What do Al Capone and Volkswagen have in common? Both were taken down by people they’d never heard of, but who possessed a deep technical understanding of what they were up to.
In the first case, it wasn’t Eliot Ness and his squad of FBI agents who caught the notorious Chicago crime boss for bootlegging, gambling, prostitution and murder. It was an obscure U.S. Treasury Department accountant who figured out that Capone hadn’t paid income taxes on his felonious enterprises.
With VW, it wasn’t some sweeping government investigation or inside whistleblower who brought the auto industry leader down. It was a group of researchers at the University of West Virginia who figured out the car company had installed software in its diesel vehicles to falsify emissions tests.
The Volkswagen scandal raises serious questions about our accountability as programmers for the software we create and how it is used.
As software development professionals, we know the value of what we provide to the world. Our inventions and innovations are driving advances in every field of human endeavor, from commerce to space travel to medicine. But that same technology and expertise can be used for far less admirable endeavors, from online scams to dupe people into revealing credit card data to hacking corporate websites to stealing bank account information.
And it’s not just hackers and gangsters engaged in these disreputable activities, as the Volkswagen affair illustrates. Think about it — a team of Volkswagen programmers wrote code to con regulators and boost sales.
The Volkswagen scandal raises serious questions about our accountability as programmers for the software we create and how it is used. One important touchstone for how to address the integrity of what code we develop and how we create it is the Software Engineering Code of Ethics and Professional Practice, which provides clear guidance for our roles and responsibilities.
- We can create code that allows our customers to perform a range of tests to validate their products and systems – from speed tests for ISPs to emissions tests for vehicles. But what if the customer asks us to write code that helps them fudge the results?
- We can design systems that track the movements and activities of people via their mobile devices — and often users will opt in to this activity. But do we stop to consider what the company that controls that app is going to do with that data?
- We can develop web applications that allow people to engage in a range of activities, from sharing personal information with their friends to buying and selling a range of products and services. But with the increasing sophistication of hacking tools and techniques, have we properly considered all the security considerations regarding everything from how passwords are stored to how the firewalls are configured?
Responsible programming means thinking beyond the technical aspects of what we’re doing to the consequences of what we create being employed in the real world. It means open and honest communication with our customers on everything from accurate pricing to transparency throughout the development process via testing and verification.
Ultimately, ethical coding may even mean saying 'no' to certain projects at the risk of losing the account.
It means identifying problems and admitting our mistakes to our clients, and also warning them when they’re about to make one — either from a technical or ethical standpoint. It means dealing ethically and honestly with our employees, and not asking them to do things that cross a moral line.
It means employing open source and open standards tools and technologies that provide transparency to the broader software community, to customers, and to society at large. If the Volkswagen emissions code had been open, how much more quickly would the problem have been discovered? As these open technologies become more prevalent, it will become harder and harder for companies to use tricks — and the coders who help them — to try to hide from the little-known university researchers of the world.
Ultimately, ethical coding may even mean saying “no” to certain projects at the risk of losing the account, if we think what we’re being asked to create has immoral or illegal consequences. While the loss of business may hurt in the short term, the damage to reputation from supporting dodgy behavior can be ruinous over the long haul.