What if you worked hard at a company, you had a job which payed for your entire life, and suddenly you were threatened to have it taken away.
“Either you implement this, or you’ll be fired.” What do you do? Do you throw caution to the wind, quit your job, and try to acquire another? Or do you stay on the safe side with the stable job you have, and do what you’re told (if perhaps reluctantly)?
In the case of the company doing something shady I’d pick option three: retain a lawyer specializing in labor law, have a long discussion about whistleblower protections with them, and do whatever they suggest.
I’d like to think that I’d make the right choice and become a whistleblower even if I fell into a gap where my company was doing something unethical/illegal but there wasn’t a law to protect me, but the ethical answer is often easy in the hypothetical.
Whether “shady” rises to the level of illegal, and therefore potentially protected by whistleblower laws, is quite the issue. For example, Best Buy had the shady practice of giving bonuses to the employees who sold the most useless warranty extensions. But not quite illegal, so I don’t think you’d have much chance of holding on to your job after the big expose. A lot of deceptive practices don’t quite rise to the level of fraud. (Which also probably serves to rationalize keeping quiet; after all, it’s not technically illegal…)
We have to expect that the majority of situations like this are not going to come to light via whistleblowers.
Being protected at best means you can’t be fired from that particular job without some sort of other excuse. Anyone who’s ever worked at an employer who wanted to get rid of them can attest to how frustrating it is to stay at a job while being given no work to do. And no amount of protection means you’ll have any career prospect whenever you do try to go somewhere else; after all, your name has been in the news. Whistleblowers also don’t get any financial reward beyond being paid for an interview or two; they’re taking an enormous risk for moral reasons and no other benefit. It’s an admirable thing to do; admiration and about $8 will get you a cup of coffee.
By all means we should think about ways to make whistleblower protections more meaningful. But if we’re serious about legislation to try to stop this sort of deception, there has to be something more. I don’t know what.
That’s what I was thinking when I saw this.
I don’t think I agree with this post entirely, but it raises an important question. Are programmers foot soldiers or commanders? I think most programmers consider themselves closer to commanders. They are involved in technical decisions and the creative process of programming. I think many executives consider programemrs foot soldiers. They do what they are told by those above them. Being foot soldiers, it means you can blame them for when something bad happens without worry, like in war.
I don’t know, I consider myself more like a private or an NCO: I sometimes get to decide how I do something, but I never get to decide what I do.
A large part of this dichotomy depends on the culture of the company in which the developers work. I’ve been in positions where I’ve been a foot soldier and others where I’ve been a commander without a change in job title. Mr. Martin’s point about the need for a professional board of some point seems the most salient given it could determine who is responsible for what or at least give some guidance on the matter.
The problem with a professional board with programmers is I don’t see how it would work. One of the biggest strengths, according to many at least, of programming is anyone can do it. It’s not like being a doctor or a lawyer where you need a license to do it. Maybe, if enough VW situations happen, we’ll be forced to get a board.
I understand the concern, but a benefit to having a professional board is that there could be a defined meaning for what it is to be a programmer and thus provide a better way into the profession than companies just taking a chance on someone. It could also define an apprenticeship program which would allow new practitioners to enter the field, even with minimal background.
In Canada, every student who graduates from an Engineering program gets the opportunity to go through a ritual where they swear an obligation to professional responsibility and to act in the public interest. It’s one of those things that’s technically optional, but everyone does. It’s meant to impress upon you the notion that you are responsible for the results of your work, and that you need to make sure that you’re acting ethically.
You get an iron ring to wear on your pinky to remind you of that responsibility. In my case, I’ve worn the ring daily ever since I graduated. I have a lot of friends who do the same.
Although Computer Engineering students have the opportunity to go through the ritual, Computer Science students don’t. And I think this sense of responsibility is something that’s lacking from software developers. Everyone on Earth would benefit if we all held a sense that we’re responsible for the effects of the things we code.
Edited for clarity: I mentioned the ring without explaining it.
A similar system exists for engineering graduates in the US (under the term “Professional Engineers”), and it involves tests and other things.
However, it’s only required for engineers “directly” impacting the public, like civil engineers that build highways, as they need it to be considered properly licensed to take on government contracts, approve schematics, etc.
You could certainly argue software engineers impact the public too, but so far there’s been no such licensing requirement for software in the US. Because of this, almost no software engineers go through the program, as far as I know.
P.E. requirements in the U.S. aren’t even as broad as “impacting the public”. They’re almost entirely limited to exactly one area, construction, especially anything that interacts with state building codes. Those tend to have fairly specific sign-off requirements. But in that area it’s not even really an engineering-specific requirement. State building codes require a license and formal sign-off for a whole range of building-related things, regardless of whether they’re considered “engineering”: civil engineers have to be licensed, but so do building inspectors, plumbers, welders, electricians, etc. In other areas like chemical engineering, petroleum engineering, aerospace engineering, etc., P.E.s are fairly uncommon. Most engineers there work for large companies on large projects, where ultimate certification and licensing of the result (like a license allowing a new refinery to open) operates differently, not based on the licensing of the people who worked on it but on whether the project itself has gone through the proper approvals (e.g. EPA review). Exxon might need a few people who have P.E.s, but it’s a tiny fraction of their total engineering headcount.
I’m not sure of the exact historical reasons for this, but one factor is that there is no national P.E. licensing in the U.S., only state-level.
The Professional Engineer (P.Eng.) system exists in Canada, but the ritual has no connection to it. I myself have never cared to get my P.Eng. certification, despite the fact that I got my iron ring. As with the U.S., a P.Eng. certification is usually only necessary for people who work on government-related or infrastructure-related work.
You don’t need to be a P.Eng. to get your iron ring, and the ritual has nothing to do with the P.Eng. licensing bodies. The ritual is a quiet, spiritual, solemn, ceremonial affair that is meant to speak to you on a personal level as opposed to a legal one.
What I’m saying is not that we need strict licensing on software engineers. With the growing ubiquity of code, this would be pointless and self-defeating. What I’m saying is that we’d benefit from a culture where programmers take responsibility for the code that they write and the consequences that brings. Where “I was just following orders” is not a good enough excuse.
In the US we have the Order of the Engineer. It’s pretty much the exact same as the Canadian ritual, just the ring is smooth instead of all twisty. It’s completely optional but I know a lot of engineers take the pledge. But it’s still just an optional thing you can do. It’s not like if you break IEEE code of ethics there are any consequences.
IMO, P.E. tests are a joke, I was an Mechanical Engineer for all of freshman year then switched to CSC. I took and passed the practice PE tests while helping a friend study. A CS leaning PE test would get so much flak cause it’s so hard to test what a base of ‘safe’ knowledge is for CS given so many of the legitimate concentrations. It would be hopelessly broad.
When the VW story first broke, I found myself wondering under what circumstances (if any) it could have been unintentional. Could the emissions tests have mirrored a highway cruising condition where not as much power was needed and the eco-saving features kicked into effect more aggressively? What about idling? It’s clear now that obviously isn’t the case, but I’m still a little surprised that no one has claimed it.
Yeah I was wondering why they didn’t have some plausible deniability feature built-in. But now it looks like it wouldn’t make sense to lie about this, because this deception has been going on for decades, the industry knows it and so do most regulators. Governments have been playing nice with car makers because they generate billions but now that the story’s out we’ll know more and more about it, and lying about would be stupid.
Is it just me, or would the rant tag be in order here?
You should use the new suggest feature for this.
I wrote that comment before the feature existed ;)