Neil McBride of the Centre for Computing and Social Responsibility, De Montfort University, asks whether computer ethics codes of conduct have failed the IT professional and, if so, what should be done.

An engagement with society and an understanding of how computer applications affect society is a critical part of being an IT professional. Sensitivity to the social and ethical effects of IT is expected to be a part of any computer science education and of membership of a professional organisation.

The field of computer ethics has developed over recent years to support the process of professionalisation and the inculcating of ethics as an integral part of IT education. But has it succeeded?

The principle vehicle for establishing ethical behaviour has been codes of ethics, conduct and practice. Besides the BCS codes of conduct and practice, the Australian Computer Society has its code of ethics, and the ACM its software engineering code of ethics and practices. Numerous other codes of computer ethics have been developed by professional organisations and academics.

These codes of ethics set out rules for conduct. They list the duties and obligations of an IT professional. They state the rules for the conduct of a software engineering project. They are pitched as laws, written with a legal style, as rules to be followed. Indeed, one set of rules, the ten commandments of computer ethics, is obviously modelled on an ancient legal framework.

The codes of practice, such as the BCS code of practice, list expected actions at each stage of the development of a project, actions that are part of common-sense project management, that are often obvious and part of basic practice. They do little to support the complex reflection needed to understand a complex connected society.

Although the originators of some of these codes are quite explicit that they are not checklists, and that they are merely starting points for rational engagement with ethical issues, the style of presentation often suggests a tick-list to be followed through and a set of proscribed steps to be undertaken.

A set of mechanical steps?

In a profession where the reduction of uncertain social and business processes to certain programmable steps is the order of the day, the temptation to treat codes of ethics as a set of mechanical steps to be achieved, and the goal as one of completing the program can be overwhelming.

I have followed the steps. I have learnt the code. Now I am ethically safe. And the suggestion that such codes of ethics can be represented in computer systems and used as a basis for automating ethical decisions only serves to amplify the moral dangers of reliance on such codes. The feeling that codes of ethics are in place and hence the IT profession is supported ethically can only generate a false sense of security.

But the problems associated with a rule-based view of IT professional ethics, based on duty and obligation, go much deeper. The creation of rules and laws results in the need for interpreters, for the equivalent of lawyers and priests who explain the rules and apply them to specific situations.

For the professionals and academics who invented the rules, this can only result in increased and continued control and need for their services. For the IT professional in the field, autonomy is reduced as they must constantly seek interpretations from the high priests of computer ethics.

Unless the interpretation is completely obvious they may feel constrained to call in experts. And then the effect of the code of ethics is not an increase in rational enquiry about computer ethics, but a decoupling, a disengagement from the process of ethical thinking because ethics is now the concern of the experts, not of the practitioner.

And this reduction of responsibility creates a climate of formal compliance where my role is to make sure I have done what the code says; a reduction in individual accountability.

Far from creating social and ethical engagement, the codes of ethics create distance between the IT professional and the client and the actual social and ethical problems encountered. What was my concern is now covered in a code of ethics, adopted by the organisation and conveniently shelved with other ageing standards documents and abandoned IT strategies.

For the IT professional, who despite living in an environment of social uncertainty is attracted and driven by the formal certainty of software programs, the provision of lists of rules mimicking computer programs creates an expectation of certainty, where ethical problems if not declared to be in the domain of lawyers and experts (and therefore not my concern) may be presented as simple if-then-else statements.

Software struggles with exceptions and yet the ethical problems ICT faces are not the obvious and the simple, but the exceptions and the complex. A general abhorrence of uncertainty is only strengthened in an environment where the very nature of any ethical problem is one of debate, uncertainty and a need for rational engagement.

A get-out for the unethical?

Not only do codes of ethics pander to the IT professional’s need for certainty, for rules to encode and procedures to follow, they provide no protection against a vice-laden IT professional. Codes of conduct are impotent in the face of individual and organisations who lack any ethical motivation. Ways can always be found to circumvent them and indeed to use them to justify immoral actions.

This was clearly demonstrated in the case of UK Members of Parliament’s expenses and in the banking system codes of conduct. There was no lack of codes and regulation (if only lightweight). But the lack of the right moral culture in government and in the finance houses of London led to the development of skills in skirting regulations and codes of conduct. No one could say that the codes had not been followed, but neither was there any worthwhile moral outcome.

The inadequacy of computing codes of ethics has its foundations in the philosophical stance on which the codes are built. The moral environment in which codes of ethics are developed is one driven by duty and obligation, where motivation, emotion and character are excluded. Moral behaviour is only achieved through duty.

If I draw any pleasure or feeling of achievement from moral behaviour then that behaviour ceases to be a morally good action and is driven by self-interest. My moral behaviour must be founded on obligation alone, untarnished by emotion and dependent on the rational analysis of perceived moral absolutes.

Is it any wonder, then, that rules in codes of conduct based on such foundations breed disengagement with society and disconnection from community? Any codes which may be associated with character are described as aspirational. Real moral behaviour can only be achieved through duty and obligation.

So how successful have codes of ethics been? I can find little evidence of widespread organisational take-up of codes of ethics. They seem to remain confined to professional associations and academic discussion. At the individual level, one study of university alumni suggested some benefit for those who had no universal ethical foundations of their own.

But studies in Australia and the UK - specifically the 2010 IMIS survey of IT professionals - suggested that younger IT professionals are less ethically aware than their older counterparts,, despite the rise of computer ethics education on computer science courses; and that ethical disengagement is increasing. In 18 years of application, how many BCS members have been excluded for breaches of codes of conduct? Overall there is little evidence of success of codes of ethics.

A new approach

It is time to seek new models and new approaches to ethics and IT professionalism. These approaches should engage with the emotions and motivations of the IT professional and not just demand a cold obligation. New approaches should encourage reflection which starts with an understanding of the purposes and goals of the IT professional.

Internal motivations should be developed where reward is derived from helping society and improving people’s lives and not just from external financial reward or threats of punishment. Internal motivation requires self-awareness and empathy, which should be developed in the workplace.

Wider engagement needs to be encouraged with politics, society, literature, arts, science, so that the issues and context are understood. The development of social white papers on privacy, on control and autonomy, on IT and power would lead to a dynamic understanding of the real issues of IT, and contrast with the sterility of codes of practice. The IT professional needs to be challenged to (literally) think outside the box.

An understanding of the communities, organisations and users of IT should be sought. The ethics of medicine, of business, of justice systems, of war need to be explored. The ethical environment that IT affects is that of the users and the customer in the real world, rather that the IT professional in a virtual world of software development.

Character and virtues should be nurtured and developed in the software development environment. Virtues such as patience, compassion and courage should be developed along with a service culture. Appropriate virtues for an IT professional should be defined and developed. An empathy with the customer should be nurtured.

Users enter into purposeful activity which may be supported or frustrated by the IT. For the IT professional this means developing a commitment to outstanding user interfaces, to grasping empathic usability issues, to understanding the emotions and feelings of users who are not wedded to the technology. Human-computer interaction should be service-oriented, and not seen as an annoying distraction from the real job of algorithms and processes.

Impacting on real lives

The capabilities needed to make effective use of IT to improve the lives of clients should be explored. Such capabilities are not restricted to the technical knowledge of the IT, but encompass social abilities, autonomy and power, business and organisational knowledge and access and relationships.

Awareness of the motivations of IT procurers and their relationship to users and customers should be pursued. Understanding of the systemic roles of IT, the relationship between IT and social change, globalisation, social computing, and the controlling influence of IT will awake moral responses in the IT professional.

A right understanding of the role of IT, influenced by and influencing society is needed to replace the belief in the prescience of technology as an isolated driver of social and organisational change. Technological determinism has had its day. Codes of ethics act as a distraction, supporting an isolationist view of computing.

Archived sets of legal-sounding statements, stating the obvious, exuding a false sense of authority, do not constitute a sparkling contribution to developing the role of IT in human flourishing. It’s time for a new approach, a renewal of IT professional ethics which connects the IT professional with the community he or she serves rather than consigning them to a dark basement with the all the cables and servers.

What is required is not a tinkering with codes of ethics, but a repositioning of those codes in the ethical firmament, as one approach of many rather than the major focus. Codes of ethics may have a role as aide memoirs or catalogues of possible issues, but as a driver of ethical behaviour, the danger they pose in pandering to the IT professionals’ thirst for rules, proscriptions, disengagement from the non-technical and the delegation of reflection outstrip their day-to-day value.

The wedding of computer ethics and professional responsibility to codes of ethics has not served the IT professional well. It has provided excuses for disengagement, removed rational reflection and pandered to the same desire for tram-lined procedures which plagued the likes of SSADM and is still a property of ITIL. The IT professional has indeed been failed by a supporting discipline wrapped in codes and rules.

BCS, The Chartered Institute for IT's codes of good conduct and practice