ACM-code of ethics (model 2)

Steve is a team leader in the network security department of a regional bank. In analyzing system logs, a routine part of his job, he finds evidence that several customer accounts were accessed improperly. A full audit indicates there were no transactions, only inquiries of account balances and the date of the last activity. The software problem causing the vulnerability is found and patched. Steve reasons that because no one lost any funds, there's no need to notify the customers. He does inform his superiors at the bank about the breach, of course.

1. Robust security includes notifying users affected by data breaches.
2. Important systems require ongoing monitoring to ensure they're still secure.
3. Due diligence to protect important information is a responsibility of any computing professional, whether they're specifically working in security or not.
4. The Code recognizes that security must be robust, but must also be usable, and should not be overly complex.

All of the statements are correct.

Snowflake Consulting uses an internal message board for project updates, useful tips, and various in-house communication, including a more informal "Snowflake Pub" section for humor and informal chat. Over time, a "locker room" atmosphere has developed in the "Pub" section. Two of the company's newest employees have posted in the section that while they understand the need to unwind, some of the humor posted has been crude, and some of it has been quite derogatory toward certain groups, to the point that they have stopped looking in that section at all and reduced their use of the message board in general. Several of the older employees have responded angrily about "no sense of humor" or that "If you don't like it, don't look at it, problem solved."

1. Section 1.4 discusses limiting access to virtual spaces where interaction takes place.
2. The code agrees with the older employees; nothing requires them to look in that section, so there's no problem.
3. The company has a positive obligation to avoid creating a system that marginalizes people.
4. Practices as well as technologies should be as inclusive as possible.

Statements 1, 3, and 4 are correct.

After many versions and years of a declining user base, BitMangler is finally retiring its oldest product, Online Americans Online In America. Management has decided the last few hundred users will be notified in an email sent out October 15, thanking them for their loyalty, and the service shut down for good November 1. What does the Code say about retiring old computer systems?

1. Users should be given ample notice before systems are retired.
2. Users should do their own research to see if other alternatives exist
3. In addition to giving ample notice, BitMangler should provide information about other alternatives that might exist
4. Systems should almost never be retired as long as they continue to have a user base.

Statements 1 and 3 are correct.

Prof. Wright is preparing a presentation for his data-mining class. He finds a public code repository online with a simple demonstration program showing the technique he's discussing in next week's class. He downloads code from the repository and puts portions of it into his lecture notes. As there is no obvious attribution in the code, Prof. Wright does not include any in his notes. He does not explicitly claim that the code is his; rather, he is silent on the question of authorship.

What does the ACM Code of Ethics say about giving credit for work?

1. Credit should always be given for the work of others
2. Since the code was in a public repository and widely available, Prof. Wright did nothing wrong.
3. The original author could rightfully demand credit, but should be willing to let Prof. Wright use his work as a class example.
4. Since he did not actually claim that he had written the code, Prof. Wright did nothing wrong.

Statements 1 and 3 are correct.

Harry is a volunteer board member for a small non-profit. Because of his computer expertise, he has been asked to review and make a recommendation about two different software packages the non-profit is considering. He has been using one of them for years, likes it, and is very familiar with it. The other, while newer, has become more popular for its ease of use and excellent company support. Harry has discussed all this in his report, making it clear that he is much more familiar with one of these products, and that the other one may be easier to use and easier to get support for.

1. By disclosing factors that may appear to influence the independence of his judgement, Harry is meeting his obligation to be honest and trustworthy.
2. Since there is no direct conflict of interest here, Harry didn't need to go to that much trouble.
3. By providing his best advice, Harry is promoting the public good.
4. Since Harry isn't being paid for his work, the Code doesn't apply.

Statements 1 and 3 are correct.

Yusuf is a newly-promoted HR manager at a large software company. One morning he shares an elevator with a newly-hired developer, who he finds attractive. He considers asking her out, but does not want to give offense if she is married. He thus returns to his office and accesses her personnel record, finding that she is single. He decides to invite her out to dinner the next time he sees her.

1. Yusuf probably violated the developer's privacy under the code.
2. Since Yusuf has a legitimate need to look at personnel records, privacy questions don't apply here under the Code.
3. It is possible that the developer's privacy was violated, even if she never finds out about the violation.
4. Privacy only applies in certain very specific situations, and this isn't one of them.

Statements 1 and 3 are correct.

Snowflake Consulting is negotiating a computing-services contract with the government of Elbonia, a small developing country just emerging from civil war. The company has been informed that the Elbonian Prime Minister would "look much more favorably" on Snowflake's proposal if the company made a large donation to the Elbonian Orphans' Relief Fund, which just happens to be run by the Prime Minister's wife. Snowflake's CEO remarked that the "contribution" would most likely fund the Prime Minister's wife's next shopping trip to London; that is, that this is a bribe.

1. The Code allows payment of bribes, but only up to a certain threshold and under certain conditions.
2. Section 1.3 of the code specifically forbids paying bribes.
3. If the computing professional is not directly involved, AND bribery is an accepted business practice in the country in question, bribes are allowed.
4. Under the Code, a bribe may be offered, but not accepted.

Only statement 2 is correct.

Randy is doing a late-night search for materials related to his favorite role-playing game. After scrolling through a few pages of search results, he tries a link at random and realizes he's looking at the directory inside a large server system. Furthermore, he finds a subfolder with original art and draft versions of several game supplements that are under development but not yet published. Recognizing what a scoop this is, he starts downloading files so he can post them on his gaming blog. What does the Code say about this sort of unauthorized access?

1. If the publishing company can't or won't secure their server, that's their problem.
2. Randy should only proceed if he's confident the company would be OK with him doing that--which they probably wouldn't.
3. The benefit of other gamers getting to see early versions of the products is an example of a compelling benefit to the public good.
4. Randy can't assume access is authorized just because it's publicly accessible.

Statements 2 and 4 are correct.

Paul is a manager at Snowflake Consulting. He has been approached by a development team that has a proposal. A local high school is looking for support for its Technology Club. Employees would take turns hosting weekly after-school Zoom meetings with students, talking about robotics, programming, or other areas of technology, and serving as informal mentors. It would not involve discussing any products currently under development or confidential company information. The team is confident they can do this without reducing their productivity. What is the role of management in this situation?

1. Paul should encourage the team in their efforts to meet their social responsibility.
2. Paul should remind them that their first responsibility as professionals is to the company.
3. Paul should help the team avoid minor obstacles that would discourage participation
4. Snowflake Consulting only has responsibilities toward the business sector, since it doesn't sell to the public.

Statements 1 and 3 are correct.

As part of a research project, Prof. Chang has been given access to records of 10 million cell phone calls, including the subscriber's phone number and account number. He decides to produce a subset--about 50,000 calls--and replace the phone numbers with random strings. He then posts the smaller data set on the Canvas site of his undergraduate course for use in the final programming project of the semester.

1. Since he has removed the phone numbers, and students do not have access to the database of account numbers, there are no concerns with confidentiality.
2. The Code requires professionals to respect confidentiality except in certain specific situations.
3. Confidentiality only applies if a specific confidentiality or non-disclosure agreement is signed.
4. Even apparently harmless data can 'leak' personal information.

Statements 2 and 4 are correct.