Director of Avenga Labs
What? The business case? Weren’t we supposed to talk about ethics this time, about what is right and what is wrong, etc.?
One of the key business trends for 2020 (and beyond) was about values and remains a major trend for 2021. How the values of the organization have an impact on actual business results. The numerous scandals related to violations of privacy and data leaks, as well as poor experiences, always lead to direct business consequences.
→ Explore new and hot Meeting the Future. Trends & Technology 2021.
In this article, we narrowed down the topic to enterprise applications, so we won’t mention military drones or atomic power plants, when a lack of ethics may result (more) directly in the deaths of many people.
There’s a saying in the software development world, that ‘the source code is the most important source of truth’. And even after the software engineers leave the project, the code remains there as evidence of their work quality and also their ethics.
There are known examples of software developers leaving backdoors in the code, hidden money transfers in the banking systems, etc.
Let me quote my boss from back in my beginnings as a software developer (1990s) – “try not to think they are that evil, they are just that lazy and sloppy”.
One of the key lessons here is to look at the code as often as possible and react as quickly as possible with automated tools and human eyes, which are supposed to be more sensitive to ethical problems.
It also means ensuring the access to the source code in the first place. Still it’s not as common as it should be.
For instance, we had an interesting internal discussion about Folding@Home, which we support at Avenga. We believe that it’s working towards a good medical cause, but . . . we have to ‘believe’ that as they continually refuse to publish their source code!
→ More about Stanford Distributed Computing Project Folding@home
The same thing is happening now with various COVID-19 tracking applications. Governments want their citizens to install them and more technologically aware citizens want to see the code, but they are refused.
It’s not building trust with the users. And, it doesn’t matter that the majority of the users cannot even read the code, because there are many independent developers able to review the code and share their findings.
→ Avenga Quality Assurance services
I remember a case from one of the software audits where a banking application was sending money to different/random bank accounts from time to time.
It was a terrible mistake and an ultimate business failure, but yet the software developer’s explanation was even worse. “It’s just an ID, some numbers, and it was all due to a simple typing error”. And later “I would never open an account in this bank. I know how crappy the software is here”.
Yes, technically it’s all zeroes and ones, so let’s just change his employment status to FIRED. But unfortunately, it would not solve the problem. It’s much more complicated than that.
A lack of empathy and a lack of imagination are how the software ultimately affects real people. Sloppy code can cause so many problems and it is still too common of a situation.
Let me use a quote from a different audit, “the application was working perfectly, but once these users started to log in and filled the database with their data – it basically stopped performing”. So who is to blame? The users!? For whom was this application created in the first place?
Bug tracking systems and other layers of separation has created an ‘emotional wall’ between development teams and the actual users of the applications. No one can see these frustrated faces or listen to their reactions. Some users will react with fury by writing comments in bug tracking systems or forums. It’s become harder and harder to actually feel the pain of the end users.
‘Ooops, we forgot to mention that we keep on tracking your location even when your ride is finished’ – I am talking about the Uber scandal here. There are many many more examples of this kind of attitude and ‘culture’.
One of the terrible ideas is to pretend that it was just a bug. This is just another insult to the customers and tech community. There should be multiple quality gates that don’t let this happen if they are designed and executed properly. If they all failed, well it’s time to apologize and prove to them that it won’t happen again, and why (actions taken) it won’t happen again.
Code of Ethics should always be one of these gates.
→ Explore why Essentially, Data is good. It’s the use cases that can be problematic
Let’s imagine a health monitoring application on a smartphone. Something is wrong with the patient/user but because of a bug in the application no alert is sent to the medical service provider. Even worse, the application shows that the alert was sent, while the patient remains (relatively) calm waiting for the help . . . which will never arrive.
→ Read how to do it the right way. Security-first system for COVID-19 test results in the blockchain.
There’s not such a thing as ‘just a bug’ when it comes to critical business logic. It’s truly a significant damage of business trust with your customers.
Software engineers should never access the real data from the production systems, so says the rule. And it’s a very good rule, but often hard to achieve, even when followed.
→ More about Avenga Data Solutions
One of the available techniques is data scrambling. It changes the data making it much harder to track to the actual people, addresses, or financial data.
But scrambling takes source databases and very sensitive data, and then converts it to something safer.
Someone is writing or configuring this scrambling software and someone has access both to the source data and the code/configuration of that software.
So yes, we have to make sure that as few people as possible have access to the production data. But always keep in mind that there are still people who can potentially use this data in an evil way.
Expecting people to read the 8pt font and low contrast design, along with visual distractions, lack of compatibility with screen readers, etc. are still too common with web and mobile applications. Lots of discussion about the latest trends in UX design, finally highlighted accessibility as an important factor.
→ Explore UI design trends cycle – from skeuomorphism back to… neumorphism
There are standards for this that should be followed and yet, often they are not. Even if you are 100% healthy today, it may change an hour later, and none of us are getting younger. It’s another example of when a lack of empathy leads to ‘saving’ a small percentage of development effort, but makes the solution inaccessible.
→ Avenga shows this example: AI-driven Web Accessibility Solution for avenga.com
There are many of those online, like a ten commandments for the software developer and others who do similar work.
The very fact that there’s so many of them, means to me that none of them were really successful. They look great on the wall, but the community spirit is more important than the print up on the wall.
Ethics, within solution design and code, should be one of the important criteria evaluated when people are being considered for promotion to team leaders. It’s hard to teach people this sensitivity and certainly much harder than providing training for another framework or programming language.
Someone’s code of ethics can be influenced by their leaders, but if someone still does not get it they should not become the team leader.
The contracts with software engineers rarely include damages as they would discourage the developers to work at all. They perfectly understand there’s no such thing as perfect software, and it’s really a question of how many bugs there are and of what severity they are to the business.
Being fired is not as painful as you’d think. It’s an inconvenience, but not something that really hurts, as long as there’s a shortage of software engineers and other IT roles.
So what can we do?
I saved the most important thing for my last point.
It always works for me, to have team members imagine they are the ‘victims’ of their own solutions. Try walking in the victim’s shoes. Imagine you have to use the application eight hours per day. Sometimes it’s even good to show the frustrated faces of the actual users; the actual people using it.
As all companies are quickly becoming software driven companies, the ethics of the software is becoming the code of ethics of the entire organization. And that is not only the fundamental human value, but also impacts the business performance directly.
It’s not easy to do, as humans are the most important and difficult part of the IT universe.
Raising awareness and empathy of the engineers, plus frequent reviews of their work, are two of the best processes that can be used to minimize the ethical risks of the software.
If you want to take a second look at your code (independent solution review) or if you want to establish a better code review and checking practices, and then build ethical solutions – Avenga is here to help.