The Sorry State of Technology Professional Ethics
By Paul Preiss
I was reminded over the last few weeks and months about one of the key reasons I founded the Iasa.
It really started for me when I arrived years and years ago at a company to find that a vendor and infrastructure team had put an online store SQL server outside the firewall. That sounds bad but in addition, they had left the SA admin account live with a blank password. And as a big cherry on top, credit card numbers were unencrypted in the database. I went balistic of course. And we fixed it quickly. No one was fired, against my recommendation and no vendor lawsuits were filed since. In fact the VP signed a much bigger deal with the same vendor not long after. It took me two years to get that vendor replaced and to this day it is one of the greatest of my achievements as a chief architect. Unfortunately it does not seem to be catching on.
Recently I retweeted Grady Booch’s tweet on the shame that is the software controlling the emissions of the Volkswagen and Audi diesel car engines for years 2009-2015. This of course comes after Target, Home Depot, Ashley Madison and many many other cases that don’t make national news (we are beginning more in depth research on these cases). For over 10 years I have been predicting that architecture at a minimum and technology as a profession is potentially headed to the kind of national and international crisis that has led other professionals to liability and licensure. And I for one am beginning to think that not only is it inevitable but an absolute priority as we enter a fully digital era.
So today in the chief architect forum (a invitation only forum of non-vendor chief architects of members), we discussed the state of ethics in technology. Let’s just say that it was a lively debate. Grady started us out with his thoughts about ethics and then the future of software engineering and finally led us through an intense discussion on how healthy friction in agile initiatives and architecture may lead to better outcomes (note this is not opposition but tension and dichotomy of viewpoints leading to better results).
But for the time being I would like to stay focused on ethics. In the release of the ITABoK we are finalizing a guide and set of ethical rules for architects as well as a procedure for disclosure of wrongdoing, formal removal of certification and other professional disciplinary action such as censure, and if necessary forwarding to criminal authorities. Why are we taking what in some places will be considered draconian? A few reasons and these are something you should think about close to home:
- There are no controls on vendors who knowingly recommend the wrong solution or product: We all know the story the vendor sales team has a quota to meet. In one open dialog recently a very high placed architect in an internationally renowned vendor explained to me that not only did the sales people knowingly sell useless products but it was ‘pretty much’ company policy. This story has many variations, from the negligence of a team to evaluate options, to direct involvement in kickback schemes. This is in fact so commonplace that I have named it. I call it the ‘Cornflower Blue Button Syndrome’, which comes from my favorite movie, Fight Club. In fact, there appears to be very little motivation for change of this behavior. Vendors spend billions in marketing (and lovely events where IT Management is wined and dined) and all of a sudden we have a new fad, a new popular technology that ‘we simply must have’. Companies, governments, non-profits, even hospitals spend trillions on these fads, which are now primarily being marketed to non-technologists, who don’t know the difference between valuable and/or safe and over-hyped marketing. Not too long ago I spoke to an architect who saved his company billions in risk exposure because ‘the business’ wanted patient data in the cloud but didn’t want to pay for security. Do I believe we need to slow down innovation, hell no. And if you look at the Iasa record you will see it’s all about business innovation, but not at the cost of stupidity or worse even criminal behavior.
- There is very little professionalism in our ‘profession’: The rate of adoption in medicine is 13-17 years even though the rate of innovation is staggering. Why you ask? No probably not in fact. It is because when doctors make mistakes or use untested products or techniques, people die. Now tell me what happens when flight control systems malfunction, or drones invade your privacy, or the hospital software issues the wrong drug for your child, as happened in the case of my own daughter? But hey we really need to switch to devops because everyone else is doing it? I’m not bashing devops, agile, waterfall, node.js, or SOA. All have their place and can demonstrate value. But ask yourself this, did your company really vet that value before forging ahead? Or is it because you attended a conference and it sounded cool. I grew up in construction, plumbing in fact, we didn’t take chances with peoples safety or happiness. In no other complex building process is there such a lack of professional capability built over years and years of demonstrated results (without vendor influence), and shared time and time again amongst actual professionals. Im all for trying things out in an innovation lab, but I had a gentleman ask me at a recent conference whether the system he was building should be agile. When I asked what it was, he told me it was a system to keep people from getting sick from bad food (a recall system). My answer, who cares how you get there, tell me how many lives you are going to save.
- There is no enforceable ethical practice: A leader in Iasa told me a story. A person that worked at his company stole the code from another practitioner (outside the company) and passed it off as his own. Not only did that individual not lose their job, the person is now the CIO of a bigger company. Does any of this set off alarms?
- We have no profession voice on issues: Professionals with ethics and an involvement in their society and humanity, have opinions and speak out on important issues. They hold their government to a higher standard and help law makers deal with complexities in an ethical and straightforward way. For example, freedom includes the ability to buy a remote control drone with a high resolution camera. But does it also include the right to fly that drone around my neighbors house and peek in their windows. Obviously not, and there is plenty of case law to handle peeping and privacy violations, but what about more complicated thefts of private data? What about spending patterns of our governments who sign huge contracts with major vendors who also influence the purchase of those products without any external oversight? What about security (I don’t necissarily mean national), I mean how much right does Facebook have to track information about my daughter? These problems require a new brand of leadership at the government level. National transformation and leadership in a digital era requires serious people with deep skills. And where are we on this matter? I am actually quite surprised at how little the architects of this world publish and research critical decisions which impact all of our lives.
- We have no standard of experience for hiring: Iasa is a non-profit yes, but we offer and sell certifications, so maybe you won’t buy my argument. I understand. But let me ask you a question, someone you love is sick and needs surgery. Do you go to a board certified surgeon or a guy down the street who tells you he will do it for free (which of course is illegal without a license)? Sure it’s a stupid question, except that is EXACTLY the state of our professions. Your hair dresser or barber is required to have more certification and maintain their skills many degrees further, than the people who write air traffic control software, embedded software, the technology which controls your retirment account, and the software which watches us through cameras in the airport. And that just sucks all the way around. Look if you don’t go with the Iasa certification, go with the Open Group’s (no I don’t mean TOGAF certification that is likely hiring an engineer because they are certified in Scrum), I mean the Open CA. You can find it at: – http://www.opengroup.org/certifications/professional/open-ca. It isn’t as good as the CITA-S and CITA-P (my opinion) but at the very least it’s experiential and I want you to hear me. And well engineers and developers, you better get something better than java or .NET certification soon. Something equivalent to the PE would be great. At least I would know you can code complicated things and have demonstrated that excellence in the past.
This is clearly a rant, and one a long time coming for me. At Iasa you are going to start seeing some new voices. Not only will we keep covering practical guidance and evaluations but we are going after the hard stories. We are going to start pushing ethics as a critical component.
If you would like to contribute to the formation of our body of practice in ethics, contact me at paultpreiss@ our domain name. Better yet, contribute a case study or a blog on:
- Where should we go as a profession. Licensure? Liability? Ethical standards and practice? Implementation?
- Stories from your career.
- A position paper on ethics and responsibility in technology in government.
- Contribution to the ethical standards (we are posting an updated version tomorrow).
I would like to also invite, The Open Group, The BA Guild, The CAEAP (who have already embraced ethics wholeheartedly), The OMG and all of the other architecture groups to support the enforcement and implementation of ethics in our profession and to join us in developing an enforceable infrastructure in ethical practice.
The first of many rants, complete.