Professional ethics and computer systems

By Tom Worthington FACS HML

For the ANU Perspectives on Computing (COMP1200)

Updated version now available.

Contents

  1. Introduction
  2. Professional Conduct
  3. Safety
  4. Security
  5. Violent Games
  6. The Client
  7. Conclusion
  8. See also

Introduction

Information Technology is a practical discipline. We build computer systems because they are useful. Ethics can help build better computer systems.

Here is an ethics question for you: Your university hosts an Internet mailing list for librarians discuss use of the Internet. Lawyers demand that a posting to the list be removed saying it gives the impression their client supports child pornography. When you check, there is a posting, but it is years old and taken in context it seems fair comment. But the lawyers argue that when the average person finds this specific posting with a web search, they aren't getting the context.

What do you do? Delete any trace of the posting, thus falsifying the public record? Replace the posting with a note saying why it was deleted? Insert a correction? Invite the aggrieved part to place a correction? Tell them to go away?

This may seem a far fetched example, but is real, current and involves this university:

A government department is trying to change history by pressuring a university to erase an internet discussion from almost three years ago.

The comments, made in an internet newsgroup in July 2000 and now archived on computers at the Australian National University, suggested the department's computers contained links to child pornography.

The South Eastern Sydney Area Health Service, which discovered the comments in October 2002, rejects the allegations as untrue and is fighting to have the comments wiped from the computer archives.

Internet feud as health service pushes to delete past, Sue Lowe, Sydney Morning Herald, 17 May 2003, URL: http://smh.com.au/articles/2003/05/16/1052885399561.html

I am a member of the Link mailing list and was asked for advice on what to do. What would you do if you ran this system? How would you decide what to do? The Linker's did what they usually do and discussed the issue on-line.

Ten years ago ethical issues for IT professions were rare. You might not have to address a serious issue in your career. The Internet has made IT much more visible and ethical issues common.

Conduct and Practice

The ACS has a Code of Professional Conduct and Professional Practice, incorporating a code of ethics which requires all members to act with professional responsibility and integrity. The code is only binding on members of the ACS. But other profession bodies have similar codes. Courts and other tribunals will use such codes when considering your actions, if you carry out IT work.

Essentially the profession has a contract with the community: in return for governing our members we will protect the public interest.

The code goes into more detail on points in the ACS Code of Ethics:

  1. The Public Interest
  2. Integrity
  3. Confidentiality
  4. Objectivity and Independence
  5. Competence
  6. Keeping Up-To-Date
  7. Subordinates
  8. Responsibility to your Client
  9. Promoting Information Technology
  10. The Image of the Profession and the Society

Each individual professional must decide the correct ethical course in each case. You may have to act against the directions of your superiors to act legally, or against the law to act ethically. Being a member of a professional body, can help. But ultimately it is for you to decide.

Some examples

Safety critical systems: Averting the end of the world

A truncation error has occurred in a critical situation, causing extensive damage and loss of life. Who is liable, if anyone?

From: Computer Science - an overview, 7th Edition, by J. Glenn Brookshear, Addison Wesley, 2003, URL: http://occawlonline.pearsoned.com/bookbind/pubbooks/brookshear_awl/

Had to follow my own edict

This issue arose for Y2K in 2000. There was the possibility of massive computer failure causing anything up to the end of the world. Or was there? Who should do what?

In one of life's ironies, I first issued an edict to IT professionals when I was President of the ACS, then found myself as Director of Technical Issues for Y2K at the Defence Department and had to follow my own edict:

"Media hype aside, the Year 2000 problem poses a serious risk to all computer-based systems and all IT professionals have an obligation to assess and report the extent of the problem in all systems for which they are responsible," said ACS President, Tom Worthington.

"Any ACS member who fails to take appropriate action on Year 2000 is in breach of the ACS Code of Professional Conduct and Practice. Lack of knowledge, resources, or authority to act is not a valid defence and they can be charged with professional misconduct under the rules of the Society, as well as facing possible civil or criminal proceedings."

From: ACS Calls for Greater Cooperation on Year 2000, 14 July 1997, URL: http://www.acs.org.au/news/y2k.htm

Y2K overstated?

The general view post-Y2K was that the problem was vastly overstated. Even so part of the US military satellite system failed with a Y2K bug:

At midnight GMT on Friday, a US spy satellite system was hit by the computer bug as a ground-control station lost its ability to process the information streaming in from space...

From US satellites safe after Y2K glitch, BBC News, 3 January, 2000, 22:12 GMT, URL: http://news.bbc.co.uk/1/hi/world/americas/589836.stm

While Russia was launching ballistic missiles:

The most dramatic event, an announcement by the US military that it had detected the launch of three Russian missiles, turned out to be unrelated to the Y2K bug. Russian officials confirmed that the Scud missile launches were part of its ongoing conflict with rebels in Chechnya.

From Y2K bug fails to bite, BBC News, 1 January, 2000, 10:48 GMT, URL: http://news.bbc.co.uk/1/hi/sci/tech/585013.stm

Techniques for Breaking Security

... Is it ethical to advertise and circulate techniques for breaking security? Does it matter what is being broken into? ...

From: Computer Science - an overview, 7th Edition, by J. Glenn Brookshear, Addison Wesley, 2003, URL: http://occawlonline.pearsoned.com/bookbind/pubbooks/brookshear_awl/

Computer Emergency Response Team for Australia

What do you do when you find a security hole in the Internet? Rush out and tell everyone so it can be fixed? Tell no one in case someone exploits it? One easy answer is to tell AusCert:

AusCERT is the national Computer Emergency Response Team for Australia and New Zealand and a leading CERT in the Asia/Pacific region. AusCERT maintains a world recognised reputation and trusted contact network of computer security experts around the world and provides prevention, response and mitigation strategies for members.

From: AusCERT Home Page, 2003, URL: http://www.auscert.org.au/

Violent Computer Games

... Should children's access to violent computer games be restricted? If so, how and by whom?...

From: Computer Science - an overview, 7th Edition, by J. Glenn Brookshear, Addison Wesley, 2003, URL: http://occawlonline.pearsoned.com/bookbind/pubbooks/brookshear_awl/

ACS on Regulation of the Internet

The issues to do with computer games are similar to those for Internet access. On several occasions, starting in 1995 I had to appear before Senate committees to present the ACS's position:

  1. Dialogue must encouraged between public policy makers and the on-line community to discuss workable solutions to controlling potentially offensive information ...

  2. Pre-classification of Internet material, as is done for film censorship, is unworkable,

  3. Existing laws on liability for speech and information should be revised ... to be technology neutral,

  4. Information carriers should not be held responsible for content which they are no involved in the production of,

  5. Internet software authors should be encouraged to add blocking and monitoring facilities for parents ...

  6. An education campaign on safe use of the Internet, should be conducted for parents and children,

  7. Codes of conduct for system operators should be encouraged.

From: Submission on the Regulation of the Internet, ACS, 1995, URL: http://www.tomw.net.au/sen2sub1.html

Most of these points were adopted. Perhaps the most interesting part of the process was educating the Senators in what the Internet was and how they could use it.

Who is the Client?

... client may wish to cut corners for the sake of efficiency, but the professional may foresee a potential source of erroneous data or misuse of the system if those shortcuts are taken. If the client insists, is the professional free of responsibility? ...

From: Computer Science - an overview, 7th Edition, by J. Glenn Brookshear, Addison Wesley, 2003, URL: http://occawlonline.pearsoned.com/bookbind/pubbooks/brookshear_awl/

SOCOG Case

Before working out how much notice you have to take of the client, who is the client? An extreme example is in giving evidence as an expert witness in a court case. One case I was involved with is public and can be used as an example:

... Mr Worthington... proceeded to an assessment on the basis of assumptions which in his view were reasonable. ... There is no satisfactory basis for the Commission rejecting as unacceptable the view of these two very experienced experts on matters relating to the World Wide Web. ...

Accordingly, the complaint is substantiated and it is proper for the Commission to make the following determination pursuant to s.103(1) of the DDA:

1. A declaration that the respondent has engaged in conduct that is unlawful under section 24 of the DDA in that it has provided for the use of the complainant a web site which because of his blindness is to a significant extent inaccessible. ...

Bruce Lindsay Maguire v Sydney Organising Committee for the Olympic Games, Human Rights and Equal Opportunity Commission, Disability Discrimination Act 1992, William Carter QC, No. H 99/115, 24 August 2000, URL: http://www.hreoc.gov.au/disability_rights/decisions/comdec/2000/DD000120.htm

An expert witness assists the Court

An expert witness is usually paid by one party, but is supposed to work for the court, not the people paying them:

1.1 An expert witness has an overriding duty to assist the Court on matters relevant to the expert's area of expertise.
1.2 An expert witness is not an advocate for a party.
1.3 An expert witness's paramount duty is to the Court and not to the person retaining the expert.

From: Guidelines for Expert Witnesses in Proceedings in the Federal Court of Australia, Chief Justice, 19 March 2004, URL: http://www.fedcourt.gov.au/how/prac_direction.html

For more see "The accidental expert witness", Tom Worthington, Information Age Magazine, December 2005.

Saving the world via the web

After the December 2004 Asian Tsunami I volunteered to help develop a free Open Source software system called "Sahana" for web based disaster management. My role was limited to suggesting how the system could be adapted for PDAs, mobile telephones and other low bandwidth small screen devices. The Sahana developers have discussed extending the system to help developing nations deal with a bird flu outbreak.

Sahana home page

Sahana home page in Chinese

Translated on a mobile phone

Sahana home page

Sahana home page in Spanish on a mobile phone

This work was clearly within my area of expertise, based on previous work on web interfaces. There were other volinteers to check, accept or reject my suggestions. However, more recently I was approached by a United Nations agency and asked to build a complete emergency system for a developing nation. Clearly parts of such a project are within my area of expertise and others not.

Ethics Research

The ACS sponsors and supports research and publishing on computer ethics.

The ACS has partnered with the Australian Government's Australian Research Council (ARC) the Centre of Applied Philosophy and Public Ethics (CAPPE) and its membership universities to fund a $900k research program assessing ethics and regulation in the ICT industry. ...

The study is the first planned analysis of how a work environment influences ethical behavior within the ICT sector. Privacy, autonomy and enforcement issues are just some of the hot topics that will be on the radar during the significant three year study.

The primary outcome of the study is the creation of a practical and professional ethical and regulatory model that could become a quality standard across the industry here and overseas. Other potential outcomes of the program include:

From: "The ACS & ACS Foundation announces globally ground-breaking research into ICT ethics & regulation", ACS media Release, 17 February 2005, url: http://www.acs.org.au/news/170205.htm

The Centre for Applied Philosophy and Public Ethics (CAPPE), conducts ethics research at ANU. The ACS funds and publishes research from CAPPE and others on ethics:

Professional Liability Insurance

A more pragmatic reason to worry about professional ethics and standards is that it may lower your insurance costs:

The issues surrounding professional liability insurance in Australia create a challenge for individuals or small businesses wanting to provide their professional services to clients with strict policies about consultants holding professional liability insurance.

For example, a sole practitioner consultant may bid for a $40,000 consultancy. If the potential client insists that professional liability cover of $10 million dollars must be held the consultant may find that the premium for such a policy is in excess of $5,000 per annum.

From: "Professional Indemnity and Professional Standards Legislation", ACS, 10 January 2005, URL: http://www.acs.openlab.net.au/content.php?article.64

Conclusion

There are no final or simple answers with ethical issues. If I have left you with an uneasy feeling that you need to do more and some ideas of possible action this has been worthwhile.

See also:

Web page by