[parkerhiggins]

I've found that there isn't a lot of discussion or research around this subject. Shoutout to engprax, a compliance company, for clearly approaching the issue.

Is it actually an issue though? Software engineers by design (?) are not capital "P" professionals. There's no certification or board underwriting our work. Software engineering/developers have had the latitude to "move fast" and represent the only "professional" trade that has the ability to "try again" (with a deployment) versus a structural engineer for example.

> Dr Junade Ali CEng FIET, the Principal Investigator of the study, said: “Recent developments demonstrate the fundamental importance of software engineers being free to raise the alarm when they become aware of potential wrongdoing; unfortunately our research has highlighted that software engineers are not sufficiently protected when they need to do so. From software engineers facing mass retaliation for speaking up and banned gagging clauses still being used, to ‘industry-standard’ software development metrics not considering the public’s risk appetite; this investigation has highlighted systematic and profound issues with society-wide impact, given how integral computers are to all our lives.

With the ubiquitous nature of software in modern society are we at the point were we need certification? The development and certification of "industry-standards"? This theme, balancing innovation with responsibility, is throughout the the Biden Administration's Executive Order on the Safe, Secure, Trustworthy Development and Use of Artificial Intelligence (Order).

Who is really responsible though? The developers who wrote the code? Or the executive who ordered the change?

There's are plenty of examples of this in recent history. Where engineers/developers released code they knew was harmful/fraudulent but did so anyway under fear of retaliation.

> FTX (Nishad Singh) https://www.reuters.com/technology/how-secret-software-chang...

> Pollen https://blog.pragmaticengineer.com/pollen/#:~:text=Later%2C%....

I wonder where this is going to go.

[creer]

> Is it actually an issue though?

The corporations (companies, not trade associations) should care - even if the engineers tough it out. It's often an issue to them. Besides avoiding costly incoming litigation, corporations shouldn't be in the business of encouraging fiefdom, empire building, all the way to outright racism or harassement in groups. None of this overall helps the corporation achieve its objectives. While a manager is busy hiring only their friends or whatever other hobby they have, they are not doing their job.

Conflicts of interest do appear when a corporation estimates a person or group does a very effective "technical" job in spite of their hobbies. Then there's a dilemna: rebuild that group or tolerate the BS a little longer. Even then, they really should care.

[tekla]

> Who is really responsible though? The developers who wrote the code?

Yes. The person who wrote the shit is responsible as much as the person who ordered the change.

[JohnFen]

I could not agree more.

We are all responsible for our actions and the results our actions cause. "I was just following orders" in no way absolves anyone of that responsibility.

That you may pay a price for doing the right thing doesn't make avoiding doing it acceptable.

[BizarreByte]

When that cost includes possibly losing everything your worked for and your kids suffering it ceases to be so clear cut.

If the society you live in won't look out for you in these situations, why should you look out for it? Take care of you and yours first.

[JohnFen]

> it ceases to be so clear cut.

I think it's still clear cut. Losing everything is a lamentable disaster, to be sure, but that doesn't change the ethics of the situation.

> If the society you live in won't look out for you in these situations

It's not some faceless "society", it's actual people, including the specific people you know. If you're willing to do things that are harmful to others, you're actively working to make the world worse for everyone -- including yourself and those you love.

[generic92034]

For me that is a bit too simple (no offense meant). If you are threatened you have to balance the harm you would be suffering by not complying with the harm you would be causing by complying.

[JohnFen]

I wasn't really saying differently. What I'm saying is that if you choose to do something you know is wrong -- even if it you feel there is no other option -- you're still doing wrong and are responsible for that.

[evantbyrne]

Gross negligence can have serious consequences. Software developers aren't immune to litigation.

[__MatrixMan__]

It seems to me that killing off organizations that do harm in your community goes right along with taking care of you and yours first.

[hsavit1]

not everyone has the ability to quit their jobs on the spot for morality sake. there is no social safety net in america. people can't risk losing their jobs and health insurance

[hanzmanner]

Are you talking specifically about engineering? If you have strong ethical disagreements with your current employer, start prepping for interviews. Start early. Invest 2-3 months. Starts interviewing. Sign an offer. Then quit. I don't think anyone in this thread is suggesting a sole family provider should just quit on an arbitrary day and lose their health insurance.

[JohnFen]

Sure they can. People lose their jobs without notice every day and while it's often a horrible situation, it's one that people can and do recover from.

But I'm not even really arguing that people who do bad things because they want to avoid harmful repercussions must choose differently. I'm arguing that people who do that are choosing to do something unethical, and we are what we do.

Perhaps the ethical tradeoff makes some practical sense for some -- but it's still an ethical tradeoff.

[tekla]

Then you aren't an engineer. You are just a cog.

[pierat]

Unless you are independently wealthy, you are indeed a cog. Maybe you're a well paid cog. But you're still a cog.

Even doctors have to work for a living. That makes them a cog too.

Nothing wrong with seeing where you fit, and securing your future with strategic choices to get away from toxic shit. But you're still a cog.

And you can be an engineer and still be a cog.

The other name for a "cog" is a proletariat.

[zmgsabst]

Engineers are bourgeoisie.

[partdavid]

This might be the first time you've considered the question, but it's not novel. The ACM has a code of ethics required for membership. A compatriot of mine has focused on encouraging employers to pay for their engineers' ACM memberships, and require membership, as a way of advancing ethical standards in the profession.

Of course it's not perfect, but it's not like it's the first time it's occurred to someone to address.

[terminous]

> The ACM has a code of ethics required for membership.

The ACM has never taken action against an ACM member for an ethics violation that was not directly related to research misconduct in an ACM publication (edit: or inappropriate behavior at an ACM conference). Unlike a medical board or bar association, the ACM has no capacity, resources, or staff tasked to enforce even research ethics violations outside of ACM publications, much less ACM members day-to-day work they don't submit to a publication. And even then, it is up to the peer reviewers and editors of that publication. Otherwise, it remains just a list of suggestions.

At one time the ethics code said ACM members should respect terms of service, which means no bots or web scraping, but that was never enforced. You can find tons of research in ACM publications that uses web scraping of big sites that prohibit it in the ToS. The ACM certainly doesn't have capacity to police ethics violations by ACM members in industry. And if it started to do so, I suspect you'd see ACM membership plummet by those who fear they could be next.

[partdavid]

These are all very valid points, and I appreciate you making them!

But what I was trying to point out to GP is that the conversation here is not starting from 0. Certainly I'm not suggesting that ACM membership or their code is a sufficient answer, or the only possible answer.

As a tangent, I'll point out that often, codes of conduct or ethical guidelines aren't "policed" in the way you seem to imply--by some kind of active enforcement function. They generally come up after the fact, in some venue like a deposition or court case where questions like "did X act in accordance with the generally accepted standards and practices of Y". And I wouldn't expect the ACM to publicize most of what they do, anyway.

The reason I bring up ACM and their code of conduct is because a compatriot of mine has been advocating for companies to encourage or require their employees to become members of the ACM, and to pay for it. The idea being that progress can be made on becoming the kind of big-P professional GP is describing. I don't really know if that can work, but I do think it sounds like it's better than nothing. And that it could be a basis for improvement in time.

[dtaht]

I try to adhere to association of civil engineer's code of ethics:

https://www.asce.org/career-growth/ethics/code-of-ethics

I wish more software folk did.

[throw_m239339]

> Is it actually an issue though? Software engineers by design (?) are not capital "P" professionals. There's no certification or board underwriting our work. Software engineering/developers have had the latitude to "move fast" and represent the only "professional" trade that has the ability to "try again" (with a deployment) versus a structural engineer for example.

You're turning the word professional into a euphemism, it isn't. It's a profession when you are paid to do the task. Industries have already plenty of regulation by sectors, there is no need for more regulation, it already exists. A "software engineer" wide certification will only create more gatekeepers in a domain that has too many of them already. There are already certifications within each industries that software developers serve. I'm absolutely opposed to any sort of certification process for software engineering itself. Within a certain sector? Banking? Avionics? Cars? Sure. And these already exist.

Every time something shady is talked about on HN you have a bunch of people coming in and talking about "Think of the children, there needs to be a certification for deploying a freaking blog on a server". Just No.