(An) Answer to the Ultimate Question of Ethics, Privacy and Everything
Martin Nikel
Director, eDiscovery & Legal Disclosure Advisory | Incident Response | Cyber Risk Advisory EU & UK
Software Engineers are the answer to questions of Ethics and Privacy in technology.
Here’s why.
I've worked in software engineering before. A systems analyst for Smartermotoring.com.
It was in the first dot.com boom (2001!!!) and I recall the glee on the faces of the dev-team when we finally managed to perform the XML transform to work on someone's mobile over WAP.
Remember WAP? No?
In my personal experience, developers, programmers, data scientists, hackers, cyber terrorists are broadly motivated by one central thing. The achievement of something 'cool'.
Ego
It was clever to be able to open the API we'd created over 'SOAP', to perform a function on a recursive basis. It was inspired, no, brilliant, to statistically analyse the data to show what people had clicked on and to 'leave a cookie'. We created a loan repayment calculator and embedded every car with it's lowest monthly repayment over the longest term loan. That would pre-populate the loan application.
The price's of the cars were pulled from a third-party XML service... 'Parker's Guide' it was a true forerunner of the modern day web-based application.
The exhilaration of amazement and excitement at creating something faster, more functional.
Ethics and privacy were not something we considered in our day-to-day work. We were tasked with creating the website and just assumed the rest was taken care of by someone else. Our bosses, the client, some lawyer somewhere. Don’t get me wrong, we’d have cared if we’d thought more about it, us being idealistic youths and all. It just wasn’t on the agenda.
Kudos (or notoriety) was achieved with the other geeks and much recognition was gained from the business and that recognition consisted of stating how indispensable we were. That was all we needed, we just wanted to be loved and praised and be recognised for the uber-intelligent beings that we were.
In business, there are requirements to constantly innovate, to remain relevant. Create the next 'cool thing'. In the world of software engineering and data science, it's more than that. It's pure social currency. Much like knowing many references to H2G2.
The Forbes article “We Need To Work Harder To Make Software Engineering More Ethical” alludes to one aspect of the issue. But there are codes of conduct and the engineers and data scientists are aware, just like the normal humans, of their societal responsibilities and have a strong sense of justice.
Herein lies one of the most significant challenges in the ethical nightmare that is modern-day software engineering. However we don’t need to work harder to make software engineering more ethical. We need to work harder to make software engineers empowered enough to make the ethical decisions and devolve that responsibility from other parts of the business.
Functionalisation
The modern day software engineering shop is also multi-functional. for example, the new 'reactions' on LinkedIn impacted 27 distinct teams.
Each team responsible for an aspect of 'reactions'. User Interface, data models, machine learning. You name it.
With team operating in different jurisdictions, time-zones and functional units and modern day frameworks for development lending themselves to 'broken down' and untised manageable chunks, means the left-hand doesn't even need to know what the right hand is doing.
Which of those 27 teams, responsible for such a key creation, were involved in the consideration of the ethical implications of the new 'reactions' model and how it might impact commercials or privacy? I'm not sure, maybe some.
Think about Facebook Libre
Think about the fundamental ways in which it could impact the globe. Which of any of us said they could go ahead and stake a claim in running the global economy? But we’re all letting it happen piece by piece. How many development teams involved in creating that were polled for their views on this move by Facebook? Did they know their developments were to be used in this way? No, they were too busy doing something cool.
Perhaps the legal, privacy and 'ethics' departments did. But it's unlikely that the engineering teams were involved much at all outside of a functional perspective, and most likely not with the ability to contribute to decision making capacity.
Even then, these 'Ethics committees' and Data Science 'infuencers' are all too busy lobbying, at conferences and posting selfies on Instagram, to be concerned with the actual challenges.
The next level
The product managers and systems analysts co-coordinating devops teams and handing out the tasks - their primary driver is to provide execution of the new ideas, to supply those thoughts and innovations to the management teams to consider what's useful, then a decision process on what the cost is vs what value (profit) it will bring.
At this level perhaps there is a more whole understanding of the system that might necessitate some thought of the 'ethics and privacy' of a function of the whole system, but most certainly not a full picture of the types of data held and the decisions being made. What are all the other product teams are doing? How will this jigsaw fit together in the end?
The legal, compliance and ethics teams.
The board.
The shareholders.
At what point then, should an idea be assessed for it's ethical impact?
In the status quo, it is the commercially focused decision makers, who get to decide what's in an what's out, driven primarily by financial motivations and shareholder 'value'. Not by what's good for society, but what's possible and not 'illegal', rather than what should be done that's valuable and ethical.
Forty-Two
The grassroots of this equation, the up and coming ‘Gen Z’ data and software engineers, should be the primary focus for education to ensure that ethics and privacy are core to balancing of what's cool.
We already know that this generation is far more globally aware, conscious of bias and the benefits of diversity and are hugely opinionated.
From experience, engineers might have a good grounding in ethical and legal implications given most uni degrees cover those topics at some depth, even back when I graduated in 2001. More so than most law degrees, marketing degrees, business degrees.
Take a look at “A Portrait of J. Random Hacker” from the Jargon Files. Diverse, apolitical, doing the ‘right thing’...
Which aspect of this (hugely stereotyped but oddly accurate) personality wouldn’t be suited making your technological ethics decisions?
I am not suggesting that the commercial and ethical decisions are made ONLY by these technical teams, but by:
- utilising the resource of these large teams, motivated less commercially and more by reputation and social currency
- being transparent with engineering teams about the bigger picture, how developments are motivated commercially and the process by which ethical decisions are made.
- training engineering teams in 'ethics and privacy by design' and how they might piece together what could result in ethical challenges; and
- providing a method by which to raise ethical concerns as part of the day-to-day approaches to product management and development.
a technology-based business may find a reduction in the exposure to risk around ethics and privacy, could be incrementally improved.
The traditional functional organisation of data and software engineering teams ensures that the right hand doesn't know (and doesn't need to know), what the left hand is doing. However, if these engineers are included in that ethical decision-making conversation they will see a broader picture of what might result from their combined efforts.
Then perhaps legal and ethical teams would have less of a challenge on their hands, post the fact.
HTH
Martin.
About Martin: Over the past 17 years I've worked with Chief Legal Officers, General Counsel, Compliance Professionals and ‘Big Law’ firms globally, to create and implement systems and processes that reduce the likelihood of failure during a crisis. Funny that.
Disclaimer: This is all my own opinion and experience and isn't necessarily reflective of the views of my current or previous employers. It is not an endorsement or advertisement of any product and nor is it intended to reflect or portray anyone in a negative light. It should not be construed as any kind of legal advice. I am not affiliated with any product or company mentioned, aside from my own employer. It may have been written by a bot. You tell me?
Digital Transformation : IT Infrastructure|OT|AI ML IOT RPA|Data Center|AppSec| DevSecOps|Cloud| Cybersecurity |Speaker|Author|CIO CISO|Enabler|
4yGreat one Martin Nikel It’s time for Organizations to think beyond definitely The way Businesses functions is going for a big change and that is inevitable with the modernization, evolution and optimization. My personal observations: At Institutions, Organizations, Learning and Developments Centers, Gen Z is aware of Privacy, Legal obligations and outcomes, they may not have specialization however they have generalization, and this would act as catalyst in the required change.
Providing innovative solutions to IBM's Legal Department
4yGreat question Martin: "Where do ethics begin?" Is it with the engineers who are building something cool, or with the financial folks who are influence by profit? Reality is that boundaries are pushed and crossed leaving consumers exposed.
Discovery/disclosure veteran with four decades of high level experience in both hard copy and electronic evidence.
4yMartin, look for this in today's BONG.
CyberFlâneur. Attorney, journalist, writer, media producer, and technology tart. We can only see what we think is possible. Me? A weapon of mass instruction because knowledge is only a rumor until it lives in the muscle.
4yLast year at the IAPP Privacy Summit in D.C. there was a panel on re-engineering privacy law (I forget the exact title). The discussion was how to bring together and leverage the skill sets of engineers, lawyers, and others to create effective privacy policy with correspondingly compliant implementations. Four interesting points: (1) how lawyers make simple things complicated; (2) how engineers make simple things complicated; (3) why it may be reasonable to use the term “reasonable” in privacy rules but not in software specifications; and (4) how to achieve consensus when both lawyers and engineers are in the room. The gist was that despite their differences, lawyers and engineers share important similarities. They both are very analytic. They both can drill down and get enormously detailed in order to get the product just right. And, each is glad when the other gets to do those details. Most engineers would hate to write a 50-page brief. Most lawyers can’t even imagine specifying 50 engineering requirements and running 100 associated tests. But ... everybody agreed to a point I think you are making: as important as it is to bring together and leverage the skill sets of engineers, lawyers, and others ... it is tough to override the traditional corporate functional organisation of data and software engineering and legal teams that ensure that the right hand doesn't know (and doesn't need to know), what the left hand is doing.