Ethics in software development18 Feb 2019
In today’s world software is deeply integrated into our lives. It’s not avoidable, it’s everywhere. It’s not just apps, that you run on your smartphone, but all essential services on your smartphone are nothing more than software functions. We use software managed cellular networks. It’s in our appliance, even in our car regardless how old it is (unless of course you are roaming in car from 50th). Those systems called embedded and usually well hidden from a regular people. Additionally recent advances in computing powers allowed developers to embed even more complex software systems into ever smaller devices. That in turn brought more AI powered systems into every day use. Many of our devices today has various AI system, that we didn’t even notice. For example virtual assistants, which helps to automate routine tasks and let us concentrate on more cognitive tasks. In fact various AI systems heavily embedded into our lives. Facebook’s AI algorithm decides what type of news/events we would read/go to, Google’s AI decides what kind of search results are going to be more relevant to everyone of us, Netflix recommendation engine … you name it. Rise of IoT devices and AI is going to expose that hidden layer into more visible fashion and that’s has to change the way we think about software. Since we as a society outsourcing more and more routine tasks to such algorithms making ourselves more dependable on those apps, we have to think on how to protect ourselves from unethical behavior of software vendors or other actors who could exploit those systems and gain access to our assets and our lives. In today’s world information that we produce by using apps became a most valuable asset as such more and more bad actors trying to gain access to it.
At any given day you can hear it on the news, security breach of INSERT LARGE COMPANY NAME HERE exposed information on million Americans. Equifax, Facebook, Home Depot, LastPass and list goes on and on. In general not all the security breaches are the same. Many are well managed hacks, and in some instances it’s hard to protect against them. Other breaches are connected to unethical behavior among companies responsible for those systems or simply negligent behavior of their top managers, who are focused only on sales and bottom line. Let’s take a deeper dive into Equifax hack, for example. While it was real breach, it became possible only through negligence of Equifax employees, who through their unethical behavior didn’t patch vital systems enabling hackers to use exploits which should have been mitigated by then. There are also a lot of examples from different vendors where various important data had been left in unprotected AWS S3 buckets, or various IoT devices had not been patched and had software running with known vulnerabilities, because some vendor decided not to spend any money on security patches of those devices. With almost21 billion IoT devicesrunning software and enabling us to live a better life we are facing even bigger issue, it’s an issue of trust. How could we trust those companies or their executives deliberately inject ethics as a part of their software development process. What I’d like to stress here is how important ethics would become in software development, among vendors and among developers. Those unethical behavior of even individual developers through domino effect could potentially result into vital decisions for one or many humans. We could see that for example from this story about Uber’s self driving car, where system was not allowed to execute emergency breaking on it’s own. For ages those type of decisions where monopoly of healthcare professionals who gave Hippocratic Oath, promising to use their knowledge to heal people, and there is nothing like that in software development. I think one of the most effective ways to tackle such issue is to encourage developers/vendors to put their best foot forward by opening source code of those projects. Historically ability to look at the code has helped many open source projects to identify and resolve software vulnerabilities and ensure of high ethical standards for those projects, that allowed other non-technical people to trust such software. Open source movement make developers accountable to what they do with their software and enables them to think how their software may be used and use their best knowledge to protect outcome of such usage.
Aside from developers there is also a special form of corporation called Benefit Corporation, which by adopting appropriate corporate bylaws could ensure that directors of such corporation are looking at social impact as much as they look into profits. That way directors could protect their decisions to spend enough money on R&D to ensure security of those systems prior to public exposures of vulnerabilities in company’s software.
I think ethics is going to be most important quality for developers and directors of software development companies as we bring more software enabled projects into the market.