[trustable-software] Dark Patterns for unethical user interfaces

Duncan Hart dah at seriousaboutsecurity.com
Sat Aug 6 08:35:28 UTC 2016 

Reply interleaved..

On 5 August 2016 at 14:36, Paul Sherwood <paul.sherwood at codethink.co.uk>
wrote:

> On 2016-07-31 17:51, Colin Robbins wrote:
>
>> Hi Paul,
>>
>> This would seem like a good start on a code of ethics for software
>> engineers.
>> http://www.acm.org/about/se-code [1]
>>
>> Not had any experience of it.
>>
>
> Thanks for this.
>
> The content is clearly well-intentioned, and seems to cover the ground
> pretty thoroughly. However I read it a couple of times, and felt vaguely
> uneasy but couldn't figure out why.
>
> After letting it soak into my subconscious, I realised:
>
> - if this was in a workplace, many people would just scan through and say,
> 'oh yes, fine, whatever' and then proceed as before.
>
> and maybe more crucially
>
> - expecting engineers to 'moderate the interests of the software engineer,
> the employer, the client and the users with the public good' is like asking
> the tail to wag the dog.
>
> I've emailed ACM to ask if it's possible to re-use or adapt their text.
>
> Now I'm thinking about how to address the issues above. It seems to me the
> only way to be confident that a code actually works and is enforced is to
>
> - have it expressly driven and prioritised from the top of an organisation
> - and ensure transparency so that those who find themselves pressured (or
> incentivised) to cheat can benefit from others outside, who can correct the
> situation by whistleblowing without being influenced by the
> pressure/incentive.
> - and see some evidence of actual instances of the corrections.
>
> I wonder whether ACM has any hotline/process for whistleblowers, or any
> evidence of actual incidents, but obviously this is not the place to ask.
>
> On the security side, most professional bodies have a code of ethics
>> that members have to subscribed to. It's fundamanal in the securty
>> world, as the line between ethical and unethical behaviour is very
>> grey.
>>
>
> Very true. And what is understood to be ethical by one group may be
> unacceptable for another. Maybe the most we can hope for is that the rules
> for a given group/organisation are clear, that they are followed by
> default, and that there are mechanisms to spot and address situations when
> they are not.
>

​The idea of a mechanism to spot and address situations, irrespective of
conflicting priorities or bad behaviour, interests me. I've been using
Stafford Beer's Viable System Modelling as a tool/model for to-be
organisational design​ and I'm now considering if Beer's model, especially
System 3, could be an effective monitoring control for the case you mention
above.

<https://en.wikipedia.org/wiki/Viable_system_model>

--
Duncan Hart

<This message is on-the-record unless we agree otherwise>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.veristac.io/pipermail/trustable-software/attachments/20160806/45a4cd60/attachment.html>

More information about the trustable-software mailing list