Ethics and Professional Responsibility in Computing


Computing professionals have ethical obligations to clients, employers, other professionals, and the public, in fulfilling their professional responsibilities. These obligations are expressed in codes of ethics, which can be used to make decisions about ethical problems.



Ethics and Professional Responsibility in Computing1

Michael C. Loui2
Department of Electrical and Computer Engineering
University of Illinois at Urbana-Champaign

Keith W. Miller3
Department of Computer Science
University of Illinois at Springfield

August 23, 2007

Abstract. Computing professionals have ethical obligations to clients, employers, other professionals, and the public, in fulfilling their professional responsibilities. These obligations are expressed in codes of ethics, which can be used to make decisions about ethical problems.

Key Words: ethics, profession, moral responsibility, liability, trust, informed consent, peer review, whistle-blowing, code of ethics, ethical decision-making

1 The views, opinions, and conclusions expressed in this article are not necessarily those of the University of Illinois or the National Science Foundation.

2 Address for correspondence: Coordinated Science Laboratory, 1308 W. Main St., Urbana, IL 61801, USA. Telephone: (217) 333-2595. E-mail: loui AT uiuc DOT edu. Supported by the National Science Foundation under Grant EEC-0628814.

3 Address for correspondence: UIS, CSC, UHB 3100; One University Plaza; Springfield, IL 62703, USA. Telephone: (217) 206-7327. E-mail: miller DOT keith AT uis DOT edu.

1. Introduction

Computing professionals perform a variety of tasks: they write specifications for new computer systems, they design instruction pipelines for superscalar processors, they diagnose timing anomalies in embedded systems, they test and validate software systems, they restructure the back-end database of an inventory system, they analyze packet traffic in a local area network, and they recommend security policies for a medical information system. Computing professionals are obligated to perform these tasks conscientiously, because their decisions affect the performance and functionality of computer systems, which in turn affect the welfare of the systems’ users directly and that of other people less directly. For example, the software that controls the automatic transmission of an automobile should minimize gasoline consumption, and more important, ensure the safety of the driver, any passengers, other drivers, and pedestrians.

The obligations of computing professionals are similar to the obligations of other technical professionals, such as civil engineers. Taken together, these professional obligations are called professional ethics. Ethical obligations have been studied by philosophers and articulated by religious leaders for many years. Within the discipline of philosophy, ethics encompasses the study of the actions that a responsible individual ought to choose, the values that an honorable individual ought to espouse, and the character that a virtuous individual ought to have. For example, everyone ought to be honest, fair, kind, civil, respectful, and trustworthy. Besides these general obligations that everyone shares, professionals have additional obligations that arise from the responsibilities of their professional work and their relationships with clients, employers, other professionals, and the public.

The ethical obligations of computing professionals go beyond complying with laws or regulations; laws often lag behind advances in technology. For example, before the passage of the Electronic Communications Privacy Act of 1986 in the United States, government officials did not require a search warrant to collect personal information transmitted over computer communication networks. Nevertheless, even in the absence of a privacy law before 1986, computing professionals should have been aware of the obligation to protect the privacy of personal information.

2. What Is a Profession?

Computing professionals include hardware designers, software engineers, database administrators, system analysts, and computer scientists. In what ways do these occupations resemble recognized professions such as medicine, law, engineering, counseling, and accounting? In what ways do computing professions resemble occupations that are not traditionally thought of as professions, such as plumbers, fashion models, and sales clerks?

Professions that exhibit certain characteristics are called strongly differentiated professions (1). These are the professions such as physicians and lawyers, who have special rights and responsibilities. The defining characteristics of a strongly differentiated profession are specialized knowledge and skills, systematic research, professional autonomy, a robust professional association, and a well defined social good associated with the profession.

Members of a strongly differentiated profession have specialized knowledge and skills, often called a “body of knowledge,” gained through formal education and practical experience. Although plumbers also have special knowledge and skills, education in the trades such as plumbing emphasizes apprenticeship training rather than formal education. An educational program in a professional school teaches students the theoretical basis of a profession, which is difficult to learn without formal education. A professional school also socializes students to the values and practices of the profession. Engineering schools teach students to value efficiency and to reject shoddy work. Medical schools teach students to become physicians, and law schools teach future attorneys. Because professional work has a significant intellectual component, entry into a profession often requires a post-baccalaureate degree such as the M.S.W. (Master of Social Work) or the Psy.D. (Doctor of Psychology).

Professionals value the expansion of knowledge through systematic research—they do not rely exclusively on the transmission of craft traditions from one generation to the next. Research in a profession is conducted by academic members of the profession, and sometimes by practitioner members too. Academic physicians, for example, conduct medical research. Because professionals understand that professional knowledge always advances, professionals should also engage in continuing education by reading publications and attending conferences. Professionals should share general knowledge of their fields, rather than keeping secrets of a guild. Professionals are obligated, however, to keep specific information about clients confidential.

Professionals tend to have clients, not customers. Whereas a sales clerk should try to satisfy the customer’s desires, the professional should try to meet the client’s needs (consistent with the welfare of the client and the public). For example, a physician should not give a patient a prescription for barbiturates just because the patient wants the drugs, but only if the patient’s medical condition warrants the prescription.

Because professionals have specialized knowledge, clients cannot fully evaluate the quality of services provided by professionals. Only other members of a profession, the professional’s peers, can sufficiently determine the quality of professional work. The principle of peer review underlies accreditation and licensing activities: members of a profession evaluate the quality of an educational program for accreditation, and they set the requirements for the licensing of individuals. For example, in the United States, a lawyer must pass a state’s bar exam to be licensed to practice in that state. (Most states have reciprocity arrangements—a professional license granted by one state is recognized by other states.) The license gives professionals legal authority and privileges that are not available to unlicensed individuals. For example, a licensed physician may legitimately prescribe medications and perform surgery, activities that should not be performed by people who are not medical professionals.

Through accreditation and licensing, the public cedes control over a profession to members of the profession. In return for this autonomy, the profession promises to serve the public good. Medicine is devoted to advancing human health, law to the pursuit of justice, engineering to the economical construction of safe and useful objects. As an example of promoting the public good over the pursuit of self interest, professionals are expected to provide services to some indigent clients without charge. For instance, physicians volunteer at free clinics, and they serve in humanitarian missions to developing countries. Physicians and nurses are expected to render assistance in cases of medical emergency—for instance, when a train passenger suffers a heart attack. In sum, medical professionals have special obligations that those who are not medical professionals do not have.

The purposes and values of a profession, including its commitment to a public good, are expressed by its code of ethics. A fortiori, the creation of a code of ethics is one mark of the transformation of an occupation into a profession.

A profession’s code of ethics is developed and updated by a national or international professional association. This association publishes periodicals and hosts conferences to enable professionals to continue their learning and to network with other members of the profession. The association typically organizes the accreditation of educational programs and the licensing of individual professionals.

Do computing professions measure up to these criteria for a strongly differentiated profession? To become a computing professional, an individual must acquire specialized knowledge about discrete algorithms and relational database theory, and specialized skills such as software development techniques and digital system design. Computing professionals usually learn this knowledge and acquire these skills by earning a baccalaureate degree in computer science, computer engineering, information systems, or a related field. As in engineering, a bachelor’s degree currently suffices for entry to the computing professions. The knowledge base for computing expands through research in computer science conducted in universities and in industrial and government laboratories.

Like electrical engineers, most computing professionals work for employers, who might not be the professionals’ clients. For example, a software engineer might develop application software that controls a kitchen appliance; the engineer’s employer might be different from the appliance manufacturer. Furthermore, the software engineer should prevent harm to the ultimate users of the appliance, and others who might be affected by the appliance. Thus, the computing professional’s relationship with a client and with the public might be indirect.

The obligations of computing professionals to clients, employers, and the public are expressed in several codes of ethics. Section 5 below reviews two codes that apply to computing professionals.

Although the computing professions meet many criteria of other professions, they are deficient in significant ways. Unlike academic programs in engineering, relatively few academic programs in computing are accredited. Furthermore, in the United States, computing professionals can not be licensed, except that software engineers can be licensed in Texas. As of this writing, the Association for Computing Machinery (ACM) has reaffirmed its opposition to state-sponsored licensing of individuals (2). Computing professionals may earn proprietary certifications offered by corporations such as Cisco, Novell, Sun, and Microsoft. In the United States, the American Medical Association dominates the medical profession, and the American Bar Association dominates the legal profession, but no single organization defines the computing profession. Instead, there are multiple distinct organizations, including the ACM, the Institute of Electrical and Electronics Engineers (IEEE) Computer Society, and the Association of Information Technology Professionals (AITP). Although these organizations cooperate on some projects, they remain largely distinct, with separate publications and codes of ethics.

Regardless of whether computing professions are strongly differentiated, computing professionals have important ethical obligations, as explained in the remainder of this article.

3. What Is Moral Responsibility in Computing?

In the early 1980s, Atomic Energy of Canada Limited (AECL) manufactured and sold a cancer radiation treatment machine called the Therac-25, which relied on computer software to control its operation. Between 1985 and 1987, the Therac-25 caused the deaths of three patients and serious injuries to three others (3). Who was responsible for the accidents? The operator who administered the massive radiation overdoses, which produced severe burns? The software developers who wrote and tested the control software, which contained several serious errors?

The system engineers who neglected to install the backup hardware safety mechanisms that had been used in previous versions of the machine? The manufacturer, AECL? Government agencies? We can use the Therac-25 case to distinguish between four different kinds of responsibility (4, 5).

Causal responsibility. Responsibility can be attributed to causes: for example, “the tornado was responsible for damaging the house.” In the Therac-25 case, the proximate cause of each accident was the operator, who started the radiation treatment. But just as the weather cannot be blamed for a moral failing, the Therac-25 operators cannot be blamed because they followed standard procedures, and the information displayed on the computer monitors was cryptic and misleading.

Role responsibility. An individual who is assigned a task or function is considered the responsible person for that role. In this sense, a foreman in a chemical plant may be responsible for disposing of drums of toxic waste, even if a forklift operator actually transfers the drums from the plant to the truck. In the Therac-25 case, the software developers and system engineers were assigned the responsibility of designing the software and hardware of the machine. Insofar as their designs were deficient, they were responsible for those deficiencies because of their roles. Even if they had completed their assigned tasks, however, their role responsibility may not encompass the full extent of their professional responsibilities.

Legal responsibility. An individual or an organization can be legally responsible, or liable, for a problem. That is, the individual could be charged with a crime, or the organization could be liable for damages in a civil lawsuit. Similarly, a physician can be sued for malpractice. In the Therac-25 case, AECL could have been sued. One kind of legal responsibility is strict liability: if a product injures someone, then manufacturer of the product can be found liable for damages in a lawsuit, even if the product met all applicable safety standards and the manufacturer did nothing wrong. The principle of strict liability encourages manufacturers to be careful, and it provides a way to compensate victims of accidents.

Moral responsibility. Causal, role, and legal responsibilities tend to be exclusive: if one individual is responsible, then another is not. In contrast, moral responsibility tends to be shared: many engineers are responsible for the safety of the products that they design, not just a designated safety engineer. Furthermore, rather than assign blame for a past event, moral responsibility focuses on what individuals should do in the future. In the moral sense, responsibility is a virtue: a “responsible person” is careful, considerate, and trustworthy; an “irresponsible person” is reckless, inconsiderate, and untrustworthy.

Responsibility is shared whenever multiple individuals collaborate as a group, such as a software development team. When moral responsibility is shared, responsibility is not atomized to the point at which no one in the group is responsible. Rather, each member of the group is accountable to the other members of the group and to those whom the group’s work might affect, both for the individual’s own actions and for the effects of their collective effort. For example, suppose a computer network monitoring team has made mistakes in a complicated statistical analysis of network traffic data, and these mistakes have changed the interpretation of the reported results. If the team members do not reanalyze the data themselves, they have an obligation to seek the assistance of a statistician who can analyze the data correctly. Different team members might work with the statistician in different ways, but they should hold each other accountable for their individual roles in correcting the mistakes. Finally, the team has a collective moral responsibility to inform readers of the team’s initial report about the mistakes and the correction.

Moral responsibility for recklessness and negligence is not mitigated by the presence of good intentions or by the absence of bad consequences. Suppose a software tester neglects to sufficiently test a new module for a telephone switching system, and the module fails. Although the subsequent telephone service outages are not intended, the software tester is morally responsible for the harms caused by the outages. Suppose a hacker installs a keystroke logging program in a deliberate attempt to steal passwords at a public computer. Even if the program fails to work, the hacker is still morally responsible for attempting to invade the privacy of users.

An individual can be held morally responsible both for acting and for failing to act. For example, a hardware engineer might notice a design flaw that could result in a severe electrical shock to someone who opens a personal computer system unit to replace a memory chip. Even if the engineer is not specifically assigned to check the electrical safety of the system unit, the engineer is morally responsible for calling attention to the design flaw, and the engineer can be held accountable for failing to act.

Computing systems often obscure accountability (5). In particular, in an embedded system such as the Therac-25, the computer that controls the device is hidden. Computer users seem resigned to accepting defects in computers and software that cause intermittent crashes and losses of data. Errors in code are called “bugs,” regardless of whether they are minor deficiencies or major mistakes that could cause fatalities. In addition, because computers appear to act autonomously, people tend to blame the computers themselves for failing, instead of the professionals who designed, programmed, and produced the computers.

4. What Are the Responsibilities of Computing Professionals?

Responsibilities to Clients and Users

Whether a computing professional works as a consultant to an individual or as an employee in a large organization, the professional is obligated to perform assigned tasks competently, according to professional standards. These professional standards include not only attention to technical excellence but also concern for the social effects of computers on operators, users, and the public. When assessing the capabilities and risks of computer systems, the professional must be candid: the professional must report all relevant findings honestly and accurately. When designing a new computer system, the professional must consider not only the specifications of the client, but also how the system might affect the quality of life of users and others. For example, a computing professional who designs an information system for a hospital should allow speedy access by physicians and nurses, yet protect patients’ medical records from unauthorized access; the technical requirement to provide fast access may conflict with the social obligation to ensure patients’ privacy.

Computing professionals enjoy considerable freedom in deciding how to meet the specifications of a computer system. Provided that they meet the minimum performance requirements for speed, reliability, and functionality, within an overall budget, they may choose to invest resources to decrease the response time rather than to enhance a graphical user interface, or vice versa. Because choices involve tradeoffs between competing values, computing professionals should identify potential biases in their design choices (6). For example, the designer of a search engine for an online retailer might choose to display the most expensive items first. This choice might favor the interest of the retailer, to maximize profit, over the interest of the customer, to minimize cost.

Even moderately large software artifacts (computer programs) are inherently complex and error-prone. Furthermore, software is generally becoming more complex. It is therefore reasonable to assume that all software artifacts have errors. Even if a particular artifact does not contain errors, it is extremely difficult to prove its correctness. Faced with these realities, how can a responsible software engineer release software that is likely to fail sometime in the future? Other engineers confront the same problem, because all engineering artifacts eventually fail.

Whereas most engineering artifacts fail because physical objects wear out, however, software artifacts are most likely to fail because of faults designed into the original artifact. The intrinsically faulty nature of software distinguishes it from light bulbs and I-beams, for example, whose failures are easier to predict statistically.

To acknowledge responsibilities for the failure of software artifacts, software developers should exercise due diligence in creating software, and they should be as candid as possible about both known and unknown faults in the software—particularly software for safety-critical systems, in which a failure can threaten the lives of people. Candor by software developers would give software consumers a better chance to make reasonable decisions about software before they buy it (7). Following an established tradition in medicine, Miller (8) advocates “software informed consent” as a way to formalize an ethical principle that requires openness from software developers. Software informed consent requires software developers to reveal, using explanations that are understandable to their customers, the risks of their software, including the likelihoods of known faults and the probabilities that undiscovered faults still exist.

The idea of software informed consent motivates candor, and also requires continuing research into methods of discovering software faults and measuring risk.

Responsibilities to Employers

Most computing professionals work for employers. The employment relationship is contractual: the professional promises to work for the employer in return for a salary and benefits. Professionals often have access to the employer’s proprietary information such as trade secrets, and the professional must keep this information confidential. Besides trade secrets, the professional must also honor other forms of intellectual property owned by the employer: the professional does not have the right to profit from independent sale or use of this intellectual property, including software developed with the employer’s resources.

Every employee is expected to work loyally on behalf of the employer. In particular, professionals should be aware of potential conflicts of interest, in which loyalty might be owed to other parties besides the employer. A conflict of interest arises when a professional is asked to render a judgment, but the professional has personal or financial interests that may interfere with the exercise of that judgment. For instance, a computing professional may be responsible for ordering computing equipment, and an equipment vendor owned by the professional’s spouse might submit a bid. In this case, others would perceive that the marriage relationship might bias the professional’s judgment. Even if the spouse’s equipment would be the best choice, the professional’s judgment would not be trustworthy. In a typical conflict of interest situation, the professional should recuse herself: that is, the professional should remove herself and ask another qualified person to make the decision.

Many computing professionals have managerial duties, and some are solely managers. Managerial roles complicate the responsibilities of computing professionals because managers have administrative responsibilities and interests within their organizations, in addition to their professional responsibilities to clients and the public.

Responsibilities to Other Professionals

While everyone deserves respect from everyone else, when professionals interact with each other, they should demonstrate a kind of respect called collegiality. For example, when one professional uses the ideas of a second professional, the first should credit the second. In a research article, an author gives credit by properly citing the sources of ideas due to other authors in previously published articles. Using these ideas without attribution constitutes plagiarism. Academics consider plagiarism unethical because it represents the theft of ideas and the misrepresentation of those ideas as the plagiarist’s own.

Because clients cannot adequately evaluate the quality of professional service, individual professionals know that their work must be evaluated by other members of the same profession. This evaluation, called peer review, occurs in both practice and research. Research in computing is presented at conferences and published in scholarly journals. Before a manuscript that reports a research project can be accepted for a conference or published in a journal, the manuscript must be reviewed by peer researchers who are experts in the subject of the manuscript.

Because computing professionals work together, they must observe professional standards. These standards of practice are created by members of the profession, or within organizations. For example, in software development, one standard of practice is a convention for names of variables in code. By following coding standards, a software developer can facilitate the work of a software maintainer who subsequently modifies the code. For many important issues for which standards would be theoretically appropriate, however, “standards” in software engineering are controversial, informal, or non-existent. An example of this problem is the difficulties encountered when the IEEE and the ACM attempted to standardize a body of knowledge for software engineering, to enable the licensing of software engineers.

Senior professionals have an obligation to mentor junior professionals in the same field. Although professionals are highly educated, junior members of a profession require further learning and experience to develop professional judgment. This learning is best accomplished under the tutelage of a senior professional. In engineering, to earn a P.E. license, a junior engineer must work under the supervision of a licensed engineer for at least four years. More generally, professionals should assist each other in continuing education and professional development, which are generally required for maintaining licensure.

Professionals can fulfill their obligations to contribute to the profession by volunteering. The peer review of research publications depends heavily on volunteer reviewers and editors, and the activities of professional associations are conducted by committees of volunteers.

Responsibilities to the Public

According to engineering codes of ethics, the engineer’s most important obligation is to ensure the safety, health, and welfare of the public. Although everyone must avoid endangering others, engineers have a special obligation to ensure the safety of the objects that they produce. Computing professionals share this special obligation to guarantee the safety of the public, and to improve the quality of life of those who use computers and information systems.

As part of this obligation, computing professionals should enhance the public’s understanding of computing. The responsibility to educate the public is a collective responsibility of the computing profession as a whole; individual professionals might fulfill this responsibility in their own ways. Examples of such public service to include advising a church on the purchase of computing equipment, and writing a letter to the editor of a newspaper about technical issues related to proposed legislation to regulate the Internet.

It is particularly important for computing professionals to contribute their technical knowledge to discussions about public policies regarding computing. Many communities are considering controversial measures such as the installation of Web filtering software on public access computers in libraries. Computing professionals can participate in communities’ decisions by providing technical facts. Technological controversies involving the social impacts of computers are covered in a separate article of this encyclopedia.

When a technical professional’s obligation of loyalty to the employer conflicts with the obligation to ensure the safety of the public, the professional may consider whistle-blowing, that is, alerting people outside the employer’s organization to a serious, imminent threat to public safety. Computer engineers blew the whistle during the development of the Bay Area Rapid Transit (BART) system near San Francisco (9). In the early 1970s, three BART engineers became alarmed by deficiencies in the design of the electronics and software for the automatic train control system, deficiencies that could have endangered passengers on BART trains. The engineers raised their concerns within the BART organization without success. Finally, they contacted a member of the BART board of directors, who passed their concerns to Bay Area newspapers. The three engineers were immediately fired for disloyalty. They were never reinstated, even when an accident proved their concerns were valid. When the engineers sued the BART managers, the IEEE filed an amicus curiae brief on the engineers’ behalf, stating that engineering codes of ethics required the three engineers to act to protect the safety of the public. The next section describes codes of ethics for computing professionals.

5. Codes of Ethics

For each profession, the professional’s obligations to clients, employers, other professionals, and the public are stated explicitly in the profession’s code of ethics or code of professional conduct. For computing professionals, such codes have been developed by, the Association for Computing Machinery (ACM), the British Computer Society (BCS), the Computer Society of the Institute of Electrical and Electronics Engineers (IEEE-CS), the Association of Information Technology Professionals (AITP), the Hong Kong Computer Society, the Systems Administrators Special Interest Group of USENIX (SAGE), and other associations. Two of these codes will be described briefly here: the ACM code and the Software Engineering Code jointly approved by the IEEE-CS and the ACM.

ACM is one of the the largest nonprofit scientific and educational organizations devoted to computing. In 1966 and 1972, the ACM published codes of ethics for computing professionals. In 1992, the ACM adopted the current Code of Ethics and Professional Conduct (10), which appears in Appendix #1. Each statement of the code is accompanied by interpretive guidelines. For example, the guideline for statement 1.8, Honor confidentiality, indicates that other ethical imperatives such as complying with a law may take precedence. Unlike ethics codes for other professions, one section of the ACM code states the ethical obligations of “organizational leaders,” who are typically technical managers.

The ACM collaborated with IEEE-CS to produce the Software Engineering Code of Ethics and Professional Practice (11). Like the ACM code, the Software Engineering Code also includes the obligations of technical managers. This code is notable in part because it was the first code to focus exclusively on software engineers, not other computing professionals. This code is broken into a short version and a long version. The short version comprises a preamble and eight short principles; this version appears in Appendix #2. The long version expands on the eight principles with multiple clauses that apply the principles to specific issues and situations.

Any code of ethics is necessarily incomplete—no document can address every possible situation. In addition, a code must be written in general language; each statement in a code requires interpretation to be applied in specific circumstances. Nevertheless, a code of ethics can serve multiple purposes (12, 13). A code can inspire members of a profession to strive for the profession’s ideals. A code can educate new members about their professional obligations, and tell nonmembers what they may expect members to do. A code can set standards of conduct for professionals and provide a basis for expelling members who violate these standards. Finally, a code may support individuals in making difficult decisions. For example, because all engineering codes of ethics prioritize the safety and welfare of the public, an engineer can object to unsafe practices not merely as a matter of individual conscience, but with the full support of the consensus of the profession. The application of a code of ethics for making decisions is highlighted in the next section.

6. Ethical Decision-Making for Computing Professionals

Every user of e-mail has received unsolicited bulk commercial e-mail messages, known in a general way as spam. (A precise definition of “spam” has proven elusive and is controversial; most people know spam when they see it, but legally and ethically a universally accepted definition has not yet emerged.) A single spam broadcast can initiate millions of messages. Senders of spam claim that they are exercising their free speech rights, and few laws have been attempted to restrict it. In the United States, no federal law prohibited spamming before the CAN-SPAM Act of 2003. Even now, the CAN-SPAM law does not apply to spam messages that originate in other countries. Although some prosecutions have occurred using the CAN-SPAM Act, most people still receive many e-mail messages that they consider spam.

Some spam messages may be deceptive—they may appear genuine—but others are completely accurate. Although most spamming is not illegal, even honest spamming is considered unethical by many people, for the following reasons. First, spamming has bad consequences: it wastes the time of recipients who must delete junk e-mail messages, and these messages waste space on computers; in addition, spamming reduces users’ trust in e-mail.

Second, spamming is not reversible: senders of spam do not want to receive spam. Third, spamming could not be allowed as a general practice: if everyone attempted to broadcast spam messages to wide audiences, computer networks would become clogged with unwanted e-mail messages, and no one would be able to communicate at all.

The three reasons advanced against spam correspond to three ways in which the morality of an action can be evaluated: first, whether on balance the action results in more good consequences than bad consequences; second, whether the actor would be willing to trade places with someone affected by the action; third, whether everyone (in a similar situation) could choose the same action as a general rule. These three kinds of moral reasons correspond to three traditions in philosophical ethics: consequentialism, Golden Rule, and duty-based ethics.

Ethical issues in the use of computers can also be evaluated through the use of analogies to more familiar situations. For example, a hacker may try to justify gaining unauthorized access to unsecured data by reasoning that because the data are not protected, anyone should be able to read it. But by analogy, someone who finds the front door of a house unlocked is not justified in entering the house and snooping around. Entering an unlocked house is trespassing, and trespassing violates the privacy of the house’s occupants.

When making ethical decisions, computing professionals can rely not only on general moral reasoning but also on specific guidance from codes of ethics, such as the ACM Code of Ethics (10). Here is a fictional example of that approach.

Scenario: XYZ Corporation plans to secretly monitor the Web pages visited by its employees, using a data mining program to analyze the access records. Chris, an engineer at XYZ, recommends that XYZ purchase a data mining program from Robin, an independent contractor, without mentioning that Robin is Chris’s domestic partner. Robin had developed this program while previously employed at UVW Corporation, without awareness of anyone at UVW.

Analysis: First, the monitoring of Web accesses intrudes on employees’ privacy; it is analogous to eavesdropping on telephone calls. Professionals should respect the privacy of individuals (ACM Code 1.7, Respect the privacy of others, and 3.5, Articulate and support policies that protect the dignity of users and others affected by a computing system). Second, Chris has a conflict of interest because the sale would benefit Chris’s domestic partner. By failing to mention this relationship, Chris was disingenuous (ACM Code 1.3, Be honest and trustworthy). Third, because Robin developed the program while working at UVW, some and perhaps all of the property rights belong to UVW. Robin probably signed an agreement that software developed while employed at UVW belongs to UVW. Professionals should honor property rights and 11 contacts (ACM Code 1.5, Honor property rights including copyrights and patent, and 2.6, Honor contracts, agreements, and assigned responsibilities).

Applying a code of ethics might not yield a clear solution of an ethical problem because different principles in a code might conflict. For instance, the principles of honesty and confidentiality conflict when a professional who is questioned about the technical details of the employer’s forthcoming product must choose between answering the question completely and keeping the information secret. Consequently, more sophisticated methods have been developed for solving ethical problems. Maner (14) has studied and collected what he calls “procedural ethics, step-by-step ethical reasoning procedures … that may prove useful to computing professionals engaged in ethical decision-making.” Maner’s list includes a method specialized for business ethics (15), a paramedic method (16), and a procedure from the U.S. Department of Defense (17). These procedures appeal to the problem-solving ethos of engineering, and they help professionals avoid specific traps that might otherwise impair a professional’s ethical judgment. No procedural ethics method should be interpreted as allowing complete objectivity or providing a mechanical algorithm for reaching a conclusion about an ethical problem, however, because all professional ethics issues of any complexity require subtle and subjective judgments.

7. Computing and the Study of Ethics: The Ethical Challenges of Artificial Intelligence and Autonomous Agents

Many ethical issues, such as conflict of interest, are common to different professions. In computing and engineering, however, unique ethical issues arise from the creation of machines whose outward behaviors resemble human behaviors that we consider “intelligent.” As machines become more versatile and sophisticated, and as they increasingly take on tasks that were once assigned only to humans, computing professionals and engineers must rethink their relationship to the artifacts they design, develop, and then deploy.

For many years, ethical challenges have been part of discussions of artificial intelligence. Indeed, two classic references in the field are by Norbert Wiener in 1965 (18) and by Joseph Weizenbaum in 1976 (19). Since the 1990s, the emergence of sophisticated “autonomous agents,” including Web “bots” and physical robots, has intensified the ethical debate. Two fundamental issues are of immediate concern: the responsibility of computing professionals who create these sophisticated machines, and the notion that the machines themselves will, if they have not already done so, become sufficiently sophisticated so that they will be considered themselves moral agents, capable of ethical praise or blame independent of the engineers and scientists who developed them. This area of ethics is controversial and actively researched. A full discussion of even some of the nuances is beyond the scope of this article. Recent essays by Floridi and Sanders (20), and Himma (21) are two examples of recent influential ideas in the area.


  1. A. Goldman. The Moral Foundation of Professional Ethics. Rowman & Littlefield: New Jersey, 1980.
  2. J. White and B. Simons, ACM’s position on the licensing of software engineers, Communications of the ACM, vol. 45, no. 11, p. 91, Nov. 2002.
  3. N. G. Leveson and C. S. Turner, An investigation of the Therac-25 accidents, Computer, vol. 26, no. 7, pp. 18–41, July 1993.
  4. J. Ladd, Collective and individual moral responsibility in engineering: some questions, IEEE Technology and Society Magazine, vol. 1, no. 2, pp. 3–10, June 1982.
  5. H. Nissenbaum, Computing and accountability, Communications of the ACM, vol. 37, no. 1, pp. 73–80, Jan. 1994.
  6. B. Friedman and H. Nissenbaum, Bias in computer systems, ACM Transactions on Information Systems, vol. 14, no. 3, pp. 330–347, July 1996.
  7. C. Kaner. Blog: Software customer bill of rights. (August 27, 2003). Retrieved June 23, 2007 from
  8. K. Miller, Software informed consent: docete emptorem, not caveat emptor, Science and Engineering Ethics, vol. 4, no. 3, pp. 357–362, July 1998.
  9. G. D. Friedlander, The case of the three engineers vs. BART, IEEE Spectrum, vol. 11, no. 10, pp. 69–76, Oct. 1974.
  10. R. Anderson, D. G. Johnson, D. Gotterbarn, and J. Perrolle, Using the new ACM code of ethics in decision making, Communications of the ACM, vol. 36, no. 2, pp. 98–107, Feb. 1993.
  11. D. Gotterbarn, K. Miller, and S. Rogerson, Software engineering code of ethics is approved, Communications of the ACM, vol. 42, no. 10, pp. 102–107, Oct. 1999.
  12. M. Davis, Thinking like an engineer: the place of a code of ethics in the practice of a profession, Philosophy and Public Affairs, vol. 20, no. 2, pp. 150–167, Spring 1991.
  13. D. Gotterbarn, Computing professionals and your responsibilities: virtual information and the software engineering code of ethics, Chapter 9, pp. 200–219, In Internet Ethics, ed. D. Langford, St. Martin’s Press, New York, 2000.
  14. W. Maner, Heuristic methods for computer ethics. Metaphilosophy, vol. 33, no. 3, pp. 339– 365, 2002.
  15. Mathison, D. L. Teaching an ethical decision model that skips the philosophers and works for real business students. Proceedings. New Orleans: National Academy of Management, 1987, pp. 1–9.
  16. W. R. Collins and K. Miller, A paramedic method for computing professionals, Journal of Systems and Software, vol. 17, no. 1, pp. 47–84, Jan. 1992.
  17. USDoD (1999). United States Department of Defense. Joint ethics regulation DoD 5500.7- R." Retrieved June 26, 2007 from
  18. N. Wiener (1965) Cybernetics: or the Control and Communication in the Animal and the Machine. MIT Press: Cambridge: MA.
  19. J. Weizenbaum (1976) Computer Power and Human Reason: From Judgment to Calculation. WH Freeman & Co.: New York, NY.
  20. L. Floridi and J. Sanders (2004). On the morality of artificial agents. Minds and Machines. vol. 14, no. 3, pp. 349-379, Aug. 2004.
  21. K. Himma (2004). There’s something about Mary: The moral value of things qua information objects. Ethics and Information Technology, vol. 6, no. 3, 145-159, Sep. 2004.

Reading List

  1. D. G. Johnson, Professional ethics, Chapter 3, pp. 54–80, In Computer Ethics, 3rd ed., Prentice Hall, Upper Saddle River, N. J., 2001.
  2. M. J. Quinn, Professional ethics, Chapter 9, pp. 365–403, In Ethics for the Information Age, Pearson / Addison-Wesley, Boston, 2005.
  3. H. Tavani, Professional ethics, codes of conduct, and moral responsibility, Chapter 4, pp. 87– 116, In Ethics and Technology: Ethical Issues in an Age of Information and Communication Technology, Wiley, New York, 2004.

Appendix 1: ACM Code of Ethics and Professional Conduct

Appendix 2: Software Engineering Code of Ethics and Professional Practice (short version)

Michael Loui, Keith W. Miller. . Ethics and Professional Responsibility in Computing. Online Ethics Center. DOI:.