Build resilient systems at scale
October 12–14, 2015 • New York, NY

Primum non nocere - ethical obligations in Internet Operations

Jan Schaumann (The Internet)
11:20am–12:00pm Tuesday, 10/13/2015
Location: Gramercy
Average rating: ****.
(4.38, 8 ratings)
Slides:   1-PDF 

Prerequisite Knowledge

This session is not suited for psychopaths. Everybody else should be fine.


Many professions are subject to strict guidelines and codes of ethics, binding their participants to abide by common principles. Violations of these rules can lead to legal repercussions or a loss of a license to practice one’s chosen profession. The Hippocratic Oath, the American Bar Association’s Model Rules of Professional Conduct, or the American Society of Civil Engineers Code of Ethics are examples of such self-regulating or self-policing organizational definitions.

Information Technology has none of that. Our profession remains entirely uncontrolled, unlicensed, unregulated: anybody can — and does! — call themselves a “software engineer” or “systems architect,” for example.

The ACM’s Software Engineering Code of Ethics or USENIX LISA System Administrators’ Code of Ethics are two examples of attempts to define such guidelines for an undefined profession; yet the majority of WebOps, SysAdmins, SREs, or software developers have never heard of them.

At the same time, we are increasingly responsible for building and maintaining critical infrastructure components for software that handles our users’ most private data, for products that directly or indirectly influence people’s lives. We are building the internet and the World Wide Web; we are connecting people (and increasingly, things), creating new products, and we like to “disrupt” existing industries and claim to strive to “make the world a better place.”

But rarely do we consider our direct ethical obligations as privileged insiders of this dominant economic force. How do we build self-driving cars that might have to decide one day whether or not their passengers should die to avoid a greater catastrophe, when can’t even guarantee the privacy of elementary students’ data? Is reliance on science fiction’s Three Laws of Robotics sufficient to implement ethical decision-making engines? Could (and more importantly, should) we develop automation and monitoring solutions to “scale” the delivery of lethal injections? Do we have a requirement to protect user communications from warrantless government spying, whether or not our users demand it?

Does a simple guideline such as “First, do no harm” make sense in our profession? How would this translate into the many fields of work we cover?

I’d like to review these questions and present a discussion of the obligations we have beyond just increasing share-holder wealth. This discussion would range — as illustrated above — from the big and difficult decisions (e.g. whistleblowing, life-and-death, changing jobs) to simple best practices (e.g. protecting users’ data in transit and at rest, communicating clear terms of service).

Photo of Jan Schaumann

Jan Schaumann

The Internet

Jan Schaumann is an infrastructure and information security engineer and an adjunct professor of computer science. Jan has over 15 years of experience in both small-scale deployments and enormous high-availability infrastructures serving millions of users. Today he spends most of his time worrying about online privacy and infrastructure security and integrity. You can follow him on Twitter as @jschauma.

Comments on this page are now closed.


Picture of Jan Schaumann
Jan Schaumann
08/29/2015 5:01pm EDT

Help me give a better talk: fill out this quick, anonymous survey on Ethics in Internet Operations:

and/or retweet this tweet:

Thanks in advance, and see you there!

Stay Connected

Follow Velocity on Twitter Facebook Group Google+ LinkedIn Group


More Videos »

O’Reilly Media

Tech insight, analysis, and research