Project Description

By:  Scott Andersen

The ethics of software architecture are comprised of a series of responses to regulatory and other formal requirements. Building a system that violates the law isn’t ethical and it’s pretty much wrong to boot. But there are a number of other ways you can get into ethical dilemmas as a software architect (working with software engineers). A couple of these came up in an event I was part of two years ago and still resonate and a couple came in my email this week from various readers.

Dilemma 1:

While designing a new mail system for a company you run into this issue. The head of security for the organization informs you that all servers in the mail system will have an additional piece of software that is not to be included on any architectural diagrams. This piece of software will COPY all messages sent and received by anyone on the servers and divert that message to a security mailbox. This could also come from a 3rd party not an internal person.

What should you do?

Dilemma 2:

As you are gathering data about the physical infrastructure at an organization you happen to talk to the mail administrator. He or she has been cleaning up the various mailboxes and files on the servers and has discovered information about a person in the company.

A: The information discovered is not incriminating but is embarrassing. The administrator asks you what he or she should do. What do you tell him or her?

B. The information is incriminating but is not a major crime (they person has done something bad but not something horrible) what do you tell the admin now?

C. The information is bad. The admin has information about something major that an employee of the company has done. What do you tell him or her then?

Over the course of the next few weeks we will have a few more Dilemma’s to share. These are one’s that spark great debates when I give an ethics talk in public forums. The first one is one that the audience reacts to differently today (post the recent revelations of the NSA and various mail providers) than they did four or five years ago. In the end the first brings you to a great point where you can talk about the Ethics of Privacy.

As a software architect are we bound to protecting the privacy of the users or the privacy of the system owners? It’s the ethics of the paycheck. The organization that pays you has a specific set of goals. They operate at a different level and may not operate at the same ethical level as the software architect and the users of the system. The focus of a company is to make money in the end. There are many companies that make money in an ethical way. But some do not today, and haven’t for a long time. As a software architect should we tie our livelihood to a company we know isn’t operating ethically?