Download ACM code of ethics: a guide for positive action and more Exercises Ethics in PDF only on Docsity!
JANUARY 2018 | VOL. 61 | NO. 1 | COMMUNICATIONS OF THE ACM 121
THE ACM CODE of Ethics and Professional Conduct (the Code) is being updated by the Code Update Task Forcea^ in con- junction with the ACM’s Committee on Professional Ethics. The Code was initially written in 1992, and this is the first update since then. In previous ar- ticles we detailed the motivations for updating the Code,b^ gave our respons- es to feedback on the initial draft, and produced an updated version, which we presented for feedback through the ACM Discourse site, email, and focus groups and workshops at ETHICOMP and SIGCSE. We thank everyone who took part in this public consultation round. Their insights, both positive and negative, were invaluable. We have deliberated extensively on the numer- ous suggestions for additions, changes, and deletions. Based on those delibera- tions, we produced Draft 3 of the Code. There are some significant changes made in Draft 3. Some principles have been removed entirely or completely rewritten, and some new principles were added in response to recommen- dations by several respondents. This article explains the significant changes that were made, and a few changes that were suggested but not made. For the most part, the suggestions that were not explicitly incorporated are ideas that we consider covered by existing aspects of the Code. Some of these suggestions were excellent, and be- cause of them, explanatory materials that will supplement the Code are be- ing designed. These include examples, cases, and more detailed explanations of the Code. This article is part of the final round of public consultation associated with the 2018 update to the ACM Code of Ethics. ACM members agree to abide by the Code. Please encourage other computing professionals around you to
a For a list of current taskforce members see http://ethics.acm.org/code-2018. b http://cacm.acm.org/magazines/2016/12/ 210366-the-acm-code-of-ethics/fulltext
read and contribute to this effort. We have provided two opportunities to comment on this draft and suggest ways it might be improved. We have provided a space for open discussion of Draft 3 among interested parties at the ACM Code 2018 Discussion website https://code2018.acm.org/discuss. In addition, ACM members are encour- aged to take an online survey about the specific principles of the Code at https://www.acm.org/code-2018-survey. Both comment systems close Feb. 10, 2018. The ACM is a professional society whose goals include promotion of the highest standards “to advance the pro- fession and make a positive impact.” Thus, the ACM Code of Ethics and Pro- fessional Conduct ought to reflect the conscience of the computing profes- sion, understood in the broadest sense. A successful code of ethics should reflect the values of the computing profession in a way that can help ACM members make appropriate ethical de- cisions. The Code should also inspire members, future members, and other professionals by highlighting the aspi- rations of the profession. The ACM Code of Ethics and Profes- sional Conduct is a guide to proactive action that helps us, as a profession, promote good. Because of this, it also applies to those aspiring to be comput- ing professionals, including students. Members of ACM student chapters are also invited to take the survey and com- ment on the Code. In the Code we identify global ethi- cal principles that reflect the highest standards of computing professionals. The Code is designed to inform ACM members and others of what society should expect from computing profes- sionals, and what computer profes- sionals should expect of themselves. In the next section we identify spe- cific changes we made in response to suggestions from the reviewers. The section after that addresses some of the thoughtful suggestions that did not directly lead to changes. The article
concludes with Draft 3 of the Code for your review. c
I. Changes from Draft 2 to Draft 3
1.2 Harm There were several comments about Principle 1.2: Avoid Harm. Some re- spondents suggested that this principle was inconsistent with work in the mili- tary sector or law enforcement where some systems are designed, in part, to cause harm. The Task Force modi- fied the guidance for this Principle to deal more effectively with that percep- tion. Another concern expressed was that with most systems harm of some degree almost always happens. In re- sponse, we sharpened the definitions of intentional and unintentional harms, and we added language to encourage professionals to take care to minimize unintended harm.
1.3 Transparency and Honesty Commenters were concerned that cer- tain technological developments such as algorithmic transparency and sys- tems that learn were not addressed by the Code. We agreed. However, since one goal of this update process is to craft language that will apply to new technologies as they emerge, we did not include these specific technologies explicitly in the Code. Instead, we tried to use language that would implic- itly include them and future develop- ments. Certain aspects of algorithmic transparency are covered by the prin- ciples regarding nondiscrimination and privacy, but the concept of trans- parency was not addressed in Draft 2, except with respect to the actions of people. By changing the guidance for Principle 1.3 on honesty to include ex- plicit discussion of transparency, espe- cially with respect to system limitations
c A complete track changes version of Draft 3 showing additions and deletions to draft 2 is available at http://ethics.acm.org/code-2018.
ACM Code of Ethics:
A Guide for Positive Action
DOI:10.1145/3173016 Don Gotterbarn, Amy Bruckman, Catherine Flick, Keith Miller, and Marty J. Wolf
122 COMMUNICATIONS OF THE ACM | JANUARY 2018 | VOL. 61 | NO. 1
and problems, the Code now addresses technologies that are opaque even to their developers. Suggestions about how to manage the release of self-mod- ifying systems are also now made in the guidance for Principle 2.5.
1.4 Harassment The harassment principle generated much discussion, both for and against a new emphasis in Draft 2 on discour- aging harassment. The Task Force con- sensus is that a strong clause about harassment should be included in the Code since it is to be a modern state- ment of the ethical responsibilities of the computing profession. As an up- date to the previous draft, we added vir- tual spaces to physical spaces as places where harassment can take place. We also broadened the harassment defini- tion to encompass cyber bullying. Many existing harassment poli- cies focus exclusively on prohibiting negative actions. Draft 3 of the Code now includes a proactive call to create open and inclusive spaces. We wanted to clarify that when people feel disre- spected, this can also be prohibitive to certain spaces. The new language ex- plicitly encourages building diversity and safe environments that enable all people to feel respected.
1.6 Data collection and informed consent In Principle 1.6, Respect Privacy, we have shifted the focus away from opting in or out of data collection, and moved to a more general requirement for in- formed consent procedures. The stron- ger emphasis on informed consent re- quires that users not only understand what data are being collected and what they are being used for, but that they have the ability to consent to, or to with- hold consent from the data collection. This is consistent with broader interna- tional standards that are being imple- mented worldwide, such as the Euro- pean Union’s General Data Protection Regulation (GDPR),d^ which we endorse. It is important for professionals to understand that informed consent is not just about disclosure of informa- tion about data collection (for example, in a lengthy, practically unintelligible Privacy Policy), but is ideally a proactive
d http://www.eugdpr.org/
agreement with the user about the type, content, and use of data that are being collected about them. Users should have the ability to view and update their data, and to withdraw from data collec- tion procedures. In many circumstanc- es, users should also be able to remove their data entirely, particularly on so- cial media or other user-generated con- tent platforms. Legislation is constantly changing to catch up with technology, and dif- ferent countries have different ways of approaching the issues raised by tech- nical developments. One suggestion that was made was that we include the “right to be forgotten” in our pri- vacy clause. This issue is a significant aspect of the EU’s GDPR regulation that is coming into effect in 2018, and which has been debated in other juris- dictions as well. While we are generally supportive of this idea, we felt that for a code of ethics, the use of this term was too specific to particular legisla- tion, and would require too nuanced a definition to be useful in this Code. Instead, as part of the privacy clause, we have required computing profes- sionals to allow for the user’s removal of data where appropriate - this cap- tures the essence of the “right to be forgotten” in a way that we deemed to be more generalizable.
2.6 Evaluation of work and skills Principle 2.6 clarifies the computing professional’s responsibility to evalu- ate potential work assignments. When potential tasks are assigned, the profes- sional should be able to evaluate the ad- visability and feasibility of the assign- ment; if these evaluations are beyond the computing professional’s skill, then he or she ought to seek help in these evaluations. Professionals should further evaluate if their skill level is cur- rently adequate to complete the assign- ment or if they are capable of gaining the required skills.
New Principles and Concepts To address some of the more recent changes in computing and society we added some new principles. These principles bring attention to the pro- fessional’s responsibility to a broader range of stakeholders.
A successful code
of ethics should
reflect the values
of the computing
profession in a way
that can help ACM
members make
appropriate
ethical decisions.
124 COMMUNICATIONS OF THE ACM | JANUARY 2018 | VOL. 61 | NO. 1
materials, such as teaching materials. There are many items that are impor- tant, even crucial, that are nonetheless not appropriate in the Code. It is important, and tricky, to get the length of the Code right. There were some calls for the Code to be made shorter, possibly short enough to fit on a business card. There are legitimate concerns about someone choosing not to read the Code because it is too long. Rather than opt for that kind of brev- ity, we have targeted a middle ground. The Code must reflect the diversity of the activities computing profession- als are involved in. Broader impacts of technology are not always clear or im- mediate, and the Code contains lan- guage to remind the reader to consider those broader impacts. Furthermore, the Code is intended to serve as a tool to use during ethical analysis. The guid- ance helps the professional to a deeper understanding of the principles. We hope that the Code is written in a way that facilitates a quick scan, as well as rewarding a more careful reading.
Call to action After reading Draft 3 of the ACM Code of Ethics, please take the opportunity to make it better as a standard for the computing profession. We have provid- ed two opportunities for you to share your comments. There is a general dis- cussion board https://code2018.acm. org/discuss providing an opportunity for interested parties to discuss the sug- gested updates and ACM members are invited to take an online survey about the specific elements of the Code at https://www.acm.org/code-2018-sur- vey. Both comment systems close Feb. 10, 2018. We look forward to your comments.
III. ACM Code of Ethics and Professional Conduct: Draft 3 Draft 3 was developed by The Code 2018 Task Force. (It is based on the 2018 ACM Code of Ethics and Profes- sional Conduct: Draft 2).
Preamble The actions of computing professionals directly impact significant aspects of society. In order to meet their responsi- bilities, computing professionals must
always support the public good. The ACM Code of Ethics and Professional Conduct (“the Code”) reflects this obli- gation by expressing the conscience of the profession and provides guidance to support ethical conduct of all com- puting professionals. The Code is designed to support all computing professionals, includ- ing current and aspiring computing practitioners, instructors, influencers, and anyone who uses technology in an impactful way. Additionally, the Code serves as a basis for remediation when violations occur. The Code includes principles formulated as statements of responsibility, based on the under- standing that the public good is always the primary consideration. Each prin- ciple is supplemented by guidelines, which provide explanations to assist computing professionals in under- standing and applying the principle. Section 1 outlines fundamental ethical principles that form the basis for the remainder of the Code. Section 2 addresses additional, more specific considerations of professional respon- sibility. Section 3 pertains to individu- als who have a leadership role, wheth- er in the workplace or in a volunteer professional capacity. Commitment to ethical conduct is required of every ACM member, and principles involving compliance with the Code are given in Section 4. The Code as a whole is concerned with how fundamental ethical prin- ciples apply to a computing profes- sional’s conduct. The Code is not an algorithm for solving ethical prob- lems; rather it serves as a basis for ethi- cal decision making. When thinking through a particular issue, a comput- ing professional may find that mul- tiple principles should be taken into account, and that different principles will have different relevance to the is- sue. Questions related to these kinds of issues can best be answered by thoughtful consideration of the fun- damental ethical principles, under- standing that the public good is the paramount consideration. The entire computing profession benefits when the ethical decision making process is accountable to and transparent to all stakeholders. Open discussions about ethical issues promotes this account- ability and transparency.
1. GENERAL MORAL PRINCIPLES.
A computing professional should...
1.1 Contribute to society and to human well-being, acknowledging that all peo- ple are stakeholders in computing. This principle, concerning the quality of life of all people, affirms an obliga- tion of computing professionals to use their skills for the benefit of society, its members, and the environment surrounding them. This obligation in- cludes promoting fundamental human rights and protecting each individual’s right to autonomy in day-to-day deci- sions. An essential aim of computing professionals is to minimize negative consequences of computing, including threats to health, safety, personal secu- rity, and privacy. Computing professionals should consider whether the results of their efforts respect diversity, will be used in socially responsible ways, will meet social needs, and will be broadly acces- sible. They are encouraged to actively contribute to society by engaging in pro bono or volunteer work. When the in- terests of multiple groups conflict, the needs of the least advantaged should be given increased attention and priority. In addition to a safe social environ- ment, human well-being requires a safe natural environment. Therefore, com- puting professionals should promote environmental sustainability both lo- cally and globally.
1.2 Avoid harm. In this document, “harm” means nega- tive consequences to any stakeholder, especially when those consequences are significant and unjust. Examples of harm include unjustified physical or mental injury, unjustified destruc- tion or disclosure of information, and unjustified damage to property, reputa- tion, and the environment. This list is not exhaustive. Well-intended actions, including those that accomplish assigned duties, may lead to harm. When that harm is unintended, those responsible are ob- ligated to undo or mitigate the harm as much as possible. Avoiding harm be- gins with careful consideration of po- tential impacts on all those affected by decisions. When harm is an intentional part of the system, those responsible are obligated to ensure that the harm is
JANUARY 2018 | VOL. 61 | NO. 1 | COMMUNICATIONS OF THE ACM 125
tential impacts on all those affected by decisions. When harm is an intentional part of the system, those responsible are obligated to ensure that the harm is ethically justified and to minimize un- intended harm. To minimize the possibility of in- directly harming others, computing professionals should follow generally accepted best practices. Additionally, the consequences of emergent systems and data aggregation should be care- fully analyzed. Those involved with per- vasive or infrastructure systems should also consider Principle 3.7. A computing professional has an ad- ditional obligation to report any signs of system risks that might result in harm. If leaders do not act to curtail or mitigate such risks, it may be necessary to “blow the whistle” to reduce poten- tial harm. However, capricious or mis- guided reporting of risks can itself be harmful. Before reporting risks, a com- puting professional should thoroughly assess all relevant aspects.
1.3 Be honest and trustworthy. Honesty is an essential component of trust. A computing professional should be transparent and provide full disclosure of all pertinent system limi- tations and potential problems. Mak- ing deliberately false or misleading claims, fabricating or falsifying data, and other dishonest conduct are viola- tions of the Code. Computing professionals should be honest about their qualifications, and about any limitations in compe- tence to complete a task. Computing professionals should be forthright about any circumstances that might lead to conflicts of interest or otherwise tend to undermine the independence of their judgment. Computing professionals often be- long to organizations associated with their work. They should not misrep- resent any organization’s policies or procedures, and should not speak on behalf of an organization unless autho- rized to do so.
1.4 Be fair and take action not to discriminate. The values of equality, tolerance, re- spect for others, and justice govern this principle. Computing profession- als should strive to build diverse teams
and create safe, inclusive spaces for all people, including those of underrepre- sented backgrounds. Prejudicial dis- crimination on the basis of age, color, disability, ethnicity, family status, gen- der identity, labor union membership, military status, national origin, race, re- ligion or belief, sex, sexual orientation, or any other inappropriate factor is an explicit violation of the Code. Harass- ment, including sexual harassment, is a form of discrimination that limits fair access to the virtual and physical spac- es where such harassment takes place. Inequities between individuals or different groups of people may result from the use or misuse of informa- tion and technology. Technologies and practices should be as inclusive and ac- cessible as possible. Failure to design for inclusiveness and accessibility may constitute unfair discrimination.
1.5 Respect the work required to produce new ideas, inventions, creative works, and computing artifacts. Developing new ideas, inventions, cre- ative works, and computing artifacts creates value for society, and those who expend this effort should expect to gain value from their work. Computing pro- fessionals should therefore provide ap- propriate credit to the creators of ideas or work. This may be in the form of respecting authorship, copyrights, pat- ents, trade secrets, license agreements, or other methods of assigning credit where it is due. Both custom and the law recognize that some exceptions to a creator’s control of a work are necessary for the public good. Computing profession- als should not unduly oppose reason- able uses of their intellectual works. Efforts to help others by contributing time and energy to projects that help society illustrate a positive aspect of this principle. Such efforts include free and open source software and other work put into the public domain. Some work contributes to or comprises shared community resources. Comput- ing professionals should avoid misap- propriation of these resources.
1.6 Respect privacy. The responsibility of respecting privacy applies to computing professionals in a particularly profound way. Therefore, a computing professional should be-
The Code is
designed to support
all computing
professionals,
including current
and aspiring
practitioners,
instructors,
influencers, and
anyone who uses
technology in
an impactful way.
JANUARY 2018 | VOL. 61 | NO. 1 | COMMUNICATIONS OF THE ACM 127
causes recognizable harm that could be mitigated through its violation. A computing professional who decides to violate a rule because it is unethical, or for any other reason, must consider potential consequences and accept re- sponsibility for that action.
2.4 Accept and provide appropriate pro- fessional review. High quality professional work in com- puting depends on professional review at all stages. Whenever appropriate, computing professionals should seek and utilize peer and stakeholder review. Computing professionals should also provide constructive, critical reviews of other’s work.
2.5 Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis of possible risks. Computing professionals should strive to be perceptive, thorough, and objec- tive when evaluating, recommending, and presenting system descriptions and alternatives. Computing profes- sionals are in a position of trust, and therefore have a special responsibility to provide objective, credible evalua- tions to employers, clients, users, and the public. Extraordinary care should be taken to identify and mitigate po- tential risks in self-changing systems. A system for which future risks cannot be reliably predicted requires frequent re- assessment of risk as the system evolves in use, or it should not be deployed. Any issues that might result in major risk should be reported.
2.6 Have the necessary expertise, or the ability to obtain that expertise, for completing a work assignment before accepting it. Once accepted, that com- mitment should be honored. A computing professional is account- able for evaluating potential work as- signments. Once it is decided that a project is feasible and advisable, the pro- fessional should make a judgment about whether the work assignment is appropriate to the professional’s expertise. If the professional does not currently have the expertise nec- essary to complete the assignment, the professional should disclose this shortcoming to the employer or cli-
ent. The client or employer may de- cide to pursue the assignment with the professional after time for addi- tional training, to pursue the assign- ment with someone else who has the required expertise, or to forego the assignment. A computing profes- sional’s ethical judgment should be the final guide in deciding whether to work on the assignment.
2.7 Improve public awareness and un- derstanding of computing, related technologies, and their consequences. Computing professionals should share technical knowledge with the public, foster awareness of computing, and en- courage understanding of computing. Important issues include the impacts of computer systems, their limitations, their vulnerabilities, and opportunities that they present. Additionally, a com- puting professional should counter false views related to computing.
2.8 Access computing and communica- tion resources only when authorized to do so. No one should access another’s computer system, software, or data without permission. A computing professional should have appropri- ate approval before using system resources unless there is an overrid- ing concern for the public good. To support this principle, a computing professional should take appropriate action to secure resources against un- authorized use. Individuals and orga- nizations have the right to restrict ac- cess to their systems and data so long as the restrictions are consistent with other principles in the Code.
2.9 Design and implement systems that are robustly and usably secure. Breaches of computer security cause harm. It is the responsibility of com- puting professionals to design and implement systems that are robustly secure. Further, security precautions are of no use if they cannot or inten- tionally will not be used appropriately by their intended audience in prac- tice; for example, if those precautions are too confusing, too time consum- ing, or situationally inappropriate. Therefore, the design of security fea- tures should make usability a priority design requirement.
3. PROFESSIONAL
LEADERSHIP PRINCIPLES.
In this section, “leader” means any member of an organization or group who has influence, educational respon- sibilities, or managerial responsibili- ties. These principles generally apply to organizations and groups, as well as their leaders. A computing professional acting as a leader should...
3.1 Ensure that the public good is the central concern during all professional computing work. The needs of people—including users, those affected directly and indirectly, customers, and colleagues—should always be a central concern in profes- sional computing. Tasks associated with requirements analysis, design, development, testing, validation, de- ployment, maintenance, retirement, and disposal should have the public good as an explicit criterion for qual- ity. Computing professionals should keep this focus no matter which meth- odologies or techniques they use in their practice.
3.2 Articulate, encourage acceptance of, and evaluate fulfillment of the social responsibilities of members of an orga- nization or group. Technical organizations and groups af- fect broader society, and their leaders should accept the associated respon- sibilities. Organizational procedures and attitudes oriented toward quality, transparency, and the welfare of soci- ety reduce harm to the public and raise awareness of the influence of technol- ogy in our lives. Therefore, leaders should encourage full participation of all computing professionals in meeting social responsibilities and discourage tendencies to do otherwise.
3.3 Manage personnel and resources to enhance the quality of working life. Leaders should ensure that manage- ment enhances, not degrade, the qual- ity of working life. Leaders should con- sider the personal and professional development, accessibility require- ments, physical safety, psychological well-being, and human dignity of all workers. Appropriate human-comput- er ergonomic standards should be used in the workplace.
128 COMMUNICATIONS OF THE ACM | JANUARY 2018 | VOL. 61 | NO. 1
3.4 Articulate, apply, and support poli- cies and processes that reflect the prin- ciples in the Code. Leaders should ensure that organi- zational policies are consistent with the ethical principles in the Code, are clearly defined, and are effectively com- municated to all stakeholders. In ad- dition, leaders should encourage and reward compliance with those policies, and take appropriate action when poli- cies are violated. Leaders should verify that pro- cesses used in the development of systems protect the public good and promote the dignity and autonomy of users. Designing or implementing processes that deliberately or inad- vertently violate, or tend to enable the violation of, the Code’s principles is ethically unacceptable.
3.5 Create opportunities for members of the organization or group to learn and be accountable for the scope, functions, limitations, and impacts of systems. Educational opportunities are es- sential for all organization and group members. Leaders should ensure that opportunities are available to com- puting professionals to help them improve their knowledge and skills in professionalism, in the practice of ethics, and in their technical spe- cialties. These opportunities should include experiences that familiarize computing professionals with the consequences and limitations of par- ticular types of systems. Computing professionals should be fully aware of the dangers of oversimplified models, the improbability of anticipating ev- ery possible operating condition, the inevitability of software errors, the interactions of systems and the con- texts in which they are deployed, and other issues related to the complexity of their profession.
3.6 Retire legacy systems with care. Computing systems should be retired when it is judged impractical to contin- ue supporting them. System developers should take care when discontinuing support for systems on which people still depend. Developers should thor- oughly investigate viable alternatives to removing support for a legacy system. If these alternatives are not practical
or unacceptably risky, the developer should assist stakeholders’ graceful migration from the system to an al- ternative. When system support ends, stakeholders should be notified of the risks of their continued use of the un- supported system. System users should continually monitor the operational viability of their computing systems, accepting the timely replacement of inappropriate or outdated systems. The primary consid- eration must be the impact on stake- holders, who should be kept informed at all times.
3.7 Recognize when a computer system is becoming integrated into the infra- structure of society, and adopt an ap- propriate standard of care for that sys- tem and its users. When organizations and groups devel- op systems that become an important part of the infrastructure of society, their leaders have a responsibility to be good stewards of these socially in- tegrated systems. Part of that steward- ship requires establishing policies for fair system access, including for those who may have been excluded. That stewardship also requires that com- puting professionals monitor the level of integration of their systems into the infrastructure of society. Continual monitoring of how society is using a system will allow the organization or group to remain consistent with their ethical obligations outlined in the Code. As the level of adoption chang- es, there are likely to be changes in the ethical responsibilities of the orga- nization or group. When appropriate standards of care do not exist, comput- ing professionals have a duty to ensure they are developed.
4. COMPLIANCE WITH THE CODE.
A computing professional should...
4.1 Uphold, promote, and respect the principles of the Code. The future of computing depends on both technical and ethical excellence. Computing professionals should adhere to the principles of the Code. Each ACM member should encourage and support adherence by all com- puting professionals regardless of ACM membership.
4.2 Treat violations of the Code as inconsistent with membership in the ACM. Computing professionals who recog- nize breaches of the Code should take actions to resolve the ethical issues they recognize, including, when reasonable, expressing their concern to the person or persons thought to be violating the Code. Possible actions also include re- porting the violation to the ACM, which may result in remedial action by the ACM up to and including termination of the violator’s ACM membership.
Authors Don Gotterbarn (chair@Ethics.acm.org gotterbarn@acm. org) is chair of the ACM Committee on Professional Ethics and Professor Emeritus in the Department of Computing at East Tennessee State University, Johnson City. Amy Bruckman (asb@cc.gatech.edu) is a professor of Interactive Computing at Georgia Institute of Technology, Atlanta. Catherine Flick (cflick@dmu.ac.uk) is a Senior Lecturer in Computing and Social Responsibility at De Montfort University, Leicester, U.K. Keith Miller (millerkei@umsl.edu) is the Orthwein Endowed Professor for Lifelong Learning in the Sciences College of Education, University of Missouri, St. Louis. Marty J. Wolf (mjwolf@acm.org) is a professor of Computer Science at Bemidji State University, Bemidji, MN.
