Eboard 30: Ethics

You are being recorded and transcribed.

Approximate overview

  • Administrivia
  • Sorting competition, concluded
  • Questions
  • Ethics discussions.

Preliminaries

  • Welcome to any prospective students who are visiting!
    • Will I get into a CS class? Yes, unless you are from Brazil.
    • How hard are CS classes? Easy, then insanely hard, then easy again. The faculty are supportive. Fortunately, we have tutors.
  • Sam hopes to catch up a bit on grading over the weekend.

Upcoming work

Tokens

Academic/Scholarly

  • Tuesday, 2024-04-16, noon, Some PDR. CS Table.
  • Tuesday, 2024-04-16, 7:00pm, Science 3819. Mentor Session. Make Elene happy. Show up to mentor sessions!
  • Thursday, 2024-04-18, 11am, JRC 101. Ruha Benjamin on “Viral Justice: How We Grow the World We Want”
  • Thursday, 2024-04-18, 4pm, HSSC 1231 (the Kernel). CS Poster Session.

Cultural

  • Friday, 2024-04-12, 4:00–5:00pm, HSSC N1170 Middle of Everywhere (west Bengal).
  • Saturday, 2024-04-13, 7:00–9:00pm, Main Quad (@nepali_grinnellians on instagram for more info) Celebration of Nepali New Year. Henna, Food, Photo booth.
    • Please RSVP.
  • Saturday, 2024-04-13, 1:00–5:00, Cleveland Beach. Holi. Wear white clothes that you want to become more colorful. Food. Dye (colors). Dyed cake. Water pistols.
  • Saturday, 2024-04-13, 5:00–8:00, JRC 101. Dessert with VSA.

Peer

Saturday, 2024-04-13, 9:00–noon, Tennis Courts. Men’s Tennis vs. Cornell (College).

  • Sunday, 2024-04-14, 2:00–5:00pm, Tennis Courts. Men’s Tennis vs. Cornell (College).

Wellness

  • Friday, 2024-04-12, 3:00–5:00pm, JRC Courtyard Get Nostalgic.
  • Tuesday, 2024-04-16, noon-1pm, BRAC P103. HIIT and Strength Fitness Class.
  • Tuesday, 2024-04-16, 12:15–12:50, Bucksbaum 131. Yoga in the Museum.
  • Tuesday, 2024-04-16, 4pm, BRAC P103 (Multipurpose Dance Studio): Yoga.

Misc

Other good things to do (no tokens)

  • Consider voting for your classmates. So vote for that awesome first-year and a few of the folks here. Make sure to vote for at least one Brazilian, since they won’t be getting courses.
  • Complain about the insecurity of our voting platform.

Friday PSA

  • If you choose to engage in substances, please do so in moderatoin.
  • Consent is essential, but insufficent.

Questions

Registration

Do you recommend that we waitlist ASAP?

Yes. Sometimes, that’s the only way you’ll discover that the system thinks you have a conflict.

Do you know what happened with SelfService?

Nope.

What happens when you click “Do not click THIS button”?

As best I can tell, it attempts to register you for all of your classes, fails (since they are all waitliested) and tells you that.

How many credits can I preregister for?

As many as you want. But it could be dangerous.

How do I tell what classes I’ve waitlisted?

I have a “List View” in addition to the “Calendar View”; the list view makes it easier to check things.

Will I get into a CS class?

That’s what we’ve been told. Everyone who is a declared CS major will get into a CS class.

Sam’s math: We have 80 majors in the class of 2025 and 70 in the class of 2026. That’s 150. We have 188 slots in course above 208. So there should be at least one slot for everyone. If those were the only factors, 38 students would get two CS classes. Assume 15 CS majors are studying abrod in the fall. That means we 188 slots for 135 people, so 53 will get two courses.

And maybe there will be slots for rising second years.

We have been encouraging CS major to preregister/waitlist for every section they might be able to take, so numbers are wickedly inflated.

Administrative

Lists

MP4

I was looking at the rubric/checkmarks and it said that I had to pass E and M tests.

Hah! They are top-secret tests. Which may not exist. I’ll try to look and see if I gave the graders a tester and then send it to you.

Remind me if you haven’t heard by Saturday night. Remind me again if you haven’t heard by Sunday night.

MP8

Other

The Sorting Competition, Continued!

Success: Merge sort with big partitions and Quicksort with “smaller” partitions.

Success: Blow off class.

Ethics

https://www.acm.org/code-of-ethics

We will read these aloud so that we reflect a bit more about each.

    1. GENERAL ETHICAL PRINCIPLES.
      • 1.1 Contribute to society and to human well-being, acknowledging that all people are stakeholders in computing.
      • 1.2 Avoid harm.
      • 1.3 Be honest and trustworthy.
      • 1.4 Be fair and take action not to discriminate.
      • 1.5 Respect the work required to produce new ideas, inventions, creative works, and computing artifacts.
      • 1.6 Respect privacy.
      • 1.7 Honor confidentiality.
    1. PROFESSIONAL RESPONSIBILITIES.
      • 2.1 Strive to achieve high quality in both the processes and products of professional work.
      • 2.2 Maintain high standards of professional competence, conduct, and ethical practice.
      • 2.3 Know and respect existing rules pertaining to professional work.
      • 2.4 Accept and provide appropriate professional review.
      • 2.5 Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis of possible risks.
      • 2.6 Perform work only in areas of competence.
      • 2.7 Foster public awareness and understanding of computing, related technologies, and their consequences.
      • 2.8 Access computing and communication resources only when authorized or when compelled by the public good.
      • 2.9 Design and implement systems that are robustly and usably secure.
    1. PROFESSIONAL LEADERSHIP PRINCIPLES.
      • 3.1 Ensure that the public good is the central concern during all professional computing work.
      • 3.2 Articulate, encourage acceptance of, and evaluate fulfillment of social responsibilities by members of the organization or group.
      • 3.3 Manage personnel and resources to enhance the quality of working life.
      • 3.4 Articulate, apply, and support policies and processes that reflect the principles of the Code.
      • 3.5 Create opportunities for members of the organization or group to grow as professionals.
      • 3.6 Use care when modifying or retiring systems.
      • 3.7 Recognize and take special care of systems that become integrated into the infrastructure of society.
    1. COMPLIANCE WITH THE CODE.
      • 4.1 Uphold, promote, and respect the principles of the Code.
      • 4.2 Treat violations of the Code as inconsistent with membership in the ACM.

TPS questions!

Which principles did you find surprising (or most surprising)? Why?

  • In the discussion of these principles, there was consideration of the insanely large environmental impact of computing.
    • And it’s gotten worse.
    • Undestand the implicit harm you do as well as the explicit harm.
  • 2.1 Strive to achieve high quality in both the processes and products of professional work.
    • vs. “Build fast and break things.” (you can break important things)
  • 2.6 Perform work only in areas of competence.
    • There’s an implicit assumption that we can all learn new things (relatively quickly) and sometimes we have to learn new things to get the job done.
  • 2.8 Access computing and communication resources only when authorized or when compelled by the public good.
    • As computing professionals, we can often find other ways to access informatoin; we should consider whether that is appropriate.
    • Just because people are incompetent at keeping their information secure, you should not access it.
  • 1.1 Contribute to society and to human well-being, acknowledging that all people are stakeholders in computing.
    • Your stakeholders include more than your customers!

Which are your “favorite” principles?

  • 1.6 Respect privacy and 1.7 Honor confidentiality
    • 1.7 is more about trade secrets and such
    • 1.6 is more about not invading others’ privacy.
  • 1.5 Respect the work required to produce new ideas, inventions, creative works, and computing artifacts.
  • 2.9 Design and implement systems that are robustly and usably secure.
    • You should be able to trust that the systems you use (as a user or developer) are secure.

Which principles do you expect to be hardest to follow?

  • See classroom discussion of “It’s so cool that they don’t realize that I can download this.”
  • 2.6 Perform work only in areas of competence.
    • Don’t we have to learn at some point?
  • 1.6 Respect privacy and 1.7 Honor confidentiality
    • You may want to do that but companies don’t.

What other issues came up?

“Duh, this is obvious. Why would you bother to write it in a code?”

Unfortunately, some things you consider obvious aren’t obvious to everyone. (Explanation can also help.)

Sam, why are you asking us to do this?

Because I think you have an obligation to act ethically as professionals and I therefore have an obligation to get you to consider what that means.

A case study

Modified from https://ethics.acm.org/code-of-ethics/using-the-code/case-dark-ux-patterns/. (Please don’t look there for analysis.)

The change request Stewart received was simple enough: replace the web site’s rounded rectangle buttons with arrows and adjust the color palette to one that mixes red and green text. But when Stewart looked at the prototype, he found it confusing. The left arrow suggested that the web site would go back to a previous page or cancel some action; instead, this arrow replaced the button for accepting the company’s default product. The right arrow, on the other hand, upgraded the user to the more expensive category; it also silently added a protection warranty without asking for confirmation. Stewart suggested to his manager that this confusing design would probably trick users into more expensive options that they didn’t want. The response was that these were the changes requested by the client.

Shortly after the updates were released into their production system, Stewart’s team was invited to a celebration. As a result of these changes, revenues at their client had increased significantly over the previous quarter. At the celebration, Stewart overheard some of the client’s managers discussing the small increase for refunds by users who claimed that they didn’t want the protection plan, but there weren’t many. One manager noted several complaints from visually impaired users, who noted that the mixture of red and green text obscured important disclaimers about the product. “So what you’re saying, then, is that the changes worked as planned,” quipped one of the managers.

TPS: What should Stewart do (or have done)? What ACM principles are relevant?

  1. Resign from the ACM. Stewart has clearly violated the ACM code of ethics.

  2. Quit. Stewart’s employer has violated the ACM code of ethics.

  3. Blow whistles (and be fired). “4.2 Treat violations of the Code as inconsistent with membership in the ACM.” You’re going to be fired, you probably won’t be hired again. Agh!

  4. Raise my concern to my manager. (Stewart did that.)

  5. Start looking for other jobs. “2.7 Foster public awareness and understanding of computing, related technologies, and their consequences.”

  6. More thoughtful whistleblowing. Gather evidence. Talk to lawyers.

Another case study

I doubt we’ll have time to cover this one.

Modified from https://ethics.acm.org/code-of-ethics/using-the-code/case-malware-disruption/. Please don’t read the analysis.

Rogue Services advertised its web hosting services as “cheap, guaranteed uptime, no matter what.” While some of Rogue’s clients were independent web-based retailers, the majority were focused on malware and spam. Several botnets used Rogue’s reliability guarantees to protect their command-and-control servers from take-down attempts. Spam and other fraudulent services leveraged Rogue for continuous delivery. Corrupted advertisements often linked to code hosted on Rogue to exploit browser vulnerabilities to infect machines with ransomware.

Despite repeated requests from major ISPs and international organizations, Rogue refused to intervene with these services, citing their “no matter what” pledge to their customers. Furthermore, international pressure from other governments failed to induce national-level intervention, as Rogue was based in a country whose laws did not adequately proscribe such hosting activities.

Ultimately, Rogue was forcibly taken offline through a coordinated effort from multiple security vendors working with several government organizations. This effort consisted of a targeted worm that spread through Rogue’s network. This denial-of-service attack successfully took Rogue’s machines offline, destroying much of the data stored with the ISP in the process. All of Rogue’s clients were affected. No other ISPs reported any impact from the worm, as it included mechanisms to limit its spread. As a result of this action, spam and botnet traffic immediately dropped significantly. In addition, new infections of several forms of ransomware ceased.

TPS: Was the response appropriate? Ethical? What principles would permit the security vendors and government organizations to write such software.