COMP3511 Legal Aspects and Ethics of Computing

Lesson 4
Professional bodies and
codes of ethics
DR JEFF TANG
2022/23 SEMESTER 2
 2
Lesson Overview

 Introduction
 Is software engineering a profession?
 Software engineering code of ethics
 Case studies
 Whistleblowing

COMP3511 Lesson 4
 3
Introduction

 Informally, profession a vocation requiring…

 High level of education
 Practical experience
 We pay professionals well
 Medical Doctors
 Lawyers
 We trust professionals to…
 Correctly ascertain and treat problems
 Take actions for the good of their clients
COMP3511 Lesson 4
 4

COMP3511 Lesson 4
Are
Computer Experts
Professionals?
 5
Characteristics of a Profession

 Initial professional education

 Accreditation
 Skills development
 Certification
 Licensing
 Professional development
 Code of ethics
 Professional society

COMP3511 Lesson 4
 6

COMP3511 Lesson 4
 7
Certified Public Accountants

 Bachelor’s degree
 150+ semester hours
 24+ hours of accounting-related classes
 Two years’ experience working under supervision of a
CPA
 CPA exam
 To retain certification
 Continuing education
 Follow code of ethics
COMP3511 Lesson 4
 8
Computer-Related Careers

 Certification and licensing not required

 College degree not required
 Apprenticeship not required
 Membership in professional society optional
 No specific requirements for continuing education
 Most computer programmers, system analysts, etc. are part of
teams
 Ability to harm public can be similar to members of mature
professions
COMP3511 Lesson 4
 9

Software
Engineering Code
of Ethics

COMP3511 Lesson 4
 10
Preamble of Code

 Software engineers have opportunities to do good or do

harm
 Software engineers ought to be committed to doing good
 Eight principles identify key ethical relationships and
obligations within these relationship
 Code should be seen as a whole, not a collection of parts
 Concern for the public interest is paramount

COMP3511 Lesson 4
 11
Eight Principles Identify Morally
Responsible Relationships

1. Public
2. Client and employer
3. Product
4. Judgment
5. Management
6. Profession
7. Colleagues
8. Self

COMP3511 Lesson 4
 12
Act Consistently with Public Interest

 1.01 “Accept full responsibility for own work”

 1.02 Balance competing interests
 1.03 Approve software only if it is safe
 1.04 Disclose actual/potential dangers
 1.05 “Cooperate in efforts to address” public concerns
 1.06 “Be fair and avoid deception in all statements”
 1.07 Consider factors that diminish access to software
 1.08 “Volunteer professional skills to good causes”

COMP3511 Lesson 4
 13
Act in Best Interest of Client, Employer

 2.01 Act within areas of competence

 2.02 Don’t use software obtained illegally
 2.03 Only use property in authorized ways
 2.04 Ensure documents are approved
 2.05 Respect confidentiality
 2.06 Promptly report problems with project
 2.07 Report issues of social concern
 2.08 Refuse outside work detrimental to job
 2.09 Put employer’s/client’s interests first, unless overriding moral concern

COMP3511 Lesson 4
 14
Ensure Products Meet Highest
Standards

 3.01 Aim for “high quality, acceptable cost and a reasonable schedule,”
making trade-offs clear
 3.02 “Ensure proper and achievable goals”
 3.03 Face up to “ethical, economic, cultural, legal and environmental”
issues
 3.04 Ensure you are qualified for proposed work
 3.05 Use appropriate project methodologies
 3.06 Follow the most appropriate professional standards
 3.07 “Strive to fully understand the specifications”
 3.08 Ensure the specifications are correct and approved
COMP3511 Lesson 4
 15
Ensure Products Meet Highest
Standards

 3.09 “Ensure realistic quantitative estimates of cost, scheduling, personnel,

quality and outcomes”
 3.10 “Ensure adequate testing, debugging, and review of software and
related documents”
 3.11 “Ensure adequate documentation”
 3.12 Develop software and documents that respect privacy of those
affected by software
 3.13 Use only accurate data appropriately acquired
 3.14 Maintain data integrity
 3.15 Use same standards for software maintenance as software
development
COMP3511 Lesson 4
 16
Maintain Integrity in Professional
Judgment

 4.01 “Temper all technical judgments by the need to support and

maintain human values”
 4.02 Understand and agree with documents before endorsing
them
 4.03 Remain objective when evaluating software or related
documents
 4.04 Do not engage in deceptive financial practices
 4.05 Disclose conflicts of interest
 4.06 Do not participate in decisions in which you, your employer, or
your client has a potential conflict of interest

COMP3511 Lesson 4
 17
Promote Effective Project
Management

 5.01 Ensure good project management procedures

 5.02 Ensure software engineers know standards
 5.03 Ensure software engineers know policies and
procedures for protecting confidential information
 5.04 Take employees’ abilities into account before
assigning work
 5.05 Ensure reasonable estimates are made
 5.06 Give full and accurate information to potential
employees
COMP3511 Lesson 4
 18
Promote Effective Project
Management

 5.07 Pay employees fairly

 5.08 Do not unjustly prevent a qualified person from taking a
job
 5.09 Work out fair intellectual property agreements
 5.10 Provide employees charged with misconduct due
process
 5.11 Do not ask someone to do anything violating the Code
 5.12 “Do not punish anyone for expressing ethical concerns
about a project”
COMP3511 Lesson 4
 19
Advance the Profession

 6.01 Help create an environment supporting ethical conduct

 6.02 “Promote public knowledge of software engineering”
 6.03 Participate in professional activities
 6.04 Support others who are trying to follow this Code
 6.05 Do not promote self-interest at expense of profession, client, or
employer
 6.06 Obey all laws unless there is an overriding public interest
 6.07 Do not deceive others regarding the characteristics of
software
COMP3511 Lesson 4
 20
Advance the Profession

 6.08 Take responsibility for finding, correcting, and reporting errors in

software and documentation
 6.09 Ensure others know you are committed to the Code and what that
means
 6.10 Do not associate with businesses and organizations that are in conflict
with Code
 6.11 Understand violating the Code is inconsistent with being a
professional
 6.12 Share concerns about Code violations with the people involved
 6.13 “Blow the whistle” when no alternative to reporting significant Code
violations
COMP3511 Lesson 4
 21
Be Fair to and Supportive of
Colleagues

 7.01 “Encourage colleagues to adhere to this Code”

 7.02 “Assist colleagues in professional development”
 7.03 Give others the credit they deserve
 7.04 Be objective when reviewing the work of others
 7.05 Give colleagues a fair hearing
 7.06 Help colleagues remain aware of work practices
 7.07 Do not unfairly interfere with another’s career, but protect the public
interest
 7.08 Bring in experts for situations outside your own area of competence.

COMP3511 Lesson 4
 22
Participate in Lifelong Learning (Self)

 8.01 Stay current with developments in field

 8.02 Improve ability to create high quality software
 8.03 Improve ability to produce high quality documentation
 8.04 Improve understanding of software and documentation used in work
 8.05 Improve knowledge of relevant standards
 8.06 Improve knowledge of this Code and its application
 8.07 Do not treat others unfairly because of prejudices
 8.08 Do not influence others to break the Code
 8.09 “Recognize that personal violations of this Code are inconsistent with
being a professional software engineer”
COMP3511 Lesson 4
 23

Case Studies

COMP3511 Lesson 4
 24
Case: Software Recommendation

 Sam Shaw asks for free advice on LAN security

 Prof. Smith answers questions and recommends top-
ranked package
 Prof. Smith does not disclose
 She has financial interest in company producing top-ranked
package
 Another package was given a “best buy” rating
 Did Prof. Smith do anything wrong?

COMP3511 Lesson 4
 25
Analysis

 Most relevant principles

 Be impartial.
 Disclose information others ought to know.
 Share your knowledge, expertise, and values.
 Clause 1.06: Prof. Smith was deceptive
 Clauses 1.08, 6.02: Prof. Smith freely gave valuable information
 Clauses 4.05, 6.05: Prof. Smith did not reveal conflict of interest

COMP3511 Lesson 4
 26
Conclusion

 Professor Smith should have revealed her conflict of

interest to Mr. Shaw.

COMP3511 Lesson 4
 27
Case: Child Pornography

 Joe Green a system administrator

 Asked to install new software package on Chuck Dennis’s
computer
 Green not authorized to read other people’s emails or personal files
 Green sees suspicious-looking file names
 He opens some of Dennis’s files and discovers child pornography
 What should he do?

COMP3511 Lesson 4
 28
Analysis (1/2)

 Most relevant principles

 Be impartial
 Respect the rights of others
 Treat others justly
 Maintain your integrity

COMP3511 Lesson 4
 29
Analysis (2/2)

 Most relevant clauses

 2.03: Somebody has misused the company PC
 2.09: Someone is using the PC for a purpose not in the employer’s
interest
 3.13: Joe violated the policy against opening files
 5.10: Someone else may have planted the files on Chuck’s computer

COMP3511 Lesson 4
 30
Conclusions

 Joe was wrong to violate company policy to uncover child

pornography
 Once he has this knowledge, however, he is obliged to share it with
company authorities
 Joe should be discreet

COMP3511 Lesson 4
 31
Case: Consulting Opportunity

 Jean works in support organization for Acme Corporation

 Many Acme customers downgrading their level of support
 East Dakota gives Jean opportunity to run a training class similar to
that provided by Acme
 Jean tells no one at Acme
 Jean develops materials at home on own time
 Jean takes paid vacation to teach class

COMP3511 Lesson 4
 32
Analysis (1/2)

 Most relevant principles

 Be impartial.
 Take responsibility for your actions and inactions.
 Disclose information that others ought to know.
 Maintain your integrity.
 Continually improve your abilities.

COMP3511 Lesson 4
 33
Analysis (2/2)

 Most relevant clauses

 3.04: Jean was well qualified to develop materials and teach class
 8.04: By creating materials, Jean became even more familiar with
Acme’s package and its capabilities
 4.05: Jean didn’t disclose his conflict of interest with his employer
 2.08: Jean deprived himself of “time off” needed to do his best work at
Acme
 6.05: Jean put his own interest above that of his employer

COMP3511 Lesson 4
 34
Conclusions

 Jean did not disclose East Dakota’s offer or his decision to Acme’s
management
 Acme’s management is likely to question Jean’s loyalty to the
company
 Jean’s actions were wrong and unwise

COMP3511 Lesson 4
 35

Situation in Hong
Kong

COMP3511 Lesson 4
 36
Code of Ethics

 HKCS Code of Ethics and Professional Conducts:

 The link isn’t available anymore
 OGCIO : Code of Practice for Recognized Certification Authorities
 https://www.ogcio.gov.hk/en/about_us/work_force/professional_ethics/
 Association for Computing Machinery (ACM) Code of Ethics:
 https://www.acm.org/code-of-ethics
 ACM Principles of the SE Code
 https://ethics.acm.org/code-of-ethics/software-engineering-code/
 The Hong Kong Institution of Engineers (HKIE) Rules of Conduct
 https://www.hkie.org.hk/upload/download/19/file/59c0e423c574d.pdf

COMP3511 Lesson 4
 37
HKCS Code of Ethics and Professional
Conducts

 As an aid to understanding, these rules have been grouped into the four
principal areas, which all members should endeavor to discharge in
pursuing their professional lives.
A. Professional Competence and Integrity
B. Social Implications
C. Organization and Leadership
D. Duty to the Profession

COMP3511 Lesson 4
 A. Professional Competence and
38
Integrity
1. Be honest and trustworthy, and will not knowingly engage in or associate with
dishonest or fraudulent practices.
2. Continue to upgrade my professional knowledge and skills, and shall maintain
awareness of technological developments, procedures and standards, which are
relevant to my field.
3. Only offer to do work or provide a service, which is within my professional
competence and shall not claim any level of competence that I do not possess;
any professional opinion which I am asked to give shall be objective and reliable.
4. Qualify professional opinions, which I know are based on limited knowledge or
experience. I will not misrepresent my skills or knowledge nor knowingly mislead a
client or potential client as to the suitability of a product or service.
5. Not require, or attempt to influence, any person to take any action, which would
involve a breach of this Code.

COMP3511 Lesson 4
 B. Social Implications 39
1. Increase my awareness of issues affecting the IT profession and its relationship with
the community.
2. Ensure that within my chosen fields, I have knowledge and understanding of
relevant legislation, regulations and standards and that I comply with such
requirements.
3. Honour property rights (including copyrights and patents) and give proper credit for
work done by others where credit is due.
4. Honour confidentiality and respect the privacy of others.
5. Be fair and take action not to discriminate.
6. Contribute to society and human well-being and avoid harm to others.
7. Protect and promote the health and safety of those affected by my work and have
regard to the protection of the environment.
8. Have regard for human rights and avoid any actions that adversely affect such
rights.
9. Endeavour to understand and give due regard to the perceptions of those
affected by my work, whether or not I agree with those perceptions.
COMP3511 Lesson 4
 C. Organisation and Leadership 40
1. Keep myself and subordinates informed of such new technologies, practices, legal requirements and
standards as are relevant to my duties, and seek to conform to recognized good practices including quality
standards, which are in my judgment relevant, and encourage my subordinates to do likewise.
2. Encourage my colleagues, employees and students to continue their own professional development, and
ensure that subordinates are trained in order to be effective in their duties and to qualify for increased
responsibilities.
3. Create opportunities for members of the organization to learn the principles and limitations of IT and systems.
4. Accept professional responsibility for my work and for the work of my subordinates and associates under my
direction, and shall not terminate any assignment except for good reason and on reasonable notice.
5. Avoid any situation that may give rise to a conflict of interest between myself and my client, I will make full
and immediate disclosure to the client if any conflict should occur.
6. Articulate social responsibilities of members of an organizational unit and encourage full acceptance of
those responsibilities.
7. Manage personnel and resources to design and build information systems that enhance the quality of
working life.
8. Endeavour to provide products and services, which match the operational and financial needs of my clients
and employers.
9. Go beyond my brief, if necessary, in order to act professionally.
10. Acknowledge and support proper and authorized uses of an organisation’s IT resources.

COMP3511 Lesson 4
 C. Organisation and Leadership 41
11. Ensure that users and those who will be affected by a system have their needs clearly articulated during
the assessment and design of requirements; later the system must be validated to meet requirements.
12. Articulate and support policies that protect the dignity of users and others affected by IT and systems.
13. Carry out work with due care and diligence in accordance with the requirements of the employer or client
and will, if my professional judgment is overruled, indicate the likely consequences.
14. Endeavour to complete work undertaken on time and to budget and I will advise my employer or client as
soon as practicable if any overrun is foreseen.
15. Not offer or provide, or receive in return, inducement for the introduction of business from a client unless
there is full prior disclosure of the facts to the client.
16. Respect and protect my clients’ and employers’ proprietary interests. I will not disclose or authorize to be
disclosed, or use for personal gain or to benefit a third party, confidential information acquired in the
course of professional practice, except with prior written permission of the employer or client, or at the
direction of a court of law.
17. Seek to avoid being put in a position where I may become privy to or party to activities or information
concerning activities which would conflict with my responsibilities.
18. Not misrepresent or withhold information on the capabilities of products, systems or services with which I am
concerned or take advantage of the lack of knowledge or inexperience of others.
19. Not (except where specifically so instructed) handle client’s monies or place contracts or orders in
connection with work on which I am engaged, when acting as an independent consultant.
20. Not purport to exercise independent judgment on behalf of a client on any product or service in which I
knowingly have any interest, financial or otherwise.
COMP3511 Lesson 4
 D. Duty to Profession 42
1. Uphold the reputation of the profession and I will seek to improve professional development through participation in their
development, use and enforcement, and shall avoid any action that will adversely affect the good standing of the profession.
2. Seek to advance public knowledge and understanding of computing and information systems and technology and to counter false
or misleading statements that are detrimental to the profession.
3. Encourage and support fellow members in their professional development, and where possible, provide opportunities for the
professional development of new entrants to the profession.
4. Act with integrity towards members of other professions with whom I am concerned in a professional capacity and will avoid
engaging in any activity, which is incompatible with professional status.
5. Not make any public statements in my professional capacity unless I am properly qualified and, where appropriate, authorized to do
so, and will have due regard to the likely consequences of any statement on others.
6. Respect, and seek when necessary, the professional opinions of colleagues in their areas of competence.
7. Not attempt to enhance my own reputation at the expense of another’s reputation.
8. Co-operate in advancing information processing by communication with other professionals, students and the public, and by
contributing to the efforts of professional and scientific societies as well as universities, colleges or schools.
9. Distance myself professionally from someone whose professional membership of HKCS has been terminated because of unethical
behavior or unsatisfactory conduct.
10. Take appropriate action if I discover a member or a potential member of HKCS engaging in unethical behaviour.
11. Seek advice from the Society’s Director of Professional Development when faced with an ethical dilemma that I cannot resolve by
myself.
12. Acknowledge my responsibility to the IT profession and in return will protect and promote professionalism in IT. Accept and provide an
appropriate review of professional work of others, including review of applications for professional membership.
13. Do what I can to ensure that the corporate actions of the HKCS are in accordance with this Code.
COMP3511 Lesson 4
 43
OGCIO : Code of Practice for
Recognized Certification Authorities

 THE PROFESSIONAL ETHICS

 The Professional Ethics are grouped under the following headings
as recommended by the International Federation for Information
Processing (IFIP)2:-
a. Respect
b. Personal Qualities
c. Information Privacy and Data Integrity
d. Production and Flow of Information
e. Attitude Towards Regulations

COMP3511 Lesson 4
 44
A. RESPECT

1. Be fair and take action not to discriminate.

2. Contribute to society and human well-being and avoid harm to others.
3. Protect and promote public health and safety and have regard to the
protection of the environment.
4. Have regard for human rights and avoid any action that adversely affects
such rights.
5. Manage personnel and resources to design and build information systems
that enhance the quality of life.
6. Respect, and seek when necessary, the professional opinions of
colleagues in their areas of competence.

COMP3511 Lesson 4
 45
B. PERSONAL QUALITIES

1. Be honest and trustworthy, and do not knowingly engage in or associate with dishonest or fraudulent
practices.
2. Continue to upgrade professional knowledge and skills; maintain awareness of technological
developments, procedures and standards which are relevant to the field.
3. Only offer to do work or provide a service within one's professional competence, and do not claim any
level of competence that is not possessed; give objective and reliable professional opinion when asked.
4. Honour intellectual property rights (including copyrights and patent) and give proper credit where credit
is due for work done by others.
5. Accept professional responsibility for work assigned and for the work of subordinates and associates
under one's direction, and do not terminate any assignment except with good reason and on
reasonable notice.
6. Avoid any situation that may give rise to a conflict of interest, and make full and immediate disclosure to
the parties concerned if any conflict should arise.
7. Encourage and support subordinates and new entrants in professional development.
8. Seek to advance public knowledge and understanding of information technology, and counter false or
misleading statements that are detrimental to the profession.
COMP3511 Lesson 4
 46
C. INFORMATION PRIVACY AND DATA
INTEGRITY

1. Honour confidentiality and respect the privacy of others.

2. Endeavour to preserve the integrity and security of others'
information.

COMP3511 Lesson 4
 47
D. PRODUCTION AND FLOW OF
INFORMATION

 Respect and protect the proprietary interests of the information owners, and
do not disclose or authorize to disclose, or use for personal gain, or to benefit
a third party, confidential information acquired in the course of professional
practice, except with prior written permission of the information owners, or at
the direction of a court of law.
 Do not misrepresent or withhold information on the capabilities of products,
systems or services, or take advantage of the lack of knowledge or
inexperience of others.
 Co-operate in advancing information processing by communicating with
other professionals and the public, and by contributing to the efforts of
professional societies as well as universities, colleges or schools.
COMP3511 Lesson 4
 48
E. ATTITUDE TOWARDS STANDARDS

 Uphold the reputation of the profession and seek to improve

professional standards through participation in their development,
use and enforcement; avoid any action that will adversely affect
the good standing of the profession.
 Seek advice from seniors when faced with an ethical dilemma that
cannot be resolved.

COMP3511 Lesson 4
 49

Whistleblowing

COMP3511 Lesson 4
 50
Overview of Whistleblowing

 Whistleblower
 Tries to report harmful situation through authorized channels
 Rebuffed by organization
 Makes disclosure through unauthorized channels
 Whistleblowers punished for their actions
 Lose job or all chances of advancement
 Financial and emotional hardship
 False Claims Act
 Whistleblower Protection Act
COMP3511 Lesson 4
 51
Motives of Whistleblowers

 People become whistleblowers for different reasons

 Morality of action may depend on motives
 Good motive
 Desire to help the public
 Questionable motives
 Retaliation
 Avoiding punishment

COMP3511 Lesson 4
 52
Corporate Response to Whistleblowing

 Whistleblowers are disloyal

 Whistleblowing has many harms
 Bad publicity
 Disruption of organization’s social fabric
 Makes it hard for people to work as team
 If company causes harm, public can use legal remedies
to seek damages
 Critique: Overly legalistic view of public harm?
COMP3511 Lesson 4
 53
Whistleblowing as Organizational
Failure

 Whistleblowing harms organization

 Bad publicity
 Ruined careers
 Erodes team spirit
 Whistleblowing harms whistleblower
 Retaliation
 Estrangement
 Organizations should improve communication
 Critique
 Is this realistic?
 Robert Spitzer: Organizations should return to using principle-based ethics in decision
making
COMP3511 Lesson 4
 54

© The New Yorker Collection 2003 Leo Cullum from cartoonbank.com. All rights reserved.
COMP3511 Lesson 4
 55
Whistleblowing as Moral Duty

 Richard DeGeorge’s questions for whistleblowing

1. Is serious harm to the public at stake?
2. Have you told your manager?
3. Have you tried every possible inside channel?
4. Do you have persuasive documented evidence?
5. Are you sure whistleblowing will work?
 Under what conditions must you blow the whistle?
 DeGeorge: If all five conditions are met
 Others: If conditions 1-3 are met
 Still others: Whistleblowing is never morally required

COMP3511 Lesson 4
 56
Moral Responsibility

 Exclusive Responsibilities
 Role responsibility
 Causal responsibility
 Legal responsibility
 Moral responsibility
 Must be borne by people
 Is not exclusive
 Michael McFarland: A team should be held to a higher level of
moral responsibility than any of its members

COMP3511 Lesson 4
 57
Case: Cathay Pacific data leak

 Cathay Pacific data breach compromised the personal

information of up to 9.4 million passengers
 “This [event] is very disappointing given the high level of trust
that passengers local and worldwide has placed in the airline,”
said Charles Mok, the past Hong Kong's Legislative Councilor for
Information Technology. “While this data breach will
undoubtedly undermine the international image of Hong Kong,
I'm even more concerned with how it took Cathay Pacific nearly
half a year before finally notifying the privacy regulator and
affected passengers all over the world.”
 “CX seems to have detected the unusual traffic themselves, but
we don't know how much time passed between the breach
and the detection,” said Richard Stagg, managing consultant
for Hong Kong-based security firm Handshake Networking. “If it
was the same day, bravo! If it was a six month gap
then...whatever is the opposite of bravo.”

COMP3511 Lesson 4