We like to blame the worlds governments, or the ominous Them, for the currentmass surveillance society we live in. It’s an easy way out – but pull the curtain aside andyou and I both know there is a programmer sitting behind it.
We, the profession of software engineering, built the Orwellian future we now inhabit, and it is high time for a retrospective.
The world is filled with professions which have responsibilities beyond the immediate needto make a living. Doctors, plumbers, journalists and pilots are all in some wayin a position of power.The general public has the right to expect these professionals to act with integrity and with the best interest of the public in mind.
Software engineering is part of this group of professions. In our daily work we know things large and small that others around us do not. Our clients, users and the public at large have the right to expect and demand that weuse this knowledge in an ethical way.
If youhave formal computer science education, you may have gottento read the Software Engineering Code of Ethicsin school. I encourage you to read it again, or for the first time, and to ask yourself as you are reading it – have we as a profession lived up to this standard?
Our track record so far
I want to highlight that we as an industry have achieved some fantastic things. We’ve been part in revolutionizing communication around the globe. We’ve developed an industry with a strong ethos of openness and honesty. We have a large partof our industry overlapping with the FOSS community, for which we should be very proud.
But this post isn’t about what we’ve done well, it’s about where we should and will do better. In the past half century or so our industryhas been naive, trusting that other industries like telecommunications will behave ethically, and it hasbeen directly responsible for the development ofmorally reprehensible technology.
Our industry designed the internet in a way that fundamentally trusted the physical network maintainers to act ethically.We know now that this trust was misplaced, and it is our responsibility towards our users to augment or redesign the TCP/IP stack with this knowledge in mind.
Today,we are building“App Stores”and “Platforms”, touting themas beneficial for our users.In reality we know we’re constructing artificial monopolies to shore up for the ongoingcommoditization of the production of software itself.Those of us, like me, who find ourselves cursing at the foul play taking placein the pharmaceutical industry are hypocrites, because our industry is doing the world the very same disservice.
We, as an industry, need to stop seeing users solely as a resourcefrom which to extract value. Our relationship to our users is that of a doctor and a patient or the architect of a bridge and the people walking across it, not that of a mining company and a national park.
We should recognize that ethical behavior is hard, especially when it is at odds with our responsibilities towards our clients or employers, and prepare accordingly.
We should talk to each other about these things. Knowing that we are not alonebuilds confidence and collective strength. Talk to your co-workers, in your meetup groups. Organize an ethics discussion around difficult scenarios at the next unconference you attend.
We should work with our peers and friends alreadydesigning the next generation of protocols and infrastructure to protect our users.Contribute code to decentralization projects like Tor, CJDNS or one of the hundreds of projects worked on bythe BitTorrent community.
Above all,stop seeing yourself as a lone individual developer. The work we do by definition impacts other people, and we should take pride in the responsibility that entails.
This post has been edited. It previously cited the design of HTTPS, trusting third parties to act as certificate authorities, as an example ofnaivety. While I still believe that to be the case, there is no proof that this aspect of HTTPS is being exploited on a bulk scale to decrypt user data.Rather, we don’t know how the NSA and GCHQare breaking HTTPS, although there are suspicisions that the problem is with RC4.