[klagermkii]

I don't think you can compare the relationship of a company to customers, to that of a one-to-one relationship of a doctor or a lawyer. The company acts as a third party with very different (and often directly conflicting with the end user) aims that creates a much harder ethical situation for a developer to navigate and creates confusion as to who has the responsibility to sound the alarm.

I think of something like legal or medical confidentiality, which can involve their clients doing pretty horrible things but it being the "ethical" thing to not reveal that. If one takes this same thing to a Facebook scenario, does the developer who works for Facebook then have the obligation to protect the confidentiality of Facebook even if they're doing awful things? Would it be any different where a lawyer is working for a horrible client, trying to use the law to do things that are a net-negative for society, but ethics would put their obligation towards their direct client rather than society at large.

If one then wants to write a piece about ethics, one should start with examples of fields with ethical codes that have a structure closer to the relationship of users/Facebook/developers.

[elliekelly]

> The company acts as a third party with very different (and often directly conflicting with the end user) aims that creates a much harder ethical situation for a developer to navigate and creates confusion as to who has the responsibility to sound the alarm.

This is very similar to structure I operated under as a corporate attorney at a bank but also as the Chief Information Security Officer. I owed a duty to the bank, as my "client," and also to the bank's clients, whose information I was charged with protecting. You are indeed correct that it's a difficult and uncomfortable situation to manage. I always tried to be a "zealous advocate" for the bank in all matters except those related to privacy and I'll be the first to admit that much of my zealous advocacy was indeed a net-negative for society. I did ultimately leave because of a disagreement over how to respond to (or in their case, chose to ignore) an ongoing breach of customer accounts.

All of that being said, I don't think it's an impossible ask with a bit of help from the government. I also served as the AML Officer and in that capacity I had the absolute final say on all matters related to money laundering thanks to the PATRIOT Act. The only way to override my decision would be a board vote. I never had any "disagreements" about how to handle an AML situation because my decisions were final while my decisions as CISO were merely a recommendation that management could (and did) ignore in order to save time, money, and bad PR.

[circlefavshape]

> I'll be the first to admit that much of my zealous advocacy was indeed a net-negative for society

Curious to find out more about this, and how you felt about it while you were doing it, if you're willing to talk about it.

[elliekelly]

Oddly enough I loved working for a hedge fund. The attorneys at the SEC and the attorneys who worked for the funds' clients were all brilliant. I could "zealously advocate" but it was an equal match. The SEC (though overworked) know what they're doing and often have industry experience so they understand how the business operates.

When I moved to investment banking, where the state regulators play a bigger role (with a much smaller budget) and the clients are wealthy families instead of investment funds, that's when it started to feel dirty. State regulators are... at best woefully ineffective and at worst completely clueless as to how the industry operates (they tend to be career government people).

Not meaning to offend anyone's politics but I often told my friends that I was Kelly Anne Conway putting forth an argument that was really kind of a stretch. I felt obligated to advocate but I also felt the regulators and auditors really should have objected or tried to negotiate but they almost never pushed back. Sometimes because they just didn't care but more often because they didn't know any better.

At the hedge fund, a "win" was collaborative and strategic and felt like I had earned it. At the bank a "win" felt a lot like bullying.