Software Ethics 2012

Tomorrow evening I’m giving my lecture on Software Ethics to Computer Science undergraduates at the University of Ottawa. This is becoming and annual lecture and one that I enjoy giving. It gives me a chance to review recent software issues in the news, present them as case studies, and hear opinions from a room of bright young people. I probably learn more from giving this lecture than the audience!

This year I have added two case studies. The first is the recent mass assignment vulnerability exploit on GitHub (Public Key Security Vulnerability and Mitigation and Responsible Disclosure Policy).

This is a wonderful case study because it raises two important ethical considerations:

  • As developers, we have an obligation to understand what is really going on in all software we use. When using open source software, especially when using open source software, we must take responsibility for issues of security. It is not the responsibility of the team maintaining the software.
  • It is never OK to use a hack or vulnerability to deface another project, even if the intent is to call attention to the vulnerability in an effort to have it fixed.

What I love about this example is that in this case the above two statements are not obvious. Rails is a very commonly used web framework, one that has marketed itself to beginners. Because it is aimed at people who have no idea what a mass assignment vulnerability is, there is some feeling in the community that Rails should go the extra mile to be secure. And when GitHub banned the hacker for defacing the Rails repository, the community outcry was deafening defending the actions of the Hacker!

The second addition is discussion around censorship in the social web. This year Twitter began censoring Tweets and Users on a per country basis ( Tweets still must flow) and the US Army raised concerns about geotagging of troops (Geotagging a threat to troops, US Army says). This is a fascinating development. Governments are now seeing software applications as potential threats to their citizens and representatives. Will governments create laws regulating what can and cannot be done with software, as they have done in other industries? Will these issues be left to the courts to decide? Or will self censorship rule the day?

Personally, I don’t think self censorship is the right way to go. There is a fine line between developing code that is compliant with different laws in different jurisdictions and developing code that kowtows to governmental whims. The first is part of the constant struggle for power between and informed citizenry and their governments, the later is skipping down the primrose path to an Orwellian Big Brother state. As developers, sometimes we must adhere to a higher standard and refuse to implement features that we believe cross the ethical line.

Anyways, I’m really looking forward to giving this talk again. I’ve posted the slides to SlideShare. If you do view the slides online, make sure to click the notes tab (found next to the comments tab) to see my speaker notes for each slide.

This entry was posted in Meta. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s