2018 ACM Code of Ethics and Professional Conduct: Draft 1

Draft 1 was developed by The Code 2018 Task Force. (It is based on the 1992 ACM Code of Ethics and Professional Conduct).

Preamble

Commitment to ethical conduct is expected of every ACM member. The ACM Code of Ethics and Professional Conduct ("the Code") identifies the elements of such a commitment.

This Code includes 24 imperatives formulated as statements of responsibility. The Code is designed to apply to practicing and aspiring computing professionals. Section 1 outlines fundamental ethical considerations. Section 2 addresses additional, more specific considerations of professional conduct. Section 3 pertains more specifically to individuals who have a leadership role, whether in the workplace or in a volunteer professional capacity. Principles involving compliance with this Code are given in Section 4.

Each imperative is supplemented by guidelines, which provide explanations to assist members in understanding and applying the imperative.

The Code is intended to serve as a basis for ethical decision making in the conduct of professional work. Secondarily, it may serve as a basis for judging the merit of a formal complaint pertaining to a violation of professional ethical standards.

The Code as a whole is concerned with how fundamental ethical imperatives apply to one's conduct as a computing professional. The imperatives are expressed in a general form to emphasize that ethical principles which apply to computing professionals are derived from broadly accepted ethical principles.

The Code is not an algorithm for solving ethical dilemmas. Words and phrases in a code of ethics are subject to varying interpretations, and a particular imperative may conflict with other imperatives in specific situations. Questions related to these kinds of conflicts can best be answered by thoughtful consideration of the imperatives and fundamental ethical principles, understanding that the public good is a primary consideration.

1. GENERAL MORAL IMPERATIVES.

As an ACM member I will….

1.1 Contribute to society and to human well-being, acknowledging that all people are stakeholders in computing and its artifacts.

This principle concerning the quality of life of all people affirms an obligation to protect fundamental human rights and to respect the diversity of all cultures. An essential aim of computing professionals is to minimize negative consequences of computing systems, including threats to health, safety, personal security, and privacy. When designing or implementing systems, computing professionals must attempt to ensure that the products of their efforts will be used in socially responsible ways, will meet social needs, and be broadly accessible.

In addition to a safe social environment, human well-being requires a safe natural environment. Therefore, ACM members who design and develop systems must be alert to, and make others aware of, any potential negative impact to the local or global environment.

1.2 Avoid harm to others.

"Harm" means injury or negative consequences, such as undesirable loss of information, loss of property, property damage, or unwanted environmental impacts. This principle prohibits using computing in ways that result in harm to users, the general public, employees, employers, and any other stakeholders. Harmful actions include intentional destruction or modification of files and programs leading to serious loss of resources, or unnecessary expenditure of human resources such as the time and effort required to locate malicious software, purge it from systems, and mitigate its effects.

Well-intended actions, including those that accomplish assigned duties, may lead to harm unexpectedly. In such an event, those responsible are obligated to undo or mitigate the negative consequences as much as possible. Avoiding unintentional harm begins with careful consideration of potential impacts on all those affected by decisions made during design, implementation, use, and removal.

To minimize the possibility of indirectly harming others, computing professionals must minimize errors by following generally accepted best practices for system design, development, and testing. Furthermore, harm can be reduced by assessing the social consequences of systems. If system features are misrepresented to users, coworkers, or supervisors, the individual computing professional is accountable for any resulting harm.

In the work environment, an ACM member has an additional obligation to report any signs of system risks that might result in serious personal or social harm. If one's superiors do not act to curtail or mitigate such risks, it may be necessary to "blow the whistle" to help correct the problem or to reduce the risk. However, capricious or misguided reporting of risks can itself be harmful. Before reporting risks, all relevant aspects of the incident must be thoroughly assessed as outlined in imperative 2.5.

1.3 Be honest and trustworthy.

Honesty is an essential component of trust. An ACM member will be fair and not make deliberately false or misleading claims and will provide full disclosure of all pertinent system limitations and potential problems. Fabrication and falsification of data are similarly violations of the Code.

An ACM member has a duty to be honest about his or her own qualifications, and about any limitations in competence to complete a task. ACM members must be forthright about any circumstances that might lead to conflicts of interest or otherwise tend to undermine the independence of their judgment.

Membership in volunteer organizations such as ACM may at times place individuals in situations where their statements or actions could be interpreted as carrying the "weight" of a larger group of professionals. An ACM member will exercise care not to misrepresent ACM or positions and policies of ACM or of any ACM units.

1.4 Be fair and take action not to discriminate unfairly.

The values of equality, tolerance, respect for others, and the principles of equal justice govern this imperative. Unfair discrimination on the basis of age, color, disability, family status, gender identity, military status, national origin, race/ethnicity, religion, sex, sexual orientation, or any other such factor is an explicit violation of ACM policy.

Inequities between different groups of people may result from the use or misuse of information and technology. In a fair society, all individuals have equal opportunity to participate in, or benefit from, the use of computer resources. However, these ideals do not justify unauthorized use of computer resources, nor do they provide an adequate basis for violation of any other ethical imperatives of this code.

1.5 Honor intellectual property rights and give proper credit.

ACM members are obligated to protect the integrity of intellectual property, unless there is an overriding ethical reason not to do so. Examples of types of violations include (but are not limited to) misrepresentation of authorship, misrepresentation of the origin or ownership of ideas or work, misappropriation of a commons, unauthorized use, unauthorized copying, unauthorized derivative works, and counterfeiting. In normal circumstances, violations of intellectual property laws pertaining to copyrights, patents, trade secrets, non-disclosure agreements, and license agreements are contrary to the Code. Even when not explicitly barred by law, such violations are contrary to the Code.

Fair uses of intellectual property are necessary for the progress of technology in the service of the public good. ACM members should not oppose appropriate fair uses of their intellectual property.

Efforts to help others by contributing time and energy to projects that help society illustrate a positive aspect of this imperative. This includes contributions to projects that are in the public domain, free software, or open source software.

1.6 Respect privacy.

Technology enables the collection and exchange of personal information quickly, inexpensively, and often without the knowledge of the people affected. ACM members should use this personal data for legitimate ends without violating the privacy rights of individuals and organizations. ACM members should therefore implement security measures to maintain the privacy and integrity of personal data. This includes taking precautions to ensure the accuracy of data, as well as protecting it from unauthorized access or accidental disclosure to inappropriate individuals. Computing professionals should establish procedures to allow individuals to review their personal data and correct inaccuracies.

Only the minimum amount of personal information necessary should be collected in a system. The retention and disposal periods for that information should be clearly defined and enforced, and personal information gathered for a specific purpose should not be used for other purposes without consent of the individual(s).

When data collections are merged, ACM members should take special care for privacy. Individuals may be readily identifiable when several data collections are merged, even though those individuals are not identifiable in any one of those collections in isolation.

1.7 Honor confidentiality.

The ethical obligation for confidentiality holds unless discharged from such obligations by bona fide requirements of law or by other principles of this Code.

User data observed during the normal duties of system operation and maintenance must be treated with strict confidentiality, except in cases where it is evidence for the violation of law, organizational regulations, or this Code. In these cases, the nature or contents of that information must be disclosed only to appropriate authorities.

2. MORE SPECIFIC PROFESSIONAL RESPONSIBILITIES.

As an ACM member with professional responsibilities I will….

2.1 Strive to achieve the highest quality in both the process and products of professional work.

Computing professionals should insist on high quality work from themselves and from colleagues. Professionals must be cognizant of the serious negative consequences that may result from poor quality. High quality includes respecting the dignity of employers, colleagues, clients, users, and anyone effected either directly or indirectly by the work.

2.2 Maintain high standards of professional competence, conduct, and ethical practice.

High-quality computing depends on individuals who take personal and organizational responsibility for acquiring and maintaining professional competence. Professional competence includes technical knowledge, awareness of the social context in which the work will be deployed, and competence in recognizing and navigating ethical challenges. Upgrading necessary skills should be ongoing and should include independent study, seminars, conferences, and other informal or formal education. The ACM is committed to encouraging and facilitating those activities.

2.3 Know, respect, and apply existing laws pertaining to professional work.

ACM members must obey existing local, state, province, national, and international laws unless there is a compelling ethical justification not to do so. Policies and procedures of the organizations in which one participates must also be obeyed, but compliance must be balanced with the recognition that sometimes existing laws and rules are immoral or inappropriate and, therefore, must be challenged. Violation of a law or regulation may be ethical when that law or rule has inadequate moral basis or when it conflicts with another law judged to be more important. If one decides to violate a law or rule because it is viewed as unethical, or for any other reason, one must fully accept responsibility for one's actions and for the consequences.

2.4 Accept and provide appropriate professional review.

Quality professional work in computing depends on professional reviewing and critiquing. Whenever appropriate, individual members should seek and utilize peer review, and should provide constructive, critical review of the work of others.

2.5 Give comprehensive and thorough evaluations of computer systems and their impacts, including analysis of possible risks.

ACM members must strive to be perceptive, thorough, and objective when evaluating, recommending, and presenting system descriptions and alternatives. Computing professionals are in a position of special trust, and therefore have a special responsibility to provide objective, credible evaluations to employers, clients, users, and the public. When providing evaluations the professional must also identify any relevant conflicts of interest, as stated in imperative 1.3.

As noted in the discussion of imperative 1.2 on avoiding harm, any signs of danger from systems must be reported to those who have opportunity and/or responsibility to resolve them. See the guidelines for imperative 1.2 for more details concerning harm, including the reporting of professional violations.

2.6 Accept only those responsibilities for which you are qualified, and honor those commitments.

A computing professional has a responsibility to evaluate every work assignment. Should the evaluation identify reasons that the project should not be attempted, the professional must disclose those reasons to the employer or client. The assignment should not be accepted unless those reasons are mitigated by changes to the nature of the project.

Should the evaluation identify reasons that the professional does not have the expertise to complete the project, the professional must disclose this shortcoming to the employer or client, and request that the project be undertaken by someone with the appropriate qualifications.

Should the evaluation identify that the project is theoretically impossible to complete by anyone, the professional must disclose this impossibility to the employer or client and request that the project be dropped or modified in order to make the project theoretically possible.

On some occasions, other ethical principles may take greater priority, and a judgment that a specific assignment should not be performed may not be accepted. Only after serious consideration and with full disclosure of risks and concerns to the employer or client, and having clearly identified one's concerns and reasons for that judgment that failed to result in a change to the nature of the project, should one accept the assignment if one is obligated, by contract or by law. The major underlying principle here is the obligation to accept personal accountability for professional work. The computing professional's ethical judgment should be the final guide in deciding whether to proceed. Regardless of the decision, one must accept the responsibility for the consequences.

Computing professionals should ensure that system elements perform as intended. When an ACM member contracts for work with another party, the member has an obligation to keep that party properly informed about progress toward completing that work.

2.7 Improve public understanding of computing, related technologies, and their consequences.

Computing professionals have a responsibility to share technical knowledge with the public by creating awareness and encouraging understanding of computing, including the impacts of computer systems, their limitations, their vulnerabilities, and opportunities they present. This imperative implies an obligation to counter any false views related to computing.

2.8 Access computing and communication resources only when authorized to do so.

Theft or unauthorized destruction of tangible and electronic property is prohibited by imperative 1.2 — "Avoid harm to others." Trespassing and unauthorized use of a computer or communication system is addressed by this imperative. Trespassing includes accessing communication networks and computer systems, or accounts and/or files within those systems, without authorization to do so. Individuals and organizations have the right to restrict access to their systems so long as they do not violate the discrimination principle (see imperative 1.4). No one should access or use another's computer system, software, or data files without permission. One should have appropriate approval before using system resources unless there is an overriding concern for the public good. To support this clause, a computing professional should take appropriate action to secure resources against unauthorized use.

3. ORGANIZATIONAL LEADERSHIP IMPERATIVES.

In this section, "leader" means any member of an organization who has leadership or educational responsibilities. These imperatives generally apply to organizations as well as their leaders. "Organizations" are corporations, government agencies, and other "employers," as well as volunteer professional organizations.

As an ACM member and an organizational leader, I will….

3.1 Articulate social responsibilities of members of an organizational unit and encourage full acceptance and satisfaction of those responsibilities.

Because organizations have impacts on the public, they must accept responsibilities to society. Organizational procedures and attitudes oriented toward quality, transparency, and toward the welfare of society will reduce harm to members of the public. This serves the public interest and fulfills social responsibility. Therefore, organizational leaders must encourage full participation in meeting social responsibilities and quality performance.

3.2 Manage personnel and resources to design and build systems that enhance the quality of working life.

Organizational leaders are responsible for ensuring that (computer) systems enhance, not degrade, the quality of working life. When implementing a system, organizations must consider the personal and professional development, physical safety, psychological well-being, and human dignity of all workers. Appropriate human-computer ergonomic standards should be considered in system design and in the workplace.

3.3 Establish appropriate rules for authorized uses of an organization's computing and communication resources and of the information they contain.

Organizational leadership has the responsibility to clearly define appropriate and inappropriate uses of organizational computing resources. These rules must be clearly and effectively communicated to those using their computing resources. In addition, the organization must enforce those rules, and take appropriate action when they are violated.

3.4 Ensure that the public good is a central concern during all professional computing work.

The needs of people — including users, other people affected directly and indirectly, customers, and colleagues — should always be a central concern in professional computing. Tasks associated with requirements, design, development, testing, validation, deployment, maintenance, and disposal should have the public good as an explicit criterion for quality. Computing professionals should keep this focus no matter which methodologies or techniques they use in their practice.

3.5 Articulate, apply, and support policies that protect the dignity of users and others affected by computing systems and related technologies.

Dignity is the principle that all humans are due respect. This includes the general public's right to autonomy in day-to-day decisions.

Designing or implementing systems that deliberately or inadvertently violate, or tend to enable the violation of, the dignity or autonomy of individuals or groups is ethically unacceptable. Computing professionals who are in decision making positions should verify that systems are designed and implemented to protect personal dignity.

3.6 Create opportunities for members of the organization to learn, respect, and be accountable for the principles, limitations, and impacts of computer systems.

Imperative 3.6 complements the imperative on public understanding (imperative 2.7). Educational opportunities are essential to facilitate optimal participation of all organizational members. Opportunities must be available to all computing professionals to help them improve their knowledge and skills in professionalism, the practice of ethics, and computing, including experiences that familiarize them with the consequences and limitations of particular types of systems. Professionals must know the dangers of building systems around oversimplified models, the improbability of anticipating and designing for every possible operating condition, the inevitability of software errors, the ways in which systems impact and are impacted by the contexts in which they are deployed, and other issues related to the complexity of their profession.

3.7 Recognize when computer systems are becoming integrated into the infrastructure of society, and adopt an appropriate standard of care for those systems.

Computing professionals who develop computer systems that have or may become an important part of the infrastructure of society have a responsibility to be good stewards of that commons. Part of that stewardship requires that computing professionals monitor the level of integration into the infrastructure of society. As the level of adoption changes, there are likely to be changes in the ethical responsibilities of the organization. Continual monitoring of how society is using its computer system will allow the organization to remain consistent with their ethical obligation. Where such standards of care do not exist, there may be a duty to develop one.

4. COMPLIANCE WITH THE CODE.