Professional ethics and computer systems

Updated version now available.

For the ANU Perspectives on Computing (COMP1200)

And University of Canberra, Information Sciences and Engineering Seminar, 13 May 2005

By Tom Worthington FACS HML


Information Technology is a practical discipline. We build computer systems because they are useful. Ethics can help build better computer systems.

Here is an ethics question for you: Your university hosts an Internet mailing list for librarians discuss use of the Internet. Lawyers demand that a posting to the list be removed saying it gives the impression their client supports child pornography. When you check, there is a posting, but it is years old and taken in context it seems fair comment. But the lawyers argue that when the average person finds this specific posting with a web search, they aren't getting the context.

What do you do? Delete any trace of the posting, thus falsifying the public record? Replace the posting with a note saying why it was deleted? Insert a correction? Invite the aggrieved part to place a correction? Tell them to go away?

This may seem a far fetched example, but is real, current and involves this university:

A government department is trying to change history by pressuring a university to erase an internet discussion from almost three years ago.

The comments, made in an internet newsgroup in July 2000 and now archived on computers at the Australian National University, suggested the department's computers contained links to child pornography.

The South Eastern Sydney Area Health Service, which discovered the comments in October 2002, rejects the allegations as untrue and is fighting to have the comments wiped from the computer archives.

Internet feud as health service pushes to delete past, Sue Lowe, Sydney Morning Herald, 17 May 2003, URL:

I am a member of the Link mailing list and was asked for advice on what to do. What would you do if you ran this system? How would you decide what to do? The Linker's did what they usually do and discussed the issue on-line.

Ten years ago ethical issues for IT professions were rare. You might not have to address a serious issue in your career. The Internet has made IT much more visible and ethical issues common.

Conduct and Practice

The ACS has a Code of Professional Conduct and Professional Practice, incorporating a code of ethics which requires all members to act with professional responsibility and integrity. The code is only binding on members of the ACS. But other profession bodies have similar codes. Courts and other tribunals will use such codes when considering your actions, if you carry out IT work.

Essentially the profession has a contract with the community: in return for governing our members we will protect the public interest.

The code goes into more detail on points in the ACS Code of Ethics:

  1. The Public Interest
  2. Integrity
  3. Confidentiality
  4. Objectivity and Independence
  5. Competence
  6. Keeping Up-To-Date
  7. Subordinates
  8. Responsibility to your Client
  9. Promoting Information Technology
  10. The Image of the Profession and the Society

Each individual professional must decide the correct ethical course in each case. You may have to act against the directions of your superiors to act legally, or against the law to act ethically. Being a member of a professional body, can help. But ultimately it is for you to decide.

Some examples

Safety critical systems: Averting the end of the world

A truncation error has occurred in a critical situation, causing extensive damage and loss of life. Who is liable, if anyone?

From: Computer Science - an overview, 7th Edition, by J. Glenn Brookshear, Addison Wesley, 2003, URL:

Had to follow my own edict

This issue arose for Y2K in 2000. There was the possibility of massive computer failure causing anything up to the end of the world. Or was there? Who should do what?

In one of life's ironies, I first issued an edict to IT professionals when I was President of the ACS, then found myself as Director of Technical Issues for Y2K at the Defence Department and had to follow my own edict:

"Media hype aside, the Year 2000 problem poses a serious risk to all compu er-based systems and all IT professionals have an obligation to assess and report the extent of the problem in all systems for which they are responsible," said ACS President, Tom Worthington.

"Any ACS member who fails to take appropriate action on Year 2000 is in breach of the ACS Code of Professional Conduct and Practice. Lack of knowledge, resources, or authority to act is not a valid defence and they can be charged with professional misconduct under the rules of the Society, as well as facing possible civil or criminal proceedings."

From: ACS Calls for Greater Cooperation on Year 2000, 14 July 1997, URL:

Y2K overstated?

The general view post-Y2K was that the problem was vastly overstated. Even so part of the US military satellite system failed with a Y2K bug:

At midnight GMT on Friday, a US spy satellite system was hit by the computer bug as a ground-control station lost its ability to process the information streaming in from space...

From US satellites safe after Y2K glitch, BBC News, 3 January, 2000, 22:12 GMT, URL:

While Russia was launching ballistic missiles:

The most dramatic event, an announcement by the US military that it had detected the launch of three Russian missiles, turned out to be unrelated to the Y2K bug. Russian officials confirmed that the Scud missile launches were part of its ongoing conflict with rebels in Chechnya.

From Y2K bug fails to bite, BBC News, 1 January, 2000, 10:48 GMT, URL:

Techniques for Breaking Security

... Is it ethical to advertise and circulate techniques for breaking security? Does it matter what is being broken into? ...

From: Computer Science - an overview, 7th Edition, by J. Glenn Brookshear, Addison Wesley, 2003, URL:

Computer Emergency Response Team for Australia

What do you do when you find a security hole in the Internet? Rush out and tell everyone so it can be fixed? Tell no one in case someone exploits it? One easy answer is to tell AusCert:

AusCERT is the national Computer Emergency Response Team for Australia and New Zealand and a leading CERT in the Asia/Pacific region. AusCERT maintains a world recognised reputation and trusted contact network of computer security experts around the world and provides prevention, response and mitigation strategies for members.

From: AusCERT Home Page, 2003, URL:

Violent Computer Games

... Should children's access to violent computer games be restricted? If so, how and by whom?...

From: Computer Science - an overview, 7th Edition, by J. Glenn Brookshear, Addison Wesley, 2003, URL:

ACS on Regulation of the Internet

The issues to do with computer games are similar to those for Internet access. On several occasions, starting in 1995 I had to appear efore Senate committees to present the ACS's position:

  1. Dialogue must encouraged between public policy makers and the on-line community to discuss workable solutions to controlling potentially offensive information ...

  2. Pre-classification of Internet material, as is done for film censorship, is unworkable,

  3. Existing laws on liability for speech and information should be revised ... to be technology neutral,

  4. Information carriers should not be held responsible for content which they are no involved in the production of,

  5. Internet software authors should be encouraged to add blocking and monitoring facilities for parents ...

  6. An education campaign on safe use of the Internet, should be conducted for parents and children,

  7. Codes of conduct for system operators should be encouraged.

From: Submission on the Regulation of the Internet, ACS, 1995, URL:

Most of these points were adopted. Perhaps the most interesting part of the process was educating the Senators in what the Internet was and how they could use it.

Who is the Client?

... client may wish to cut corners for the sake of efficiency, but the professional may foresee a potential source of erroneous data or misuse of the system if those shortcuts are taken. If the client insists, is the professional free of responsibility? ...

From: Computer Science - an overview, 7th Edition, by J. Glenn Brookshear, Addison Wesley, 2003, URL:


Before working out how much notice you have to take of the client, who is the client? An extreme example is in giving evidence as an expert witness in a court case. One case I was involved with is public and can be used as an example:

... Mr Worthington... proceeded to an assessment on the basis of assumptions which in his view were reasonable. ... There is no satisfactory basis for the Commission rejecting as unacceptable the view of these two very experienced experts on matters relating to the World Wide Web. ...

Accordingly, the complaint is substantiated and it is proper for the Commission to make the following determination pursuant to s.103(1) of the DDA:

1. A declaration that the respondent has engaged in conduct that is unlawful under section 24 of the DDA in that it has provided for the use of the complainant a web site which because of his blindness is to a significant extent inaccessible. ...

Bruce Lindsay Maguire v Sydney Organising Committee for the Olympic Games, Human Rights and Equal Opportunity Commission, Disability Discrimination Act 1992, William Carter QC, No. H 99/115, 24 August 2000, URL:

An expert witness assists the Court

An expert witness is usually paid by one party, but is supposed to work for the court, not the people paying them:

1.1 An expert witness has an overriding duty to assist the Court on matters relevant to the expert’s area of expertise.
1.2 An expert witness is not an advocate for a party.
1.3 An expert witness’s paramount duty is to the Court and not to the person retaining the expert.

From: Guidelines for Expert Witnesses in Proceedings in the Federal Court of Australia, Chief Justice, 19 March 2004, URL:


There are no final or simple answers with ethical issues. If I have left you with an uneasy feeling that you need to do more and some ideas of possible action this has been worthwhile.

See also: