Source: http://www.freefoto.

com

Ethical Issues in Software Development

Ron Garrett and Jennifer Lewis

Ethical Issues in Software Development

Page 2

Table of Contents
Introduction ___________________________________________________________ 3
Ethical Issues __________________________________________________________ 4
Using Open Source Code___________________________________________________________ 4
Using Illegal Software _____________________________________________________________ 5
Reverse Engineering Code__________________________________________________________ 6
Not Addressing Known Bugs _______________________________________________________ 8
Taking Talent from the Competition __________________________________________________ 8

Solving Ethical Problems________________________________________________ 10

Ron Garrett and Jennifer Lewis

Ethical Issues in Software Development

Page 3

Introduction
The process of developing a new software application takes time and effort. It takes time to
design, develop and release the final product. Unfortunately for many software companies and
developers, they are given a small window of time and a small budget to release a software
package. Software companies mainly its developers are under pressure to release a virtually
bug-free product on time at the lowest possible cost. However, they face a lot of obstacles that
hinders this goal. According to the book, Teach Yourself Extreme Programming in 24 Hours, the
top reasons for software project failure were:

Project objectives not fully specified

Bad planning and estimating

Technology new to the organization

Inadequate or no project management methodology

Insufficient senior staff on the team

Poor performance by suppliers of hardware and/or software

Because of the time and money constraints, as well as the obstacles that they face to make a
quality product, software companies and developers are often tempted to perform unethical and
illegal acts to make their goal.

There are five ethical issues that software companies and developers face. They are:

Using open-source code in their own code without properly crediting the source

Using illegal software to perform their tasks

Reverse engineering code to find out how a process works

Not addressing known bugs

Taking talent from the competition

Ron Garrett and Jennifer Lewis

Ethical Issues in Software Development

Page 4

Ethical Issues
Using Open Source Code
According to the definition on the Open Source Initiatives web site, open source is source code
that is readily available to the user. In other words, the application contains the source code that
was used to create the product. There are three particular types of open source code:

Licensed Source Code: The source code may contain a GPL (General Public License)
or an LGPL (Library General Public License) that details how the software and the source
code is to be distributed, copied and modified (Definition of GPL)

Copyrighted or Credited Source Code: The source code may be freely published on a
web site with the authors consent for the programmer to use the source code as long as
the author is credited in the code.

Public Domain: The source code may be in public domain, which means that the author
explicitly relinquishes all rights to the software (Kuruvilla, 2006). In other words, the code
is free to use without consequence.

While the third type of source code does not cause any ethical issues because there is no
obligation to provide credit for use, the first two types do pose ethical issues to the programmer.

In the case where the open source code contains a GPL or LGPL, the programmer must follow
the rules as specified in the GPL or LGPL. Some companies do follow the license. For example,
IBMs Websphere product is based on the Apache Web Server, and up until the latest re-write
that no longer uses Apache code, IBM included the GPL for Apache Web Server in their literature
about the software. However, some companies do not follow the GPL. In some cases, the
companies claim the code as their own. In order to help enforce companies into using the GPL
properly, the Free Software Foundation launched the GPL Violations Project (http://www.gplviolations.org). This watchdog organization monitors companies that are using open-source
projects in their own software development to make sure that the GPL is referenced correctly.

Ron Garrett and Jennifer Lewis

Ethical Issues in Software Development

Page 5

In the case where the open source code has no license, but the author explicitly requests that
s/he is referenced in the developers code, some programmers do not do this, mainly because the
author is not a corporate entity. In most cases, it was difficult for the programmer to prove that a
developer plagiarized his/her code. With the passing of the
Digital Media Copyright Act (DMCA), this can become a major
issue for developers who frequently use code without crediting
the original author. According to the DMCA, if someone
publishes information on the Internet, that information is

DMCA: An act of
Congress passed in
1998 that prevents the
circumvention of
licensing and anti-piracy
measures in digital
media (Definition of
DMCA)

automatically copyrighted as long as the author says so.

Using Illegal Software

Due to time and money crunches, it is tempting for a company to use a pirated copy of software
or violate the software license. In fact, some of the largest
companies have used pirated copies of software or violate the
software licensing rules in the past. Some companies continue

Pirated Software: An
illegal copy of a software
package.
Violation of Software
License: Using the
software that does not
follow the licensing rules.

to illegally use software, despite the fact that software

companies lose $12 billion in revenues due to software piracy (Derowitsch, 56) and license
violations.

To help reduce the temptation of software piracy, the Business Software Alliance (BSA), a
Washington-based software industry watchdog group, is taking aggressive action against
companies who violate software copyrights. In January 2006, Wham-O paid a $70,894 fine and
Burts Bees paid $110,000 fine to the Business Software Alliance (BSA) because employees
were using unauthorized copies of the software on the machine (Derowitsch, 56).

Ron Garrett and Jennifer Lewis

Ethical Issues in Software Development

Page 6

Companies are also taking a proactive approach to preventing piracy. For example, companies
like IT Outsourcing India and Virginia Tech have published ethics guides on how employees are
supposed to use software. These guides cover points such as:

The definitions of software licenses

Penalties that companies and employees will face if they violate copyright laws

Answers to frequently asked questions about software use

In Virginia Techs software use ethics guide, alternatives to help keep software costs low
legally

Reverse Engineering Code

Reverse engineering is a controversial and a confusing subject in the software development
world. Out of all the issues mentioned, this issue frequently creates dilemmas for software
engineers and companies.

Reverse engineering is the process of decompiling an application in order to reveal the source
code. In the early days of software development, many software engineers engaged in the
practice of reverse engineering to find out how a particular program performed an action. With
the passing of the DMCA, reverse engineering has legal implications.

There are issues with reverse engineering that could cause confusion with how to use it. For
example:

If the software is considered public domain, then the programmer is allowed to reverseengineer it.

The DMCA prohibits the act of circumventing a technological measure used by copyright
owners to control access to their works. Acts of circumventing include: copying media,
decrypting encryption tools, and reverse-engineering software (Unintended, 2003).

Ron Garrett and Jennifer Lewis

Ethical Issues in Software Development

Page 7

US courts are ruling that reverse engineering is acceptable as long as it is non-infringing

fair use (Unintended, 2003). However, if the software license explicitly says that the
programmer cannot reverse-engineer the program, the programmer cannot do so.

Two cases illustrate examples of conflicting rules about reverse engineering. In a case where the
courts said that reverse engineering was legal, Sony sued Connectix for reverse-engineering the
code for Sony Playstation games. Connectix created an emulator to allow Apple Macintosh users
to play Sony Playstation games on their machine. The Ninth Circuit court ruled in favor of
Connectix by saying that Connectixs reverse engineering was fair use (Unintended, 2003). In a
case where a company did get penalized for reverse engineering, the Motion Picture Association
of America (MPAA) was able to successfully stop 2600 Magazine from publishing information
about a flawed DVD content protection scheme that was uncovered by reverse engineering
(Pond, 2000).

The controversy with reverse engineering is when a software company is using reverse
engineering to create software that is compatible with other software or hardware. Critics of the
DMCA argue that software and hardware companies are using the DMCA to discourage
competition (Unintended, 2003) by suing companies who reverse-engineer code for
compatibility information or security testing. Proponents of the DMCA argue that the DMCA helps
prevent losses due to piracy and it helps companies protect their intellectual property.

Software companies and developers who are going to use reverse engineering to test security
problems or to find out how the code works to make the program compatible with other hardware
platforms can reference many cases where US courts determined that reverse engineering for
that purpose is legal. However, both the companies and developers will need to be prepared for
the potential of being sued by another company or developer. Before attempting a project where
reverse engineering is necessary, software companies and developers should contact legal
counsel for assistance in this matter.

Ron Garrett and Jennifer Lewis

Ethical Issues in Software Development

Page 8

Not Addressing Known Bugs

In order to meet deadlines, software programmers and companies
have a tendency to skimp on quality assurance testing. As a
result, either quality assurance misses finding major flaws in the

Bug: An error or defect in

software or hardware that
causes a program to
malfunction. (Definition of
bug)

software, or major flaws that are discovered are not fixed because
there is not enough time to re-test the fix. The problem is these flaws cause huge losses for
businesses and generally inconveniences hundreds of thousands of people (Weiss, 2003).

Microsoft is frequently in the news regarding security flaws and bugs found in its operating
systems. For example, in 2003, Microsoft released news of a critical flaw in its operating systems
that allowed hackers to access a persons machine and take control of the machine by running
any program the hackers wished (Microsoft, 2003). In 1991, DSC Communications
Corporations, a Plano, Texas-based company that creates software for telephone systems,
released software that was not thoroughly tested by the company. The software contained a bug
that caused phone blackouts in major cities in the USA, such as Washington, Pittsburgh, Los
Angeles and San Francisco (Zubairi, 2003).

It could be that software developers and companies do not spend time and money on quality
assurance testing because software developers and companies are not liable for any damage
caused by the software as long as they (companies and/or developers) explicitly states that in the
user agreement, license or software documentation (printed and on-line) (Weiss, 2003). Although
a software company or developer cannot be sued for bugs that cause damage as long as they
state that they are not liable, a reputation of a software company or developer could be ruined
from releasing untested or bad code.

Taking Talent from the Competition

Companies who take talent from the competition are placed at an advantage the company can
get proprietary information about a technology, and it can put the competition at a disadvantage
by reducing the human resources needed for software projects.

Ron Garrett and Jennifer Lewis

Ethical Issues in Software Development

Page 9

Companies try to prevent talent from going to competitive firms by having its employees sign noncompete agreements. However, even with a signed non-compete
agreement, companies can still face a legal battle over the wording
of the document, including whether the document is impeding an
employees right to work (Noncompete agreements, 2006). If
the company did not require its employees to sign non-compete
agreements, a competing company can easily take its talent pool

Non-compete
agreement: A
document signed by
an employee that
promises that the said
employee will not work
for a direct competitor
for a specific amount
of time after s/he
leaves the company
(http://www.nolo.com)

from another company. However, even without the non-compete clause, the company can face
civil action from the competitor.

There are two examples that highlight civil actions taken by companies due to talent raiding. The
first example highlights the legal issues of talent raiding. The second example highlights the
questioning of the non-compete agreement.

In 2005, the case of Yahoo v. Nuance Technologies appeared in the California court. This case
addressed the issue of whether talent raiding was causing a misappropriation of trade secrets
and unfair competition. According to the article by Elinor Mills on C-Net News (Yahoo, 2005):
Nuance Technologies was working on voice-activated search engines. Yahoo hired all
but one of the research people on the project. Nuance filed a lawsuit with the California
courts to temporarily bar the workers from working at Yahoo. The judge ruled that the
speech engineers hired by Yahoo were allowed to continue working for Yahoo because
the courts could not properly assess whether any wrongdoing has occurred.
In 2006, the case of Microsoft v. Google appeared in the Washington court. This case addressed
whether a non-compete agreement was violated. According to the article by Elinor Mills on C-Net
News (Microsoft, 2006):
Google hired Kai-Fu Lee, a former Microsoft executive from China, to run the Chinese
branch of Google. However, Microsoft contends that the role that Mr. Lee would perform
at Google (recruiting staff for the developer center in China) was a direct violation of the
non-compete agreement that Mr. Lee signed at Microsoft. The court ruled that recruiting
workers in China was not a violation of the non-compete agreement, but he was not
allowed to work on technologies, set budgets or salaries, or decide on what research
Google can do in China.

Ron Garrett and Jennifer Lewis

Ethical Issues in Software Development

Page 10

Solving Ethical Problems

Ethical problems in the software industry can cause legal ramifications, such as civil suits and
fines, and it can cause business ramifications, such as a ruined reputation that will cost the
company sales. What can software developers and companies do to help prevent problems?
While these suggestions may help prevent problems caused by unethical behavior, it is not a
guarantee that they will solve all the problems.

Assign task to a compliance officer to make sure that the licenses are being used
properly

Watchdog groups can easily find out whether a company is violating software copyright and
licensing rules. The best resource that a watchdog company uses is a disgruntled employee.
By assigning a compliance officer (preferably from the IT department) to ensure that software
is being used as it is licensed, companies can reduce illegal software use.

Perfect quality assurance

Since there are very little legal ramifications for bugs and security flaws causing system
problems, companies will easily spend little time on testing problems and addressing known
bugs. However, the ethical issue is the cost of business. Businesses lose millions of dollars
in lost productivity due to bugs and security flaws. A software developer and the software
company can lose business and future revenues because of a ruined reputation. The best
thing that a company can do is invest time and money in quality assurance. While quality
assurance is not going to catch every bug imaginable, it will catch a high percentage of the
bugs and flaws.

Consult with legal department about non-compete agreements and fair use with
reverse engineering

Non-compete agreements, which are helpful with preventing talent raiding, and the fair use of
reverse engineering has numerous legal implications. Before beginning a project where

Ron Garrett and Jennifer Lewis

Ethical Issues in Software Development

Page 11

reverse engineering is necessary, or before devising a non-compete agreement, companies

and developers should consult with an attorney who is familiar with these subjects. The
attorney can guide the developers and companies with the correct way to perform these
actions.

Let public know about flaws or delay the software release

Despite the fact that Microsoft is well known for releasing bug-laden software (Bishop, 2003),
Microsoft is very good about releasing information about bugs and flaws to the public as soon
as they are discovered. Microsoft has also been known to delay the release of software if
there are too many problems with the software. By doing this, Microsoft has helped its
reputation as a leading software provider. Although a customer may not be happy about a
delay or a flaw, the customer will accept the answer if s/he is given ample warning about the
problem.

Publish ethical guidelines on software development and use

Publishing a guideline about software development and use can leave little room for
interpretation, which could help reduce unethical and potentially illegal behavior. Two
examples of companies who published ethical guidelines are IT Outsourcing India and
Virginia Tech. When developing a guideline, companies and developers should consult with
an attorney who is familiar with the legal issues of software development.

Ron Garrett and Jennifer Lewis

Ethical Issues in Software Development

Page 12

References
Definition of GPL (2006). Retrieved May 10, 2006 from http://www.webopedia.com.
Kuruvilla, Anna Elizabeth (2006). Software ethics and legal use. IT Outsourcing India. Retrieved
April 5, 2006 from http://itoutsourcingindia.com/resources/software_ethics.asp.
Derowitsch, Rachel (2000, August). PC ethics 101. Computing Basics, 11, 56-57.
Weiss, Todd R. (2003) U.S. companies fined for using illegal software. PC World. Retrieved June
19, 2006 from http://www.pcworld.com/resource/printable/article/0,aid,124377,00.asp
Definition of DMCA (2006). Retrieved June 19, 2006 from http://www.webopedia.com.
Definition of bug (2006). Retrieved June 19, 2006 from http://www.webopedia.com.
Unintended consequences: four years under the DMCA (2003). Electronic Frontier Foundation.
Retrieved May 10, 2006 from http://www.eff.org/IP/DMCA/unintended_consequences_v2.pdf.
Microsoft security bulletin MS03-011. Microsoft. Retrieved June 19, 2006 from
http://www.microsoft.com/technet/security/bulletin/MS03-011.html
Zubairi, Junaid Ahmed. To test or not to test the software: a case study on ethics in computing.
SUNY at Fredonia. Retrieved June 1, 2006 from
http://ublib.buffalo.edu/libraries/projects/cases/computing/computing_ethics.html
Baird, Stewart. (2002). Teach yourself extreme programming in 24 hours. Sams.
Bishop, Todd. (2003) Should Microsoft be liable for bugs?. Seattle Post-Intelligencer. Retrieved
June 1, 2006 from
http://seattlepi.nwsource.com/printer2/index.asp?ploc=t&refer=http://seattlepi.nwsource.com
Mills, Elinor. (2005). Yahoo accused of poaching speech engineers. C-Net. Retrieved June 19,
2006 from http://news.com.com/2102-1030_3-5885971.html?tag=st.util.print.
Mills, Elinor. (2006). Microsoft seeks settlement in Google lawsuit. C-Net. Retrieved June 19,
2006 from http://news.com.com/2102-1030_3-5862947.html?tag=st.util.print.
Noncompete agreements. (2006). Nolo. Retrieved June 20, 2006 from
http://www.nolo.com/article.cfm
Pond, Weld. (2003). Why the world needs reverse engineers. ZDNet. Retrieved June 20, 2006
from http://news.zdnet.com/2100-9595-22-524352.html.
Using software. Virginia Tech. Retrieved Jun 5, 2006 from
http://courses.cs.vt.edu/~cs2604/lib/WorldCodes/EDUCOM.software.html/

Ron Garrett and Jennifer Lewis