> Frank was a student loan startup founded by Charlie Javice in 2016. In 2019, Javice was featured on the Forbes “30 under 30”
There was a joke going around Twitter about "30 under 30 doing 30 to life", because the startups involved were getting more and more outlandish to the extent that bystanders suspected that fraud was going on. Became a Guardian article: https://www.theguardian.com/business/2023/apr/06/forbes-30-u...
Of course, a fraud can stay afloat for a lot longer than you expect. The really tricky case is when you're ordered to do something illegal or unethical for which there is substantial political cover. An executive order, for example. You cannot rely on anyone to back you up simply because of the letter of the law.
Also:
> The reality was that this was a very deliberate double charge. I could not share this fact at the time – as the company threatened me with libel after I informed them of this detail
UK libel law routinely covers up all sorts of things which the public would benefit from having revealed, simply by the threat of an expensive lawsuit. It makes investigative journalism really uneconomic.
> UK libel law routinely covers up all sorts of things which the public would benefit from having revealed, simply by the threat of an expensive lawsuit. It makes investigative journalism really uneconomic.
But the worst horror stories date from before it was last reformed, in 2013, I think, and I feel the need to patriotically point out that Australian libel law is even worse!
Do any other countries have an equivalent to the UK's "super injunction"? This is where a court order says you're not allowed to talk about the court order itself nevermind the topic covered by the order.
I remember a lot of fuss being made about these but, as time goes on, I'm very sceptical they can work. Looking at the Afghan data leak reported earlier this year: courts can make it practically difficult for most of the organisation to even know they're subject to court orders!
The person updating the website asks "have we received a court order?" and the person under injunction must answer "not me." The website author isn't lying, but the website contains incorrect information (as the result of a legally-enforced lie).
You could ask your lawyer but, once again, they'd also answer "no we haven't" because answering anything else is contempt of court at best.
I'd think the CEO would know, would they not? And the CEO could tell the person updating the website: "Let's go ahead and remove the canary, we don't need it anymore." --> "OMG, did we get secretly subpoena'd?" ---> "No, not yet, but I just don't want to run the warrant canary anymore."
The only way the CEO finds out is if they're made privy to the injunction, at which point they become subject to it. Even an oblique hint could be a breach of the injunction.
Be honest: do you think a judge is stupid enough to believe you had the injunction explained to you by your legal counsel then, in a totally unrelated incident, thought "oh, I don't think we need the warrant canary any more."
I imagine so. Bear in mind that the concept isn't particularly a bad idea, however they are very easy to abuse and the laws need to restrict them to where they're strictly necessary (and force the court to prove they're still needed).
The Afghan data leak scandal is a great example of where it made sense to use a super-injunction at first but also where its application continued long past when it should have done for (frankly) political reasons. Lewis Goodall's reporting on this is pretty excellent and fairly balanced, in my opinion.
I've been doing this tech nonsense at moderately high levels for over 45 years now, and over the years I've had business dealings with members of these "30 under 30" lists, and every single fucking time it's a conman, a grifter. I don't even bother with heavily marketed individuals nor their flagships anymore. They are nonsense.
It reminds me of one of two people (at the same time and place in my life) I was introduced to because they shared national origin (i.e. nationality at birth, or parents nationality) with me.
One later got into the Sunday Times rich list (the under 40 section, IIRC) during the dot com bubble, by the simple expedient of lying. He claimed to be working on encryption software that was hugely valuable and said it was valued in billions. He actually owned a smallish local computer shop. He later fled the country claiming MI5 were persecuting him for developing such good encryption software.
TO be fair, he seems to have fooled financial institutions too. He bought a Ferarri (presumably on credit) and Amex gave him a black card (which he tastefully put a picture of on the company website). It did not take a lot to see through the fraud, the actual business was decribed on the website.
The other person I got introduced to around the same time for the same reason turned out to be a member of a terrorist organisation. Not banned here at the time, but still not someone I particularly wanted to meet.
> UK libel law routinely covers up all sorts of things which the public would benefit from having revealed, simply by the threat of an expensive lawsuit. It makes investigative journalism really uneconomic.
No. The deference people have to the law as some sort of all knowing all powerful magic spell that can be cast to force silence at any time is to blame. Libel is publishing something you know to be untrue. The truth cannot be libel.
If you want to speak the truth, if you want to act in service of the greater good, you must take the risk that you will attract attention from people who do not want you to speak the truth. And those people may use whatever power they have to suppress you, whether that's judicial or extrajudicial. That's not caused by any specific legal system, it's how people behave.
Investigative journalism is uneconomic the world over. The U.K. has some of the best investigative journalism in the world. The U.K. legal system is far from perfect, but it is wrong to say that in this case, the U.K.'s libel laws (for all their flaws) kept this information secret.
The irony is that the greatest suppressor of the truth is comments like yours which scare people into silence about the truth.
> The costs in this case were significant, with Vardy being ordered to pay a substantial proportion of Rooney’s legal fees. Initially, the court ordered Vardy to pay £1.5 million in costs, earlier this month, it was revealed that Vardy had been ordered to pay an additional £100,000, bringing the total to £1.6 million.
> In August, after a six week trial, the High Court upheld the Guardian’s defences of truth and public interest speech.
> The trial judge, Steyn J, has now ordered Mr Clarke to pay £3m on account within 28 days, in respect of a likely eventual costs liability of over £6m.
Those are cases where the defence won. But in those cases, (a) they have to front the legal fees themselves for a period of several years during the action and (b) there is a real risk that the person who filed the libel action may not be able to pay it.
It very risky for an individual to defend a libel action, so almost everyone folds instantly on receiving a letter, or settles.
> Lots of people are celebrating but I’m not. It's a sad, lonely sort of anticlimax. It’s really crap and I feel really bad it’s all ended up like this. I thought she'd just say sorry
Wow.
> In May 2018, Hopkins won an IPSO case against the Daily Mirror for claiming that she had been detained in South Africa in February 2018 for taking ketamine. The Mirror updated the headline to say that she had been detained for spreading racial hatred, and included a correction in the article.
You are (wilfully?) misrepresenting these cases. The defence in each of these cases chose to employ very expensive legal teams, the cost in these cases is a reflection of choices made by the defendant, not the cost of defending against a claim of libel. As an individual defendant in a libel case, there would be no obligation to incur such costs.
Noel Clarke's legal team were working on a no-win no-fee basis (before they saw the writing on the wall and dropped him as a client, leading him to represent himself). The Guardian had no obligation to spend over £6 million on their defence, it was a choice they made. Indeed, one could argue that The Guardian chose to spend so much to send a message to those that consider baseless libel legal action in future, that The Guardian is willing to spend any amount of money to defend itself.
If you are an individual who posts the truth online, and you are sued for libel, you can spend very little on mounting a defence (you may even choose to represent yourself for free). Whether the litigant spends thousands, millions or billions on their action against you is immaterial as it is their cost, not yours.
As for Jack Monroe vs. Hopkins, Jack Monroe is a fraud. Justice did not prevail, although Hopkins losing her house was a nice treat.
Yes, I once made a bug report based to a client's supplier (overly permissive API endpoint was leading user data) and became the subject of the a spurious defamation letter. It was obviously unwinnable on the supplier's part, never went past solicitor's letters, and still cost high four figures to defend.
Nothing like some of the real horror stories, but still a significant chilling effect.
You do not need to "defend" against a "spurious defamation letter". The (very profitable) business of sending legal letters is based on the misunderstanding of the law that is perpetuated online. Legal letters are to law firms what bandwidth is to cloud hosting providers: free money.
In the UK, under the UK Civil Procedure Rules, you are expected to engage in the Pre-Action Protocol and provide a substantive response within 14 days, and failure to do so can effect you credibility and standing in court. So you do not have to respond, but not doing so risks sanction from the court for non-engagement.
A response to a "spurious defamation letter" does not cost "high four figures". Substantive does not refer to the cost of the response. Substantive means that it addresses the substance of the complaint.
The "high four figures" you spent for a lawyer to respond (I disagree with the word "defend") to a legal threat was unnecessary. You paid a bunch of money for some low-paid legal assistants to fill out a template, and then a high-paid solicitor to sign off on it.
As an individual, you can respond substantively to a legal threat for free. And even if you choose not to respond, courts are not punitive, the standard that courts hold individuals to are different to the standards they hold law firms to. A court will not rule in a claimant's favour in a libel case because an individual didn't follow procedure correctly.
If you, as an individual, make a truthful statement about A Big Corporation and A Big Corporation spends £100,000 on a team of lawyers to write an angry letter to you demanding you retract, a simple single-sentence self-composed response of "The statement is true, I will not retract." is substantive.
Despite what catastrophisers like yourself (catastrophisers who are encouraged by participants in the legal system who profit from this misapprehension) might suggest, civil courts are interested in adjudicating fairness, not trapping individuals in an endless legal quagmire.
Can you share examples of individuals who have been sanctioned by the U.K. courts for anything that comes close to not engaging in the Pre-Action Protocol?
No, the Pre-Action Protocol is quite a bit more in depth than that and required a significant response including document review and research.
"The statement is true, I will not retract" is not substantive and is effectively calling the bluff. If they take it beyond a letter, those costs will balloon further.
The "Defendant’s Response to Letter of Claim" section is very clear that it is actually that simple. The burden is almost entirely on the claimant, the defendant has very little to do. Can you provide any evidence that any individual has ever been sanctioned by a U.K. court for either not filing a response, or not filing a substantive response?
You are saying that "costs will balloon further" but you haven't yet established there are any costs. How can costs that do not exist balloon? Any individual could satisfy the "Pre-action Protocol for Media and Communications Claims" with ease, no expense necessary.
The point I am making in this thread is that there are no mandatory costs, that receiving an angry letter from the lawyers of a deep-pocketed litigant is financially inconsequential. The choice to hire legal representation and pay them "high four figures" to write a response is a choice. Hiring legal representation for court is a choice, too.
The courts are very kind to people who choose to represent themselves, especially when the litigants are obviously abusing the system to try and silence individuals. The point you're making seems to be that you must spend money to defend against spurious defamation claims so I have asked you to provide any evidence of a case where an individual is accused of libel and has suffered because they chose not to spend money.
I am not trolling. I disagree with the suggestion that the U.K. libel laws create an environment where people are scared to speak truth because there is a real threat of an expensive lawsuit. My position is that the fear people have of expensive lawsuits comes from other people fear mongering, in comments like yours, either based on a misunderstanding of a case they've seen publicised or because of information they've been given by legal professionals in a different context.
Okay, so you are trolling or you are at peak levels at HN arrogance.
No, the chilling effect of UK defamation laws is not an artefact of scaremongering. No, you have not discovered the secret truth hidden by the legal profession. Yes, defamation cases are a real threat and expensive to defend as the burden of proof lies on the defendant, not the allegedly defamed.
Very easy to pop shit when you aren't risking your life and your family's future to protect the honor of JP Morgan. If everything goes perfectly, you've just lost your job and can't get hired because people don't want to hire a snitch; and if everything goes badly, it could go really badly. You might end up killed in a botched robbery, or thinking suicide will be the only way to save your family.
I'm pretty sure the truth wasn't even a defense in UK libel law before 2013. It was entirely about whether you had the intent to harm someone. If you want to disrupt a thief's business, that's intent to harm someone, as a lot of people who wrote about quack doctors found out.
It's easy to armchair quarterback these things, and in retrospect, the actions that innocent people should take are probably obvious. At the time I don't think it would be so easy.
There is lots of pressure not to take action, because of the feeling you're overreacting, because you've had things explained to you in a way that minimizes or removes the criminality, and because your job is at stake.
And crucially there is never some black and white issue. If your employer told you to murder someone, it would be easy to say no and know you did the right thing. If they tell you to incrementally go along with some grey area thing you're not sure the legal status of, it's way harder to know what to do.
People still have to be accountable for their actions of course, ignorance is no excuse. But we all should hope we're never in such a situation to begin with rather than thinking we'll know how and when to act.
The article makes it sound clear sure. But then the article has been edited.
I would not have been surprised if the 5 million user thing was couched as some sort of "we need to generate some realistic test data to load test our systems <WINK WINK> - please create 5 million accounts very similar to these paying ones, remember this is testing so they need to be as realistic and believable as possible <WINK WINK>".
If I got that request (perhaps without the winking!) come down the line through the usual channels I'd probably have gone along with it without realising it was for anything nefarious. ...but then would that be a viable defense?!
Even if somebody gave no pretext, I don't think that, in and of itself, is illegal. Though it could be used for illegal things. For instance early on Reddit actively created fake accounts, fake votes, fake comments, and all other sorts of stuff in the process of trying to reach critical mass. I really doubt that was illegal.
OTOH if somebody sent a message saying, 'Hey we need to increase our apparent paying users in order to defraud some potential investors.' then obviously you've become part of a criminal conspiracy, but I think nobody would ever* overtly say that.
I think there is a big difference between faking 10k users and then going to investors at 1m users years later (it's a morally dubious kickstart) or in this case for the sake of the sale/investment going to 1400%.
I can only imagine someone with a family to feed who is tied to corporate health insurance, or an H1 visa, being coerced into some gray activities being unwilling to lose their job to remain ethical or legal.
One of many reasons employers have a quiverful of ways to exploit and control workers.
I was working with someone on a large government project. At the beginning I told him that we cannot pad our hours at the end of the year to run the contract out and then make up for it with extra hours in the next year like we do with business clients because it is illegal and further because it's a $1M+ contract could lead to prison.
Of course I found out that he was going into our billing software and adding hours to me. I had to talk to a lawyer and he recommended I report it to the gao. I compromised by quitting and reporting it to the liaison on the project (a professor). It was very stressful because if I hadn't reported it he could say that I reported those hours, not him, and I could have ended up in prison.
You had record of your correspondance with the lawyer. All you had to do was report it to the liaison and keep punching the clock. Unless you were getting paid more because of the overages the enforcers dgaf about you.
I wish I could tell a story. Alas, I can't. It turns out that large corporations are excellent at hiding evidence of wrongdoing, and will do everything to cover the backside of high-level execs, because stock price matters. When it's bad, the exec leaves for a "better opportunity", and none will be wiser. The stress of the honest, serious engineer(s) remain, and the exec gets a free ride to their next big beautiful step up the ladder. In retrospect, don't follow internal reporting guidelines, and don't talk to internal lawyers. They either are incompetent or competent, but paid to swipe stuff under the rug -- you'll never find out either way. Instead, go to the relevant regulatory agency, write a detailed report to them, and let it play out.
I was asked to sign off on an R&D tax claim for my team's work. I reviewed it and said no. Was then sent to a meeting with the accountants who explained the claim was based on what the CEO had told them. We went through the details and the agreed with me on most things. I also discovered that we were entitled to claim for things I wouldn't have known about and the CEO discovered that just because the credits were for R&D the legal definition didn't allow for normal development work.
In this instance nothing intentionally illegal was being attempted. However, had the original claim been made it could have been considered fraud. In these sorts of situations I always ensure that the company put me in contact with the professionals that can indemnify both the company and me from any wrong doing. Provided we tell the truth.
> If you take one lesson from this, it’s that you can always say no.
I fully understand why this is true, but it seems to ignore any retaliative measures that the management could take against the person who says no.
With the benefit of hindsight, any such retaliation would be weaker than ending up in an orange suit. But the person has to find the guts to say "no" without that hindsight.
I would argue that you have a moral and ethical responsibility to say no when your manager asks you to do something illegal, even if it does cost you your job. The law is the law, and there is no excuse for breaking it. Your manager is certainly culpable, but if you act against the law, you are culpable as well.
The exception is if you fear literal physical violence against you or others, or are being blackmailed or something, then of course you are being coerced and have no choice. But "losing your job" does not rise to that kind of coercion, in my opinion.
Not saying it's easy, it's a horrible situation to be put in and I have huge amounts of sympathy for a person who has to experience this. No one is perfect and act with faultless ethics at all times. But hard or not, it is your duty as a citizen not to violate the law.
I think, for most people, getting the shit beaten out of them is a preferable outcome to losing their job.
For most people, their job is the only thing standing between them and being homeless, losing their car, losing their kids, their partner, etc.
This is why having a culture that treats firing people as no big deal leads to wack ass incentives. You can make people do almost anything if you threaten their job enough.
> I would argue that you have a moral and ethical responsibility to say no when your manager asks you to do something illegal, even if it does cost you your job.
When your access to food, housing, heating and healthcare for your family are dependent on your income, you may find yourself facing very difficult decisions. Most parents will risk whatever legal ramifications to care for their kids and that's inherent moral and ethical, even if the downstream outcome is not. That is because it is the socioeconomic system rather than the individual who is acting immorally.
> The law is the law, and there is no excuse for breaking it.
This is an infantile view. The law is a framework and there are lots of circumstances where breaking it is not only excusable, it's the only moral action.
> When your access to food, housing, heating and healthcare for your family are dependent on your income, you may find yourself facing very difficult decisions
This is the time when your ethics are tested. Anyone can do the right thing when they're getting paid for it.
> There was a lesson to learn from the holocaust. We're always reminded that: "Never forget, we've learned our lesson." "What was the lesson?" That's the question. The lesson is, "You're the Nazi". No-one wants to learn that; If you were there, that would have been you. You might think "Well, I'd be Oskar Schindler and I'd be rescuing the Jews." It's like, no, afraid not. You'd at least not be saying anything. And you might also be actively participating. You might also enjoy it.
Hindsight theoretical morality is very different from experience on the ground, where peer pressure, stress, uncertainty, exploding situations and fog of war come into the mix.
At least in the case of engineers, we're talking about highly compensated people. You should have a solid emergency fund put together within a few months of starting your career. From there, it's on you to not put yourself into an economically precarious position. People who are making multiples of the median household don't have food/shelter as an excuse.
Not that it's much of an excuse for everyone else either, but with people in the professional-managerial class it's absurd.
Globally, most software developers are not highly paid and certainly not enough to be above financial pressure.
Becoming a whistleblower or refusing unethical demands can also lead to being blacklisted, as in most industries, loyalty is valued more highly than ethics.
We're not talking about living in a totalitarian state and breaking the law by aiding the resistance here. The cases in the article is like committing financial fraud or faking customer data. And then, yeah, I do think there is no excuse for going along with it, you have a duty as a member of society not to do such things, even if it costs your your job. It's not easy, and as I said I have enormous sympathy for a person in this position, but there is a clear right thing to do, and you have an obligation to act accordingly.
To get rich at your software startup is not one of the situations where you have a moral obligation to break the law. None of these people were stealing bread from the rich to feed their children.
Right, saying outright that Thoreau was wrong and also that pretty much every famous person who took him to heart was wrong too is a rather strong position to take and likely very, very hard to defend.
Or, for a more obscure example, that Antigone should just have said 'yes daddy' and left it at that with the play ending somewhere in the initial conversation with Ismene.
"losing your job", for a lot of people, is extremely effective coercion.
We are not talking about luxury here. A lot of people depend on their salary to pay rent and put food on the table. This is even more pressing if you have a family that depends on you, if you are in need of healthcare, etc.
What your post fails to recognize is that in the current system, labor is already a form of coercion. You need to work because the option is homelessness and starvation.
If you can avoid those even when unemployed, you are extremely privileged.
The threat of retaliation - in the form of being fired, harassed or moved to a dead end position - is very scary to a younger engineer. But from a rational point of view it's not very strong (HOWEVER many managers or CEOs are far from rational.)
- Firing someone has large costs to the employer. You have the job because you are needed. Same for side-lining someone or not promoting them.
- Firing someone removes the final incentives against that person reporting the deed to the govt. It pushes that person toward reporting instead of softer "negotiated" steps such as continuing to argue for legal alternatives or discussing it with an intermediate rather than outright reporting. And many corporate legal or accounting people are amazing at finding alternative ways to achieve the same result in a not-illegal manner.
- A lawyer can help you much more once there is retaliation. The company might end up fighting both the fraud reporting AND the retaliation.
Just firing someone is not a great "solution" for the company.
This is why whistleblower laws need to be stronger (e.g. retaliation means automatic jailtime even if the whistle was wrongly blown) and rewards need to be larger.
Software developers should sign a code of ethics, like other professions do and then cite it when asked to do unscrupulous things. This would work for activities that aren't illegal but still unethical, like defaulting user privacy choices to open/public. Citing professional organizations like ACM or IEEE would deter retaliation.
Yes, the Hippocratic Oath works quite well even if it has no legal underpinnings, so why not use the same idea for developers? Indeed ACM and IEEE could draft one.
It only works because doctors have a self-governing body of other doctors as an oversight, usually called a chamber, board, Kammer, etc. This chamber is responsible for licensing doctors to perform medicine and has the power to withdraw that license upon violations of the Hippocratic Oath, other ethical violations and other professional misconduct or malpractice.
Unless you want this kind of arrangement for developers, the oath isn't any good.
Also, the Hippocratic Oath has tons of variants, nobody uses the original one anymore because there are things in there that went out of fashion over the last 2000 years. E.g. operating on people suffering from kidney stones used to be prohibited: "I will not use the knife, not even, verily, on sufferers from stone[...]" (https://en.wikipedia.org/wiki/Hippocratic_Oath ). Similar prohibitions exist nowadays for abortions or euthanasia, but only in some places. In others, doctors are free to or even required to perform those. In software development, I would imagine even more variety in the allowed/prohibited-list.
not only, in most countries operating as a physician requires a license to operate. It can be revoked if the professional violates the terms of the license.
If software had such a thing, it would be possible to achieve something similar. It is not the oath per se that keeps doctors on the righteous path, it is just as much the treath of not loosing your job - but having your professional status revoked (i.e. permamently loosing the ability to work).
On the other hand, reviewing code every now and then, it would be good if you could revoke programming privileges for ever for certain individuals.
Our board would be packed with Scrum lords smacking down on missing field entries in Jira tickets.
I would like more 'philosophy' in CS education. Just that people are aware of the methods used against them helps alot. It is hard and takes time to discover stuff on your own. It took me like 5-10 years of working before I realized how the sausage is made.
Not taking away from your point, but just a PSA: For some reason "First, do no harm" is synonymous with "Hippocratic Oath" in pop-culture. Just a reminder that this is apocryphal: https://en.wikipedia.org/wiki/Hippocratic_Oath
Surgeons, in fact, often begin with harm. To replace a hip joint, they necessarily must begin by causing great trauma to the body by cutting it open and removing bone.
Why do you believe it works? I don't particularly get the sense it has any effect whatsoever, particularly in cases where doctors are pressured to do harm. (There's also a lot of ambiguity left in what constitutes "harm")
The code of ethics would need to be absolute, enforceable, unambiguous (without lawyers to interpret), and universal to really eliminate these activities.
Software engineering could become a real profession with licensing like mechanical, electrical, chemical, civil, and other engineering professions. If you do something unethical, you could be sued for malpractice and lose your license to practice.
The code of ethics for Professional Engineers works even though it isn’t any of the things you say are necessary.
Licensed professions only serve to increase the scarcity of licensed professionals, drive up the price and thereby form an economic cartel. Neither does it prevent any of the aforementioned disasters, nor are the responsible professionals held liable.
"Licensed professionals" is one of those myths in software engineering cycles that won't die. A license won't make anyone competent. It will, however, provide them with an excuse to charge more, do less and ascribe any fuckups to "must be something else wrong, I did everything to board standards"...
That's a weird set of anecdotes you've chosen. The first half of those incidents are in fact the opposite of what you seem to be complaining about: finding the Professional Engineers that signed off on the mistakes in the project is hard to do because they happened in countries that failed to regulate Professional Engineering licenses.
The Chernobyl disaster is an operation mistake, which a Professional Engineer may have signed the process for operation, but an operational failure to follow process is not the Professional Engineer's fault. Sure, a professional will try to narrow processes to be as fool-proof as possible, but you can't entirely blame a professional that the planet is capable of generating far more fools than you can plan for.
The Fukushima disaster actually shows Professional Engineering consequences with multiple engineering groups doing analysis and investigations of what went wrong and whether or not to indict Professional Engineers involved in the construction. None of those moved to such indictments, but it was investigated at length. Three of the executives of the company were indicted as a part of those investigations (and then were judged "not guilty" in a Japanese court of law).
"Licensed professionals" is not a myth. A license isn't about making anyone competent, it is about applying consequence when they aren't. It's also about having your back when you are worried about possible consequences. "I can't do that because I would lose my license" is a threat companies have to take seriously. If your company wants to force you to pursue it anyway, you can take the issue to the Ethics Committee at your licensing board/professional organization and they can help you examine the legal, ethical, and moral implications in a way that could result in consequences to your company. If all of that is documented and the company still does it anyway it is easier to get legal consequences applied to company executives, such as real, deserved jail time.
In the Brumadinho case, five engineers were arrested and charged and jailed. They are out of jail and a criminal case is ongoing.
In the Bhopal disaster, seven engineers and executives were convicted of causing death by negligence and give the maximum penalty (which was pretty weak).
The Chernobyl incident led to Anatoly Dyatlov to be jailed and getting a 10-year sentence.
For Fukushima, some people were charged with professional negligence causing death but they beat the charges in court.
Licensing will not make anybody competent. But it can help keep incompetent people out of our field. When Engineers screw up, their malpractice insurance may get too expensive for them to continue to work in the field. When management asks for something unethical, it gives a pretty good reason for pushing back.
You can never make these kinds of things unambiguous. People are really creative about inventing interpretations to make things ambiguous in their favor, and rule systems are really complex.
More to the point is trying to be an ethical island in an unethical society, You'd have to deal with constant attacks from the "anti-woke" crowd.
If you are to be found in violation by DAO jury vote, you will be blocked from all private torrent trackers and usenet groups (we just have to make sure all of them mods are onboard mkay), with threat of ban for repeat offenders.
You may also find your support tickets everywhere languishing and x months of CAPTCHA-hell on every website.
I wonder how would that work when you are working for companies like Lockheed Martin, knowing your code will be used in weapon that may kill innocent people.
Presumably similar to how it works for the professional Mechanical Engineers and Electrical Engineers they already employ. Ethics are subjective and nuanced. Ethics are also different from morals. Some people can live with the moral quandary that their work may do harm to innocent people and still have the ethical belief that they are doing the right thing generally and that their work does more good than harm. (I'm not one of those people myself with regards to the military-industrial complex, but I respect my friends that are have sat with their morals and weighed them into the ethical frameworks of how they do their jobs and what they feel about doing their jobs ethically.)
I'm quite firmly on the side of "don't do bad stuff", even way before crossing the line to wondering how you'd look in the proverbial orange jumpsuit. But two things about this are often under-discussed IMO.
Firstly, personal costs can be high even before full-blown whistleblowing, the struggles of which are well reported. The best case is usually that you're looking for a new job. It is clear to me that that's better than committing a crime or gravely unethical action, but not everyone always has good alternatives, enough financial safety, and no major economic responsibilities to cover at home.
This also goes for mental costs: I have previously come close to burnout spending months trying to rectify a clearly very bad and doomed situation. The only reward at the other end was the bitter vindication of seeing a project I deeply cared about crash and burn from afar after cutting my losses. And I personally know people who suffered far greater damage and took longer to recover from it, even in cases where they merely uncovered some big skeleton in the closet that was not even the fault of anyone currently in charge or clearly malicious. In many cases, management will be somewhere between actively complicit and themselves stuck in a bad situation with barely enough (perceived) agency to fix things the right way, which doesn't help.
Secondly, short of "going to war" and dedicating your entire life to changing something, saving yourself is usually the best you can hope for. That's obviously better than being complicit and possibly liable. I also like being able to sleep at night knowing I have principles. But if you have the righteousness to refuse to become complicit, it's quite frustrating to come to terms with the fact that you mostly won't be able to set things straight properly unless you are in a very influential position. I know that's often not really my responsibility if I'm not higher up, but it still doesn't sit right with me that I can't do more.
> not everyone always has good alternatives, enough financial safety, and no major economic responsibilities to cover at home.
I recommend planning for this (if you can). Set money aside sufficient to cover your costs until you can get another job so that you can quit at any time. Negotiate your deals so that you don't end up with substantial golden handcuffs (i.e. cash > equity, especially with long vesting periods).
This helps a lot with maintaining an ethical position, but is also helpful for other negotiations. Effectively you are maintaining a good BATNA[1].
whole-heartedly seconded, it helps with anything from "they want me to do something really bad" all the way to "I'm really not feeling it anymore here"
Another recent classic case of this is the revelations that Uber were targeting law enforcement based on user behaviour, and refusing to offer them rides in areas where they were breaking regulations. I mentioned this at some point last year, and someone replied saying that they'd enthusiastically volunteer to take part in that project (assuming no personal risk). People's ethics are not always what you'd expect (or hope).
I have promised to resign (and fully would have) when asked to implement something that would put customer security and privacy at risk, when such concerns were in their infancy; more than half a lifetime ago but in the dot com era when I had actual value. Our client, a very large organisation, became aware I had an ethical concern my own bosses didn’t share, listened to me and changed their policies to eliminate my concern.
People who work in the Valley for fifty, a hundred times more than the poorest in their own country often do not seem to feel the same way anymore.
This is not a question of abstract ethics, but a question of simple professional integrity. If the thing is bad and risks harms, you don’t do it.
It’s part of why I work for myself now; it’s not difficult to spot people who do not have a strong sense of ethics and simply not work for them. I work in a couple of fields where there are many non-ethical players, and can do so with a clear conscience.
Many years ago, I was working for a consulting firm doing work for a, erhm, "large insurance provider headquartered in Illinois". I was building a tool their insurance adjusters could use to use GPS devices to check how far houses were from the coast line and deny flood coverage to anyone within a certain boundary. Note that this was during the time of Selective Availability, so GPS devices were only good to 100m precision.
The client saw my first version where I marked an "indeterminate" buffer zone to account for the precision problem. They complained it was "confusing" and insisted I use the raw value without any buffer. Oh, and also, round the numbers in such a way to put all indeterminate points inside the denial zone. This would effectively add hundreds of square miles to the denial zone. A denial zone set by law, i.e. this was the some the government was allowing the insurance company to blanket deny flood coverage.
Giving them the benefit of doubt, I explained that the proposed changes didn't make mathematical sense and would over count people near the edge of the denial zone. I had access to some market data at the time and was able to estimate it would be a few thousand extra homes. They did the standard "avoid acknowledging the issue" whenever someone is trying to pressure you into doing something unethical it illegal.
I told my boss at the consulting company. He started putting the screws on me. Told me we needed to do this. Told me my job was on the line. Intimated it would be hard to find a new job considering the client was the largest employer in the area. Told me he could get anyone to do it.
I had two weeks of PTO planned, during which I was supposed to come back to Pennsylvania and move my stuff out to Illinois. After my PTO, I was supposed to show back up in Illinois. Instead, I went to our HQ in PA (much to the surprise of everyone, "what are you doing here"), told the CEO what happened, and when he doubled down on doing the wrong thing, I quit on the spot, no notice period.
I learned later they did not "get anyone to do it". My actions put the contract in a lurch, the client dropped my former employer, and cancelled the project.
I feel pretty good about that one.
There have been other issues since then, but I've noticed a pattern. They always happen at places I had to talk myself into joining. There were red flags and I rationalized them away, "well, I'm just over reacting. I don't have any evidence anything is wrong here. It's just the way people talk that's bothering me. And I really need this job." Since I've gotten more stable and better about not taking jobs that show red flags, somehow the ethical issues seem to have magically gone away.
I don't know. This was 25 years ago and I was pretty young at the time. Clients being clients, they probably didn't know, either. Consulting being consulting, probably nobody would have sprung for it (the maps if they needed licensing, or even just the development to use them) if anyone did know.
> Frank was a student loan startup founded by Charlie Javice in 2016. In 2019, Javice was featured on the Forbes “30 under 30”
There was a joke going around Twitter about "30 under 30 doing 30 to life", because the startups involved were getting more and more outlandish to the extent that bystanders suspected that fraud was going on. Became a Guardian article: https://www.theguardian.com/business/2023/apr/06/forbes-30-u...
Of course, a fraud can stay afloat for a lot longer than you expect. The really tricky case is when you're ordered to do something illegal or unethical for which there is substantial political cover. An executive order, for example. You cannot rely on anyone to back you up simply because of the letter of the law.
Also:
> The reality was that this was a very deliberate double charge. I could not share this fact at the time – as the company threatened me with libel after I informed them of this detail
UK libel law routinely covers up all sorts of things which the public would benefit from having revealed, simply by the threat of an expensive lawsuit. It makes investigative journalism really uneconomic.
> UK libel law routinely covers up all sorts of things which the public would benefit from having revealed, simply by the threat of an expensive lawsuit. It makes investigative journalism really uneconomic.
But the worst horror stories date from before it was last reformed, in 2013, I think, and I feel the need to patriotically point out that Australian libel law is even worse!
Do any other countries have an equivalent to the UK's "super injunction"? This is where a court order says you're not allowed to talk about the court order itself nevermind the topic covered by the order.
https://en.wikipedia.org/wiki/Warrant_canary
That's probably a good starting point for a dive into that question.
I remember a lot of fuss being made about these but, as time goes on, I'm very sceptical they can work. Looking at the Afghan data leak reported earlier this year: courts can make it practically difficult for most of the organisation to even know they're subject to court orders!
The person updating the website asks "have we received a court order?" and the person under injunction must answer "not me." The website author isn't lying, but the website contains incorrect information (as the result of a legally-enforced lie).
You could ask your lawyer but, once again, they'd also answer "no we haven't" because answering anything else is contempt of court at best.
I'd think the CEO would know, would they not? And the CEO could tell the person updating the website: "Let's go ahead and remove the canary, we don't need it anymore." --> "OMG, did we get secretly subpoena'd?" ---> "No, not yet, but I just don't want to run the warrant canary anymore."
The only way the CEO finds out is if they're made privy to the injunction, at which point they become subject to it. Even an oblique hint could be a breach of the injunction.
Be honest: do you think a judge is stupid enough to believe you had the injunction explained to you by your legal counsel then, in a totally unrelated incident, thought "oh, I don't think we need the warrant canary any more."
That's a key component of some specific forms of US warrants.
I imagine so. Bear in mind that the concept isn't particularly a bad idea, however they are very easy to abuse and the laws need to restrict them to where they're strictly necessary (and force the court to prove they're still needed).
The Afghan data leak scandal is a great example of where it made sense to use a super-injunction at first but also where its application continued long past when it should have done for (frankly) political reasons. Lewis Goodall's reporting on this is pretty excellent and fairly balanced, in my opinion.
I've been doing this tech nonsense at moderately high levels for over 45 years now, and over the years I've had business dealings with members of these "30 under 30" lists, and every single fucking time it's a conman, a grifter. I don't even bother with heavily marketed individuals nor their flagships anymore. They are nonsense.
It reminds me of one of two people (at the same time and place in my life) I was introduced to because they shared national origin (i.e. nationality at birth, or parents nationality) with me.
One later got into the Sunday Times rich list (the under 40 section, IIRC) during the dot com bubble, by the simple expedient of lying. He claimed to be working on encryption software that was hugely valuable and said it was valued in billions. He actually owned a smallish local computer shop. He later fled the country claiming MI5 were persecuting him for developing such good encryption software.
TO be fair, he seems to have fooled financial institutions too. He bought a Ferarri (presumably on credit) and Amex gave him a black card (which he tastefully put a picture of on the company website). It did not take a lot to see through the fraud, the actual business was decribed on the website.
The other person I got introduced to around the same time for the same reason turned out to be a member of a terrorist organisation. Not banned here at the time, but still not someone I particularly wanted to meet.
> UK libel law routinely covers up all sorts of things which the public would benefit from having revealed, simply by the threat of an expensive lawsuit. It makes investigative journalism really uneconomic.
No. The deference people have to the law as some sort of all knowing all powerful magic spell that can be cast to force silence at any time is to blame. Libel is publishing something you know to be untrue. The truth cannot be libel.
If you want to speak the truth, if you want to act in service of the greater good, you must take the risk that you will attract attention from people who do not want you to speak the truth. And those people may use whatever power they have to suppress you, whether that's judicial or extrajudicial. That's not caused by any specific legal system, it's how people behave.
Investigative journalism is uneconomic the world over. The U.K. has some of the best investigative journalism in the world. The U.K. legal system is far from perfect, but it is wrong to say that in this case, the U.K.'s libel laws (for all their flaws) kept this information secret.
The irony is that the greatest suppressor of the truth is comments like yours which scare people into silence about the truth.
https://www.msrs.co.uk/the-libel-labyrinth-navigating-the-tw...
> The costs in this case were significant, with Vardy being ordered to pay a substantial proportion of Rooney’s legal fees. Initially, the court ordered Vardy to pay £1.5 million in costs, earlier this month, it was revealed that Vardy had been ordered to pay an additional £100,000, bringing the total to £1.6 million.
https://www.matrixlaw.co.uk/news/noel-clarke-ordered-to-pay-...
> In August, after a six week trial, the High Court upheld the Guardian’s defences of truth and public interest speech.
> The trial judge, Steyn J, has now ordered Mr Clarke to pay £3m on account within 28 days, in respect of a likely eventual costs liability of over £6m.
Those are cases where the defence won. But in those cases, (a) they have to front the legal fees themselves for a period of several years during the action and (b) there is a real risk that the person who filed the libel action may not be able to pay it.
It very risky for an individual to defend a libel action, so almost everyone folds instantly on receiving a letter, or settles.
An exception: https://en.wikipedia.org/wiki/Monroe_v_Hopkins - peak Twitter, sadly. Fortunately in this case justice prevailed and Katie Hopkins lost her house and life savings.
> Lots of people are celebrating but I’m not. It's a sad, lonely sort of anticlimax. It’s really crap and I feel really bad it’s all ended up like this. I thought she'd just say sorry
Wow.
> In May 2018, Hopkins won an IPSO case against the Daily Mirror for claiming that she had been detained in South Africa in February 2018 for taking ketamine. The Mirror updated the headline to say that she had been detained for spreading racial hatred, and included a correction in the article.
Pick your battles, eh
You are (wilfully?) misrepresenting these cases. The defence in each of these cases chose to employ very expensive legal teams, the cost in these cases is a reflection of choices made by the defendant, not the cost of defending against a claim of libel. As an individual defendant in a libel case, there would be no obligation to incur such costs.
Noel Clarke's legal team were working on a no-win no-fee basis (before they saw the writing on the wall and dropped him as a client, leading him to represent himself). The Guardian had no obligation to spend over £6 million on their defence, it was a choice they made. Indeed, one could argue that The Guardian chose to spend so much to send a message to those that consider baseless libel legal action in future, that The Guardian is willing to spend any amount of money to defend itself.
If you are an individual who posts the truth online, and you are sued for libel, you can spend very little on mounting a defence (you may even choose to represent yourself for free). Whether the litigant spends thousands, millions or billions on their action against you is immaterial as it is their cost, not yours.
As for Jack Monroe vs. Hopkins, Jack Monroe is a fraud. Justice did not prevail, although Hopkins losing her house was a nice treat.
Yes, I once made a bug report based to a client's supplier (overly permissive API endpoint was leading user data) and became the subject of the a spurious defamation letter. It was obviously unwinnable on the supplier's part, never went past solicitor's letters, and still cost high four figures to defend.
Nothing like some of the real horror stories, but still a significant chilling effect.
> ...and still cost high four figures to defend
You do not need to "defend" against a "spurious defamation letter". The (very profitable) business of sending legal letters is based on the misunderstanding of the law that is perpetuated online. Legal letters are to law firms what bandwidth is to cloud hosting providers: free money.
In the UK, under the UK Civil Procedure Rules, you are expected to engage in the Pre-Action Protocol and provide a substantive response within 14 days, and failure to do so can effect you credibility and standing in court. So you do not have to respond, but not doing so risks sanction from the court for non-engagement.
You're proving my point. You are catastrophising.
A response to a "spurious defamation letter" does not cost "high four figures". Substantive does not refer to the cost of the response. Substantive means that it addresses the substance of the complaint.
The "high four figures" you spent for a lawyer to respond (I disagree with the word "defend") to a legal threat was unnecessary. You paid a bunch of money for some low-paid legal assistants to fill out a template, and then a high-paid solicitor to sign off on it.
As an individual, you can respond substantively to a legal threat for free. And even if you choose not to respond, courts are not punitive, the standard that courts hold individuals to are different to the standards they hold law firms to. A court will not rule in a claimant's favour in a libel case because an individual didn't follow procedure correctly.
If you, as an individual, make a truthful statement about A Big Corporation and A Big Corporation spends £100,000 on a team of lawyers to write an angry letter to you demanding you retract, a simple single-sentence self-composed response of "The statement is true, I will not retract." is substantive.
Despite what catastrophisers like yourself (catastrophisers who are encouraged by participants in the legal system who profit from this misapprehension) might suggest, civil courts are interested in adjudicating fairness, not trapping individuals in an endless legal quagmire.
Can you share examples of individuals who have been sanctioned by the U.K. courts for anything that comes close to not engaging in the Pre-Action Protocol?
No, the Pre-Action Protocol is quite a bit more in depth than that and required a significant response including document review and research.
"The statement is true, I will not retract" is not substantive and is effectively calling the bluff. If they take it beyond a letter, those costs will balloon further.
https://www.justice.gov.uk/courts/procedure-rules/civil/prot...
The "Defendant’s Response to Letter of Claim" section is very clear that it is actually that simple. The burden is almost entirely on the claimant, the defendant has very little to do. Can you provide any evidence that any individual has ever been sanctioned by a U.K. court for either not filing a response, or not filing a substantive response?
You are saying that "costs will balloon further" but you haven't yet established there are any costs. How can costs that do not exist balloon? Any individual could satisfy the "Pre-action Protocol for Media and Communications Claims" with ease, no expense necessary.
Costs upon commencement of litigation. Are you being purposely obtuse or trolling?
The point I am making in this thread is that there are no mandatory costs, that receiving an angry letter from the lawyers of a deep-pocketed litigant is financially inconsequential. The choice to hire legal representation and pay them "high four figures" to write a response is a choice. Hiring legal representation for court is a choice, too.
The courts are very kind to people who choose to represent themselves, especially when the litigants are obviously abusing the system to try and silence individuals. The point you're making seems to be that you must spend money to defend against spurious defamation claims so I have asked you to provide any evidence of a case where an individual is accused of libel and has suffered because they chose not to spend money.
I am not trolling. I disagree with the suggestion that the U.K. libel laws create an environment where people are scared to speak truth because there is a real threat of an expensive lawsuit. My position is that the fear people have of expensive lawsuits comes from other people fear mongering, in comments like yours, either based on a misunderstanding of a case they've seen publicised or because of information they've been given by legal professionals in a different context.
Okay, so you are trolling or you are at peak levels at HN arrogance.
No, the chilling effect of UK defamation laws is not an artefact of scaremongering. No, you have not discovered the secret truth hidden by the legal profession. Yes, defamation cases are a real threat and expensive to defend as the burden of proof lies on the defendant, not the allegedly defamed.
Bandwidth isn't free to a cloud hosting provider in any real sense of the word. It's not priced in relation to cost, but it definitely does cost
The irony is that libel doesn't just suppress individuals, but corporations that might be bankrupted by libel suits, such as reporting agencies.
Nice ideals. I mean that. But pure altruism at great cost is a lot harder than you imagine.
Then go publish an article about how much time the Prince of Wales spends with women that aren’t his wife
Sure, send me the evidence and I’ll publish it.
Very easy to pop shit when you aren't risking your life and your family's future to protect the honor of JP Morgan. If everything goes perfectly, you've just lost your job and can't get hired because people don't want to hire a snitch; and if everything goes badly, it could go really badly. You might end up killed in a botched robbery, or thinking suicide will be the only way to save your family.
I'm pretty sure the truth wasn't even a defense in UK libel law before 2013. It was entirely about whether you had the intent to harm someone. If you want to disrupt a thief's business, that's intent to harm someone, as a lot of people who wrote about quack doctors found out.
It's easy to armchair quarterback these things, and in retrospect, the actions that innocent people should take are probably obvious. At the time I don't think it would be so easy.
There is lots of pressure not to take action, because of the feeling you're overreacting, because you've had things explained to you in a way that minimizes or removes the criminality, and because your job is at stake.
And crucially there is never some black and white issue. If your employer told you to murder someone, it would be easy to say no and know you did the right thing. If they tell you to incrementally go along with some grey area thing you're not sure the legal status of, it's way harder to know what to do.
People still have to be accountable for their actions of course, ignorance is no excuse. But we all should hope we're never in such a situation to begin with rather than thinking we'll know how and when to act.
> And crucially there is never some black and white issue.
The three example given are quite black and white ...
Here are a few more examples:
https://leanpub.com/unethical-software-engineering/
You should probably disclose this is your own book you're advertising.
AGGRESSIVE ADVERTISER
The article makes it sound clear sure. But then the article has been edited.
I would not have been surprised if the 5 million user thing was couched as some sort of "we need to generate some realistic test data to load test our systems <WINK WINK> - please create 5 million accounts very similar to these paying ones, remember this is testing so they need to be as realistic and believable as possible <WINK WINK>".
If I got that request (perhaps without the winking!) come down the line through the usual channels I'd probably have gone along with it without realising it was for anything nefarious. ...but then would that be a viable defense?!
Context is everything.
Even if somebody gave no pretext, I don't think that, in and of itself, is illegal. Though it could be used for illegal things. For instance early on Reddit actively created fake accounts, fake votes, fake comments, and all other sorts of stuff in the process of trying to reach critical mass. I really doubt that was illegal.
OTOH if somebody sent a message saying, 'Hey we need to increase our apparent paying users in order to defraud some potential investors.' then obviously you've become part of a criminal conspiracy, but I think nobody would ever* overtly say that.
I think there is a big difference between faking 10k users and then going to investors at 1m users years later (it's a morally dubious kickstart) or in this case for the sake of the sale/investment going to 1400%.
I was just double billed by the third-party that Enterprise Rentals uses to handle tolls. Fraud? Incompetence? Is there a difference?
I can only imagine someone with a family to feed who is tied to corporate health insurance, or an H1 visa, being coerced into some gray activities being unwilling to lose their job to remain ethical or legal.
One of many reasons employers have a quiverful of ways to exploit and control workers.
And why some people have a problem working with H1 coworkers at all. Its a separate class of workers, same as offshore, its somehow hostile.
I was working with someone on a large government project. At the beginning I told him that we cannot pad our hours at the end of the year to run the contract out and then make up for it with extra hours in the next year like we do with business clients because it is illegal and further because it's a $1M+ contract could lead to prison.
Of course I found out that he was going into our billing software and adding hours to me. I had to talk to a lawyer and he recommended I report it to the gao. I compromised by quitting and reporting it to the liaison on the project (a professor). It was very stressful because if I hadn't reported it he could say that I reported those hours, not him, and I could have ended up in prison.
I think the liaison just buried it in the end.
You had record of your correspondance with the lawyer. All you had to do was report it to the liaison and keep punching the clock. Unless you were getting paid more because of the overages the enforcers dgaf about you.
There were other issues... this was the final straw.
They do care - they care because they have an inflated impression of their own importance and you seem guilty, so you must be.
I wish I could tell a story. Alas, I can't. It turns out that large corporations are excellent at hiding evidence of wrongdoing, and will do everything to cover the backside of high-level execs, because stock price matters. When it's bad, the exec leaves for a "better opportunity", and none will be wiser. The stress of the honest, serious engineer(s) remain, and the exec gets a free ride to their next big beautiful step up the ladder. In retrospect, don't follow internal reporting guidelines, and don't talk to internal lawyers. They either are incompetent or competent, but paid to swipe stuff under the rug -- you'll never find out either way. Instead, go to the relevant regulatory agency, write a detailed report to them, and let it play out.
I was asked to sign off on an R&D tax claim for my team's work. I reviewed it and said no. Was then sent to a meeting with the accountants who explained the claim was based on what the CEO had told them. We went through the details and the agreed with me on most things. I also discovered that we were entitled to claim for things I wouldn't have known about and the CEO discovered that just because the credits were for R&D the legal definition didn't allow for normal development work.
In this instance nothing intentionally illegal was being attempted. However, had the original claim been made it could have been considered fraud. In these sorts of situations I always ensure that the company put me in contact with the professionals that can indemnify both the company and me from any wrong doing. Provided we tell the truth.
> If you take one lesson from this, it’s that you can always say no.
I fully understand why this is true, but it seems to ignore any retaliative measures that the management could take against the person who says no.
With the benefit of hindsight, any such retaliation would be weaker than ending up in an orange suit. But the person has to find the guts to say "no" without that hindsight.
I would argue that you have a moral and ethical responsibility to say no when your manager asks you to do something illegal, even if it does cost you your job. The law is the law, and there is no excuse for breaking it. Your manager is certainly culpable, but if you act against the law, you are culpable as well.
The exception is if you fear literal physical violence against you or others, or are being blackmailed or something, then of course you are being coerced and have no choice. But "losing your job" does not rise to that kind of coercion, in my opinion.
Not saying it's easy, it's a horrible situation to be put in and I have huge amounts of sympathy for a person who has to experience this. No one is perfect and act with faultless ethics at all times. But hard or not, it is your duty as a citizen not to violate the law.
I think, for most people, getting the shit beaten out of them is a preferable outcome to losing their job.
For most people, their job is the only thing standing between them and being homeless, losing their car, losing their kids, their partner, etc.
This is why having a culture that treats firing people as no big deal leads to wack ass incentives. You can make people do almost anything if you threaten their job enough.
> I would argue that you have a moral and ethical responsibility to say no when your manager asks you to do something illegal, even if it does cost you your job.
When your access to food, housing, heating and healthcare for your family are dependent on your income, you may find yourself facing very difficult decisions. Most parents will risk whatever legal ramifications to care for their kids and that's inherent moral and ethical, even if the downstream outcome is not. That is because it is the socioeconomic system rather than the individual who is acting immorally.
> The law is the law, and there is no excuse for breaking it.
This is an infantile view. The law is a framework and there are lots of circumstances where breaking it is not only excusable, it's the only moral action.
> When your access to food, housing, heating and healthcare for your family are dependent on your income, you may find yourself facing very difficult decisions
This is the time when your ethics are tested. Anyone can do the right thing when they're getting paid for it.
There's a nice Jordan Peterson quote:
> There was a lesson to learn from the holocaust. We're always reminded that: "Never forget, we've learned our lesson." "What was the lesson?" That's the question. The lesson is, "You're the Nazi". No-one wants to learn that; If you were there, that would have been you. You might think "Well, I'd be Oskar Schindler and I'd be rescuing the Jews." It's like, no, afraid not. You'd at least not be saying anything. And you might also be actively participating. You might also enjoy it.
Hindsight theoretical morality is very different from experience on the ground, where peer pressure, stress, uncertainty, exploding situations and fog of war come into the mix.
At least in the case of engineers, we're talking about highly compensated people. You should have a solid emergency fund put together within a few months of starting your career. From there, it's on you to not put yourself into an economically precarious position. People who are making multiples of the median household don't have food/shelter as an excuse.
Not that it's much of an excuse for everyone else either, but with people in the professional-managerial class it's absurd.
Globally, most software developers are not highly paid and certainly not enough to be above financial pressure.
Becoming a whistleblower or refusing unethical demands can also lead to being blacklisted, as in most industries, loyalty is valued more highly than ethics.
We're not talking about living in a totalitarian state and breaking the law by aiding the resistance here. The cases in the article is like committing financial fraud or faking customer data. And then, yeah, I do think there is no excuse for going along with it, you have a duty as a member of society not to do such things, even if it costs your your job. It's not easy, and as I said I have enormous sympathy for a person in this position, but there is a clear right thing to do, and you have an obligation to act accordingly.
To get rich at your software startup is not one of the situations where you have a moral obligation to break the law. None of these people were stealing bread from the rich to feed their children.
As a parent, I would risk destitution over going to prison every single time. I don’t even have to think about it.
It is not moral to break the law in the furtherance of fraud. That’s the point.
But if the fraud secures the livelyhood of $bignum children and they would starve without their parents committing that fraud?
[dead]
Right, saying outright that Thoreau was wrong and also that pretty much every famous person who took him to heart was wrong too is a rather strong position to take and likely very, very hard to defend.
Or, for a more obscure example, that Antigone should just have said 'yes daddy' and left it at that with the play ending somewhere in the initial conversation with Ismene.
"losing your job", for a lot of people, is extremely effective coercion.
We are not talking about luxury here. A lot of people depend on their salary to pay rent and put food on the table. This is even more pressing if you have a family that depends on you, if you are in need of healthcare, etc.
What your post fails to recognize is that in the current system, labor is already a form of coercion. You need to work because the option is homelessness and starvation.
If you can avoid those even when unemployed, you are extremely privileged.
If you can avoid those even when unemployed
that would be all developed countries except the united states
The threat of retaliation - in the form of being fired, harassed or moved to a dead end position - is very scary to a younger engineer. But from a rational point of view it's not very strong (HOWEVER many managers or CEOs are far from rational.)
- Firing someone has large costs to the employer. You have the job because you are needed. Same for side-lining someone or not promoting them.
- Firing someone removes the final incentives against that person reporting the deed to the govt. It pushes that person toward reporting instead of softer "negotiated" steps such as continuing to argue for legal alternatives or discussing it with an intermediate rather than outright reporting. And many corporate legal or accounting people are amazing at finding alternative ways to achieve the same result in a not-illegal manner.
- A lawyer can help you much more once there is retaliation. The company might end up fighting both the fraud reporting AND the retaliation.
Just firing someone is not a great "solution" for the company.
This is why whistleblower laws need to be stronger (e.g. retaliation means automatic jailtime even if the whistle was wrongly blown) and rewards need to be larger.
Software developers should sign a code of ethics, like other professions do and then cite it when asked to do unscrupulous things. This would work for activities that aren't illegal but still unethical, like defaulting user privacy choices to open/public. Citing professional organizations like ACM or IEEE would deter retaliation.
Yes, the Hippocratic Oath works quite well even if it has no legal underpinnings, so why not use the same idea for developers? Indeed ACM and IEEE could draft one.
It only works because doctors have a self-governing body of other doctors as an oversight, usually called a chamber, board, Kammer, etc. This chamber is responsible for licensing doctors to perform medicine and has the power to withdraw that license upon violations of the Hippocratic Oath, other ethical violations and other professional misconduct or malpractice.
Unless you want this kind of arrangement for developers, the oath isn't any good.
Also, the Hippocratic Oath has tons of variants, nobody uses the original one anymore because there are things in there that went out of fashion over the last 2000 years. E.g. operating on people suffering from kidney stones used to be prohibited: "I will not use the knife, not even, verily, on sufferers from stone[...]" (https://en.wikipedia.org/wiki/Hippocratic_Oath ). Similar prohibitions exist nowadays for abortions or euthanasia, but only in some places. In others, doctors are free to or even required to perform those. In software development, I would imagine even more variety in the allowed/prohibited-list.
not only, in most countries operating as a physician requires a license to operate. It can be revoked if the professional violates the terms of the license.
If software had such a thing, it would be possible to achieve something similar. It is not the oath per se that keeps doctors on the righteous path, it is just as much the treath of not loosing your job - but having your professional status revoked (i.e. permamently loosing the ability to work).
On the other hand, reviewing code every now and then, it would be good if you could revoke programming privileges for ever for certain individuals.
Our board would be packed with Scrum lords smacking down on missing field entries in Jira tickets.
I would like more 'philosophy' in CS education. Just that people are aware of the methods used against them helps alot. It is hard and takes time to discover stuff on your own. It took me like 5-10 years of working before I realized how the sausage is made.
The ACM has long had a code of ethics.
https://www.acm.org/code-of-ethics
Not taking away from your point, but just a PSA: For some reason "First, do no harm" is synonymous with "Hippocratic Oath" in pop-culture. Just a reminder that this is apocryphal: https://en.wikipedia.org/wiki/Hippocratic_Oath
Surgeons, in fact, often begin with harm. To replace a hip joint, they necessarily must begin by causing great trauma to the body by cutting it open and removing bone.
Why do you believe it works? I don't particularly get the sense it has any effect whatsoever, particularly in cases where doctors are pressured to do harm. (There's also a lot of ambiguity left in what constitutes "harm")
Are you kidding?
Misconduct among doctors is rampant, special highlight on dentists:
https://archive.ph/70Zk5
The author talks alot about this is this book: https://www.ruinedby.design/
The code of ethics would need to be absolute, enforceable, unambiguous (without lawyers to interpret), and universal to really eliminate these activities.
Software engineering could become a real profession with licensing like mechanical, electrical, chemical, civil, and other engineering professions. If you do something unethical, you could be sued for malpractice and lose your license to practice.
The code of ethics for Professional Engineers works even though it isn’t any of the things you say are necessary.
Professional Engineers signed off on on broken dams (https://en.wikipedia.org/wiki/Brumadinho_dam_disaster ), leaking chemical plants (https://en.wikipedia.org/wiki/Bhopal_disaster ), exploding reactors and how (not) to operate them (https://en.wikipedia.org/wiki/Chernobyl_disaster ) and "high enough" sea walls (https://en.wikipedia.org/wiki/Fukushima_nuclear_accident ). There are a ton more examples. All highly unethical, most of the responsible engineers got away scot-free.
Licensed professions only serve to increase the scarcity of licensed professionals, drive up the price and thereby form an economic cartel. Neither does it prevent any of the aforementioned disasters, nor are the responsible professionals held liable.
"Licensed professionals" is one of those myths in software engineering cycles that won't die. A license won't make anyone competent. It will, however, provide them with an excuse to charge more, do less and ascribe any fuckups to "must be something else wrong, I did everything to board standards"...
That's a weird set of anecdotes you've chosen. The first half of those incidents are in fact the opposite of what you seem to be complaining about: finding the Professional Engineers that signed off on the mistakes in the project is hard to do because they happened in countries that failed to regulate Professional Engineering licenses.
The Chernobyl disaster is an operation mistake, which a Professional Engineer may have signed the process for operation, but an operational failure to follow process is not the Professional Engineer's fault. Sure, a professional will try to narrow processes to be as fool-proof as possible, but you can't entirely blame a professional that the planet is capable of generating far more fools than you can plan for.
The Fukushima disaster actually shows Professional Engineering consequences with multiple engineering groups doing analysis and investigations of what went wrong and whether or not to indict Professional Engineers involved in the construction. None of those moved to such indictments, but it was investigated at length. Three of the executives of the company were indicted as a part of those investigations (and then were judged "not guilty" in a Japanese court of law).
"Licensed professionals" is not a myth. A license isn't about making anyone competent, it is about applying consequence when they aren't. It's also about having your back when you are worried about possible consequences. "I can't do that because I would lose my license" is a threat companies have to take seriously. If your company wants to force you to pursue it anyway, you can take the issue to the Ethics Committee at your licensing board/professional organization and they can help you examine the legal, ethical, and moral implications in a way that could result in consequences to your company. If all of that is documented and the company still does it anyway it is easier to get legal consequences applied to company executives, such as real, deserved jail time.
In the Brumadinho case, five engineers were arrested and charged and jailed. They are out of jail and a criminal case is ongoing.
In the Bhopal disaster, seven engineers and executives were convicted of causing death by negligence and give the maximum penalty (which was pretty weak).
The Chernobyl incident led to Anatoly Dyatlov to be jailed and getting a 10-year sentence.
For Fukushima, some people were charged with professional negligence causing death but they beat the charges in court.
Licensing will not make anybody competent. But it can help keep incompetent people out of our field. When Engineers screw up, their malpractice insurance may get too expensive for them to continue to work in the field. When management asks for something unethical, it gives a pretty good reason for pushing back.
I don't think it needs to be (it isn't for anything else), and I also don't think it needs to eliminate all activies (it doesn't for anything else).
But right now we have nothing. Surely, something is better than nothing. We can't have nothing and already be out of ideas.
You can never make these kinds of things unambiguous. People are really creative about inventing interpretations to make things ambiguous in their favor, and rule systems are really complex.
More to the point is trying to be an ethical island in an unethical society, You'd have to deal with constant attacks from the "anti-woke" crowd.
If you are to be found in violation by DAO jury vote, you will be blocked from all private torrent trackers and usenet groups (we just have to make sure all of them mods are onboard mkay), with threat of ban for repeat offenders.
You may also find your support tickets everywhere languishing and x months of CAPTCHA-hell on every website.
I wonder how would that work when you are working for companies like Lockheed Martin, knowing your code will be used in weapon that may kill innocent people.
Presumably similar to how it works for the professional Mechanical Engineers and Electrical Engineers they already employ. Ethics are subjective and nuanced. Ethics are also different from morals. Some people can live with the moral quandary that their work may do harm to innocent people and still have the ethical belief that they are doing the right thing generally and that their work does more good than harm. (I'm not one of those people myself with regards to the military-industrial complex, but I respect my friends that are have sat with their morals and weighed them into the ethical frameworks of how they do their jobs and what they feel about doing their jobs ethically.)
I'm quite firmly on the side of "don't do bad stuff", even way before crossing the line to wondering how you'd look in the proverbial orange jumpsuit. But two things about this are often under-discussed IMO.
Firstly, personal costs can be high even before full-blown whistleblowing, the struggles of which are well reported. The best case is usually that you're looking for a new job. It is clear to me that that's better than committing a crime or gravely unethical action, but not everyone always has good alternatives, enough financial safety, and no major economic responsibilities to cover at home.
This also goes for mental costs: I have previously come close to burnout spending months trying to rectify a clearly very bad and doomed situation. The only reward at the other end was the bitter vindication of seeing a project I deeply cared about crash and burn from afar after cutting my losses. And I personally know people who suffered far greater damage and took longer to recover from it, even in cases where they merely uncovered some big skeleton in the closet that was not even the fault of anyone currently in charge or clearly malicious. In many cases, management will be somewhere between actively complicit and themselves stuck in a bad situation with barely enough (perceived) agency to fix things the right way, which doesn't help.
Secondly, short of "going to war" and dedicating your entire life to changing something, saving yourself is usually the best you can hope for. That's obviously better than being complicit and possibly liable. I also like being able to sleep at night knowing I have principles. But if you have the righteousness to refuse to become complicit, it's quite frustrating to come to terms with the fact that you mostly won't be able to set things straight properly unless you are in a very influential position. I know that's often not really my responsibility if I'm not higher up, but it still doesn't sit right with me that I can't do more.
> not everyone always has good alternatives, enough financial safety, and no major economic responsibilities to cover at home.
I recommend planning for this (if you can). Set money aside sufficient to cover your costs until you can get another job so that you can quit at any time. Negotiate your deals so that you don't end up with substantial golden handcuffs (i.e. cash > equity, especially with long vesting periods).
This helps a lot with maintaining an ethical position, but is also helpful for other negotiations. Effectively you are maintaining a good BATNA[1].
[1]: https://corporatefinanceinstitute.com/resources/valuation/wh...
whole-heartedly seconded, it helps with anything from "they want me to do something really bad" all the way to "I'm really not feeling it anymore here"
Quitting is usually a good first response.
Another recent classic case of this is the revelations that Uber were targeting law enforcement based on user behaviour, and refusing to offer them rides in areas where they were breaking regulations. I mentioned this at some point last year, and someone replied saying that they'd enthusiastically volunteer to take part in that project (assuming no personal risk). People's ethics are not always what you'd expect (or hope).
I have promised to resign (and fully would have) when asked to implement something that would put customer security and privacy at risk, when such concerns were in their infancy; more than half a lifetime ago but in the dot com era when I had actual value. Our client, a very large organisation, became aware I had an ethical concern my own bosses didn’t share, listened to me and changed their policies to eliminate my concern.
People who work in the Valley for fifty, a hundred times more than the poorest in their own country often do not seem to feel the same way anymore.
This is not a question of abstract ethics, but a question of simple professional integrity. If the thing is bad and risks harms, you don’t do it.
It’s part of why I work for myself now; it’s not difficult to spot people who do not have a strong sense of ethics and simply not work for them. I work in a couple of fields where there are many non-ethical players, and can do so with a clear conscience.
Many years ago, I was working for a consulting firm doing work for a, erhm, "large insurance provider headquartered in Illinois". I was building a tool their insurance adjusters could use to use GPS devices to check how far houses were from the coast line and deny flood coverage to anyone within a certain boundary. Note that this was during the time of Selective Availability, so GPS devices were only good to 100m precision.
The client saw my first version where I marked an "indeterminate" buffer zone to account for the precision problem. They complained it was "confusing" and insisted I use the raw value without any buffer. Oh, and also, round the numbers in such a way to put all indeterminate points inside the denial zone. This would effectively add hundreds of square miles to the denial zone. A denial zone set by law, i.e. this was the some the government was allowing the insurance company to blanket deny flood coverage.
Giving them the benefit of doubt, I explained that the proposed changes didn't make mathematical sense and would over count people near the edge of the denial zone. I had access to some market data at the time and was able to estimate it would be a few thousand extra homes. They did the standard "avoid acknowledging the issue" whenever someone is trying to pressure you into doing something unethical it illegal.
I told my boss at the consulting company. He started putting the screws on me. Told me we needed to do this. Told me my job was on the line. Intimated it would be hard to find a new job considering the client was the largest employer in the area. Told me he could get anyone to do it.
I had two weeks of PTO planned, during which I was supposed to come back to Pennsylvania and move my stuff out to Illinois. After my PTO, I was supposed to show back up in Illinois. Instead, I went to our HQ in PA (much to the surprise of everyone, "what are you doing here"), told the CEO what happened, and when he doubled down on doing the wrong thing, I quit on the spot, no notice period.
I learned later they did not "get anyone to do it". My actions put the contract in a lurch, the client dropped my former employer, and cancelled the project.
I feel pretty good about that one.
There have been other issues since then, but I've noticed a pattern. They always happen at places I had to talk myself into joining. There were red flags and I rationalized them away, "well, I'm just over reacting. I don't have any evidence anything is wrong here. It's just the way people talk that's bothering me. And I really need this job." Since I've gotten more stable and better about not taking jobs that show red flags, somehow the ethical issues seem to have magically gone away.
Does this pre-date flood zone maps or something? That's a way better indicator of risk than miles from the coast.
I don't know. This was 25 years ago and I was pretty young at the time. Clients being clients, they probably didn't know, either. Consulting being consulting, probably nobody would have sprung for it (the maps if they needed licensing, or even just the development to use them) if anyone did know.
This is good advice not only for people who encounter fraud, but also those whose employers are profiting from war crimes and the like.
So Google, Amazon, Oracle, Microsoft etc.