EBoard 31: Ethical considerations in computing

Warning This class is being recorded (and transcribed), provided Sam remembered to hit the “Record” button.

Approximate overview

  • Quizzes
  • Administrivia
  • Questions
  • Summarizing the ACM Code of Ethics
  • Activity 1: Reflections
  • Activity 2: A scenario
  • Activity 3: Another scenario

Administrivia

  • Happy Friday!
  • I hope you had a good Wednesday with Prof. Curtsinger.

Upcoming Token activities

Academic

  • Tuesday, 2023-11-14, Noon, Day PDR: CS Table
  • Wednesday, 2023-11-15, 4pm, HSSC Kernel: Madison Van Oort ’08 speaks Frictions in the Future of Work.
  • Thursday, 2023-11-16, 11-noon, JRC 101: Convocation: Richard Robinson on Nanoparticles 101.
  • Thursday, 2023-11-16, 4:15pm, HSSC Kernel (A1231): CS Poster Session.

Cultural

  • Sunday, 2023-11-12, 2-3:30 pm, Sebring-Lewis: Grinnell Singers.

Peer

  • Friday, 2023-11-10, 7-9pm: Volleyball at Cornell (not the Ithaca one)
  • Saturday, 2023-11-11, 8:30pm, Harris Gym: Drag. Cheer the performers and the illuminating lighting design.
  • Wednesday, 2023-11-15. 7-9pm, Darby: Women’s Basketball vs. Central.
  • Friday, 2023-11-17. 7-9pm, Darby: Women’s Basketball vs. Coe.

Wellness

Misc

  • Saturday, 2023-11-11, Noon: Football vs. Cornell.
  • Monday, 2023-11-13, 4-5:30pm, HSSC N1112: Politics of AI Info Session.

Other good things (no tokens)

  • Friday, 2023-11-10, 7:30 pm, Darby: Men’s Basketball vs. Barclay.
  • Friday, 2023-11-10, 7:00 pm, Loose Lounge: RHPS. Is RHPS misogynistic or a wonderful embrace of LGBTQ+ ideals? Perhaps both? Perhaps neither?

Upcoming work

Please put these in your notes!

  • Tonight: MP6 post-assessment
  • Sunday night: Reading on higher-order programming.
  • Sunday night: Late MP6
  • Sunday night: MP7 pre-assessment
  • Monday night: Late MP6 post-assessment
  • Thursday: MP7
  • Friday: MP7 post-assessment, quizzes

Friday PSA

  • Take care of yourselves.
  • Consent is essential.

About MP7

Either straightforward or complicated, I’m not sure which. Maybe both.

Questions

Administrative

Will you give a makeup quiz on X?

Perhaps. Once I see where everyone stands on LAs, I’ll try to focus on the ones that have the most missing (plus the ones that are better to do on paper).

What work do we have left this semester?

MP7 is your last mini-project.

Next week, you’ll get a multi-week open-ended group project. That project includes a presentation at the end (Monday of week 14).

SoLA 3 will be week 14.

SoLA 4 will be finals week. (Distributed Tuesday morning due Friday at 5pm.)

Regular quizzes, readings, etc.

What will our ethics LA look like?

An updated version of today’s reading responses.

How does the group project count in our grade?

It’s just another project. You have seven mini-projects and eight projects.

When will Sam post the redo for mini-project 5?

This afternoon, if he remembers. TM him.

Data abstraction

What was I supposed to take from the data abstraction reading/lab?

It is generally important to distinguish what we do with data from how the data are represented. (You could uses lists before we learned pairs, you can use numbers even though you don’t know how the numbers are represented.)

Ideally, the what is dictated by the procedures you provide to manipulate the data structure.

When we design our own “data structures”, we should think about what people might want to do with our data and design appropriate procedures. Clients of our structures should access them through the procedures and not through the underlying implementation.

Data abstraction, like procedural abstraction and decomposition, is a key aspect of computational thinking.

More practically speaking, if I say “We want to store this kind of data”, you should be able to make decisions about what procedures are appropriate, how to represent the data as a hash/vector/list, and implement the procedures.

Other

Ethics

https://www.acm.org/code-of-ethics

Let’s read them aloud.

    1. GENERAL ETHICAL PRINCIPLES.
      • 1.1 Contribute to society and to human well-being, acknowledging that all people are stakeholders in computing.
      • 1.2 Avoid harm.
      • 1.3 Be honest and trustworthy.
      • 1.4 Be fair and take action not to discriminate.
      • 1.5 Respect the work required to produce new ideas, inventions, creative works, and computing artifacts.
      • 1.6 Respect privacy.
      • 1.7 Honor confidentiality.
    1. PROFESSIONAL RESPONSIBILITIES.
      • 2.1 Strive to achieve high quality in both the processes and products of professional work.
      • 2.2 Maintain high standards of professional competence, conduct, and ethical practice.
      • 2.3 Know and respect existing rules pertaining to professional work.
      • 2.4 Accept and provide appropriate professional review.
      • 2.5 Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis of possible risks.
      • 2.6 Perform work only in areas of competence.
      • 2.7 Foster public awareness and understanding of computing, related technologies, and their consequences.
      • 2.8 Access computing and communication resources only when authorized or when compelled by the public good.
      • 2.9 Design and implement systems that are robustly and usably secure.
    1. PROFESSIONAL LEADERSHIP PRINCIPLES.
      • 3.1 Ensure that the public good is the central concern during all professional computing work.
      • 3.2 Articulate, encourage acceptance of, and evaluate fulfillment of social responsibilities by members of the organization or group.
      • 3.3 Manage personnel and resources to enhance the quality of working life.
      • 3.4 Articulate, apply, and support policies and processes that reflect the principles of the Code.
      • 3.5 Create opportunities for members of the organization or group to grow as professionals.
      • 3.6 Use care when modifying or retiring systems.
      • 3.7 Recognize and take special care of systems that become integrated into the infrastructure of society.
    1. COMPLIANCE WITH THE CODE.
      • 4.1 Uphold, promote, and respect the principles of the Code.
      • 4.2 Treat violations of the Code as inconsistent with membership in the ACM.

First reflections

A TPS activity.

Which principles did you find surprising (or most surprising)? Why?

  • I found some of them vague. It feels like a good thing.
  • I was surprised that a code of ethics might include “sharing is caring”. 2.7: (Sam phrases that as “A responsibility to inform the public.”)
  • 1.1: (Contribute to society.) The longer discussion includes considerations of environmental sustainability.
    • Computing waste is a huge problem; computers are built to be disposable, but not recyclable.
    • Computing uses a lot of energy. We see that in cryptocurrency, NFTs, large AI systems, etc. Timnit Gebru.
    • The resources that we’re using to build computers require enviornmental destruction and often come from the global south.
  • 3.6 Use care when modifying or retiring systems. People rely on them to get their work done, so unnecessary changes are likely to disrupt peoples’ work or their lifestyle.

Which are your “favorite” principles? Why?

  • 1.6 Respect privacy. “My privacy is important.” People should do their best to keep our private information private.
  • 3.1 Ensure that the public good is the central concern during all professional computing work. (The “public good” can be hard to define.)

Which principles do you expect to be hardest to follow? Why?

  • Leadership principles; it’s hard to be responsible for other people’s actions.
  • Avoid harm: It’s hard to know what the implications are.
    • Search plus “help the user” can lead to horrible results.

A case study

Modified from https://ethics.acm.org/code-of-ethics/using-the-code/case-dark-ux-patterns/. (Please don’t look there for analysis.)

The change request Stewart received was simple enough: replace the web site’s rounded rectangle buttons with arrows and adjust the color palette to one that mixes red and green text. But when Stewart looked at the prototype, he found it confusing. The left arrow suggested that the web site would go back to a previous page or cancel some action; instead, this arrow replaced the button for accepting the company’s default product. The right arrow, on the other hand, upgraded the user to the more expensive category; it also silently added a protection warranty without asking for confirmation. Stewart suggested to his manager that this confusing design would probably trick users into more expensive options that they didn’t want. The response was that these were the changes requested by the client.

Shortly after the updates were released into their production system, Stewart’s team was invited to a celebration. As a result of these changes, revenues at their client had increased significantly over the previous quarter. At the celebration, Stewart overheard some of the client’s managers discussing the small increase for refunds by users who claimed that they didn’t want the protection plan, but there weren’t many. One manager noted several complaints from visually impaired users, who noted that the mixture of red and green text obscured important disclaimers about the product. “So what you’re saying, then, is that the changes worked as planned,” quipped one of the managers.

TPS: What should Stewart do (or have done)?

Another case study

Modified from https://ethics.acm.org/code-of-ethics/using-the-code/case-malware-disruption/. Please don’t read the analysis.

Rogue Services advertised its web hosting services as “cheap, guaranteed uptime, no matter what.” While some of Rogue’s clients were independent web-based retailers, the majority were focused on malware and spam. Several botnets used Rogue’s reliability guarantees to protect their command-and-control servers from take-down attempts. Spam and other fraudulent services leveraged Rogue for continuous delivery. Corrupted advertisements often linked to code hosted on Rogue to exploit browser vulnerabilities to infect machines with ransomware.

Despite repeated requests from major ISPs and international organizations, Rogue refused to intervene with these services, citing their “no matter what” pledge to their customers. Furthermore, international pressure from other governments failed to induce national-level intervention, as Rogue was based in a country whose laws did not adequately proscribe such hosting activities.

Ultimately, Rogue was forcibly taken offline through a coordinated effort from multiple security vendors working with several government organizations. This effort consisted of a targeted worm that spread through Rogue’s network. This denial-of-service attack successfully took Rogue’s machines offline, destroying much of the data stored with the ISP in the process. All of Rogue’s clients were affected. No other ISPs reported any impact from the worm, as it included mechanisms to limit its spread. As a result of this action, spam and botnet traffic immediately dropped significantly. In addition, new infections of several forms of ransomware ceased.

TPS: Was the response appropriate? Ethical? What principles would permit the security vendors and government organizations to write such software. Which might suggest that they behaved unethically?