Reducing Software Failures: Addressing the Ethical Risks of the Software Development Lifecycle

AUTHOR
Don Gotterbarn

ABSTRACT

Software engineering has been evolving and refining techniques to help them produce software products that meet the needs of their clients. These techniques emphasize a specific set of risks -missed schedule, over budget, and failing to meet the system’s specified requirements. Nevertheless, software development has been characterized as a “software crisis”. Some software is being delivered late, over budget, and not meeting all requirements.

In this paper I address a different sense of software failure. Software has is considered to have failed even though it was produced on schedule within budget and met the customer’s specified software requirements. Software has been developed which, although meeting stated requirements, has significant negative social and ethical impacts. The Aegis radar system, for example, met all requirements that the developer and the customer had set for it. The system designer’s did not take into account the users of the software nor the conditions in which it would be used. The system was a success in terms of budget, schedule, and requirements satisfaction, even so, the user interface to the system was a primary factor in the Vincennes shooting down an Iranian commercial airliner killing 263 innocent people.

There are two factors that contribute to these professional and ethical failures. There is significant evidence that many of these failures are caused by limiting the consideration of relevant system stakeholders to just the software developer and the customer. This limited scope of consideration leads to developing systems that have surprising negative affects because the needs of relevant system stakeholders were not considered. In the case of the Aegis radar system the messages were not clear to the users of the system operating in a hostile environment. These types of failures also arise from the developer limiting the scope of software risk analysis just to technical and cost issues. A complete software development process requires the identification of all relevant stakeholders and broadening the risk analysis to address social, political, and ethical issues. Software development lifecycle methods include a risk analysis process but with current methods limit the types of risks considered. The risk analysis is primarily instrumental-addressing corporate bottom lines. Software projects have ethical dimensions that need to be identified before and during the development process. I propose some modifications to the stand development models that will address these additional types of risk.

I briefly examine some techniques developed by software engineers to which attempt to include a broader consideration of stakeholders, such as viewpoint requirements definition. Some of these software development methods articulate a distinction between direct system stakeholders– (those who)”receive services from the system and send control information to the system”-and indirect stakeholders– those who “have an interest in some of the services that are delivered by the system but do not interact directly with it”. These would include the passengers on the Iranian airline or the driver of an automobile whose breaks are controlled by a computer program. Unfortunately 1) these methods do not provide an ethical or philosophical foundation for this distinction to reach beyond identifying those who have a business relation to the customer. They would not have identified as indirect stakeholders the 47 people killed by falling debris from a patriot missile. These methods also fail to 2) provide a method of identifying the social and ethical impacts on the indirect stakeholders.

Barry Boehm’s has developed a methodology which comes close to meeting 1) the stakeholder identification problem. His Win-Win spiral software development technique is used to elicit project requirements for all stakeholders. At each phase of a project’s development the analyst identifies the stakeholders for that stage, determines the win conditions for each new stakeholder, and then negotiates to have these new win condition requirements fit into a set of Win-Win conditions that have already been established for all concerned. There is a set of win conditions for the Aegis radar customer. These conditions would be identified and a process developed to meet those conditions. Then new stakeholders would be identified, for example the sailor’s using the system on the Vincennes, and their win conditions would be identified. They would consider it important to be able to clearly determine if an approaching aircraft were hostile. This win-condition would be incorporated, via negotiation, into the existing process plan. Although this approach is similar to Rawl’s wide reflective equilibrium in deriving a coherent set of requirements through negotiation, the ethical element is missing from this method. There is no methodology to identify ethically relevant stakeholders nor is there an ethical foundation for the negotiation process.

The method is also limited in that it assumes all stakeholders are equal and that they will equally be aware of and able to describe their own win conditions. The negotiation amongst stakeholders will be unjust and will likely lead to a failed systems, unless, contrary to fact, each stakeholder has such an equal identification and descriptive skill of their own win conditions. There is also an implicit assumption that all requirements are negotiable. As the method is constructed, all requirements have equal status-non are rejected because they are morally impermissible or required because they are morally mandatory.

This model has two strengths. First it comes closer to properly expanding stakeholder identification than other software engineering methodologies. Unlike all of the other approaches that presume the impact analysis is done as a single process, the Win-Win model is iterative requiring a re-identification of system stakeholders at each stage of the development process. This iterative approach is consistent with the model of ethical reasoning argued for by van den Hoven in “Computer Ethics and Moral Methodology.”

The major portion of the paper develops a methodology, which incorporates the strengths of Boehm’s Win-Win model, to help software engineers address the ethical issues that lead to failed systems. The methodology contains a technique for stakeholder identification and an approach to ethical analysis in software development. The method is based in part on the work by Mitchell, Agle, and Wood, who provide techniques for identifying stakeholders in terms of their roles. I also draw on Pouloudi’s work on stakeholders and software engineering. I incorporate normative principles into these techniques. This method avoids many difficulties with business ethics methods of stakeholder identification that fail to capture requirements that emerge from the relationship between stakeholders. The goal of the method is to help the software engineer identify all f the ethically relevant stakeholders and provide structure to the process through a series of ethics principles. This method is consistent with Rawl’s philosophy. I have argued elsewhere that the obligations of professional software engineers can best be understood and justified using Rawl’s reflective equilibrium. A software development methodology that has roots in that philosophy is consistent with the professional and moral obligations of software developers.

Software, which has been developed to test the feasibility of this method, will also be presented.

The Global Culture of Digital Technology and Its Ethics

AUTHOR

Krystyna Gorniak-Kocikowska
Southern Connecticut State University

ABSTRACT

The revolutionary nature and global character of digitaltechnology, questioned only a few years ago,are undeniable today. It hasalso become obvious that this technology generates a new lifestyle, newstandards of human behavior, new values; in short, a newculture/civilization is emerging due to the use of digital technology.

In this proposed ETHICOMP2001 paper, an attempt will be made to examine the way in which values — especially ethical values — will find aplace in this new global culture/civilization of digital technology. (Theterms ‘culture’ and ‘civilization’ will be used interchangeablyhere, because the problems addressed in the paper apply both to what wastraditionally defined as ‘culture’ and as ‘civilization.’)

The focal point of the paper is the relation between valuespromoted by the new ‘digital civilization,’ and the traditional moralvalues created by the major world civilizations — values that guided themfor centuries. The problem of whether these values are compatible or inconflict with the new ‘global ethics of digital culture’ will beaddressed in order to examine the character of the globalization process.

With respect to values, the globalization process will most likelyprogress in one of the following two ways:

  1. Globalization could be a process of selection, inclusion,promotion, and blending of the values of traditional cultures with the’newcomer’ culture. In this case, all areas of the world would beinvolved in and contribute to the creation of global ethics (globalcivilization, in a broader sense).
  2. Globalization could take the form of a hostile takeover andruthless destruction of traditional values of the local cultures by the newdigital civilization. Hostility and ruthlessness could be hidden behind thepretense of following the first way.

Although the author of this paper favors the first way, thelikelihood that globalization will actually progress in the second wayseems to be greater. The paper will offer some arguments supporting thevalidity of this projection.

Traditionally, the ethics of a particular society was supported,protected, and promoted by that societyÕs religion or, for instance in China, by a philosophy whose social impact was similar to that of religion.This is still largely true for civilizations other than the westerncivilization.

Besides being the generator and the guardian of society sethical code, traditional religions contain three other fundamentalcharacteristics: creed, cult, and community structure. Without acommunity of believers there is no religion in the traditional sense.

Samuel P. Huntington pointed out that the West generated greatpolitical ideologies, but never a major religion. However, the Westcontributed to one major change within a traditional religion by reforming Christianity. One of the outstanding characteristics of Reformed Christianity has been the emphasis on individual salvation. Another important feature is the Protestant ethics, which — as was shown brilliantly by Max Weber — supported ‘the spirit of capitalism.’

A very important change the Reformation brought to the structureof Western societies was the separation of church and state. One of theresults of this separation was that churches lost formal control overscientific research and over almost all other forms of intellectualinquiry. Eventually, secular forms of ethics were as well created.

Where the church lost control, the state or private enterprisetook over because the production of ideas, and even more so technologicalinnovations, are costly, they always need financial support. In the freemarket economy of a capitalist society, money has to generate money. Ideasor technological innovations must have at least the potential to in someway benefit the system that enables their production. Otherwise, thefinancial support will eventually be withdrawn.

The spiritus movens of capitalism is individual competition.Capitalist societies promote individualism. No wonder that the mostsuccessful secular ethical theories focus on the individual. The ethical’theory du jour’ with a growing popularity at least in the UnitedStates, seems to be ethical egoism. At the same time, the ‘classic’ Protestant denominations with strong individualistic tendencies, forinstance Presbyterians, are struggling to maintain their membership. One ofthe explanations of why it happens is that the present secular theoriesplus the concept of individual spirituality satisfy the needs of formermembers. On the other hand, the membership in community-orienteddenominations like the Southern Baptists, Pentecostal, or the Church ofJesus Christ of Latter-day Saints (the Mormons) is growing. Overallhowever, the influence of traditional religions on people’s lives in theWest is in decline.

This is the environment that produced the invention of computertechnology and generated the computer revolution.

To sum up: Computer technology and ethical egoism both are theproduct of secular research within a free market capitalist society of theWest, especially the United States. The majority of non-western societies,and some western as well, follow ethical rules created within traditionalreligious systems. These rules are centered on guiding the individual inproperly fulfilling his/her role within the society, which means thesuperiority of the society over the individual. The tension between thesetwo approaches must inevitably produce conflicts. Hence, a clash ofvalues reflecting different civilizations in many places on earth isinevitable as well. This clash of civilizations (to borrow SamuelHuntington’s term) could be very strong in the case of ethical values because of the often highly emotional approach people have towards such values.

The changes that computer technology is bringing to peoples’s lives are revolutionary. One of the features of every revolution is that itis at the same time both a process of creation and of destruction. Therevolutionary process itself is a very rapid one, which means that there islittle or no time for a thorough and deep reflection on it while theprocess is actually in progress.

The computer revolution undoubtedly brings benefits to people, butit will also contribute very strongly to the rapid destruction oftraditional cultures and their values. This will be a painful processespecially in the (many!) cases where it will not be accompanied by anygains.

One possible way of at least minimizing the harm, if notsuccessfully solving this problem, could be through incorporating theexperiences of the process of interreligious dialogue into the process ofcreating a global ethics of the digital civilization.

A Software Development Solution

AUTHOR

David H. Gleason
President,
Information Ethics, Inc.

ABSTRACT

This paper will address issues of software engineering and systems development and the relationship between quality, risk and ethics.

For small to medium-sized software projects, basic project management (PM) principles and attention to subsumption ethics can significantly reduce the risk of project failure. Software project management that applies stakeholder impact analysis (SIA) within the framework of the IEEE/ACM Software Engineering Code of Ethics and Professional Practice (SECode) further reduces risk and, indeed, results in better software. A tool is soon becoming available to apply both basic project management techniques and ethical impact analysis to software development projects.

This paper will use three case studies to demonstrate the effectiveness of these techniques. It will suggest how PM practices and SIA can help mitigate problems. It will further suggest that the SIA soon to be available in the Software Development Impact Statement (SoDIS) Project Auditor, under development by Don Gotterbarn and Simon Rogerson, might have changed the two project failures into exemplars. It will show how the technique was used successfully in the third project

A. Software Success and Failure
In order to succeed at the most basic level, software must meet operational objectives and be timely and affordable. To excel, software must also have a net positive effect on stakeholders. The following three case studies will be used to illustrate the value of PM and SIA.

  1. A dotcom startup transitioning from its original operating software to a web-based application hired a prominent firm to develop the system. Basic project management practices were not followed, and the project a) ran almost four times its original budget of $850K; b) was almost a year late; c) required multiple reworks of the original software to keep it operating and d) resulted in subsumed objects that were so faulty as to make maintenance cost prohibitive.
  2. Another dotcom startup that followed basic PM principles, but did no stakeholder analysis, failed to correctly predict the cost of website development. The project went three times over its original budget of $150K, although the outcome was highly functional.
  3. A helpdesk and IT Inventory application that followed both PM principles and SIA was developed in two person-days that exceeded expectations.

B. Ethical Impact analysis

  1. Stakeholder Impact Analysis

    Project stakeholders can be broadly defined to include those directly and indirectly affected by both the project and its products. Ideally, the impact of subsumed objects in software development should be assessed for each stakeholder. This method ensures that the subsumed objects in the product will not adversely affect stakeholders. The method requires PM techniques, broad stakeholder identification, application of ethical principles and attention to subsumption ethics.

  2. Subsumption Ethics

    Subsumption ethics is the process by which decisions become incorporated into the operation of information technology (IT) systems, and subsequently forgotten. IT systems, by nature, repeat operations over and over. If those operations have unethical impacts, the system will continue to execute them anyway. Unlike a human operator, there is no point in the cycle where the machine pauses to ask, “Should I do this?”

The first axiom of subsumption ethics states that “information systems subsume design, policy and implementation decisions in programming code and content. Code segments and content become ‘subsumed objects.’ While it is demonstrable that systems are built from subsumed components, it is less easy to show exactly how decisions are subsumed. This axiom posits that the decisions themselves, including many subtle factors, are incorporated into systems operation.”

C. Enhanced Project Management
Most software development failures occur at the basic PM level, resulting in low-quality subsumed objects. At this level code of ethics questions are not meaningful. Only if a project already has basic PM will the SECode questions be of utmost value.

Moreover, there is great value to be gained by applying basic PM questions within the framework of stakeholder analysis and WBS/Project outline. Users can be asked questions as simple as: do you have a budget? Are your specifications clear? Do the developers have experience in the technologies being used? Is there a project plan? At the same time, they will be guided through stakeholder analysis, a process which never occurs to most developers.

Finally, a basic project management question set in conjunction with SIA is extremely appealing to a wide range of users and developers. From a marketing perspective, it enables broad distribution of development tools with the code of ethics already built-in. Once users are familiar with the basic functionality, they can move naturally to using the code, with a low barrier to entry.

D. Tools
Don Gotterbarn and Simon Rogerson have enhanced their work on SoDIS to include a software tool for project auditing. This tool both addresses basic questions and also provides a framework for SIA based on the SECode.

On paper, SoDIS is the result of careful analysis of software development activities on identified stakeholders. It applies a set of ethical questions derived from the SECode to work breakdown structures (project task outlines) and stakeholders. By exploring the impact of each task in software development to relevant stakeholders, SoDIS seeks at minimum to avoid reworking software after its completion. At its best, the SoDIS process, can help produce exemplary software.

The SoDIS software under development has three modes: Feasibility analysis; Requirements Analysis and Detailed Analysis. Feasibility Analysis applies basic PM principles to software under consideration. Requirements Analysis identifies major project risks. Detailed analysis applies the SECode principles to each task in the WBS for relevant stakeholders.

When all three modes are used, the failures of both the first and second case studies above can be avoided. Ultimately, this approach can produce better software.

The Role of Imagination in a Course on Ethical Issues in Computer Science

AUTHOR

William M. Fleischman
Department of Computing Sciences
Villanova University
Villanova,
Pennsylvania,
U.S.A.

ABSTRACT

This paper is a series of reflections on three years experience teaching a course on ethical issues in computer science to an audience primarily composed of third- and fourth-year computing sciences majors. The major themes explored in the course include privacy, encryption, and individual rights; computer abuse, hacking and cracking; intellectual property issues; risks and liabilities associated with engineering and certifying safety-critical systems; the Internet; and issues of equity, on both local and global scale, associated with inequalities in access to computer technology and education in its use. In our computing science department, we consider it a healthy feature of the curriculum that this course is taught by a professor from the discipline. Most of our students are currently oriented toward careers in either software engineering or network technology. Since my interests and teaching responsibilities are centered in the more theoretical aspects of the discipline, the seriousness and intensity with which I conduct the course on ethical issues comes as somewhat of a surprise to the students. Such surprises are almost always fruitful.

In the past several years, the real world has taken to providing, almost on a daily basis, fresh and compelling material for a course on computer related ethical issues. Questions concerning privacy raised by the business policies of Internet companies including Doubleclick.com and Amazon.com, the controversy over downloading of recorded music through sites like Napster and Gnutella, anonymizers, discussions between Internet service providers and quasi-governmental agencies in the United Kingdom designed to facilitate police access to private communications of Internet users, the commercial project to produce a comprehensive map of the genome of the entire population of Iceland all have served as the basis for case histories researched and developed by the class.

Teaching this course has been, at once, a wonderful and frustrating experience. The students typically progress from an initial state of extreme resistance to the level of reading and writing required, through a wary acknowledgment that the issues discussed are serious and relevant to their future lives, to the first stages of mature engagement with these themes that appears to carry over into their subsequent course work and early professional experiences. This state of engagement is characterized by sensitivity and attention to news stories and professional circumstances that resonate with the major themes of the course. In several cases, recent graduates have communicated material drawn from their professional situations and suggested that, with suitable care to protect the identity of individuals and organizations, they might be useful as subjects for discussion in the course.

The frustrations are associated largely with the process of challenging students to transcend the prevailing insularity in perspective that arises from their relatively homogeneous economic, cultural, and ethnic backgrounds. This is a serious problem because, in classroom discussion, it is not routinely possible to depend on a lively diversity of viewpoints when engaging a particular text, case study, or issue. These frustrations are exacerbated by the circumstance that, at our university, students have a common year of core humanities (largely devoted to important texts of Western civilization) and are further required to take at least one lower level and one advanced course in each of history, philosophy, literature, religious studies, and the social sciences. Notwithstanding this comprehensive curriculum, the courses in history appear to provide scant residue of awareness of historical precedents that motivate concerns about issues of privacy in relation to governmental and commercial collection and mining of information. The required exposure to the perspectives and methods of the social sciences does not seem to sensitize students to the effects of cultural and social values inherent in the information revolution in which they are participating. The courses in literature and philosophy appear to provide little sophistication in analyzing argument, register, symbol, and intent in written material. More seriously, this curriculum seems somehow to have hobbled or inhibited students’ powers of imagination, the exercise of which are absolutely essential, in my view, to achieving an understanding of the complex balance of vulnerabilities, rights, and duties inherent in an ethical problem in a manner that does not simplify the problem to stark and one-dimensional self-other oppositions.

In an effort to counteract this reduction or atrophy of an essential process, I have introduced into the course a variety of projects designed to exercise their powers of imagination and empathic response. These include a creative writing exercise in which students construct an utopian or, alternatively, dystopian vision of the world fifty years in the future based on extrapolation of current technologies and their potential to alter relationships among individuals and communities; a project to construct a story board for a film exploring similar themes in their own world of the present; a project in which student groups play the roles of Congressional aides charged with formulating and providing the background and rationale for new legislation on privacy rights; and, in the same vein, a project in which students assume the roles of White House science advisors with the responsibility for preparing ^Ñposition papers’, for presentation at an international conference, on ethical and legal questions arising in the emerging field of bioinformatics (screening and eradication vs. therapy and amelioration of quality of life). I discuss some of the examples and results achieved through these projects.

How to be a European non-European

AUTHOR

László Fekete
Budapest University of Economic Sciences and Public Administration
Department of Philosophy
1828 Budapest,
POB. 489.

ABSTRACT

“Ah! ah! monsieur est Persan?
C’est une chose bien extraordinaire!
Comment peut-on être Persan?”
Montesquieu, Lettres persanes, xxx.

The paper analyses the proposal and the request of the European Union about the creation of a new Internet ccTLD for the European Union (.eu) as part of the eEurope Initiative. The drafters of the document of the European Commission responsible for Enterprise and the Information Society deliberately use misleading and contradictory arguments for supporting their case. They indicate the creation of ccTLD .eu for the European Union which can not be the subject of ccTLD registration. Their statement might have been correct if they had indicated the creation of ccTLD .eu for the European Continent, or alternatively, if they had indicated the creation of gTLD, for example, .eur, .euro and etc. for the European Union. The European Union has not initiated any negotiation about the .eu TLD registration in order to seek consensus with the more than fourty European countries concerned by this issue. At the same time, the European Union wants to set up its own new registry for deciding the rights of the use of this new TLD. Briefly, the European Union wants to have ccTLD .eu and to operate it as gTLD on behalf of its fifteen member states discriminating more than twenty-five non-member states which will have no access to the use of gTLD as the acronym of the European Union. The European Union plans to give the rights of the use of the ccTLD for the institutions, the business enterprises, and the private persons which operate or who are resident somewhere in the fifteen member states and to deny the basic rights of the majority of the peoples, the institutions, and the business enterprises to identify themselves in the cyberspace as the citizens, the institutions, and the business enterprises who live and which operate somewhere in the European Continent.

Censorship and Freedom of Speech and of Information

AUTHOR

László Fekete
Budapest University of Economic Sciences and Public Administration
Department of Philosophy
1828 Budapest, POB. 489.

ABSTRACT

At the beginning of the net, the systems operators had the power to control the content and the fair communication and to enforce the consensual rules of the small and informal communities of netizens in order to prevent offending messages and any unlawful use. The law and the conduct in the cyberspace seemed to be more tolerant, prudent and effective than their earthly counterparts. This practice worked quite effectively and successfully by the mid-1990. Because of the development of the network as an economically and culturally productive space of the global communication, more and more laic and religious groups (for example, the Church of Scientology, the American Family, the Simon Wiesenthal Center, the Christian Coalition, etc.) as well as the governments of the United States, the European Union, the Low Countries, Germany, and New Zealand – to mention a few – have been worried by net speech, unwarranted intrusions, and the abuse of the freedom of speech since the mid-1990’s. As the above-mentioned list demonstrates the cry for censorship comes from public and private sources. The first attempt to put the freedom of speech under the control of some kind of public morality was the Communications Decency Act attached to the Bill of Telecommunication (1996) in the United States. This amendment to a telecommunications reform finally was turned out to be unconstitutional. The privatization of the Internet makes this issue, especially, sensitive. Because no government does have right to transfer the jurisdiction of the court to the communication service providers. This would have been the case if had the Communications Decency Act passed. The arguments of the defenders of the freedom of speech are based on the First Amendment and the constitutions of the democratic societies as well as the notion of the knowledge-based society.

In this paper I want to give an overview of the different attempts, made by governments and international political organizations, of controlling the contents of information. And I argue against any political control and restriction. In addition, in the knowledge-based society, where the new communicative culture begins to be formed and the driving force of the economic growth comes from the communicatively distributed knowledge, the freedom of speech and the free access of information have outstanding importance.