Presentation on theme: "Software Ethics ● Ethics = the philosophical study of morality ● Three main subdivisions: – General study of goodness, e.g., what is the meaning of terms."— Presentation transcript:
Software Ethics ● Ethics = the philosophical study of morality ● Three main subdivisions: – General study of goodness, e.g., what is the meaning of terms like good, bad, right, wrong – General study of right action, e.g., what moral principles should govern our choices and pursuits – Applied ethics, e.g.: ● Medical ethics ● Business ethics ● Environmental ethics ● Software ethics
ACM's Software Engineering Code of Ethics and Professional Practice (www.acm.org/serving/se/code.htm) ● Ethical conduct with regard to: – PUBLIC – CLIENT AND EMPLOYER – PRODUCT – JUDGMENT – MANAGEMENT – PROFESSION – COLLEAGUES – SELF
ACM's Software Engineering Code of Ethics and Professional Practice: PUBLIC ● PUBLIC - Software engineers shall act consistently with the public interest. – Examples: ● National security ● Privacy
Software and National Security ● Terrorist infrastructure attacks, e.g., domain name system (DNS); bringing down power grids ● Automating nuclear war – Ethical question: should you work on a proposal to build a system that will automate a nuclear war after Washington and Moscow have been destroyed? – Ethical question: should you work on building software for an ABM defense system when there is no way to verify its correctness? – The problem of program verification
Software and National Security ● Cryptography programs: – An author of a book on applied cryptography was prohibited by the State Department from exporting the book because it included as an appendix a floppy disk containing programs for encryption software. – However, were the floppy disk not included with the book, the book would have been freely exportable even though the program text on the floppy disk was also printed in the book. ● Ethical question: should algorithms or the software that implements them be considered weapons?
Software and Privacy ● Data collection (monitoring surfing habits) – Ethical question: Should employers have the right to use software to know every keystroke entered by employees? ● Email surveillance (wiretapping) – Ethical question: Should the government have the right to use software to snoop on suspicious email of its citizens?
Software and Privacy ● Spamming, e.g. Alan Ralsky: – Sends millions of messages per day – Now does his spamming from overseas ISPs – Slashdot published his home mail address and he is now inundated with snail mail spam – Spammers' rights groups are now subjecting anti- spam groups' web sites to denial-of-service attacks ● Ethical question: Should spammers have the right to use software to fill communication bandwidth with unwanted email messages?
ACM's Software Engineering Code of Ethics and Professional Practice: CLIENT AND EMPLOYER ● CLIENT AND EMPLOYER - Software engineers shall act in a manner that is in the best interests of their client and employer consistent with the public interest. – See: PRODUCT
ACM's Software Engineering Code of Ethics and Professional Practice: PRODUCT ● PRODUCT - Software engineers shall ensure that their products and related modifications meet the highest professional standards possible. – Software quality: ● Reliability (correctness) ● Efficiency ● Usability ● Maintainability ● Reusability
Software Reliability ● Verification: Making sure program behavior conforms to specifications – Formal (mathematical methods) – Empirical (testing and observation) ● Ethical question: who should be liable for software misbehavior? – Program author (for example, Therac-25 disaster) – Program user (for example, putting incorrect data into a tax program) – Domain expert (for example, misdiagnosis by a medical expert system)
ACM's Software Engineering Code of Ethics and Professional Practice: JUDGMENT ● JUDGMENT - Software engineers shall maintain integrity and independence in their professional judgment. – Examples: ● Cracking computer security ● Violating copyright using software
Hacking vs. Cracking ● Hack originally used to refer to clever way MIT engineers used to run a model railroad ● Hacker originally meant a clever programmer but has been co-opted by media to mean a criminal ● Cracker is a better term for computer criminal ● Hacker's Ethic described in 1984 book by Steven Levy, Hackers: Heroes of the Computer Revolution
Main Tenets of The Hacker's Ethic ● Access to computers should be unlimited ● Information should be free ● Anti-bureaucracy, pro-democracy ● Mistrust authority, promote decentralization ● Judge hackers by their hacking, not degrees, age, race, position ● You create art and beauty on a computer ● Computers can change your life for the better
Perverting The Hacker's Ethic ● If you take libertarianism too far, you get anarchy ● If you take the H.E. too far, you get criminal behavior: – Viruses and worms – Website defacement – Denial of Service attacks (EBay, Yahoo, Amazon) – Infrastructure attacks, e.g., domain name system (DNS); bringing down power grids
Viruses, Worms, and Cracking ● Virus: piece of code that can automatically spread to other computers and destroy or alter files ● Worm: virus that does not alter files but resides in memory and duplicates itself, e.g., Code Red, Sasser ● Cracking, e.g., – Buffer overflow attack – Sniffer: program that lies in wait for unencrypted data (like passwords or credit card numbers) ● Ethical question: Is it OK for clever software to exploit vulnerabilities just because they are there?
Kevin Mitnick ● Object of FBI manhunt, first arrested at age 17 in 1981 ● Inspired 1982 movie War Games with alleged NORAD hack ● Released from prison in 2000 ● Now a corporate security consultant ● New book: The Art of Deception
The Hacker Ethic vs. The Protestant Ethic ● See The Hacker Ethic and The Spirit of the Information Age, by Pekka Himanen (prologue by Linus Torvalds) – Work as passion, 24-7 – Openness, enablement, cooperation ● Compare The Protestant Ethic and The Spirit of Capitalism, by Max Weber – Industrial Age values, 9-to-5 – Hierarchy, bureaucracy, secrecy
Violating Copyright Using Software ● DVD decryption – Jon Johansen, now 18, circumvented DVD movie copy protection – Made a program, DeCSS, available for playing movies on computer – MPAA prosecuted him, acquitted – Two issues: ● Intellectual property rights ● Controlling playback device
Violating Copyright Using Software ● MP3 downloading – RIAA is prosecuting individual downloaders of copyrighted material ● Ethical question: Does the digital nature of contemporary media render traditional copyright law obsolete?
ACM's Software Engineering Code of Ethics and Professional Practice: MANAGEMENT ● MANAGEMENT - Software engineering managers and leaders shall subscribe to and promote an ethical approach to the management of software development and maintenance. – Don't promise what you can't deliver
Bids and Budgets ● Dramatic example: in the early 1980's the IRS hired Sperry to automate tax form processing for $103 million. By 1985 the cost had tripled, the system could not handle the workload, and it had to be replaced. ● Ethical question: Should you underbid a project because you desperately need a contract? ● Ethical question: Should you claim you can solve a client problem when you don't fully understand the requirements?
ACM's Software Engineering Code of Ethics and Professional Practice: PROFESSION ● PROFESSION - Software engineers shall advance the integrity and reputation of the profession consistent with the public interest. – Example: software copyright and intellectual property
Software and Intellectual Property ● Ethical question: Is it a fair practice of certain software companies to quickly "clone" the look and feel of other companies' successful products? ● Copyright laws are considered to apply to text. ● Patent laws are considered to apply to artifacts of technology.
ACM's Software Engineering Code of Ethics and Professional Practice: COLLEAGUES ● COLLEAGUES - Software engineers shall be fair to and supportive of their colleagues. – Related issue: Open source vs. proprietary software
Open Source vs. Proprietary Software ● "Free software" (economic definition) means you don't have to pay for it ● "Free software" (GNU definition): – freedom to run the program, for any purpose – freedom to study how the program works, and adapt it to your needs (open source) – freedom to redistribute copies so you can help your neighbor – freedom to improve the program, and release your improvements to the public, so that the whole community benefits
The GNU Public License: Copyleft (www.gnu.org) ● Copyleft: a general method for making a program free software and requiring all modified and extended versions of the program to be free software as well." ● Ethical question: Should you make available to other software engineers (even those who work for other companies) reusable software of your own making? ● Ethical question: does the proprietary software business model allow the patching of O.S. security exploits as well as the open source model?
ACM's Software Engineering Code of Ethics and Professional Practice: SELF ● SELF - Software engineers shall participate in lifelong learning regarding the practice of their profession and shall promote an ethical approach to the practice of the profession.