Remember, for every software-based dark pattern or fraud out there, there was a software developer who implemented it. Before we throw stones, we, as a profession should get better about self-policing and cleaning our ethical house.
What a strange comparison. Would you consider it equally unjustified to hold construction engineers and architects responsible for constructing a death trap? Even if that is what the customer ordered?
It's probably not a coincidence that engineers and doctors are professionals well known to place their own ethical standards above their customers. It is expected that a doctor refuse to carry out a procedure that puts innocent people at harm.
A doctor can lose their license for malpractice. A lawyer can be disbarred. Architects and civil engineers will lose their license if they knowingly create an unsafe structure.
These professions have codified standards, licensing, and membership requirements for practitioners. There is a real incentive to conform and maintain your license because otherwise you cannot work. In these professions you know the standard of ethical behavior and you can reasonable expect your fellow professionals to also refuse questionable requests. An unethical client is going to have a hard time going down the street to find someone else who is willing to do what you won't.
I'm not trying to excuse the bad behavior of some software developers. My point is that the software industry and profession lacks much of what other professions have established in order to maintain high standards.
You're comparing situations where ethical violations put lives truly at risk with situations where someone is possibly induced into (but can fully opt-out of) a larger sales transaction?
Yes, and it seems to be a fair comparison to me. Both the unsafe situations and fraudulent situations can be avoided by the adherence to standards, which the software industry currently does not have. The other industries mentioned do, and they seem to work quite well.
Of course it seems like a fair comparison to you, it's your comparison. To everyone else, putting it as nicely as possible, it's very off. Software that has the potential to cause serious, directly attributable material harm to lives is already heavily regulated: The FDA regulates medical device software, the FAA regulates flight software, the FTC regulates communications software, etc. For everything else, there is court. If you buy a laptop with a lithium ion battery that explodes and causes you burns, you will probably be rewarded handsomely in a suit. If you want to sit here and try to argue in front of a judge that dark UI patterns are causing you some sort of material harm, by all means go for it in court. My advice to you is you probably won't get very far / laughed at.
One often overlooked relationship I find to this sort of argument is that economic harm is somehow independent of physical harm.
While in the purest theoretical sense, its obviously clear/true, the more we abstract parts of life away to monetary valuation and control, the more economic effects have real serious indirect physical consequences.
So someone lost a few bucks due to a manipulative ad? Most the time this has no serious consequences as devious as it may be. However, when lost assets become more significant or lead to serious economic distress, it can and does directly result in health effects that have physical consequence.
Obvious extreme examples include cases of financial ruin that lead to mental health distress leading to suicides. Small repeated loss could also lead to unhealthy lifestyles over time coupled with poor financial choices resulting in limited to no access to preventative healthcare... directly leading to a cause of death (say heart disease from poor dieting).
Practices of advertising from the tobacco industry in the past provide a good model for how these can effect peoples choices which over time had serious physical consequences--the main difference being the tobacco industry actually provided a dangerous product that their behaviours pushed. Arguably consumers have to actively make a choice to follow through but with enough data, people are tending to be more and more easily manipulated.
Software developers are not professional lawyers, businessmen or psychologists. It is therefore not their job to judge whether to implement functionality that sells things you don't have. The only way they could be held accountable in the ways tou want is if we force them to be expert in every field in existence so that whenever they implement software related to it they understand the implications fully.
> To everyone else, putting it as nicely as possible, it's very off.
As one of the other people, I disagree.
Also note that a lot of the trade regulation groups like the bar associations also ensure a good standing in the "community", so they would sanction whatever equivalent lawyers have to dark patterns, if they were frequent enough/egregious enough.
If I adhered to standards I would have forced password rotation (a shit policy) because the standards are behind me. They only recently changed. I was right all along. I literally protected people's data when the standards would have put them at risk. No, thank you.
It's a perfectly apt comparison. Software "engineers" are not actually engineers. We are not professionals, we are wage labor.
* No professional code of ethics.
* No professional body that oversees the profession and sets standards.
* No licensing or certification (except maybe in Canada).
I'm sure I'll get a bunch of flack for this, but it's well past time developers stopped indulging in classist self-flattery pretending they're the peers of doctors, lawyers, or accountants.
Lawyers are notorious for being mercenaries for hire. The most successful firms contract with corporations that take advantage of the law to their gain and society's detriment.
Medical doctors work for an industry that bankrupts sick people for being sick and and a huge number (if not a majority) of practicing doctors can be implicated in the opioid epidemic that has killed thousands and ruined countless lives.
Ethical contracts usually just lead to more politics imo. At the end of the day, we all bow to money in one way or another (some are just willing to bow lower than others).
Maybe we should stop pretending a profession can somehow make a person better than someone else in some sort of meta/ethical way.
Addendum: Personally I wish the law were more open to allowing people to defend themselves. A few years ago I went to court to defend myself in what I was sure was a simple misunderstanding in traffic court. Halfway through my second sentence (not in the legal sense), the judge interrupted me. Then the police officer tried to explain what he put in the ticket may not have been comprehensive. The judge cut him off too and decided it was in my best interest to "learn a lesson" and found me guilty of a violation I was not guilty of. The lesson I learned was if I had paid a lawyer $500 I would have gotten an honest hearing. I don't see the ethics or standards in that.
I don't follow your argument. Existence of the things you mention are not really the main distinguishing features of different socio-professional classes.
A programmer is still more like a lawyer in almost every conceivable way than they are like a bricklayer: level of education, social circles, work environment, pay, cultural values, etc.
(This has nothing to do with "self-flattery" unless you think I'm making some sort of value judgment about these different classes, as opposed to just describing them).
Lawyers will not commit malpractice because they would open themselves up to liability and damage their professional reputations.
In contrast, most software devs will code up whatever evil garbage features their bosses tell them to. They don't even have a concept of malpractice. Very rarely, one might quit, but they have no standing to say "no" to their employers and remain employed.
Michael Cohen had a law degree, dude. Christopher Duntsch had a medical degree. It's just people. They're not gods because they have some degree.
And that's only the named people. I don't know how many people you know in medicine or in law.
If you're unfamiliar with things being upcoded or out of network doctors substituting in late and then having patients incur massive fees, then maybe it's best to familiarize oneself.
And there are lawyers who specialize in getting the right rich guilty people out. The Razor didn't get the name by chance.
Why are you comparing coding up dark pattern feature to the malpractice? It's more comparable to, e.g. a patent troll's lawyer drafting a letter intended to bully a troll's victim into paying out of fear of litigation costs. Or reviewing a forcing arbitration agreement that a company intends to make all its employees to sign. Or other things that can be considered morally 'evil' but completely legal and wont get anyone sued for malpractice.
Amen! And as someone who is an actual licensed P.E., it still makes me a little angry when I see computer programmers who call themselves "engineers." This is technically illegal under some circumstances in many states, but rarely enforced.
The original meaning of engineer was: "A constructor of military engines; a person who designs and constructs military works for attack and defence."
It is first found in English in 1380, when I doubt any professional certification bodies existed.
Eventually it evolved to mean what you got your license in, and then evolved further to include things like "software engineers".
Unless you build engines, the word engineer to describe what you do is etymologically inaccurate. So why is your particular stage on the path of organic evolution of this word more valid than anyone else's?
That's true, which is why you wouldn't put P.E. after your name or represent yourself as a Mechanical Engineer etc... No one who knows what a PE is going to be confused by someone calling themselves a software engineer, and audio engineer, or a sanitation engineer.
I understand the other argument that the job title "Engineer" is being diluted, but that ship sailed a long time ago. There are way more people with engineer in their title than there are PEs so I doubt any widespread legislative attempt to change this would be successful. And it's not just software engineers. Plenty of people working as engineers with ABET accredited engineering degrees haven't passed the PE exam either.
It's not possible to actually become a licensed/professional software engineer as of April this year, at least in Florida. Florida requires that you pass the NCEES PE exam - not sure if there are other exam vendors used elsewhere in the US - and NCEES elected to stop offering the software engineer exam citing low demand:
I've spent all of 30 minutes studying this, so, hardly an expert. But it seems like the genesis and ongoing purpose of P.E. accreditation is to protect the health and safety of the public. There have certainly been some high profile examples of poor software engineering affecting health and safety - thinking about the Toyota acceleration issue and the VW emissions scandal - but I am wondering if people really think an accreditation body would prevent this sort of thing from happening. What would a Professional Software Engineer be, and why would they be inherently better or more qualified than what we have today?
> It's not possible to actually become a licensed/professional software engineer as of April this year, at least in Florida. Florida requires that you pass the NCEES PE exam - not sure if there are other exam vendors used elsewhere in the US - and NCEES elected to stop offering the software engineer exam citing low demand...
There's no demand because they made the process more or less impossible for developers to ever get to to the point where they take the PE exam.
First, the candidate has to pass one of the Fundamentals of Engineering exam to become an engineer-in-training. Except, whoops, there isn't a software specific FE; the most relevant one is the EE/Comp. E. exam. Take a look at the list of topics: https://ncees.org/wp-content/uploads/FE-Ele-CBT-specs.pdf Most developers aren't going to pass that even with a CS degree.
Secondly, you need 4-8 years of supervision by a licensed engineer. Again, whoops, there are barely any software developers with a PE license, so who would they get to supervise them?
Frankly, the situation was so absurd that one has to suspect that NCEES didn't want to certify software developers as PEs.
You can't really use engineering methodologies to guarantee public safety from software. Engineering wants to model behavior and add margin on the worst case scenario to make failure unlikely.
Provably correct software development is too slow and specialized to be economically feasible. Even formal correctness is not enough, you also need to defend against unpredictable hardware faults. No traditional engineering discipline needs to do this.
I disagree. An engineer is someone who applies a science to build a solution (aka a product). Mechanical/Electrical/Nuclear engineering is applied physics. Petrol/Chemical engineering is applied chemistry. Pharmaceuticals are applied biology. And finally, Software engineering is applied Computer Science.
The situation in Canada is that you cannot legally call yourself an "Engineer" unless you have a P.Eng license. While you do not need an engineering degree to undertake this, if you don't have one you will have to ask the licensing body to adjudicate on "equivalent experience" - not sure what happens if they don't agree but I expect you'd have to take some courses. The licensing itself requires at least a professional practice exam (and possibly technical ones) and work experience overseen by a P.Eng. Software developers can take this certification but it is not particularly useful to their career except in narrow circumstances.
I think this is a great point and perhaps if developers thoughts of it that way more they would take more initiative to create those things. If we don’t, they will and by they I mean people who will have limited understanding of the impact of those codes.
Pretty much every countries engineering certifying body does have a track for it professionals.
I do have to ask why all the self hate here why would a rational person what to degrade there profession do you want to be working in a blue collar job with worse working conditions?
For myself, I want software devs to recognize that they have more in common with blue collar workers than they do with their capitalist employers and act in solidarity. If it were up to me, there'd be a software guild akin to the Hollywood screenwriters guild, and it would set ethical standards and advocate for better pay and working conditions for people writing software.
In the case of most front end dark patterns, management or a designer is the equivalent of the architect and there is no Engineering involved to implement the design--just skilled labor.
In the case of something more complex, developers don't have the leverage of established regulatory bodies and guilds.
Developers don't always come up with dark patterns or fraud, but they implement them. It's possible to say no on ethical grounds, isn't it?
I was once asked to finish and deploy code that the previous dev had stolen from his old employer. I said no because the code was paid for by someone else and belonged to them. It wasn't a big deal -- my career didn't suffer.
I would find somewhere else to work if I had ethical concerns over what they were asking me to do. For example, the UK’s department of work and pensions was a contract the company I work for had at the time when there was a huge furore over IDS (a politician)’s policies.
If i had been assigned to work on that project I would have resigned.
I call those asshole user stories unless there is a logged story “as a user, I expect inventory prices to be accurate in real time.”
I don’t like user stories that are anti-customer and in the developer’s favor unless it’s clear that there’s a path to fairness.
The motivation to a system should be to have as current as possible pricing, not some nightly batch that shows cheaper, unavailable prices and pisses off people when the real price is actually checked.
I think it's not going to be so obvious. If you write a feature that is intended to deceive then sure, but the developer who wrote that feature was probably told "ok, if the inventory is below a certain threshold, then add this behavior". The feature itself is benign. Should a developer resign anytime they can concoct a theoretical way in which a feature they're writing could possibly be exploited?
So do you think that the correct way to make sure buildings have enough exits is to shame construction workers into not working on buildings that they think have too few exits? Keeping in mind that an individual worker may only have knowledge of a small section of the overall building.
To your point specifically how many low level German laborers were prosecuted for following orders to build a prison camp or lay railroad track?
Sure, but it usually comes from management on high, just as adding two dozen different tracking and adtech schemes to a single page does.
I've walked away from job offers where I found at interview I really didn't like the smell from how they were making money. I also recognise a 25 year old me might not have had the financial luxury to do so, or to just say no to a boss asking.
Were software a regulated profession like medicine or legal with an ethics body I'd be inclined to agree. Maybe it's time it was, but I suspect stronger consumer protection and treating dark patterns and policies as fraud would be a vastly cheaper route for all concerned.
Both the IEEE and ACM have codes of ethics. You don't need to have effectively a guild regulating entrance into a profession--which, if you take the requirements for a PE in other branches of engineering as a guide would probably exclude anyone without the appropriate degrees and other requirements--to have ethical standards.
> if you take the requirements for a PE in other branches of engineering as a guide would probably exclude anyone without the appropriate degrees and other requirements--to have ethical standards.
How would one know one is meeting ethical obligations if they havn't been educated. Password storage, for instance, it's not obvious to many people why plain-text password storage is bad -- it _still_ happens at companies to this very day.
I'm all for people being able to code and do their own work, just like you should be able to build your own shed or house as long as it meets building codes. Maybe we need the equivalent of building codes (except not proprietary). The GDPR and the California Consumer Privacy Act are sort-of the start of that, I think.
>How would one know one is meeting ethical obligations if they havn't been educated.
I probably wasn't clear. Ethics courses should probably be more common (and embedded in engineering curricula more) although they are certainly available.
My comment about the PE is that it typically requires, for example, a four-year bachelors degree in engineering in addition to other requirements. [1] Thus, moving to a more formal professional structure in this manner would basically exclude career shifters, boot camp grads, self-taught programmers, etc.
> I probably wasn't clear. ... My comment about the PE is that it typically requires, for example, a four-year bachelors degree in engineering in addition to other requirements.
I may not have been clear; how do you know you've built a building that fulfills your ethical obligations if you don't know how to determine so? i.e. you're ethically obligated as an engineer to not build something you know (have determined to the best of your knowledge) is unsafe to use, but how do you do that if you don't know how to? (Especially when there are _many_ people who could.)
Basically I'm saying that you can't have (professionally required) ethical obligations without also having the knowledge and ability to fulfill said obligations.
For issues that aren't a matter of life-or-death, like the vast majority of software, yeah, strict licensure is probably overkill and against the spirit hacking.
However, that people aren't licensed EEs doesn't prevent them from tinkering with arduinos or SDRs; they simply can't sell their skills specifically as an electrical engineer.
I think there is some sensible ground between where we are now and not being able to program without a license (which would be a dystopian nightmare). As I mentioned, clear "building codes", better and more comprehensive best practices (e.g. OWASP), and having said things built into contracts or projects designs from the start, not as afterthoughts (i.e. having business take said best practices seriously).
In the building case, you probably won't be the only set of eyes on it.
But to the greater point, I guess the ethical principle is don't do things that can put people at risk if you know you don't know what you're doing--much less put people at risk because you just don't care or want to take shortcuts.
If you think you know what you're doing but don't? I'm not sure how an ethics course or even a license is going to help there. Because you think you're doing things safely. Arguably, you're not even being unethical, just incompetent.
Now, a license is supposed to be something of a guarantee of a minimum level of competency. But it's pretty minimal. After all, it basically just means you do have an appropriate degree, have worked in the field under someone for a few years, and have passed some standardized test. All that suggests you know (or once knew) something about the basics, but not a lot more.
ADDED:
>However, that people aren't licensed EEs doesn't prevent them from tinkering with arduinos or SDRs; they simply can't sell their skills specifically as an electrical engineer.
In at least most states in the US, sure they can. (And in the ones that theoretically prohibit you from calling yourself an engineer if unlicensed, that's almost universally ignored.) I've known tons of people who have worked or work as electrical engineers and I'm sure few of them have PEs. You don't need a PE for most jobs. Though it's probably more common with civil engineering.
I think part of professionalization would include your professional organization having come up with a set of standards for password handling that must be followed under penalty of professional sanction, having those available online and in printed form, and having courses that programmers could take to help them work under those guidelines efficiently.
Programming seems like a job particularly suited for professionalization, simply because programmers have to constantly be learning new things, and that's a thing your local org could provide to keep the lights on rather than relying completely on dues payments. If they were a blanket organization, they could even control supply through raising standards, and could certainly detect wage-fixing collusion easier than individuals.
Having clear guidelines and a place to find instruction that supports those guidelines makes "If you think you know what you're doing but don't?" a pure ethical problem. You either checked or you didn't.
Maybe look to the National Association of Realtors for a framework.
I’ve quit jobs partially over ethical issues with the software I was being asked to write. Once at around 25 years old and once at around 35. Since we have no powerful guild or professional organization with teeth, responsibility for our conduct is our own. Judging by the down-votes, though, heaven forbid you suggest on HN that a developer should take ethical responsibility for their own actions!
>there was a software developer who implemented it. Before we throw stones, we, as a profession should get better about self-policing and cleaning our ethical house.
This would require self-reflection by a community who constantly denigrates Facebook and the like for their issues, but happily punch the clock and collect RSUs from the same companies. It's easier to simply blame your superiors.
> Remember, for every software-based dark pattern or fraud out there, there was a software developer who implemented it
I think you ended that sentence prematurely.... "..after their boss, marketing team, etc., told them to." I don't think I've ever met a dev who implements these things because they think it's a good idea.
I think things get murky with complex relationships that exist in industry. For example, I think it would be hard to argue that a company like Expedia or Priceline created a feature so their customers (hotels) could exploit it.
Also, what leverage do you think a developer has in these sorts of situations? Should the developer say they're not willing to write the feature because it's possible customers could exploit it?
Funny how you get down voted for pointing the reality of the situation. Dark patterns would go away tomorrow if software developers really cared about it.
I've only ever seen this accomplished with professional organizations and licensing. Medicine is the easiest example. Clinicians can push back on unethical requests by arguing that complying with a request would result in them losing their license. That gives the employee a lot more leverage.
There are professional engineers (PE) in the US as well. But the software engineering one has been discontinued because basically no one got it. You can get PEs in other fields of engineering. How common it is probably depends on the field and on the type of job. (Basically, you get a PE so that you can sign off on designs where regulators or other government agencies are involved--or want an official credential for e.g. being an expert witness/consultant.)
This is absurd on the face of it. Should mustache wearers self-police themselves after Hitler and Stalin wore mustaches? No, I share nothing with the guy who wrote the emissions cheating and I share nothing with the guy who wrote these dark patterns in. We both use the same wrench and we both call ourselves the same title, but he’s the bad guy.
Or perhaps it’s clearer if we talk about Jewish people not self-policing Jewish bankers committing fraud, or Catholics with their child abuse, or perhaps Muslims with their bombing? Surely I’ve definitely opposed scamming just as much those people have.
