February 20, 2018

Ethical dilemmas faced by software engineers: A request for real-world examples

Software developers create the architectures that govern our online and often our offline lives — from software-controlled cars and medical systems to digital content consumption and behavioral advertising. In fact, software shapes our societal values. Are the creators of code aware of the power that they wield, and the responsibilities that go with it? As students, are they trained in the ethics of their discipline?

The good folks at the Markkula center for applied ethics at Santa Clara University have released a self-contained software engineering ethics module to fill the gap between the critical role of software and the lack of adequate ethical training in computer science and software engineering programs. (I had a small part to play in helping write the introduction.) If you’re an educator or a student, I encourage you to give it a look!

The module has several hypothetical examples as thought exercises for students. This is nice because it isolates certain ethical principles for study. That said, we felt that it would also be useful to present real-world examples of ethical dilemmas, perhaps in a follow-on module for slightly more advanced students. There are a huge number of these, so we’d like your help in compiling them.

At this point I’m not looking for fully articulated case studies, but merely examples of software deployed in the real world in a way that raises ethical concerns. A few examples with different levels of severity to start things off: 1. Stuxnet 2. Circumvention of Safari cookie blocking by Google and other companies. 3. The Keep calm and rape T-shirt.

If you have an example to suggest, please leave a comment, , or tweet at me. You will have the reward of lavish gifts knowing that you’ve helped improve the abysmal state of ethics education for the next generation of software engineers. Thank you!



  1. How about high-frequency-trading software, especially the kind that runs huge numbers of bogus orders in attemps to fake out other high-frequency bots?

  2. Firesheep. Jack the Ripper.

    I think it would be great to include CS research projects. E.g., the CU Boulder/UW Tor exit node content profiling, Lady Ada hacking pagers to eavesdrop on pager traffic (tinkering more than research), the recent USENIX talk about submitting malware to the Apple App Store, the NYU Poly Skype handshake exploit that geo-tracked millions of Skype users.

  3. You work on a project with GNU (v2! so internet only doesn’t work) licensed software, but they don’t plan to make the software available according to the terms of the license. It is a very niche market so no one is likely to know or bother to enforce it.

    Anything that looks through medical records. When the insurance company must know to pay, what happens to doctor-patient privacy? Would you tell your doctor that you have a STD or had an abortion if you knew it would go beyond the examination room? If you might die as a result?

    Something simpler. You know how to properly design a system, but are required to split and warp it into some OOP or other buzzword that is completely irrelevant or invasive to the design. There are arbitrary design rules made by non engineers. The last project failed, so they demand Java because they blame global variables. They demand using lots of tasks which change priorities – something which is completely chaotic and non-deterministic you know will fail. Do you pretend and code it?

  4. Alexandre Oliva says:

    There’s a very large body of writings and speeches about ethics applied to software in the philosophy section of the GNU project. That’s no surprise, given that the Free Software political and social movement is founded on principles of ethics and social solidarity. It’s quite a shame that the web page you pointed to recommends unethical software, instead of pointing to e.g. pdfreaders.org. I didn’t quite see the point of looking any further, given such a basic ethics mistake.

  5. Email address harvesting. Mass-email software. SEO-hacking. Security issue disclosure.

  6. Tobias D. Robison says:

    Here’s a basic ethical issue in software development. I spent much time developing software in small companies that prepared and delivered systems to their customers. Most of our customers made it very clear that they assumed our estimated completion dates were ridiculously optimistic. We often knew how important it was for our customers to plan ahead, to work our systems into their business.

    Consider the situation where everything was going smoothly, and we expected to deliver the system in four months. If we told the customer “four months”, he would assume six or eight months. But we could prepare the customer by lying and saying we would deliver in two months. The customer would then expect a four month delivery, and be right.

    I never felt comfortable with the idea that I could help my customer best by lying about the expected delivery date.
    – tobias d robison

  7. Raul Miller says:

    Once upon a time, cryptography was classified, by law in the same category as nuclear arms.

    This included some very simple math expressions (modular exponentiation). But the programming languages of the time did not support big numbers.

    And, we started building libraries and languages which dealt with large numbers.

    Meanwhile, the real progress was happening because of Dan Bernstein’s court action: http://cr.yp.to/export.html

  8. How about the recent article from Brian Krebs – outsourced malware coding: http://krebsonsecurity.com/2013/08/who-wrote-the-pincer-android-trojan/

  9. i need one of the best software engineer email address plz