The paper of Chuck Huff, fellow of the Psychology Department, St. Olaf College, entitled “Unintentional Power in the Design of Computer Systems” discusses on the problems that occur in the design of a computer system which results to harm, destruction or even instability. As the title says, the design glitch was done unintentional or simply, the author doesn’t know about it in the first place. His paper was a wake-up call to everybody in both software and hardware developers to be very careful in the design aspect of their modules. This is to help trim down the events that might trigger abnormally from the expected behavior.
However, unnecessary glitches may range from small scale buffer overflow to complete system paralysis that involves a lot connected infrastructures. Although aside from stress testing, white box, gray box and black box testing, the data design flow must be strictly observed and analyzed. That’s because regular testing techniques do follow a pattern but they don’t necessarily find the unorthodox glitches on the system.
Hence, unintentional design in computer systems exists if a particular design is utilized by a system that is not planned to use it. For example, a source code for an air conditioner should not be used to program a refrigerator because their purposes are different though both provide cold sensation.
The Question of Design
The discussion of this unintentional design is very important because this is the big problem today. A lot of software development companies have high caliber programmers and developers. But the problem is that they just deploy and deploy programs. They see that it is efficient and working. Is that enough already? Although there are standards and policies already, how can these things be improved?
The Real Life Examples
1. E-mail vulnerability that led to the spreading of the ILOVEYOU virus.
In 2000, 2 young Filipino hackers managed to send a Spam (Junk e-mail) to a lot of contacts talking about an e-mail regarding an “I love you message.” The message is very catchy and entails curiosity to people. Hence, people would open it and as per download of the text file, the same malware is sent to all contacts of the person. This has caused so much noise worldwide and caused Denial of Service (DoS) to many enterprises which cost millions of dollars.
2. The Y2K Bug (Year 2000 Bug) that a lot of systems worldwide had.
This was a problem that was set from the design and requirements phase of various systems. This may be caused from the software development patterns used as de facto standard by various systems. In this case, the date design used only 2 decimal digits, a mistake in programming. For simplicity, if the computer writes 99 (which is 1999) then the next year would be 00. However the computer would read that as 1900 and not 2000.
3. Sony Rootkit Anti-Piracy Software that silently spies on users.
In 2005, Sony BMG released a music playing software that allows a user to play music and songs. However, the software has a glitch because it tries to modify the Master Boot Record (MBR) and monitors whether the user is playing a music that came from the original Sony Music or a pirated one. The intention was good however other personal information can also be screened. Sony was sued and was found guilty of unauthorized access of personal information.
4. The Fukushima nuclear disaster.
In 2011 after the earthquake and tsunami hit Japan, the Fukushima Nuclear Power Plant was severely affected. There were 6 reactors and three of which went to complete meltdown. The Japanese scientists and designers failed to create a program for such disaster. They forgot to set everything in automatic lockdown when certain alert thresholds are met so that the nuclear parts won’t spill.
5. The failed rocket ‘satellite’ by North Korea.
The failed launch of North Korea’s satellite rocket in 2012 was a complete programming and testing error. It was said that the design of the rocket was patterned to that of Russia and China. However, the program setting the trajectory of the rocket was not at par with the necessary force to launch the rocket with its given weight. The result was a failure but the materials and hardware were correct.
Correcting the Errors
1. The e-mail vulnerability was resolved by various mail engines worldwide. First, the establishment of a Spam Filter helps in determining whether an e-mail is legitimate or not. For instance, if the sender of an e-mail is on the list of notorious IP addresses then automatically the e-mail is sent to the Spam folder. Also, if several Spam keywords are seen like “Rewards”, “Cash prize”, “Lottery won” then it can be tagged as a Spam. In this case, all fake and harmful e-mails will automatically be sent to a different folder. Second, the establishment of anti-virus was a very crucial and powerful role in preventing malware infection outbreak. For instance, if the file is executable (i.e. an .exe file) then the system will not allow the file to be downloaded. There are restrictions based on the hash value result of a particular file. Scripts or excerpts of programs cannot also be downloaded for security purposes. Lastly, for the social correction of error, there should be enabling laws that would provide protection for people against cybercrimes initiated by hackers. In 2000, there were no Philippine laws yet regarding cybercrimes therefore the hackers were not penalized. That’s why 2 months later the Philippine Congress filed a bill which became a law against cybercrime known as the E-Commerce Act.
2. For the Y2K bug, the resolution is very simple. Programmers need to be realistic and futuristic in a sense when doing programs. They must think of various scenarios when doing their programs. In the case of the Y2K bug, it is good that they made the program more efficient and easy to compute because there were only 2 digits for the year. However, the practicality has the same weight as scalability. They forgot that the program can be run for hundreds of years possible. That’s why they should have included that issue in the program. Hence, creation of a 4-digit year in the implementation of the program is more practical and important. Programmers will just extend their integers to 10ex3 = 1000. There is no significant increase in the computational time of the programmer.
3. The issue of what Sony did was straight and obviously incorrect. The case of knowing whether the music being played is pirated or not is a legitimate action. However, if the users are not aware that some of their data can be leaked and used without their knowledge is another case. They should only produce a software that will directly serve its purpose and won’t be challenged because of other purposes. Remember, when you alter boot sectors of your operation system, just like what Sony did, the behavior of your computer will change based on what the alteration says.
4. The Fukushima nuclear power plant disaster is a very big nuclear spill after Chernobyl. Obviously, Japan is not using the nuclear power to create a nuclear bomb. Instead, they are using it to support power to infrastructure. That’s why the nuclear chambers have routes to various prefectures or states. The nuclear spill is very dangerous to human and deadly to nature. That’s why planning to create one is very, very important. They should always consider creating a system that is “fail safe.” A Fail Safe system requires that a system must automatically close when a level of alert threshold is met. This is like in a bank where if the alarm is sounded then all the vaults are locked. If the reactors were given a threshold on the intensity of the earthquake, then it would automatically lock down after it’s met. In short, if the reactors are locked down then no spill will happen. No harm or deaths will happen.
5. The issue on North Korea’s rocket launch has been around the news for quite sometime already because U.S. and Japan have stated that it is not a satellite a weapon of mass destruction. But regardless whether it is a satellite or a weapon, the ending was a complete failure. Let’s say that they have researched on the types of materials and hardware components of the rocket. This maybe from South Korea or Russia. The scientists have researched thoroughly on the software side on what to do. However, during the release it was a complete failure. The only reason why this rocket failed is not because of poor hardware or software but because of poor testing. The problem with their design is that they didn’t consider the size. They patterned the hardware and software specifications from the existing launched ones but they didn’t see any difference on the size of the rocket that they will use. You cannot use the code in 100 ft. rocket if you’re using a 200 ft. rocket. There are differences that you have to do and serious testing is needed. Therefore if the rocket uses 200 ft with the same source code of program, it is likely that the trajectory path of the rocket will differ and likely to fail.
Association for Computing Machinery Code of Ethics and Professional Conduct and The British Computer Society Code of Conduct
Well, as an implied gesture of the code of ethics and conduct, it speaks directly for itself. First, Association for Computing Machinery (ACM) is the largest computing organization worldwide. You will see it in every country in the world. Their code of ethics is simply put as doing your best to help humanity create software and hardware solutions. Furthermore, it also states that you should not do anything unethical in the course of your career as an IT professional. This includes making unstable and problematic software with your knowledge, hacking and other unscrupulous activities. It strengths are as follows:
• The code highlights the ethical responsibility of each person in their respective fields.
• The code emphasizes the necessity for work to be done not only in a mediocre level but in the best possible way it could be delivered. It focuses not only on what they shouldn’t do but what is expected of them.
• The code also outlines the responsibilities entailed as an organization and not only as an individual. This is particularly notable as one’s responsibilities shift when one is a part of an organization since they should also take into consideration the impact of their actions on their organization.
• Leadership responsibilities are also emphasized by the code, which are very important for an organization or for even the subdivisions within an organization.
However, it also has detriments and weak points such as
• Given that this code is a general guideline, it may be subject to various interpretations. It would not do well for specific cases with ethically troubling consequences.
• The code fails to outline how software developers deal with their customers and the public in general.
• The code also fails to outline under which cases unprofessional IT behavior fall and the corresponding consequences for such.
• The code emphasizes the freedom of IT professionals but does not insist in which cases this freedom will be compromised.
The British Computer Society (BCS) Code of Conduct speaks almost the same with the ACM. In essence they are one and the same in promoting ethical conduct and standards to IT professionals. The only difference is that the BCS code of conduct focuses more on honor, integrity and nobility because they are more to that like soldiers serving the queen. Following its strengths
• The priority of this code is public interest which helps professionals realize that their responsibilities are not only for themselves or for the organizations they work for but also the public.
• It utilizes legislation and clear protocols regarding the responsibility of each IT professional.
• It emphasizes the varying responsibilities of each member, depending on their field; hence, it is much more clear and specific about each person’s obligations.
• It also fosters respect between colleagues, superiors and each other by avoiding discrimination.
Its weaknesses are
• Rules and responsibilities are strict to the point that it may begin to limit the output and behavior of IT professionals to a disconcerting level.
• Given the strict and specific guidelines, an unreasonably strict governance may be employed by the superiors. This is detrimental because the authority figure may use the guidelines to his own advantage by abusing his inferiors instead of keeping true to the essence of the code.
• Due to the strict implementation, a personal opinion may be difficult to raise in environments that apply this particular code.
Analogy: ACM is to Beatitudes as BCS is to Commandments
In analogy to the bible, the ACM Code of Ethics is more like of the Beatitudes. The Beatitudes are not commandments but guidance to what you should do to attain a successful. Same is true with the ACM because it serves a guide to become a successful IT professional. On the other hand, the BCS Code of Conduct is like a commandment because it’s like giving you a great grasp of your responsibility and you are compelled to follow because it is your duty to follow. It serves as guidance yet it is mandatory that you follow your guide.
The Better Code of Ethics between ACM and BCS
Professionally, both ACM and BCS deserve the same respect and credibility. It’s not because it was written by Americans or British that make it more special. The more important thing is that they promote ethical standards for professionals. The mere fact that they create standards and promote it to cater the needs both internal (members) and external (public) factors, is a very, very impressive ideology.
Obviously, the answer also depends on the membership of a person. For instance, if you are a member of ACM then you adhere to the principles of ACM. You pledge allegiance with ACM. Therefore you find that ACM is best compared to all other Computing/I.T. Code of Ethics. On the other hand, if you are a member of BCS then you adhere to the principles and belief of the BCS. You pledge your allegiance with the same organization which later on you will consider the best among the rest.
Personally, I prefer ACM over BCS although I have so much respect for their codes and organization. However, ACM is more focused on a worldwide scope that’s why their codes are more general and adaptable to various diverse cultures. The only problem I see with BCS is that their codes are quite exclusive for British citizens and cultures. That’s why some parts of their codes are unlikely to be understood by other nationalities. They may be understood it contextually but essentially they don’t get all the ideas in it. Hence, ACM is very lenient to other opinions and they regularly set members of their executive board from various countries. On the contrary, BCS is all-British type of executive board and possibly monopolized the organization.
Obviously, both the ACM and BCS are helpful in solving real world problems. Their codes’ aim is to look for various ways in helping improve the world of computing by creating applications and innovations using best practices as per standards.
However, it is a humble submission that the ACM is more superior over BCS in many ways. First, ACM is a worldwide organization. Meaning to say, the ACM covers various cultures and countries. The board of panels reviews the submitted proposal from various types of cases- from applications of the iPhone, security of banks etc. It covers everything about the computing discipline which can be later on concluded as more superior. Imagine for instance that the code of ACM reviews the works of all 6 active continents in the world which helps the entire process of creating stronger and more aligned-to-standard programs.
The range of ACM is very, very far. It starts with research papers of students from universities who are doing their theses to programs made by NASA to help the space exploration of the USA. It clearly is the better code rather the BCS.
Edgar, S. (2003). Morality and machines : perspectives on computer ethics. Sudbury, Mass. : Jones and Bartlett Publishers.
Floridi, L. (2010). The cambridge handbook of information and computer ethics. Cambridge: Cambridge University Press.
Johnson , D. (2009). Computer ethics : analyzing information technology. Upper Saddle River, N.J.: Prentice Hall.