Ethical behaviour in software development
Ethics, as a branch of philosophy, has been around since Ancient Greek times and has been adopted in many spheres of life, including professional industries and practices, as a guide for moral behaviour. In fields such as medicine, ethical considerations are fairly straightforward – “do no harm” being the most prominent.
In terms of engineering, ethics was first adopted around 1912 by American engineering societies and followed the tune of providing services that are honest, impartial, fair and equal, which contribute to the protection of public safety, health and welfare. The ethical question of protecting the welfare of the public is clear enough in engineering disciplines like civil engineering, but what about younger disciplines such as software engineering, where the degree of contact between software engineers and members of the public is less apparent?
Ethical failings on the part of some IT industry bodies and the fringe participants therein, such as hackers and unregulated entities, are something regularly witnessed. From online fraud and DDOS attacks to Facebook violating privacy policies, ethical behaviour in software seems to be in dire need of further articulation and streamlining: “One code of conduct that applies to everything digital would be ideal,” states Moira de Roche, IFIP Board Director and IITPSA non-executive director, but in reality, what needs to be fostered is “a common understanding of integrity among professionals – both individually and as IT organisations”.
Computing professionals’ actions change the world, as expressly outlined by the International Federation for Information Processing’s (IFIP) Code of Ethics and Professional Conduct, and as such, ICT professionals should “positively contribute to society in ways that minimise unintentional ethical mistakes and maximise ethical opportunities”. This extends to instances of good and bad practice where failing to uphold industry-standard practices can lead to opportunities for unethical doings; for example, failure to update necessary security measures can lead to compromised data, making systems more vulnerable to hacking and cyber attacks. Maintaining best practices and bearing in mind the power ICT professionals hold in shaping society can ultimately help make the ICT industry more ethical overall.
Professional membership councils and bodies within industries help articulate and regulate Codes of Ethics, which in turn serve as guides for individual organisations when drafting their own Codes of Ethics. Within the software industry, the Association for Computing Machinery and the Institute of Electrical and Electronics Engineers were among the first to adopt a Code of Ethics and Professional Conduct in the 1990s, although the concept of computing ethics had been explored since the 1940s.
These bodies’ Codes contributed to the formation of dedicated research and regulatory bodies, such as the IFIP, which help more regional bodies, such as the Institute of Information Technology Professionals South Africa (IITPSA), formulate their own Codes of Ethics and in turn hold them accountable thereto. The IITPSA is recognised by SAQA and accredited with the IFIP’s International Professional Practice Partnership, a platform designed to help shape and implement policies set out to foster professionalism in the global ICT sector, which their own Code of Conduct is aligned to.
Such regulatory bodies then serve as guides to individual members, making membership with the IITPSA beneficial for ensuring industry standards and ethics are upheld through their Code of Ethics, their ‘global conscience of the profession’, which all members are held accountable to. Organisational Codes of Ethics stipulate what ethical and moral conduct is expected of members and employees across the organisation, in the form of ethical principles and practices.
On an organisational level, Codes of Ethics need to “give voice to an organisation’s values and inform ethical decision-making”, explains De Roche.
BBD CIO and IITPSA Professional CIO, Tony van der Linden, explains: “As stated in the BBD Code of Conduct, at BBD, we believe that acting ethically and responsibly is not only the right thing to do, but also the right thing to do for our business. Our Code, reinforced by our everyday behaviour, represents the blueprint for doing business the right way, and ‘business the right way’ can only be achieved when individuals act ethically and consistently within our Code, our policies and the law.”
The IITPSA Professional CIO (Pr.CIO) designation in South Africa recognises highly qualified and experienced CIOs at the pinnacle of their careers. The IITPSA Pr.CIO designation is awarded only to professionals who have gained extensive experience in the role of CIO, specifically recognising qualifications and experience in the role of the senior executive responsible for the interface between business and IT.
“Ethics comes down to individual decision-making. It is deciding on a day-to-day basis to not be an unethical person,” describes De Roche. “It’s about what is innately right and understanding that there are consequences to one’s actions.” As a leading software development firm, BBD believes that their reputation for acting ethically and responsibly is built one decision at a time, every day, by each of its people.
Recognising right from wrong and acting accordingly is ethics put into practice, and the collective understanding of an ethical code is what defines those ethical behaviours. Seeing through an “ethical lens” can help guide one’s decisions, especially in instances where direct involvement may not be the case, but turning a blind eye is the unethical decision to make. “Joining a professional body, like the IITPSA, for professional accountability, and subscribing to their Code of Ethics as a go-to when faced with difficult decisions, can help,” says Tony Parry, CEO of IITPSA. It is worth finding out if your organisation is a member of such a body, otherwise joining as an individual for your own professional accountability can help you keep abreast of developments within Codes of Ethics as the IT industry’s relationship to, and adoption of, ethics evolves.
In instances where the ethical choice is not necessarily the most obvious, such as with free-to-use code and open source software, attribution or acknowledgement may actually be required. This is where questioning the ethicality behind your use of the framework and respecting the framework for the value it adds to society, helps guide your decision. And when in doubt, it is advisable to ask for permission or for input, either from direct superiors or professional bodies.
As stated in the IFIP Code of Ethics and Professional Conduct: “Codes with fixed benchmarks are of little help in a rapidly changing ICT environment,” and as such, the Code is based on an aspirational model that sets ethical targets. This is helpful in an environment where technologies such as AI, machine learning and robotics are at play and questions such as ‘how do you punish a self-driving car for hitting a pedestrian?’ crop up. “Ethical considerations should be no different in the future,” explains De Roche. “Decision-making processes should remain the same, and professionals should remain fair and unbiased.”
“We need to be embodying and conveying the same ethics in devices and technologies with decision-making software,” De Roche reiterates. And this is more important now than ever for the people behind this technology, actively making decisions that impact the technology’s output.
“At BBD, we teach skills and instil a passion to work, grow and play in each of our people, but it is hard, if not impossible, to make unethical people ethical,” explains Van der Linden. “Our leaders are grown from those who understand this early on and demonstrate good ethics in their everyday choices, while excelling in and growing their own capabilities and assisting others on the same path. When building technology that may have the ability to make its own choice, such as AI, these are the people we want involved early on, doing the guiding and implementing the safeguards, just as they guide their own people.”
Being ethical should be innate to all of us, but in those moments when doing what’s right isn’t as clear as it seems, always look to your organisation’s Code of Ethics, your personal values and your fundamental function as a software engineer to contribute to society and human well-being overall.
- Your actions, whether direct or indirect, impact society and change people’s lives;
- Adhering to best practices wherever possible can help minimise the threat of unethical behaviour from others;
- Professional bodies have clearly identified and articulated Codes of Ethics that are helpful guides for acting ethically; and
- An ethical industry comes down to ethical organisations, and ethical organisations come down to ethical individuals. Always approach things with an ethical lens and when in doubt, ask.
Acknowledging that all people are stakeholders in computing and minimising the adverse impacts of technologies being integrated into almost every sector of society is a key responsibility of all ICT practitioners and should guide your professional practice and the decisions you make.
For more information on the IITPSA’s Codes of Behaviour, or how to become a member, visit www.iitpsa.org.za.
Reference: IFIP Ethics Task & Finish Group 2020