Appendix C
CONTENTS
Though not often commented on, those of us in the computer industry,
like any other, should concern ourselves with a set of professional
ethics to guide our decisions. An ethical code of conduct should
include the expectations that we have of ourselves, and those
we deal with on a professional basis. Several computer-based organizations
like the Data Processing Management Association (DPMA), the British
Computer Society (BCS) and the Association for Computing Machinery
(ACM) have all set down a professional code of ethics. There are
six main elements to these ethics which are frequently covered:
1.1 | Respecting the dignity and worth of another individual. |
1.2 | Bringing personal integrity and honesty to each project. |
1.3 | Keeping information in the strictest confidence. |
1.4 | Being responsible for one's work. |
1.5 | Awareness of the public's safety, health, and general welfare. |
1.6 | Understanding that access to both information and technology
are important in a social context as tools of personal power. |
As an example of these professional ideals for both the computer
professional and organization, this is the listing of the oldest
computer society's ideals, the ACM's Canon's of Conduct (ACM Code
of Ethics and Professional Conduct reprinted here with permission
from ACM):
ACM Code of Ethics and Professional Conduct*
© Copyright 1996 by ACM
Preamble. Commitment to ethical professional conduct is expected
of every member (voting members, associate members, and student
members) of the Association for Computing Machinery (ACM).
This Code, consisting of 24 imperatives formulated as statements
of personal responsibility, identifies the elements of such a
commitment. It contains many, but not all, issues professionals
are likely to face. Section 1 outlines fundamental ethical considerations,
while Section 2 addresses additional, more specific considerations
of professional conduct. Statements in Section 3
*Adopted by ACM Council 10/16/92.
pertain more specifically to individuals who have a leadership
role, whether in the workplace or in a volunteer capacity such
as with organizations like ACM. Principles involving compliance
with this Code are given in Section 4.
The Code shall be supplemented by a set of Guidelines, which provide
explanation to assist members in dealing with the various issues
contained in the Code. It is expected that the Guidelines will
be changed more frequently than the Code.
The Code and its supplemented Guidelines are intended to serve
as a basis for ethical decision making in the conduct of professional
work.
Secondarily, they may serve as a basis for judging the merit of
a formal complaint pertaining to violation of professional ethical
standards.
It should be noted that although computing is not mentioned in
the imperatives of section 1.0, the Code is concerned with how
these fundamental imperatives apply to one's conduct as a computing
professional.
These imperatives are expressed in a general form to emphasize
that ethical principles which apply to computer ethics are derived
from more general ethical principles.
It is understood that some words and phrases in a code of ethics
are subject to varying interpretations, and that any ethical principle
may conflict with other ethical principles in specific situations.
Questions related to ethical conflicts can best be answered by
thoughtful consideration of fundamental principles, rather than
reliance on detailed regulations.
As an ACM member I will...
1.1 | Contribute to society and human well-being. |
1.2 | Avoid harm to others. |
1.3 | Be honest and trustworthy. |
1.4 | Be fair and take action not to discriminate. |
1.5 | Honor property rights including copyrights and patents. |
1.6 | Give proper credit for intellectual property. |
1.7 | Respect the privacy of others. |
1.8 | Honor confidentiality. |
As an ACM computing professional I will...
2.1 | Strive to achieve the highest quality, effectiveness, and
dignity in both the process and products of professional work. |
2.2 | Acquire and maintain professional competence. |
2.3 | Know and respect existing laws pertaining to professional
work. |
2.4 | Accept and provide appropriate professional review. |
2.5 | Give comprehensive and thorough evaluations of computer systems
and their impacts, including analysis of possible risks. |
2.6 | Honor contracts, agreements, and assigned responsibilities. |
2.7 | Improve public understanding of computing and its consequences. |
2.8 | Access computing and communication resources only when authorized
to do so. |
As an ACM member and an organizational leader, I will...
3.1 | Articulate social responsibilities of members of an organizational
unit and encourage full acceptance of those responsibilities. |
3.2 | Manage personnel and resources to design and build information
systems that enhance the quality of working life. |
3.3 | Acknowledge and support proper and authorized uses of an organization's
computing and communication resources. |
3.4 | Ensure that users and those who will be affected by a system
have their needs clearly articulated during the assessment and
design of requirements; later the system must be validated to
meet requirements. |
3.5 | Articulate and support policies that protect the dignity of
users and others affected by a computing system. |
3.6 | Create opportunities for members of the organization to learn
the principles and limitations of computer systems. |
As an ACM member, I will...
4.1 | Uphold and promote the principles of this Code. |
4.2 | Treat violations of this code as inconsistent with membership
in the ACM. |
As an ACM member I will...
1.1 | Contribute to society and human well-being. |
This principle concerning the quality of life of all people affirms
an obligation to protect fundamental human rights and to respect
the diversity of all cultures. An essential aim of computing professionals
is to minimize negative consequences of computing systems, including
threats to health and safety. When designing or implementing systems,
computing professionals must attempt to ensure that the products
of their efforts will be used in socially responsible ways, will
meet social needs, and will avoid harmful effects to health and
welfare.
In addition to a safe social environment, human well-being includes
a safe natural environment. Therefore, computing professionals
who design and develop systems must be alert to, and make others
aware of, any potential damage to the local or global environment.
"Harm" means injury or negative consequences, such as
undesirable loss of information, loss of property, property damage,
or unwanted environmental impacts. This principle prohibits use
of computing technology in ways that result in harm to any of
the following: users, the general public, employees, employers.
Harmful actions include intentional destruction or modification
of files and programs leading to serious loss of resources or
unnecessary expenditure of human resources such as the time and
effort required to purge systems of "computer viruses."
Well-intended actions, including those that accomplish assigned
duties, may lead to harm unexpectedly. In such an event the responsible
person or persons are obligated to undo or mitigate the negative
consequences as much as possible. One way to avoid unintentional
harm is to carefully consider potential impacts on all those affected
by decisions made during design and implementation.
To minimize the possibility of indirectly harming others, computing
professionals must minimize malfunctions by following generally
accepted standards for system design and testing. Furthermore,
it is often necessary to assess the social consequences of systems
to project the likelihood of any serious harm to others. If system
features are misrepresented to users, coworkers, or supervisors,
the individual computing professional is responsible for any resulting
injury.
In the work environment the computing professional has the additional
obligation to report any signs of system dangers that might result
in serious personal or social damage. If one's superiors do not
act to curtail or mitigate such dangers, it may be necessary to
"blow the whistle" to help correct the problem or reduce
the risk. However, capricious or misguided reporting of violations
can, itself, be harmful. Before reporting violations, all relevant
aspects of the incident must be thoroughly assessed. In particular,
the assessment of risk and responsibility must be credible. It
is suggested that advice be sought from other computing professionals.
See principle 2.5 regarding thorough evaluations.
1.3 | Be honest and trustworthy. |
Honesty is an essential component of trust. Without trust an organization
cannot function effectively. The honest computing professional
will not make deliberately false or deceptive claims about a system
or system design, but will instead provide full disclosure of
all pertinent system limitations and problems.
A computer professional has a duty to be honest about his or her
own qualifications, and about any circumstances that might lead
to conflicts of interest.
Membership in volunteer organizations such as ACM may at times
place individuals in situations where their statements or actions
could be interpreted as carrying the "weight" of a larger
group of professionals. An ACM member will exercise care to not
misrepresent ACM or positions and policies of ACM or any ACM units.
1.4 | Be fair and take action not to discriminate. |
The values of equality, tolerance, respect for others, and the
principles of equal justice govern this imperative. Discrimination
on the basis of race, sex, religion, age, disability, national
origin, or other such factors is an explicit violation of of ACM
policy and will not be tolerated.
Inequities between different groups of people may result from
the use or misuse of information and technology. In a fair society,all
individuals would have equal opportunity to participate in, or
benefit from, the use of computer resources regardless of race,
sex, religion, age, disability, national origin or other such
similar factors. However, these ideals do not justify unauthorized
use of computer resources nor do they provide an adequate basis
for violation of any other ethical imperatives of this code.
1.5 | Honor property rights including copyrights and patents. |
Violation of copyrights, patents, trade secrets and the terms
of license agreements is prohibited by law in most circumstances.
Even when software is not so protected, such violations are contrary
to professional behavior. Copies of software should be made only
with proper authorization. Unauthorized duplication of materials
must not be condoned.
1.6 | Give proper credit for intellectual property. |
Computing professionals are obligated to protect the integrity
of intellectual property. Specifically, one must not take credit
for other's ideas or work, even in cases where the work has not
been explicitly protected by copyright, patent, etc.
1.7 | Respect the privacy of others. |
Computing and communication technology enables the collection
and exchange of personal information on a scale unprecedented
in the history of civilization. Thus there is increased potential
for violating the privacy of individuals and groups. It is the
responsibility of professionals to maintain the privacy and integrity
of data describing individuals. This includes taking precautions
to ensure the accuracy of data, as well as protecting it from
unauthorized access or accidental disclosure to inappropriate
individuals. Furthermore, procedures must be established to allow
individuals to review their records and correct inaccuracies.
This imperative implies that only the necessary amount of personal
information be collected in a system, that retention and disposal
periods for that information be clearly defined and enforced,
and that personal information gathered for a specific purpose
not be used for other purposes without consent of the individual(s).
These principles apply to electronic communications, including
electronic mail, and prohibit procedures that capture or monitor
electronic user data, including messages,without the permission
of users or bona fide authorization related to system operation
and maintenance. User data observed during the normal duties of
system operation and maintenance must be treated with strictest
confidentiality, except in cases where it is evidence for the
violation of law, organizational regulations, or this Code. In
these cases, the nature or contents of that information must be
disclosed only to proper authorities. (See 1.9)
1.8 | Honor confidentiality. |
The principle of honesty extends to issues of confidentiality
of information whenever one has made an explicit promise to honor
confidentiality or, implicitly, when private information not directly
related to the performance of one's duties becomes available.
The ethical concern is to respect all obligations of confidentiality
to employers, clients, and users unless discharged from such obligations
by requirements of the law or other principles of this Code.
2. MORE SPECIFIC PROFESSIONAL RESPONSIBILITIES
As an ACM computing professional I will...
2.1 | Strive to achieve the highest quality, effectiveness and dignity
in both the process and products of professional work. |
Excellence is perhaps the most important obligation of a professional.
The computing professional must strive to achieve quality and
to be cognizant of the serious negative consequences that may
result from poor quality in a system.
2.2 | Acquire and maintain professional competence. |
Excellence depends on individuals who take responsibility for
acquiring and maintaining professional competence. A professional
must participate in setting standards for appropriate levels of
competence, and strive to achieve those standards. Upgrading technical
knowledge and competence can be achieved in several ways: doing
independent study; attending seminars, conferences, or courses;
and being involved in professional organizations.
2.3 | Know and respect existing laws pertaining to professional work. |
ACM members must obey existing local, state, province, national,
and international laws unless there is a compelling ethical basis
not to do so. Policies and procedures of the organizations in
which one participates must also be obeyed. But compliance must
be balanced with the recognition that sometimes existing laws
and rules may be immoral or inappropriate and, therefore, must
be challenged. Violation of a law or regulation may be ethical
when that law or rule has inadequate moral basis or when it conflicts
with another law judged to be more important. If one decides to
violate a law or rule because it is viewed as unethical, or for
any other reason, one must fully accept responsibility for one's
actions and for the consequences.
2.4 | Accept and provide appropriate professional review. |
Quality professional work, especially in the computing profession,
depends on professional reviewing and critiquing. Whenever appropriate,
individual members should seek and utilize peer review as well
as provide critical review of the work of others.
2.5 | Give comprehensive and thorough evaluations of computer systems
and their impacts, including analysis of possible risks. |
Computer professionals must strive to be perceptive, thorough,
and objective when evaluating, recommending, and presenting system
descriptions and alternatives. Computer professionals are in a
position of special trust, and therefore have a special responsibility
to provide objective, credible evaluations to employers, clients,
users, and the public. When providing evaluations the professional
must also identify any relevant conflicts of interest, as stated
in imperative 1.3.
As noted in the discussion of principle 1.2 on avoiding harm,
any signs of danger from systems must be reported to those who
have opportunity and/or responsibility to resolve them. See the
guidelines for imperative 1.2 for more details concerning harm,
including the reporting of professional violations.
2.6 | Honor contracts, agreements, and assigned responsibilities. |
Honoring one's commitments is a matter of integrity and honesty.
For the computer professional this includes ensuring that system
elements perform as intended. Also, when one contracts for work
with another party, one has an obligation to keep that party properly
informed about progress toward completing that work.
A computing professional has a responsibility to request a change
in any assignment that he or she feels cannot be completed as
defined. Only after serious consideration and with full disclosure
of risks and concerns to the employer or client, should one accept
the assignment. The major underlying principle here is the obligation
to accept personal accountability for professional work. On some
occasions other ethical principles may take greater priority.
A judgment that a specific assignment should not be performed
may not be accepted. Having clearly identified one's concerns
and reasons for that judgment, but failing to procure a change
in that assignment, one may yet be obligated, by contract or by
law, to proceed as directed. The computing professional's ethical
judgment should be the final guide in deciding whether or not
to proceed. Regardless of the decision, one must accept the responsibility
for the consequences.
However, performing assignments "against one's own judgment"
does not relieve the professional of responsibility for any negative
consequences.
2.7 | Improve public understanding of computing and its consequences.
|
Computing professionals have a responsibility to share technical
knowledge with the public by encouraging understanding of computing,
including the impacts of computer systems and their limitations.
This imperative implies an obligation to counter any false views
related to computing.
2.8 | Access computing and communication resources only when
authorized to do so. |
Theft or destruction of tangible and electronic property is prohibited
by imperative 1.2-"Avoid harm to others." Trespassing
and unauthorized use of a computer or communication system is
addressed by this imperative. Trespassing includes accessing communication
networks and computer systems, or accounts and/or files associated
with those systems, without explicit authorization to do so. Individuals
and organizations have the right to restrict access to their systems
so long as they do not violate the discrimination principle (see
1.4). No one should enter or use another's computer system, software,
or data files without permission. One must always have appropriate
approval before using system resources, including .rm57 communication
ports, file space, other system peripherals, and computer time.
As an ACM member and an organizational leader, I will...
(BACKGROUND NOTE:This section draws extensively from the draft
IFIP Code of Ethics, especially its sections on organizational
ethics and international concerns. The ethical obligations of
organizations tend to be neglected in most codes of professional
conduct, perhaps because these codes are written from the perspective
of the individual member. This dilemma is addressed by stating
these imperatives from the perspective of the organizational leader.
In this context"leader" is viewed as any organizational
member who has leadership or educational responsibilities. These
imperatives generally may apply to organizations as well as their
leaders. In this context "organizations" are corporations,
government agencies, and other "employers," as well
as volunteer professional organizations.)
3.1 | Articulate social responsibilities of members of an organizational
unit and encourage full acceptance of those responsibilities. |
Because organizations of all kinds have impacts on the public,
they must accept responsibilities to society. Organizational procedures
and attitudes oriented toward quality and the welfare of society
will reduce harm to members of the public, thereby serving public
interest and fulfilling social responsibility. Therefore, organizational
leaders must encourage full participation in meeting social responsibilities
as well as quality performance.
3.2 | Manage personnel and resources to design and build information
systems that enhance the quality of working life. |
Organizational leaders are responsible for ensuring that computer
systems enhance, not degrade, the quality of working life. When
implementing a computer system, organizations must consider the
personal and professional development, physical safety, and human
dignity of all workers. Appropriate human-computer ergonomic standards
should be considered in system design and in the workplace.
3.3 | Acknowledge and support proper and authorized uses of an organization's
computing and communication resources. |
Because computer systems can become tools to harm as well as to
benefit an organization, the leadership has the responsibility
to clearly define appropriate and inappropriate uses of organizational
computing resources. While the number and scope of such rules
should be minimal, they should be fully enforced when established.
3.4 | Ensure that users and those who will be affected by a system
have their needs clearly articulated during the assessment and
design of requirements; later the system must be validated to
meet requirements. |
Current system users, potential users and other persons whose
lives may be affected by a system must have their needs assessed
and incorporated in the statement of requirements. System validation
should ensure compliance with those requirements.
3.5 | Articulate and support policies that protect the dignity of
users and others effected by a computing system. |
Designing or implementing systems that deliberately or inadvertently
demean individuals or groups is ethically unacceptable. Computer
professionals who are in decision making positions should verify
that systems are designed and implemented to protect personal
privacy and enhance personal dignity.
3.6 | Create opportunities for members of the organization to learn
the principles and limitations of computer systems. |
This complements the imperative on public understanding (2.7).
Educational opportunities are essential to facilitate optimal
participation of all organizational members. Opportunities must
be available to all members to help them improve their knowledge
and skills in computing, including courses that familiarize them
with the consequences and limitations of particular types of systems.
In particular, professionals must be made aware of the dangers
of building systems around oversimplified models, the improbability
of anticipating and designing for every possible operating condition,
and other issues related to the complexity of this profession.
As an ACM member I will...
4.1 | Uphold and promote the principles of this Code. |
The future of the computing profession depends on both technical
and ethical excellence. Not only is it important for ACM computing
professionals to adhere to the principles expressed in this Code,
each member should encourage and support adherence by other members.
4.2 | Treat violations of this code as inconsistent with membership
in the ACM. |
Adherence of professionals to a code of ethics is largely a voluntary
matter. However, if a member does not follow this code by engaging
in gross misconduct, membership in ACM may be terminated.
This Code and the supplemental Guidelines were developed by the
Task Force for the Revision of the ACM Code of Ethics and Professional
Conduct: Ronald E. Anderson, Chair, Gerald Engel, Donald Gotterbarn,
Grace C. Hertlein, Alex Hoffman, Bruce Jawer, Deborah G. Johnson,
Doris K. Lidtke, Joyce Currie Little, Dianne Martin, Donn B. Parker,
Judith A. Perrolle, and Richard S. Rosenberg. The Task Force was
organized by ACM/SIGCAS and funding was provided by the ACM SIG
Discretionary Fund. This Code and the supplemental Guidelines
were adopted by the ACM Council on October 16, 1992.