Source: http://www.freefoto.

com

Ethical Issues in Software Development

Ron Garrett and Jennifer Lewis
 Ethical Issues in Software Development
Page 2

Table of Contents

Introduction ___________________________________________________________ 3
Ethical Issues __________________________________________________________ 4
Using Open Source Code___________________________________________________________ 4
Using Illegal Software _____________________________________________________________ 5
Reverse Engineering Code__________________________________________________________ 6
Not Addressing Known Bugs _______________________________________________________ 8
Taking Talent from the Competition __________________________________________________ 8
Solving Ethical Problems________________________________________________ 10

Ron Garrett and Jennifer Lewis

 Ethical Issues in Software Development
Page 3

Introduction
The process of developing a new software application takes time and effort. It takes time to

design, develop and release the final product. Unfortunately for many software companies and

developers, they are given a small window of time and a small budget to release a software

package. Software companies – mainly its developers – are under pressure to release a virtually

bug-free product on time at the lowest possible cost. However, they face a lot of obstacles that

hinders this goal. According to the book, Teach Yourself Extreme Programming in 24 Hours, the

top reasons for software project failure were:

• Project objectives not fully specified

• Bad planning and estimating

• Technology new to the organization

• Inadequate or no project management methodology

• Insufficient senior staff on the team

• Poor performance by suppliers of hardware and/or software

Because of the time and money constraints, as well as the obstacles that they face to make a

quality product, software companies and developers are often tempted to perform unethical and

illegal acts to make their goal.

There are five ethical issues that software companies and developers face. They are:

• Using open-source code in their own code without properly crediting the source

• Using illegal software to perform their tasks

• Reverse engineering code to find out how a process works

• Not addressing known bugs

• Taking talent from the competition

Ron Garrett and Jennifer Lewis

 Ethical Issues in Software Development
Page 4

Ethical Issues
Using Open Source Code
According to the definition on the Open Source Initiative’s web site, open source is source code

that is readily available to the user. In other words, the application contains the source code that

was used to create the product. There are three particular types of open source code:

• Licensed Source Code: The source code may contain a GPL (General Public License)

or an LGPL (Library General Public License) that details how the software and the source

code is to be distributed, copied and modified (“Definition of GPL”)

• Copyrighted or Credited Source Code: The source code may be freely published on a

web site with the author’s consent for the programmer to use the source code as long as

the author is credited in the code.

• Public Domain: The source code may be in public domain, which means that the author

explicitly relinquishes all rights to the software (Kuruvilla, 2006). In other words, the code

is free to use without consequence.

While the third type of source code does not cause any ethical issues because there is no

obligation to provide credit for use, the first two types do pose ethical issues to the programmer.

In the case where the open source code contains a GPL or LGPL, the programmer must follow

the rules as specified in the GPL or LGPL. Some companies do follow the license. For example,

IBM’s Websphere product is based on the Apache Web Server, and up until the latest re-write

that no longer uses Apache code, IBM included the GPL for Apache Web Server in their literature

about the software. However, some companies do not follow the GPL. In some cases, the

companies claim the code as their own. In order to help enforce companies into using the GPL

properly, the Free Software Foundation launched the GPL Violations Project (http://www.gpl-

violations.org). This watchdog organization monitors companies that are using open-source

projects in their own software development to make sure that the GPL is referenced correctly.

Ron Garrett and Jennifer Lewis

 Ethical Issues in Software Development
Page 5

In the case where the open source code has no license, but the author explicitly requests that

s/he is referenced in the developer’s code, some programmers do not do this, mainly because the

author is not a corporate entity. In most cases, it was difficult for the programmer to prove that a

developer plagiarized his/her code. With the passing of the

DMCA: An act of
Digital Media Copyright Act (DMCA), this can become a major Congress passed in
1998 that prevents the
issue for developers who frequently use code without crediting circumvention of
licensing and anti-piracy
the original author. According to the DMCA, if someone measures in digital
media (“Definition of
publishes information on the Internet, that information is DMCA”)

automatically copyrighted as long as the author says so.

Using Illegal Software

Due to time and money crunches, it is tempting for a company to use a pirated copy of software
Pirated Software: An
or violate the software license. In fact, some of the largest illegal copy of a software
package.
companies have used pirated copies of software or violate the
Violation of Software
License: Using the
software licensing rules in the past. Some companies continue software that does not
follow the licensing rules.
to illegally use software, despite the fact that software

companies lose $12 billion in revenues due to software piracy (Derowitsch, 56) and license

violations.

To help reduce the temptation of software piracy, the Business Software Alliance (BSA), a

Washington-based software industry watchdog group, is taking aggressive action against

companies who violate software copyrights. In January 2006, Wham-O paid a $70,894 fine and

Burt’s Bees paid $110,000 fine to the Business Software Alliance (BSA) because employees

were using unauthorized copies of the software on the machine (Derowitsch, 56).

Ron Garrett and Jennifer Lewis

 Ethical Issues in Software Development
Page 6

Companies are also taking a proactive approach to preventing piracy. For example, companies

like IT Outsourcing India and Virginia Tech have published ethics guides on how employees are

supposed to use software. These guides cover points such as:

• The definitions of software licenses

• Penalties that companies and employees will face if they violate copyright laws

• Answers to frequently asked questions about software use

• In Virginia Tech’s software use ethics guide, alternatives to help keep software costs low

legally

Reverse Engineering Code

Reverse engineering is a controversial and a confusing subject in the software development

world. Out of all the issues mentioned, this issue frequently creates dilemmas for software

engineers and companies.

Reverse engineering is the process of decompiling an application in order to reveal the source

code. In the early days of software development, many software engineers engaged in the

practice of reverse engineering to find out how a particular program performed an action. With

the passing of the DMCA, reverse engineering has legal implications.

There are issues with reverse engineering that could cause confusion with how to use it. For

example:

• If the software is considered public domain, then the programmer is allowed to reverse-

engineer it.

• The DMCA prohibits the act of circumventing a technological measure used by copyright

owners to control access to their works. Acts of circumventing include: copying media,

decrypting encryption tools, and reverse-engineering software (“Unintended”, 2003).

Ron Garrett and Jennifer Lewis

 Ethical Issues in Software Development
Page 7

• US courts are ruling that reverse engineering is acceptable as long as it is non-infringing

fair use (“Unintended”, 2003). However, if the software license explicitly says that the

programmer cannot reverse-engineer the program, the programmer cannot do so.

Two cases illustrate examples of conflicting rules about reverse engineering. In a case where the

courts said that reverse engineering was legal, Sony sued Connectix for reverse-engineering the

code for Sony Playstation games. Connectix created an emulator to allow Apple Macintosh users

to play Sony Playstation games on their machine. The Ninth Circuit court ruled in favor of

Connectix by saying that Connectix’s reverse engineering was fair use (“Unintended”, 2003). In a

case where a company did get penalized for reverse engineering, the Motion Picture Association

of America (MPAA) was able to successfully stop 2600 Magazine from publishing information

about a flawed DVD content protection scheme that was uncovered by reverse engineering

(Pond, 2000).

The controversy with reverse engineering is when a software company is using reverse

engineering to create software that is compatible with other software or hardware. Critics of the

DMCA argue that software and hardware companies are using the DMCA to discourage

competition (“Unintended”, 2003) by suing companies who reverse-engineer code for

compatibility information or security testing. Proponents of the DMCA argue that the DMCA helps

prevent losses due to piracy and it helps companies protect their intellectual property.

Software companies and developers who are going to use reverse engineering to test security

problems or to find out how the code works to make the program compatible with other hardware

platforms can reference many cases where US courts determined that reverse engineering for

that purpose is legal. However, both the companies and developers will need to be prepared for

the potential of being sued by another company or developer. Before attempting a project where

reverse engineering is necessary, software companies and developers should contact legal

counsel for assistance in this matter.

Ron Garrett and Jennifer Lewis

 Ethical Issues in Software Development
Page 8

Not Addressing Known Bugs

In order to meet deadlines, software programmers and companies Bug: An error or defect in
software or hardware that
have a tendency to skimp on quality assurance testing. As a causes a program to
malfunction. (“Definition of
result, either quality assurance misses finding major flaws in the bug”)
software, or major flaws that are discovered are not fixed because

there is not enough time to re-test the fix. The problem is these flaws cause huge losses for

businesses and generally inconveniences hundreds of thousands of people (Weiss, 2003).

Microsoft is frequently in the news regarding security flaws and bugs found in its operating

systems. For example, in 2003, Microsoft released news of a critical flaw in its operating systems

that allowed hackers to access a person’s machine and take control of the machine by running

any program the hackers wished (“Microsoft”, 2003). In 1991, DSC Communications

Corporations, a Plano, Texas-based company that creates software for telephone systems,

released software that was not thoroughly tested by the company. The software contained a bug

that caused phone blackouts in major cities in the USA, such as Washington, Pittsburgh, Los

Angeles and San Francisco (Zubairi, 2003).

It could be that software developers and companies do not spend time and money on quality

assurance testing because software developers and companies are not liable for any damage

caused by the software as long as they (companies and/or developers) explicitly states that in the

user agreement, license or software documentation (printed and on-line) (Weiss, 2003). Although

a software company or developer cannot be sued for bugs that cause damage as long as they

state that they are not liable, a reputation of a software company or developer could be ruined

from releasing untested or bad code.

Taking Talent from the Competition

Companies who take talent from the competition are placed at an advantage – the company can

get proprietary information about a technology, and it can put the competition at a disadvantage

by reducing the human resources needed for software projects.

Ron Garrett and Jennifer Lewis

 Ethical Issues in Software Development
Page 9

Companies try to prevent talent from going to competitive firms by having its employees sign non-

compete agreements. However, even with a signed non-compete Non-compete

agreement: A
agreement, companies can still face a legal battle over the wording document signed by
an employee that
of the document, including whether the document is impeding an promises that the said
employee will not work
employee’s “right to work” (“Noncompete agreements”, 2006). If for a direct competitor
for a specific amount
the company did not require its employees to sign non-compete of time after s/he
leaves the company
agreements, a competing company can easily take its talent pool (http://www.nolo.com)
from another company. However, even without the non-compete clause, the company can face

civil action from the competitor.

There are two examples that highlight civil actions taken by companies due to talent raiding. The

first example highlights the legal issues of talent raiding. The second example highlights the

questioning of the non-compete agreement.

In 2005, the case of Yahoo v. Nuance Technologies appeared in the California court. This case

addressed the issue of whether “talent raiding” was causing a misappropriation of trade secrets

and unfair competition. According to the article by Elinor Mills on C-Net News (“Yahoo”, 2005):

Nuance Technologies was working on voice-activated search engines. Yahoo hired all
but one of the research people on the project. Nuance filed a lawsuit with the California
courts to temporarily bar the workers from working at Yahoo. The judge ruled that the
speech engineers hired by Yahoo were allowed to continue working for Yahoo because
the courts could not properly assess whether any wrongdoing has occurred.

In 2006, the case of Microsoft v. Google appeared in the Washington court. This case addressed

whether a non-compete agreement was violated. According to the article by Elinor Mills on C-Net

News (“Microsoft”, 2006):

Google hired Kai-Fu Lee, a former Microsoft executive from China, to run the Chinese
branch of Google. However, Microsoft contends that the role that Mr. Lee would perform
at Google (recruiting staff for the developer center in China) was a direct violation of the
non-compete agreement that Mr. Lee signed at Microsoft. The court ruled that recruiting
workers in China was not a violation of the non-compete agreement, but he was not
allowed to work on technologies, set budgets or salaries, or decide on what research
Google can do in China.

Ron Garrett and Jennifer Lewis

 Ethical Issues in Software Development
Page 10

Solving Ethical Problems

Ethical problems in the software industry can cause legal ramifications, such as civil suits and

fines, and it can cause business ramifications, such as a ruined reputation that will cost the

company sales. What can software developers and companies do to help prevent problems?

While these suggestions may help prevent problems caused by unethical behavior, it is not a

guarantee that they will solve all the problems.

• Assign task to a compliance officer to make sure that the licenses are being used

properly

Watchdog groups can easily find out whether a company is violating software copyright and

licensing rules. The best resource that a watchdog company uses is a disgruntled employee.

By assigning a compliance officer (preferably from the IT department) to ensure that software

is being used as it is licensed, companies can reduce illegal software use.

• Perfect quality assurance

Since there are very little legal ramifications for bugs and security flaws causing system

problems, companies will easily spend little time on testing problems and addressing known

bugs. However, the ethical issue is the cost of business. Businesses lose millions of dollars

in lost productivity due to bugs and security flaws. A software developer and the software

company can lose business and future revenues because of a ruined reputation. The best

thing that a company can do is invest time and money in quality assurance. While quality

assurance is not going to catch every bug imaginable, it will catch a high percentage of the

bugs and flaws.

• Consult with legal department about non-compete agreements and fair use with

reverse engineering

Non-compete agreements, which are helpful with preventing talent raiding, and the fair use of

reverse engineering has numerous legal implications. Before beginning a project where

Ron Garrett and Jennifer Lewis

 Ethical Issues in Software Development
Page 11

reverse engineering is necessary, or before devising a non-compete agreement, companies

and developers should consult with an attorney who is familiar with these subjects. The

attorney can guide the developers and companies with the correct way to perform these

actions.

• Let public know about flaws or delay the software release

Despite the fact that Microsoft is well known for releasing bug-laden software (Bishop, 2003),

Microsoft is very good about releasing information about bugs and flaws to the public as soon

as they are discovered. Microsoft has also been known to delay the release of software if

there are too many problems with the software. By doing this, Microsoft has helped its

reputation as a leading software provider. Although a customer may not be happy about a

delay or a flaw, the customer will accept the answer if s/he is given ample warning about the

problem.

• Publish ethical guidelines on software development and use

Publishing a guideline about software development and use can leave little room for

interpretation, which could help reduce unethical and potentially illegal behavior. Two

examples of companies who published ethical guidelines are IT Outsourcing India and

Virginia Tech. When developing a guideline, companies and developers should consult with

an attorney who is familiar with the legal issues of software development.

Ron Garrett and Jennifer Lewis

 Ethical Issues in Software Development
Page 12

References
Definition of GPL (2006). Retrieved May 10, 2006 from http://www.webopedia.com.

Kuruvilla, Anna Elizabeth (2006). Software ethics and legal use. IT Outsourcing India. Retrieved
April 5, 2006 from http://itoutsourcingindia.com/resources/software_ethics.asp.

Derowitsch, Rachel (2000, August). PC ethics 101. Computing Basics, 11, 56-57.

Weiss, Todd R. (2003) U.S. companies fined for using illegal software. PC World. Retrieved June
19, 2006 from http://www.pcworld.com/resource/printable/article/0,aid,124377,00.asp

Definition of DMCA (2006). Retrieved June 19, 2006 from http://www.webopedia.com.

Definition of bug (2006). Retrieved June 19, 2006 from http://www.webopedia.com.

Unintended consequences: four years under the DMCA (2003). Electronic Frontier Foundation.
Retrieved May 10, 2006 from http://www.eff.org/IP/DMCA/unintended_consequences_v2.pdf.

Microsoft security bulletin MS03-011. Microsoft. Retrieved June 19, 2006 from
http://www.microsoft.com/technet/security/bulletin/MS03-011.html

Zubairi, Junaid Ahmed. To test or not to test the software: a case study on ethics in computing.
SUNY at Fredonia. Retrieved June 1, 2006 from
http://ublib.buffalo.edu/libraries/projects/cases/computing/computing_ethics.html

Baird, Stewart. (2002). Teach yourself extreme programming in 24 hours. Sams.

Bishop, Todd. (2003) Should Microsoft be liable for bugs?. Seattle Post-Intelligencer. Retrieved
June 1, 2006 from
http://seattlepi.nwsource.com/printer2/index.asp?ploc=t&refer=http://seattlepi.nwsource.com

Mills, Elinor. (2005). Yahoo accused of poaching speech engineers. C-Net. Retrieved June 19,
2006 from http://news.com.com/2102-1030_3-5885971.html?tag=st.util.print.

Mills, Elinor. (2006). Microsoft seeks settlement in Google lawsuit. C-Net. Retrieved June 19,
2006 from http://news.com.com/2102-1030_3-5862947.html?tag=st.util.print.

Noncompete agreements. (2006). Nolo. Retrieved June 20, 2006 from

http://www.nolo.com/article.cfm

Pond, Weld. (2003). Why the world needs reverse engineers. ZDNet. Retrieved June 20, 2006
from http://news.zdnet.com/2100-9595-22-524352.html.

Using software. Virginia Tech. Retrieved Jun 5, 2006 from

http://courses.cs.vt.edu/~cs2604/lib/WorldCodes/EDUCOM.software.html/

Ron Garrett and Jennifer Lewis