[Bartweiss]

Every single time I've seen a public call for a code of tech ethics, the call is justified by discussing professional standards, but quickly switches to calling for legal entrenchment of the author's personal ethics.

On the blogs of notable programmers, best practices for security sit next to demands for closed-shop union membership. In comments sections (like this one), avoiding malicious dark patterns comes alongside demands that no programmer work for the US military. In the news, respecting user data is paired with enormously controversial positions on censorship and encryption.

This is far from the only reason codes of tech ethics have yet to gather major attention, but I think it would suffice even if the others disappear. Professional codes like the ACM's are valuable, but attempts to popularize and enforce them are derailed by attempts to add in specific personal ethics.

[overthemoon]

Personal ethics vs what? What do you consider universal, and why?

[uxp100]

In their post they are contrasting personal ethics vs professional standards (which would pertain to how work is done, I would say).

A code of professional standards could say, for example, You have to keep clear notes for decisions made for each revision for a period of 5 years. A list of compilers that a serious "Software Engineer" will use. Establishing norms that might improve the overall quality of work done.

To some degree, I think a code like that one is really a kind of personal marketing or branding or something.

[Bartweiss]

Thank you, that's exactly the contrast I'm trying to draw.

I hope neither of your examples makes it into an ethical code for software developers, but that doesn't make them bad examples - those are the sorts of things that appear in other fields. If a professional code more detailed than the ACA & IEEE ones were to arise, I'd hope to see more timeless things like "best practices for authentication" (e.g. passwords salted and strongly hashed) or "not unduly exposing personal information" (e.g. don't accept identifying information without SSL).

A lot of professional codes are definitely branding exercises more than standards of behavior. In particular, codes with lots of concrete requirements or specific corporate backers usually aren't much different than becoming an MCSE or Certified Scrum Master. Legal and medical codes are substantially better, but they're also much older and enforced by government-backed licensing cartels. Civil engineering is probably the most recent and broadly accessible field to get a strong code, but the parallels are obvious: engineers own specific projects with known uses, and their errors are directly lethal. Realistically, I don't expect software to see an Iron Ring sort of obligation unless the field's best practices stabilize and errors with real-world harms become common.