my code and let them behave freely.
Engineering oppression through biometrics, addiction, intruding privacy, etc.
1. The ethical decisions that happen in the industry aren't made by the software engineers.
2. The boundaries around those decision are very grey. Can I create a feature that breaches user's privacy? What if I don't build the feature but just write documentation for it? What if I do pure research but then my research is used for a morally questionable purpose by the company? What if my company does a bunch of shady things but not my department? What if my company respects its users but mistreats its employees? What if my company treats employess and users fairly but it's in a questionable industry like gambling for example? Or what if I make a game that's perfectly fine for most players but a small number of them get addicted to the point that it ruins their lives? And so on, these questions go on forever and it's not as straightforward as "do no harm".
More pertinently, most of the time: What if I think that feature would be a net-positive for everyone? There obviously cases where a product literally couldn't exist without collecting user data, and so long as they're up-front about it, I'm fine with that. It's sneaky data collection that's the problem.
Right now decision makers tell you to build the thing, and you speak up saying that seems sketchy, but you both don’t know what the people who don’t speak up think. You are told to conform or leave.
With a code of ethics, they tell you to build the thing and you say it’s against your industry’s code of ethics, and you both know that applies to everyone. They can’t tell you to change your profession’s code of ethics, so you have a stronger position.
It is most loudly a case for a union.
But if you don't like that word, how about an AMA-like or state bar like association to which you pay dues, are subject to ethical review, and where sanction impacts your right to work? Doctors and lawyers self-regulate in this way to our great collective benefit.
How can you make an oath when "copying might be fraud, but maybe not" it's a thing?
Effectively true, but your reasons are wrong:
> The ethical decisions that happen in the industry aren't made by the software engineers.
Software engineers decide whether to participate in or enable them, just like other professionals with codes of ethics that work in supporting or advisory roles for employers/clients. Other professions that do this have real codes of ethics, so this reason is BS.
> The boundaries around those decision are very grey.
And they aren't in law? Medicine? Again, that doesn't prevent a real code of ethics.
What does prevent such a thing from meaningfully existing for software engineering is the fact that it's not a regulated profession with a professional licensing and enforcement body.
You're mixing up the Hippocratic oath with actual standards and regulation on practitioners. The Hippocratic Oath is only a tradition. It just happens to overlap to some extent with the actual enforceable laws for medical malpractice.
Subtract all the companies that you can't work for due to ethical reasons and you might be surprised by how bad the job market in your country looks like.
So we reach the age-old question of, "Who decides?"
Another potential problem is the mention of promoting "equitable relationships". While this may be confusion due to translation, "equitable" has recently been taken to mean equal in outcome, which I will never actively encourage.
"I shall not attempt to manipulate user behaviour in order to increase revenue or metrics. The usage of my product shall be driven entirely by the user's conscious and deliberate desire to engage with it."
Yeah, I know — it's vague and completely unrealistic. Still... a man can dream.
1. Most developed countries allow for some freedom of expression which rules out banning advertising outright.
2. Advertising is generally effective in the sense that it increases sales to some extent.
So as soon as just one player in a market starts advertising (which can't be prevented), everyone else has to do it too just to keep up.
I find it sad that advertising implies manipulation outright.
On the point of advertising though, if advertising focused entirely on factual information around features and benefits, I'd consider that a win. Kind of like how it used to be before Edward Bernays and similar thinkers came along.
https://en.wikipedia.org/wiki/Edward_Bernays
- Don't create software you don't want to work.
While they have a slightly different goal, the content could be a very useful reference for actual guideline.
I am a strong proponent of software ethics being taught in schools, but I don't think an Hippocratic type oath makes any sense in our profession.
https://en.wikipedia.org/wiki/Hippocratic_Oath
--
TL;DR:
Respect and look after my mentors.
Teach my art for free to those following this oath; but not to others.
Do the best job I can according to my ability and judgement.
Always work in an ethical way; do no evil.
Respect privacy.
--
I swear by Apollo Healer, by Asclepius, by Hygieia, by Panacea, and by all the gods and goddesses, making them my witnesses, that I will carry out, according to my ability and judgment, this oath and this indenture.
To hold my teacher in this art equal to my own parents; to make him partner in my livelihood; when he is in need of money to share mine with him; to consider his family as my own brothers, and to teach them this art, if they want to learn it, without fee or indenture; to impart precept, oral instruction, and all other instruction to my own sons, the sons of my teacher, and to indentured pupils who have taken the Healer’s oath, but to nobody else.
I will use those dietary regimens which will benefit my patients according to my greatest ability and judgment, and I will do no harm or injustice to them.[7] Neither will I administer a poison to anybody when asked to do so, nor will I suggest such a course. Similarly I will not give to a woman a pessary to cause abortion. But I will keep pure and holy both my life and my art. I will not use the knife, not even, verily, on sufferers from stone, but I will give place to such as are craftsmen therein.
Into whatsoever houses I enter, I will enter to help the sick, and I will abstain from all intentional wrong-doing and harm, especially from abusing the bodies of man or woman, bond or free. And whatsoever I shall see or hear in the course of my profession, as well as outside my profession in my intercourse with men, if it be what should not be published abroad, I will never divulge, holding such things to be holy secrets.
Now if I carry out this oath, and break it not, may I gain for ever reputation among all men for my life and for my art; but if I break it and forswear myself, may the opposite befall me.[6] – Translation by W.H.S. Jones.
And the fact that changing jobs -- in case you have an ethical disagreement with your employer -- is awful abs hugely taxing on both your physical and mental health. And yes, that goes to programmers as well. It ain't all sunshine and rainbows as many claim.
In short: having an ethical code is irrelevant. It will be overridden by the business anyway so why waste your time composing it?
I am an Engineer. In my profession, I take deep pride. To it, I owe solemn obligations.
As an engineer, I pledge to practice integrity and fair dealing, tolerance and respect, and to uphold devotion to the standards and dignity of my profession. I will always be conscious that my skill carries with it the obligation to serve humanity by making the best use of the Earth's precious wealth.
As an engineer, I shall participate in none but honest enterprises. When needed, my skill and knowledge shall be given, without reservation, for the public good. In the performance of duty, and in fidelity to my profession, I shall give my utmost.
https://en.wikipedia.org/wiki/Order_of_the_Engineer#Oath
Product engineers are, in average, the most unethical of the bunch: the ones that will release broken software and charge the customer as if it was finished, the ones that will wait for the customer to find bugs before fixing them, the ones that will market their software as safe and fill their page with words like "secure, safe" and security related imagery like lock icons without actually backing it up with good practices... etc.
Do not make computer programs that force humans into repetitive tasks. Computers are made for automating tasks, not enslaving humans.
Do not pass onto users a responsibility that is on the program side.
When the user has a responsibility, make it clear. The computer program must warn users when their input could cause a valid output for which they would be held responsible.
Programs must never silently fail.
Once users have used a computer program, you must not remove it from them, render it useless or make it available at a price higher than agreed beforehand. Once users have used a feature of a computer program, you must not remove it, hide it from them or make it available at a price higher than agreed beforehand.
Programs must not override users inputs solely based on a probability of them being wrong.
Users can always override program outputs that are based on probability or incomplete information.
You must document all the features of the computer program accurately and make the documentation available to all users. Documentation is written in good faith.
Documentation must at a minimum describe the program inputs and the valid program outputs. If the output is based on probability, the documentation must explicit the probability for the program giving a valid output, and the probabilities of giving whatever invalid output.
When the program performance varies between users, any user can obtain the program performance in his/her particular case.
Every citizen is a user of a computer program used for law enforcement. Every citizen is a user of a computer program operating in the public space. Every citizen is a user of a program collecting its inputs.
No program shall force a human into repetitive tasks. "Computers are made for automating tasks, not enslaving humans."
A program must not require inputs from a user, that have no effect on the output. "No deceptive programs."
A program must warn the user when its inputs are ignored. "Split of responsibility."
A Program must never silently fail.
A program is provided to a user at a predetermined price. It cannot subsequently be removed from the user without its consent, made to produce invalid outputs, rendered useless or less valuable. "Programs do not wear and cannot be used to extort money from users."
Programs must not ignore users inputs solely based on a probability of them being wrong. "Unusual input is not necessarily invalid"
Users can always override program outputs that are based on probability or incomplete information. "In autonomous vehicles, justice, profiling"
Documentation for the program must be provided to the user. It is written in good faith, describes all the features, the program inputs, and the valid outputs.
If the program output is based on probabilities, the documentation must explicit the probability for the program to give a valid output.
When program performance varies between users, a user can know the probability of a valid output in its case.
A human providing inputs to a program, voluntarily or involuntarily, is a user of said program. "And as such has access to documentation".