HW#1: Software Engineering Ethics   by Doug Smith das456@umkc.edu

CS451 – Software Engineering (Mike Johnson)

Although software engineering is one the youngest forms of engineering, it has a substantial impact on today’s global economy.  Although the other types of engineering such as electrical, chemical, and mechanical are all highly important and necessary for obvious reasons, they do not individually have as great of impact on the entire world economy as does software engineering.  The world as we know it has changed substantially in the last fifty years and no slow down seems to be on the horizon.  We have shifted from having one phone in the home to have four or five plus a cell phone as well.   We have shifted from having thousands of libraries to find information to having the entire world at our fingertips with the advent of the Internet.  In the past, if you wanted to participate in the stock market, you had to deal with a broker, discuss your options, then hand your money over and watch it grow.  Now…you can electronically transfer funds and buy a hundred shares of your favorite stock in the blink of an eye.  None of this as well as countless other things would even be possible if it were not for software engineers.  Software engineers have a code of ethics, which they are expected to follow just like lawyers, doctors, and accountants do.  The codes of ethics are in place to help ensure that software engineering remain a respected profession.  The ethics are broken down in to eight different principles, which can often act as a set of checks and balances.  Sometimes though, these principles can be contradictory and therefore be difficult if not impossible to follow precisely.  The latest revision of this code of ethics is version 5.2 as recommended by the IEEE-CS/ACM joint task force.  The full version of the software engineering code of ethics can be found at the following URL: http://www.computer.org/tab/seprof/code.htm.  There are several different scenarios that can illustrate how software engineers have to struggle to do the right thing for all parties involved.

One of the principles that software engineers have to pay close attention to now days is principle 1.03 that states that they must “approve software only if they have a well-founded belief that it is safe, meets specifications, passes appropriate tests, and does not diminish quality of life, diminish privacy or harm the environment”.  A contradiction lies within this ethic.  Take for example the software engineers that created the photo recognition software that England now uses for locating terrorists or potential terrorists The conflict arises if the software ultimately does more harm than good; harm in that the arsenal of cameras watching everyone’s every move strips the public privacy which principle 1.03 is supposed to uphold.  One could argue that as long as the correct authorities are the only ones who use the software, then the creation of the software is for the public good since it will hopefully reduce terrorism and improve the quality of life of thousands by giving them a stronger feeling of safety.  On the other hand, if the software got into the hands of some twisted people, they could potentially use it to hunt their next victim.  This kind of a contradiction is not always foreseeable by the software engineer, but regardless, the contradiction still exists after the fact.  This is why the software engineer should think carefully about his/her actions.  One way the photo recognition software could assuredly be used for the good of the public and not in some other malicious way, is to have extensive security measures in place to prevent wrongful use.  For example, some additional code could be added which forces the software to contact a remote location with an encrypted key over a private network frame-relay connection.  If the remote location cannot be contacted with the correct encrypted key, then the software could then simply disable itself.  By adding a simple layer of security as just described, principle 1.03 is upheld.  If the employees who actively use the software have extensive back ground checks run on them and are rotated out frequently, then the potential for wrongful use is almost eliminated.

The second principle states that software engineers are to “act in a manner that is in the best interest of their client”.  A large number of contradictions can arise from this principle due to the phrase “best interest”.  Best interest is going to be interpreted completely different from both sides of the table so to speak.  The client’s best interest (in the client’s mind) is typically to maximize profits by reducing expenses.  The client’s best interest (in the software engineer’s mind) could be to give them the best product possible.  Let’s say that a software engineer was working on a HR database which contains all the employees’ pay rates, health insurance information, 401k, etc. and the client wanted to store this database on a Windows 98 workstation since all of their servers were completely tapped out on drive space.  The software engineer tries to initially get the client to purchase a new server as well as a firewall to protect the sensitive information.  After the client refuses to spend the money to get the new server and firewall, the database is ultimately loaded on a Windows 98 workstation.  Aside from the fact that the database the client wanted actually worked and no additional hardware was necessary, did the software engineer actually protect the “best interest” of the client?  From the client’s point of view, the software engineer did just that, but will the client still feel that their “best interest” was protected when some hacker wipes out the very database in this scenario?  The way that this could be avoided would be for the software engineer to gather enough facts and statistics to back up the strong possibility of a network attack, especially if the client’s network was connected to the Internet in any way.  If enough historical data were to be presented to the client proving the true need for a dedicated server and firewall, then perhaps the client would have no choice but to get the needed equipment and thereby having their “best interest” fully protected.  If the software engineer did everything in their power to present a great need for protecting the sensitive information and the client still refused, then the software engineer had followed principle 2.06 and 2.07 by making them aware of the risks involved.  The software engineer would be best to get some kind of waiver signed by the client which states how they were well informed of the risks and take full responsibility of protecting the sensitive information involved, thereby relieving the software engineer of any liability.

Principle 3 of the software engineering code of ethics is designed to protect the integrity of the final product.  The overview description alone is open for contradictions.  Principle 3 states, “Software engineers shall ensure that their products and related modifications meet the highest professional standards possible”.  The contradiction arises in the phrase “highest professional standards possible”, because it can be interpreted several different ways.  First, the opinion of what is the “highest professional standards” could differ greatly.  What the client thinks is a highly professional product and what the software engineer thinks can be worlds apart.  Secondly, the contradiction hinges on the single word “possible”.  What is “possible” is going to vary on the project size, the amount of manpower devoted to the project, and the time frame allowed for the project.  Say for example a salesman for a consulting company (which has fallen on bad times) talks with a potential client who needs a program written, but he needs it done in 3 months in order to compete against his competitors.  Ordinarily the particular type of program that the client wants - takes 1 year to produce, but the eager salesman tries to “act in a manner that is in the best interest of the client” (principle 2) by telling them that it will not be a problem and that his company will do whatever it takes to get the job done.  First, the salesman (a former software engineer) is striving to give the client what principle 3 is based on – product, but in turn violating principle 3.01 which states how the software engineer must “strive for high quality, acceptable cost, and a reasonable schedule, ensuring significant tradeoffs are clear to and accepted by the employer and the client”.  Further, the salesman/former software engineer is clearly violating principle 3.09 which states that “realistic quantitative estimates of cost” be provided to the client.  Additionally the salesman/former software engineer is clearly violating principle 6.05, which states that software engineers should “not promote their own interest at the expense of the client”.  Even if there were enough people devoted to the project, the costs would be prohibitive, which would again violate principle 3.01 by not achieving an “acceptable cost”.  The salesman/former software engineer would be best in this scenario to turn the project down due to time limitations and ask the client to hopefully consider them in the future.  This action would not generate any immediate revenue, but it would at least protect the integrity and reputation of the consulting company.  One miserably failed project can put a small consulting company out of business if word gets around.  The money should never outweigh the ethics or commitment to producing a quality product.

Software engineering helps the world in so many different ways.  The goal is to always strive for improvement and to make the world a little bit better.  There are no real limits to how much contribution software engineering can provide the world.  The only limit is the imagination of those who are true software engineers.  Software engineers have a tough, often challenging job that can often put them in conflict in trying to “do the right thing”.  Just as many programs can be highly complex in nature, so can the social effects of the final product.  The code of ethics and professional practice is in place to assure that software engineering remain a respected profession – rightfully so.  Although contradictions can arise in various scenarios as described above, the software engineer must look at every project as though it is their last.  The software engineers must always strive to produce their best work, be true to themselves, be true to their employer, be true to the client and take a serious look at how their work can affect the public both short term and long term.