Dr. Rob Hasker SE 3800 Note 11 Ethics

What do you know? Image from New York Times

As reported by NYT on 2015-23-09: Pollution controls only on during inspection Car went into inspection mode based on steering wheel, run time, barometric pressure no turns during inspections On road, pollution controls disabled Vehicle produces up to 35 times the legal limit of nitrogen oxide EPA relies on manufacturers to test cars Only 10-15% of new cars tested in-house

A fraud uncovered Discovered by engineers at West Virginia University Issue found during road tests of vehicles which passed inspection As recently as Jan. 11 (NPR), Volkswagen CEO denied fraud Claimed it was a misinterpretation of American law Re-interview: they did “accept the violation” They claimed the cause was misinterpretation of information from EPA, CA dating back a decade What do you think? Settlements: buy back + $7-13k – $15-20 billion

Driving my Jeep wired.com: remote-control Cherokee:

Control windshield wipers, accelerator, transmission, locks by cell phone Only control steering when in reverse… Did Chrysler do anything wrong?

Sony’s Virus 2005: Sony wanted to reduce piracy They put an XCP program on 20 CDs including Van Zant, The Bad Plus, Neil Diamond, Celine Dion, etc. XCP ran when put disk in drive on Windows Goal: restrict # times disk can be copied Includes cloaking feature to hide all files starting with "$sys$" Virus writers can and have used this cloaking feature

Sony’s Virus Other ramifications Uninstaller released Runs constantly, consuming CPU System wouldn’t enter sleep mode Uninstaller released Requested via web form Web form installed downloader Downloader then installed fixer Easy to get downloader to install anything!

Issues Can Sony restrict # times item copied by owner? Weak protection Easily foiled: use Mac or hold shift key during insertion Installs software without permission What did Sony do wrong?

The SE Code of Ethics ACM & IEEE, 1997 Principle 1, Public Interest Software engineers shall act consistently with the public interest Accept full responsibility for work Moderate interests of employer against public Approve software only if it's safe and has been tested Disclose potential harms to the public Commun. ACM 40, 11 (November 1997), 110-118

Impact to public Does this mean developers must consider jobs lost to machines? World Economic Forum report: over half of all workplace tasks will be completed by machines by 2025 75 million jobs lost 133 million new jobs, but with retraining Fourth Industrial Revolution My thought: lost jobs are inevitable. We need a societal structure to address it. Maybe it’s not our job to fix the problem, but to publicize it!

Principle 2, Client and Employer Software engineers shall act in a manner that is in the best interests of their client and employer, consistent with the public interest Provide service in areas of competence Don't use software obtained illegally or unethically Keep confidential information private Unless, of course, to support principle 1! Don't collect company-wide email without authorization! Report time honestly

Principle 3, Product Software engineers shall ensure that their products and related modifications meet the highest professional standards possible ensuring appropriate goals, methods, standards, costs, schedule ensuring qualified to work on project Principle 4, JUDGMENT: Software engineers shall maintain integrity and independence in their professional judgment Endorse documents you believe in Don't engage in deceptive financial practices Disclose conflicts of interest

Principle 5, MANAGEMENT: Software engineering managers and leaders shall subscribe to and promote an ethical approach to the management of software development and maintenance providing good management consider skills when assigning work (but allow for growth!) make realistic estimates show respect for concerns about ethical issues for a project Principle 6, PROFESSION: Software engineers shall advance the integrity and reputation of the profession consistent with the public interest Promoting public knowledge of SE Stay current in SE best practices Report violations of the code

Principle 7, COLLEAGUES: Software engineers shall be fair to and supportive of their colleagues Assist in professional development Give credit where it's due Review objectively Principle 8, SELF: Software engineers shall participate in lifelong learning regarding the practice of their profession and shall promote an ethical approach to the practice of the profession

Review ACM/IEEE SE Code of Ethics Public Interest Client & Employer Product Judgment Management Profession Colleagues Self

Scenarios In-class exercise (in pairs): Pick two scenarios For each, identify multiple ways in which they violate the code (making reasonable assumptions) Graded: quality of explanation, analysis

1. Software Release A software development company has just produced a new software package that incorporates the new tax laws and figure taxes for both individuals and small businesses. The president of the company knows that the product probably has a number of bugs, but believes that the first firm to put this kind of software on the market is likely to capture the largest market share. The company widely advertises the program. When the company actually ships a disk, it includes a disclaimer of responsibility for errors resulting from use of the program. The company expects it will receive a certain number of complaints, queries, and suggestions for modifications. The company plans to use these to make changes and eventually issue updated, improved, and debugged versions. The president argues that this is general industry policy and that anyone who buys version 1.0 of a program knows this and will take proper precautions. Because of the bugs, a number of users filed incorrect tax returns and were penalized by the IRS.

2. Voting Machine Software Company XYZ has developed the software for a computerized voting machine. Company ABC, which manufacturers the machine, has persuaded several cities and states to purchase it; on the strength of these orders, it is planning a major purchase from XYZ. XYZ's software engineer Smith is visiting ABC one day and learns that problems in the construction of the machine mean that one in ten is likely to miscount soon after installation. Smith reports this to his/her superior, who informs him/her that this is ABC's problem, not XYZ's. Smith does nothing further to bring the problem to XYZ Company's attention.

3. Suspect Inputs A software developer was assigned the task of developing software to control a particular unit of a large system. Preliminary analysis indicated that the work was well within the state of the art, and no difficulties were anticipated with the immediate task. To function correctly, or to function at all, however, the software to be developed required inputs from other units in the system. Someone gave the software professional an article by an eminent software specialist that convinced the software professional that inputs from other units could not be trusted. Thus, neither the software being designed nor the unit the company was providing could correctly accomplish their task. The professional showed the article to his/her supervisor and explained its significance. The supervisor's response was "That's not our problem; let's just be sure that our part of the system functions properly." The software professional continued to work on the project as originally defined.

4. Marketing An enterprising programmer uses publicly available information stored in a variety of places or available for purchase from the Department of Motor Vehicles, mail order firms, and other sources to compile "profiles" of people (shopping habits, likely income levels, whether the family was likely to have children, etc.) The programmer sells the profiles to companies interested in marketing specialized products to niche markets. Some of the profiles are inaccurate, and the families now receive a large volume of unsolicited, irrelevant mail and telephone calls. They do not know why they are receiving more junk mail and calls, but they find the increase annoying. Other profiles were accurate and families are benefitting from receiving the sales materials.

5. Email Privacy The information security manager in a large company was also the access control administrator of a large electronic mail system operated for company business among its employees. The security manager routinely monitored the contents of electronic correspondence among employees and discovered that a number of employees were using the system for personal purposes. The correspondence included love letters, disagreements between married partners, plans for homosexual liaisons, and a football betting pool. The security manager routinely informed the human resources department director and the corporate security officer about these communications and gave them printed listings of them. In some cases, managers punished employees on the basis of the contents of the electronic mail messages. Employees objected to the monitoring of their electronic mail, claiming they had the same right of privacy as they had using the company's telephone system or internal paper interoffice mail system.

6. Failure to Deliver A project leader was given project responsibility to develop a customer billing and credit system for his employer, a large retail business. The project leader thought the budget and resources were adequate. However, the budget amount was expended before completion of the system. This project leader had continually warned management of impending problems, but was directed to finish the development as soon as possible and at the lowest cost. The project leader was forced by management to do this, foregoing many of the program functions, including audit controls, safeguards, flexibility, error detection and correction capabilities, automatic exception handling, and exception reporting. A "bare bones" system was installed. This project leader was told that all the omitted capabilities could be added in subsequent versions, after production of the initial system.   A difficult, expensive, and extensive conversion to the new system occurred. After the new system was in production, great problems arose. Many customers received incorrect and incomprehensible billings and credit statements and became outraged. The retail company was unable to correct errors or explain confusing system output. Fraud increased. Business and profits declined, and customers suffered much anguish and personal expense. The project leader was blamed for the losses. Evaluate project leader, management’s response