Ethics in Software Development

Many professionals like doctors, lawyers and police officers take oaths when they start their career or as part of their graduation ceremony, reminding themselves of the significant responsibilities vested in them and the importance of following moral principles while performing their job. Taking an oath does not prevent anyone from doing something that is wrong and that is not the point we are discussing here. The oath taking ceremony reminds how one’s action could impact another person’s life even if it is not illegal.

Morality or ethics in software development is a topic that is not discussed giving enough importance in academia or in work environments. The importance of technology in our life is immense and it is only going to be much more in the future. Philosophers like Yuval Noah Harari believe the next phase of human evolution is going to be influenced by biotechnology and artificial intelligence. When technology plays such an unparalleled role in our life, it is imperative that developers, testers, designers, product owners and everyone working in technology industry think about how their everyday work impacts end users.

It is not possible to list down all the actions that are right and that are not. Moreover, every business domain has got their own specific issues. For example, data privacy issues are more common in banking, telecom, healthcare etc. because they deal with customer sensitive information. Predictive and pattern recognition technologies, commonly used in recruitment industries, have to deal with discrimination against race and gender. On the first look, it might seem like some genuine bug or a feature that is yet to be completed in an upcoming sprint. However, when these issues affect people’s lives because we ignored to complete the tasks in order to release on time, these become serious ethical problems.

According to a Kaspersky Lab report, over 90% of data breaches in the cloud happen due to human error (read as bad practices). In one of the recent data breaches, NAB uploaded 13,000 customers’ personal details to two data service companies. It seems that the issue happened when the bank was doing data analytics using some unauthorized third party tools. The main issue here is that someone had access to production data to play around with and used some unlicensed third party tool.

In another infamous incident of 2019, two of Boeing 737 MAX flights crashed mainly due to a software (called MCAS) failure. MCAS was supposed to mitigate the aircraft’s tendency to pitch up and thus provide better stability. However, in the two incidents, MCAS was getting incorrect sensor data and pushed down the flights nose. There was a manual workaround provided for situations like these but that was not an effective one. Though there were a lot of other factors involved in these incidents, one of the questions we must ask ourselves as a software developer is whether we verify the workarounds before we propose those or we propose those simply based on our instincts. MCAS was delivered as a “last minute change” and there should not be any surprise if there was pressure on the teams to deliver the functionality and do the resiliency changes later. Boeing can put the blame on faulty sensors, pilots, etc. But whether they were morally right in giving a software feature that was not yet ready?

Most of the challenges we face as software developers in doing our job ethically root from two issues we have in our industry.

1. Fear of saying “NO” because you would look like the pessimistic person in the room. Chances are that you will get a “special” annual performance review or worst, you could be sacked like Amanda Wood was fired when she reported that Westpac could go in trouble for not having right software solutions in place to detect money laundering transactions.

2. Modern development practices that is geared towards faster production delivery often gives less priority for things that are not of immediate value. When people focus just on MVP it is difficult to convince why some of the “secondary features” are a must for the product launch. Also, with micro team sizes (Two Pizza team size) it is not possible to be an anonymous whistle blower as only one or two persons are usually responsible for a feature.

Solving these problems are not easy but there are some behavior or habit we could change to make things better.

1. Never be afraid to say “No” if you do not believe in something your team or company is doing. This can be about a new product requirement, a practice followed in the team about how data analysis is done, the way access is granted to team members, etc.
2. Ensure that Minimum Viable Product definition focuses not just on UI features but also on making a resilient and secure product. No one would release a Registration feature that captures user password in plain text in database thinking that they could add Hashing/Salting techniques to the backlog. This kind of thought process must be applied on all feature analysis.
3. Avoid any “last minute changes” that cannot go through the quality checks set by you/your team.
4. Do not encourage or praise anyone doing “heroic” changes like doing fixes directly in production.

Conclusion

Can we solve all the ethical problems we face by following a list of best practices? Answer is No. Every business domain and company is different and only you know what can be done differently to make sure that what you do for a living does not affect someone else’s. The intention of this post was just to remind people that we as an industry need to discuss more about ethics and how we can do our jobs morally. It is necessary because our jobs help people around us and also drive the future of mankind.