Ethics
And the Computing Professional
There are some answers[1]
Donald
Gotterbarn
I INTRODUCTION
There has been extensive discussion of
computer ethics in the past few years. Unfortunately, this discussion has had
little consequence. Mass media had a significant influence on the direction,
quantity, and quality of the discussion. Daily, one reads articles about
brilliant students or wily hackers breaking into government computers, or about
computer wizards engaged in stock manipulation. These news stories do not help
educate anyone about computer ethics. The media assume that everyone
understands computer ethics so they do not need to articulate the underlying
principles of computer ethics. More accurately, I think, the media merely
mirror some confusions that currently exist about the subject. How is one to
understand the moral blameworthiness of an event when the descriptions of these
events are sprinkled with praiseworthy adjectives -- brilliant, clever,
intelligent, etc.? The style of these stories generates confusion about the
praise or blame appropriate to the activities described.
Discussions of professional computer ethics
are almost non-existent in the general literature. In this paper I present a
theory of professional computer ethics. The presentation is organized around an
argument for the claim "There are solutions to problems in computer ethics."
At first blush such a claim seems trivial and obvious. Its assertion, however,
requires the acceptance of several premises that have been denied or assumed
false in the computer ethics literature.
There are two stages to this approach: one
requires the correction of several misconceptions and the other requires a
statement of a positive thesis. The assertion that computer ethics problems can
be solved also requires a consistent understanding of "computer
ethics."
II THE NO SOLUTIONS VIEW
Before I argue for the claim "There are
solutions to computer ethics problems," I want to show why it is in need
of argument. Computer ethics is a relatively new area of study. The attempts to
define it are rare and as such it has a poorly defined methodology. For example,
an early major work by Donn Parker [12] uses a voting methodology to decide
what is ethical in computing. The only theory behind this methodology was to
gather the opinions of people from several professions, ranging from
accountants, attorneys, psychologists and philosophy professors to computer
professionals. They were asked to vote on the ethics of individuals described
in scenarios. There was no concept of ethics specified, nor was there any
attempt to discover ethical principles brought to the enterprise. Parker calls
this approach "micro-ethics." He admits that the only direction was
that the scenarios were " written in such a way as to raise questions of
unethicality rather than ethicality [12, p.8]." Donn Parker used the diversity
of opinions expressed about these scenarios to argue that there was no such
thing as computer ethics. And a fortiori, that it could not be taught in
a computer science curriculum.
At a recent conference on computer ethics
[5] several people asserted that there are no answers in computer ethics. They
described discussions in computer ethics as nothing but "morality"
and "Sunday school." They also described the discussion as boring
because there can be no progress or agreement in computer ethics.
The presumption that there can be no
agreement in ethics can be so strong that it corrupts one's view of the
evidence. For example, at a conference, Parker described the results of his
ethics workshop. He began by saying that there was agreement on many scenarios.
Then he says, "We got a lot of very close votes. In other words, we were
not able to obtain a consensus on what is unethical and not unethical in the
computer field.[14]" He ignored the places where there was agreement.
Parker's revision of his earlier book handles the evidence in the same way
[13]. The only cases he brings into the new book are those which generated the
highest degree of diversity of opinion in the earlier book. He ignored those on
which there had been a significant degree of unanimity.
A. Foundations of the "No Solutions
View"
Why are people inclined to believe that
there are no solutions in computer ethics? There are, I think, three major
reasons for this mistaken belief about computer ethics. First, a confusion
exists about the nature of ethical reasoning. Second there is a lack of clarity
about the nature of computer ethics. Third there is a moral weakness in the
human character.
I. Problems with ethical reasoning
a. non-computability
There is an illogical form of argument that
frequently occurs in ethical discussions. It involves moving all ethical
discussions up to the level of difficulty of a dilemma -- a situation in which
there are no good answers. In a discussion about the morality of taking a life
in a particular circumstance, one can always describe a situation in which
there is a dilemma. For example, one can ask the person who maintains that it
is wrong to take a life, what they would do in a situation that required them
to take a life in order to prevent someone else from taking a life. This is a
dilemma. Any action would lead to the taking of a life. Dilemmas like this can
be generated about most general ethical claims. The ethical dilettante finds
this an easy way to cut-off the discussion.
I believe that the frequency of this form of
argument, leads one to believe that no ethical problem can be resolved. But, it
is a mistake to equate every ethical problem with a dilemma. I call this
mistake the "generalized non-computability fallacy." Many problems in
computer science are computable. There is, however, a small set of problems in
computer science that are "non-computable". This small set of
problems in computer science receives considerable attention because of their
difficulty. These are the interesting problems. It would be absurd to use the
existence of this small set of non-computable problems as a proof of the
general claim that all problems in computer science were unsolvable. Given the
set of ethical decisions we have to make every day, there is only a small
subset of ethical problems that is in the category of dilemma. The fact that we
have no good solutions for ethical issues which are dilemmas only shows that
life is not easy. It cannot be used as a proof that there are no solutions to
ethical problems. The existence of ethical dilemmas can only be used as
evidence for the trivial claim that ethical DILEMMAS have no clear solutions.
Ethical PROBLEMS can be solved. To elevate all ethical problems to the level of
a dilemma is like saying that all problems in computer science are non-solvable.
Ethical problems, like other problems, run
the gamut from trivial to dilemma. Many ethical problems can be resolved, it is
just that the interesting and most discussed ones are in the category of
dilemma. Ethical dilemmas are also easiest to discuss because they involve no
ethical commitment on our part.
b. non-deterministic polynomial
This "generalized non-computability
fallacy" has a corollary fallacy -- "the generalized NP
fallacy." Computer scientists call problems NP(Non-deterministic Polynomial)
when one cannot mathematically be prove that a solution does exist for that
problem nor can one prove that no solution exists for that problem. In ethics
there exists a set of problems which can be characterized as NP, problems which
are in such a gray area that we cannot agree on an ethical response or even if
they involve an ethical issues. In this fallacy, all ethical problems then get
generalized to NP problems, relegated to the gray area labeled "mere
opinion". No one has ever denied the existence of hard problems, but the
existence of some hard problems does not entail that all problems are hard
problems. We make ethical decisions every day. Every time I choose whether to
keep a promise, I make an ethical decision, although it is not very interesting
to discuss such decisions.
The emphasis on ethical dilemmas and NP
problems leads one to believe 'There are no solutions to problems in computer
ethics;' but the existence of dilemmas and NP problems is not a proof of the
failure of moral reasoning. I must still show that moral reasoning in computer
ethics is possible.
ii. Concept of computer ethics
a. a new area with undeveloped standards
Even if one agrees that ethical problems can
be solved, it can still be reasonably asserted that there is a special problem
with computer ethics that makes finding a solution especially difficult. It is
claimed that computer ethics is not like other ethics. Some perceive computer
ethics as not merely a new subject, but also a unique subject. Early attempts
to define computer ethics have argued for its uniqueness [11]. The arguments
for its uniqueness are based on: the speed of the technology, the logical
flexibility of computers, or its impact on society. The arguments for its
newness that are based on speed and social impact have been addressed and
rejected elsewhere [2, pp.268]. There are many devices that have had a
significant impact on society such as the printing press for which we did not
develop a new and unique ethics called printing press ethics. The computer's
ability to logically model an enormous number of events is the basis for the
flexibility claim. This flexibility of the computer is due to the underlying
strengths of the logical and mathematical capabilities implemented in the
computer. The underlying flexibility of math and logic is greater than that of
the computer, but we did not develop "logic ethics" and
"mathematics ethics".
The appeal to newness and uniqueness of
computer ethics causes distinct problems. The newness claim leads people to
think that computer ethics has not yet found its primary ethical standard, so
the discussion of computer ethics is not directed by any guiding principles.
This is different from our understanding of older more established professions.
Medicine, for example, has a primary ethical principle -- prevent death. The
uniqueness claim is even more dangerous. It leads one to think that not only
are the ethical standards undeveloped, but further that because computer ethics
is unique, its model of ethical reasoning with ethical standards is yet to be
discovered.
b. a unique subject
Why do people think that computer ethics is
not like other ethics? Other forms of ethics seem to have fixed domains or
methods for making decisions. This does not seem to be the case for computer ethics.
I believe, the concept of computer ethics has been stretched to include too
much. The scope of computer ethics has been made so broad that it includes
numerous and conflicting values and methodologies. The scope of computer ethics
is frequently characterized as encompassing ALL moral abuses committed with a
computer. "The moral values we place on computer use and misuse constitute
the ethics of computer usage. [12, p 295]" Social scientists characterize
computer ethics as including all discussions of social institutions transformed
by computers [11, p. 272]. No wonder computer ethics seems like some confusing
amorphous area that is different from all other areas of ethics.
Computer ethics is not unique; the ethical
issues of computer ethics as broadly defined above are either subsumable under
the issues of general ethics or they are a type of professional ethics. Under
scrutiny, the notion that computer ethics includes all abuses committed with a
computer is shown to be absurd. If someone were to purchase a scalpel and use
it to commit a robbery, we would surely not want to consider this an issue in
medical ethics. Narrowing the concept of computer ethics will help eliminate
some of these confusions.
III THERE ARE SOLUTIONS
The misconceptions about ethical reasoning
and about the domain of computer ethics has contributed to the view that there
are no solutions to problems in computer ethics. We have eliminated some
specious reasons for saying there are no solutions in computer ethics. In this
part I argue that there is a useful model of ethical reasoning in computer
ethics. This model is based on narrowing the concepts of computer ethics to a
species of professional ethics.
A. Ethics Concepts
To see how computer ethics is a type of
professional ethics, we have to take a brief look at some distinctions in
ethics and get a better understanding of the concept of a professional.
I. Law and ethics
In seeking to determine the solutions to
ethical problems we have mistakenly relied on the law. The long established
ethical standards of the older professions have been codified either by
professional organizations or by legislative bodies. Many significant ethical
standards of these professions have been codified into law. This close connection
between significant ethical principles and the law has contributed to two
mistaken beliefs, namely, the belief that the sphere of the ethical is
identical with the sphere of the legal, and the belief that ethics is primarily
about proscribed acts. The former confusion leads one to include ALL acts that
are not proscribed by law in the domain of the ethical. The converse of this is
"That there is nothing left to ethical behavior beyond what is required by
law." A typical irrelevant response to "Is it ethical?" is
"There is no law against it."
The error of equating law with ethics does
not cause extensive difficulties in older professions because they have made
many major ethical imperatives into laws. The belief that laws are the
boundaries of ethics does cause significant confusion in computer ethics where
there is little legislation and the legislation that exists is not founded on
good computer science [15].
The laws regarding computers are evolving at
such a rapid rate that they appear chaotic. If law and ethics are believed
identical then computer ethics would appear chaotic.
ii Ethical-like statements
We can artificially divide the language
about ethics into normative and descriptive statements. Descriptive statements
are just statements about ethical positions such as, "Some religions
believe self-immolation is good." This is neither a recommendation nor a
statement of the speaker's moral values. Normative statements, on the other
hand, make recommendations about the way one ought to behave and assert moral
values. Often this distinction is lost and a descriptive ethical statement is
used as evidence against a normative statement. For example, in discussions
about the morality of computer trespass the descriptive assertion " Many
hackers do it" is taken as a refutation of the normative claim
"Computer trespass is immoral." Computer ethics is concerned with
normative issues which both proscribe and prescribe behavior, whereas laws
primarily proscribe behavior.
iii Domains of authority
When normative claims are made it is
reasonable to ask about the source of authority for these claims. If the SOURCE
for the claim is not considered authoritative then the normative claim is
denied. This pervasive, but fallacious, form of argument leads one to seek out the
sources of authority for ethical claims. The question about the source of
authority for a normative claim is distinct from the question "How does
one correctly discover the normative claims themselves?" There are three
primary sources of normative claims; society as a whole, professions, and
individuals. The claim that "War is wrong." is supported by the
values of society that seeks to further the common good. The claim that
"You should work hard" is supported by the agreement you made with
your employer when you accepted a salary. The claim that you should keep your
promises is supported by individual commitments to truth telling. Ethical
discussions sometimes get clouded when we bring to bear items relevant to one
domain to discussions in another domain. My friend's bad back may be relevant
to my decision to help her clean her yard, but it is not relevant to the social
domain value "War ought to be prevented."
Some ethical conflicts arise when there are
conflicting normative claims between domains. Society's value of survival
demands the delivery of safe nuclear power plants, while the power plant
designer's value of continuing business might demand pre-mature delivery.
Conflicts also arise within a domain.
One way in which we resolve these conflicts
is by prioritizing ethical values within domains and basing our reasoning about
ethical activity on these ordered values within a domain. The clarity of the
ordering of the values within and between these domains determines in part how
easy or difficult it is to resolve an ethical conflict. In the medical
profession, the value placed on human life is greater than the value placed on
preventing short term pain. In a situation where someone is choking, no one
will question the decision to induce a gagging pain to save the person's life.
The resolution of this value conflict is trivial because of the clear ordering
of the 'pain prevention' value and the 'life preserving' value.
There is real difficulty, however, when the
ordering of values is not clear or they are given an equal value within
domains. There are also problems when it is not clear which domain's value has
the higher priority. In whistle blowing cases, for example, there is generally
a conflict between loyalty to one's professional commitments and loyalty to
one's employer. Another example of conflicts across domains occurs in the
following. Suppose a child of a member of Jehovah's Witnesses will die if he is
not given a blood transfusion. There is a conflict between a religiously
founded normative belief against blood transfusion and the socially founded
normative belief in the right to life. The courts have made decisions here that
the right to life has a higher priority than the principle of respect for
religious convictions; and thus it is right to perform a blood transfusion.
Ethical issues become easier to solve as we clarify what the values are and
their priority. The ethical pluralism of today's society makes this very
difficult when working across domains.
B. Taxonomies
If we could clarify the priority of values
in computer ethics we could make normative judgements. This task has been made
more difficult by the confusions about computer ethics reflected in the various
taxonomies of computer ethics used in current textbooks. The organizational principles
of recent textbooks are based on either an examination of selected application
areas or an examination of selected popular generic issues [6]. If they are
organized by application area, then they
include chapters on: computers in banking, computers in schools, computers in
the workplace, and computers in society. If they are organized by generic
issue, then they include chapters on: fraud, hacking, privacy, unreliable
computers, and viruses. Both organizations, as catalogs of selected violations
of ethical principles, portray computer ethics as a purely proscriptive ethics.
Two assumptions of these approaches are 1) that their subject matter is
computer ethics and 2) that the reader can abstract the principles and values
of computer ethics from the stories catalogued.
I. Rapid evolution of the computing context
Both approaches suffer from at least three
difficulties. First, as catalogs of current favorite areas they have only
limited relevance. The rapidly changing computer technology brings new ethical
issues to prominence. For example, given the increased speed and graphic
capabilities of personal computers, computer pornography is becoming a major
ethical concern. As the technology changes there are new ethical issues which
these books do not address. They are limited catalogs, so if an individual is
not working in a specific application area or not engaged in one of the
"pop-crimes" then they are given no help in working through an
ethical issue. This yellow journalism of computing is not fruitful. There is no
generally useful help about computer ethics nor is there a model of encouraged
values. There is only a list of some proscribed behaviors.
ii. Just ordinary ethics
The second problem is that it is doubtful
that these approaches are even about computer ethics. These approaches always
include a claim that computer ethics is new [6, p 4], leading the reader to
look for new ways to resolve ethical problems. The generic issues they discuss,
however, can easily be subsumed under " ordinary" ethics. For
example, whether fraud is committed with a computer or a fountain pen, it is
still fraud. The computer can just do it a little faster.
iii. Missing domain - professionalism
The third and most significant problem with
this 'pop-ethics' approach is that there is little attention paid to the domain
of professional ethics --the values that guide the day to day activities of
computing professionals in their role as professionals. By 'computing
professional' I mean anyone involved in the design and development of computer
artifacts. Computer artifacts include things like: program documentation, test
plans and test cases, feasibility studies, source code, user manuals, system
maintenance manuals and design documents, that is, all the products of the
system development process. The ethical decisions made during the development
of these artifacts have a direct relationship to many of those issues discussed
in computer ethics textbooks. I believe many of those issues are the result of
bad computer ethical decisions made during software development. These root
professional ethics concerns are not mentioned in many of these texts.
The inclusion of every ethical problem as a
problem in computer ethics has caused considerable confusion. The textbooks
have mirrored the view of ethics presented in the mass media. When we talk
about computer ethics we should narrow the focus and talk about what is
different in computer ethics, viz., the computing context. We should talk about
professional computer ethics.
IV PROFESSIONAL ETHICS
A. Professional
In the literature [3] there are several
characteristics of a professional. The occupation of a professional, which is
primarily mental, generally requires advanced skill and training. Because of
this superior skill the professional is held liable if he misuses this
knowledge. The position of a professional generally involves some kind of
service to society such as practicing medicine or law.
Traditionally it has also included the
concept of autonomy. Some people [9] have argued that the concept of autonomy
no longer fits the concept of professional. They point to the existence of
professional organizations (PCS) and claim that there is no longer any autonomy
of judgement. I think the notion of autonomy is critical to the concept of a professional
and it is just as evident in a physician's decision while practicing in a PC as
it is for a computing professional working in a large corporation. When one
enters a physicians office, even one who belongs to a PC, the physician has
available a variety of cures for a particular ailment. They use their
professional judgement in determining which cure would be the best in any
particular case, or even if a cure is needed. The same thing is true for the
computing professional who, when presented with a particular problem, has
several standard and effective design methodologies to choose from. There is
still autonomy of judgement about how to achieve a particular end. There are,
of course, some constraints on the options that can be chosen. There are a standard
set of procedures that a physician goes through before recommending a
particular solution. There are also a set of standards in determining whether a
professional physician will exercise his skills in particular situations. If
they did not exercise autonomous judgement we would not consider them
professional. What would you think of a physician who, when asked by a patient
to cut off both of his arms at the elbow, said "I will do it right now. I
have been specially trained in surgery."? Even if the physician did this
in a highly skilled fashion, we would not say he was acting professionally.
Where was the exercise of professional judgement in using his surgical skills?
Accepting a role of professional carries with it a commitment to a set of ethical
principles.
B. Ethical Decisions
There are two things that set professional
ethics apart. The first is that ethical rules and judgements are made in a
particular context such as medicine and law. The contexts in which these judgements
are made alter the ordering of the application of moral rules. For example, in
medical ethics the principle of "informed consent" is a primary
ethical principle, whereas in journalistic ethics this principle has a much
weaker impact on ethical judgements. The "principle of
confidentiality" has different weights in different contexts. The
physician who learns of a patient's pregnancy in their role as a physician
requires stronger reasons to divulge this pregnancy then does the patient's
acquaintance who is asked by their own mother about the pregnancy. By analogy,
ethics for the computing professional is not another kind of ethics but it is
ethical rules and judgements applied in a computing context based on
professional standards and a concern for the user of the computing product. The
attitude of "let the buyer beware" is not the attitude of the
physician nor of the civil engineer, nor should it be the attitude of the
computing professional.
C. Service
I think the failure to see that computing
products are only used to serve the needs of others and the failure of the
professional to keep the welfare of the user in mind has led directly to
several instances of unethical behavior. There are several causes for these
failures. One cause is simple ignorance. We train computer scientists to solve
problems and the examples we use, such as finding the least common multiple
(LCM) for a set of numbers, portrays computing as merely a problem solving
exercise, analogous to doing a crossword puzzle. Solving the puzzle is an
interesting exercise, but it has no significant consequences.
One result of this attitude is seen when we
consider the case of a programmer who was asked to write a program that would
raise and lower a large x-ray device. The programmer wrote and tested his
solution to this puzzle. It successfully and accurately moved the device from
the top of the support pole to the top of the table. The difficulty with this
narrow problem solving approach was shown when an X-ray technician told a
patient to get off the table after a X-ray was taken and then the technician
set the height of the device to "table-top-height." The patient had
not heard the technician and was crushed under the machine. The programmer
solved a puzzle but didn't consider the user.
Only in academe do students write programs
which are designed to be thrown away or gather dust in the backs of their
closets. In all other contexts, computing is a service industry. All computing
artifacts are designed to be used. Computing has had a tendency not to see
itself as a service industry. Even the term "user" carries with it a
derogatory connotation. We are one of only two occupations that I know of whom
call their customers "users". There is a recent example of this
attitude before the courts. A defense contractor was asked to develop a
portable anti-aircraft system. The system the contractor developed effectively
destroys aircraft but it also occasionally kills the person who launched the
missile. The company has declared that this is not a legal problem because they
" are in full compliance with the specifications given to them by the
user." Being a professional involves using one's special skills to give
careful and constant consideration to the impact of the service on others. This
consideration is guided by a set of ethical principles.
D. Contexts
We have mistakenly understood computer
ethics as different from other professional ethics. When we look at medical
ethics, legal ethics, journalistic ethics, we have to distinguish the
practitioners of those ethics from the ethical principles they affirm. They
work in different contexts: medicine, law and journalism. When we talk of each
of these professional ethics we do not consider them as three different kinds
of ethics. The distinguishing characteristic among professional ethics is the
context in which they are applied. Because there are three contexts, it does
not follow that there are three distinct sets of ethical rules [4]. Nor does it
follow that computer ethics is a unique set of ethical principles that are yet
to be discovered.
V COMPUTER ETHICS
By analogy with other "ethics",
"Computer ethics" can be divided into two spheres. The first is a set
of ethical problems that can be reasoned about by analogy with most other
traditional ethical abuses -- fraud, theft, trespassing, etc. But, this should
not even be called COMPUTER ethics. Ethics for computing professionals is not
another kind of ethics but it is ethical values, rules and judgements applied
in a computing context based on professional standards and a concern for the
user of the computing artifact. It is this sense of computer ethics which has
received very little attention. Most of the attention has been directed at the
results of the failures of professional ethics or abuses using a computer.
Computer ethics is not a new ethics, but ethics in a professional context.
Computer ethics should not be neglected because it is some new or esoteric
area.
A. Software Development
This understanding of computer ethics or
ethics in a computing context also has some direct implications on the way to
organize the domain of computer ethics. The starting point of computer ethics
should be organized around the standards for the way software is developed.
There are a prescribed series of steps called "the software development
life cycle," which are followed by practicing computer scientists in the
development of any piece of software. The discussion about computer ethics
should be about how ethical rules apply at each of these steps. Organizing the
material around the way software is developed, rather than organizing it around
a limited set of application areas, makes the subject relevant to what the
professional does in ANY application area.
This organization of the subject makes it
responsive to change. As the way software is developed responds to changing
technology, or as the area in which the professional works changes; the focus
of the discussion changes.
With the change in the technology of
programming languages there has been a corresponding change in the application
of professional values, such as 'cause no harm'. For example, in the
design-phase, the choice of a computer language for a life critical system
might have moral implications. If the language is too hard to modify or
understand then one puts people at risk and violates principles of good system
design by choice of that language. This was not a major issue when there was
only a single generation of programming languages.
None of the computer ethics text has a
section on 'computers in the library'. Yet, there are professional issues which
can arise in that context. When working for a library, there is nothing illegal
about the development of a file which connects patron's names to the titles of
books they have read. The development of such a file, nevertheless, has the
potential for the violation of several moral rules, such as the violation of
privacy and the deprivation of pleasure because one does not feel free to read
what one wants to read. This organization of the subject is not limited in the
three ways discussed above [8]. The emphasis on professional ethics is
responsive to technological evolution, is not limited to selected application
areas, and is consistent as a professional ethics.
B. Determining The Standards
Thus far we have seen that ethical problems
can be solved and that computer ethics is like other professional ethics. We
have eliminated some specious arguments against standards in computer ethics.
The question remains, "How does one determine the standards?" As we
saw earlier, much of the literature is preoccupied with denying there is any
moral consensus.
One theory for deriving agreed upon ethical
standards which fits professionalism best is called the rational contractor
theory. This theory is one of a group of "ideal observer theories" ,
where the ideal observer gives the judgement a degree of objectivity. The
rational contractor theory presumes that we can talk about a situation in which
everyone can be gotten together in a group and that each person is ignorant of
their special circumstances, those circumstances which might prejudice one's
decisions. Imagine a situation where these people come together to determine
the ethical rules. Because they are ignorant of their own circumstance they are
unlikely to promulgate rules directed at special circumstances. They won't make
rules which will hurt people over 50 years old, because they might be over 50
years of age. They will generate rules such as "cause no pain." This
is a way of discovering ethical standards [10].
There are two types of ethical regulations
which they will arrive at: moral rules and moral ideals. Moral rules are
examples of moral minimalism. Moral minimalism emphasizes ethical prohibitions,
e.g., cause no avoidable harm. It does not say prevent harm. Here is an example
of a consultant who was a moral minimalist. Suppose a consultant were asked, by
a nuclear power plant manufacturer, to develop a test suite to demonstrate the
safety of a proposed nuclear power plant. The company realizes that the plant will
not pass the tests, so it pays the consultant and never tells anyone about the
tests. If the consultant does nothing, he is exercising moral minimalism; he
did not do anything overtly to hurt anyone. Moral minimalism or just following
moral rules is passive. You can follow moral rules all the time, so you can be
held responsible for them all the time. While reading this, you are following
the moral rules against causing pain and against deception. These can be
followed all the time, so I am justified in imposing some form of sanction if
you disobey them.
Moral ideals, on the other hand, include
things like 'help everyone as much as you can', and 'prevent pain'. They are
principles you cannot follow all the time and as such I cannot impose sanctions
for your failure to follow them. As you are reading this you are not following
the moral ideal to prevent evil, but it would be unreasonable to punish you for
this failure. A moral ideal is a goal you can aspire to achieve. The rational
contractor theory is a model of the way standards are derived in professions.
Professionals, either as individuals or as groups, set standards for all work
done in that particular professional role.
C. Reasoning
To make ethical choices we have to engage in
moral reasoning. As we have already seen, the generalized non-computability
fallacy and the generalized NP fallacy cannot be used as evidence against moral
reasoning. Moral reasoning is something we do every day when we make decisions
about how to act based on the priority of moral rules. There have been several
attempts to derive a set of moral rules. Bernard Gert, in his book Morality
[7, p.285] derives such a set of rules. The rules at a general level include
things like do "not encourage acts which cause evil." The evils that
should not be encouraged include things like death and pain. In medical ethics
the priorities between these two evils are clear. The physician would preserve
life at all costs. Now there has been some question about the priority of these
two values so the decision about what to do with a terminally ill patient who
is in constant unmanageable pain has become a hard problem in medical ethics.
Some specific rules are: don't disable, don't deprive of freedom, and don't
deceive.
How does this relate to computing? What does
"don't deprive of freedom" have to do with computing? Suppose in
developing an accounting package for a client, a consultant does a shoddy job
in the development of the user interface. The accounting staff becomes
belligerent about using the newly installed system. Because of this uproar,
upper level management declines to support further enhancements to the
accounting system. This has limited the account managers freedom to improve the
system she works with. I have a moral obligation to do a better job.
D. The Computing Professional
What is involved in being a professional?
When I present myself in the role of a computer professional to you, I say that
I have the skill, the talent and the experience to do this job well and I say
that I have the moral commitment to this set of rules or ones quite like it and
a derivative commitment to a set of standards about software development. This
is computer ethics. It is not the kind of thing where we say let the buyer
beware. There is a commitment to the user. We would not call the physician who
cut off both of the patient's arms a professional. Where was the judgement
about the user's welfare? This judgement was lacking in the X-ray raising
device program. Where was the consideration about the user? This was a problem
in computer ethics. The programmer could have asked about how the program is
related to a safety switch. He could have designed the program so that it would
at least pause, so that it could be determined that no one was still on the
table, before going to "table-height."
There are standards for developing computing
artifacts which, when tempered by professional values, are the domain of
computer ethics. We can talk about the way in which we write code, the way in
which we produce documentation as ethical issues. With this narrower focus on
computer ethics we can provide some standards about the way computing is done.
Let us look at some examples of applications of computer ethics.
Consider a case where someone builds a user
interface for a color terminal. The programmer takes it upon herself to modify
the system so it can determine whether users are color blind as they key in
their names. This information is used by the system to present the best color
combinations on the video display. The marketing manager gets wind of this. He
has the programmer's boss request that the programmer modify the interface to
collect the names of those whom it discovers are color blind and forward the
names to the marketing department. The programmer is smart enough to realize
that there is a significant privacy issue here. What can the programmer do?
When I have used this example before, there
have been two typical responses. One response is to say they will modify the
program as requested out of concern for their job; the other response is to say
they will quit their job. These are seen as the only two alternatives. People
have the mistaken notion that they must be moral heroes when dealing with
ethical issues. The fallacy of black and white reasoning is common in ethical
discussion. The way it is manifested in ethical discussion is to assert that
one either does the misdeed and by so doing endorses the immorality or votes
with their briefcase and quits their job. There are several options that can be
used to resolve this problem. If the privacy principle is more important than
the commitment to truth telling, the programmer could say they made a mistake
and the program doesn't really do what she had planned for it to do. The
programmer could avoid the conflict between the privacy principle and the truth
telling principle. She could raise questions about how the customers might
react if they knew this information was being secretly collected on them.
Solutions to this case do not require one to be a moral hero and quit their job
to be ethical.
This case is interesting because it involves
good intentions, but the implementation of those intentions led to an ethical
situation. She used the customer names and she did not inform the customer what
the program was doing. There is also the problem that this situation only came
about because the programmer was not thinking about the privacy rights of the
user when she designed the system, a failure of professional ethics.
The case of Therac 25, a x-ray device that
was responsible for several deaths, has received considerable media attention.
The case has recently been settled out of court. In what follows I am relying
on media descriptions which may lack accuracy. The points here are still good
examples of computer ethics problems even if this were merely a hypothetical
case. There was an incident where a patient reported that he had been overdosed
with radiation while having his tumor treated by the Therac. The builders of
the Therac were informed of this difficulty and they reran the initial system
test suite and found no errors. Such behavior would indicate a failure of
computer ethics. A computer professional should realize that merely rerunning
the original test suite is an inadequate response to this situation. It is
known that the testing cannot find all errors. A new situation in the use of
the Therac should have, at least, required an examination of the conditions
which precipitated the problematic situation. After this patient died of
radiation overdose and another patient died in the same way. The events which
preceded the problem where finally examined. The problem occurred if the
setting of the machine was changed in a particular manner then the machine
would administer an overdose. This type of change required the use of the
up-arrow key on the terminal key-board. When this was discovered the
manufacturer notified all users of the Therac 25 and had them pry-off the
up-arrow keys and cover the space with electrical tape. This is a failing of professional
ethics. The manufacturer had not located the cause of the problem, but only one
of its symptoms. It is known that errors in programs tend to cluster. If an
error is found in a particular module, then when another error occurs, the best
place to look is in the module where the first error was found. The Therac had
a software difficulty that allowed a race condition to occur. Prying up the key
did not modify the software. Within a year another patient dies because of an
error in the same location in the software. The failure to fix the software was
a failure of computer ethics.
How could one have resolved this difficulty
if they merely worked in the Therac maintenance shop? Again there are a variety
of approaches. Using the professional judgement about the location of errors,
one could simply inform their superiors of the potential for another disaster
and the likelihood of legal suites if another death occurred. If one is lucky,
this would be sufficient to persuade them to look further for the cause. It is
interesting here that this is a technical solution to a moral problem. Many
moral difficulties in computer science have technical solutions.
E. The Non-Professional
We have seen a consistent approach to
computer ethics, which avoids many difficulties with other approaches. There is
one remaining concern. Where does this leave the non-professional? How can we
talk about computer ethics for the non-professional? The professional physician
sets the standards for practicing medicine. The physician will use an
antiseptic to avoid infection before bandaging a wound. A non-physician who
knows this standard would act unethically if they chose not to use the
antiseptic. The professional develops the standards for a particular context,
and adherence to these standards become our guide for moral action.
VI CONCLUSION
Computer ethics, as presented here, is
modeled on other professional ethics. It can use moral reasoning models which
are similar to those in other professional ethics. The theory of computer ethics
we have presented does not limit the examination of critical concerns like the
impact of technology on the nature of work or computer fraud. The theory puts
these concerns in other ethical categories. The former is a concern of
sociology and the latter is a concern of property rights.
Computer practitioners do not have a single
representative organization which can control membership in the profession;
there is no representative organization to impose sanctions for the violations
of professional behavior.
The absence of a single organization does
not impede the development of professional ethics standards. The focus of this
approach to computer ethics is on the individual professional's responsibility
in the practice of their craft. As the standards of this craft are being
developed, so are the standards of professional computer ethics. Computer
ethics as presented here will lead to the development of better computing
artifacts.
REFERENCES
1. An earlier
version of this paper was originally presented on 9/12/90 as part of a lecture
series on Computers and Ethics sponsored by the Rose-Hulman Institue of
Technology and the GTE Corporation Lectureship Program.
2. Richard H.
Austing, Lillian Cassel, Computers in Focus, Monterey, CA.: Brooks-Cole
1986.
3. Michael Baylis,
Professional Ethics, Belmont, CA.: Wadsworth 1981
4. This position
should not be confused with ethical relativism. I am not maintaining that there
are no ethical truths, but that the contexts effects the ordering of these
rules.
See [3] pages 5 and following for a similar
view about contexts and professional ethics.
5. Computers and
the Quality of Life, Washington DC 9/13-16/90 sponsored by ACM, SIGCAS and
SIGCAPH
6. Tom Forester,
Perry Morrison; Computer Ethics, MIT Press 1990.
7. Bernard Gert,
Morality, Oxford University Press, 1988.
8. Donald
Gotterbarn, "A Workshop Report: Software Engineering Ethics," The
Journal of Systems and Software, v 11, 1990 ]
9. Deborah
Johnson, Computer Ethics, Prentice Hall, 1985]
10. Research being
done at Bowling Green State University by Leventhal, Instone and Chilson has
shown empirical support for the application of this theory to computer ethics.
Their work unlike Parker's, was with a group with a homogeneous expertise in
computer science. Their work shows an identifiable convergence of response,
with only slight variations on some issues based on experience or gender
differences. See Leventhal, et. al., "Another View of Computer Science
Ethics: Patterns of Responses among computer scientists," in The Journal
of Systems and Software, January 1992.
11. James Moor,
"What is Computer Ethics? ," in Computers and Ethics,
Terrel Ward Bynum ed.; Basil Blackwell, 1985
p 272.
12. Donn B.
Parker, Ethical Conflicts in Computer Science and Technology, AFIP
Press, no date but based on meetings in 1977.
13. Donn B.
Parker, Ethical Conflicts in Information and Computer Science, Technology,
and Business, QED Information Sciences, Inc. 1990.
14. Donn
Parker,"Ethical Dilemmas in Computer Technology," in Ethics and
the Management of Computer Technology, edited by W. Michael Hoffman and
J.M. Moore, Oelgeschlager, Gunn & Hain 1982, p. 54.
15. Eugene H.
Spafford, Kathleen A. Heaphy, and David J. Ferbrache, "Computer Viruses:
Dealing with Electronic Vandalism and Programmed Threats". ADAPSO,
Arlington, VA, 1989; points out that HR-5062, a House bill introduced to make
computer viruses illegal can't even be applied to viruses. " It provides
penalties only in cases where PROGRAMS are introduced into computer systems; a
computer virus is a segment of code attached to an existing program that
modifies other programs to include a copy of itself."