Have you heard about the VW diesel emissions scandal? The software detects that the car is being tested for emissions and changes the engine to function more cleanly. When not being tested, the vehicles do not meet the US Environmental Protection Agency’s emission requirements.
I’m incensed at this. Oh, not because I own a VW (I don’t) or because I’m an environmentalist (I am). I’m angry because there is an embedded software engineer who wrote this code and allowed it to get released to production.
I can see many paths for this happening. He likely wrote it as a test, to see if it could be done or to verify some other piece of software. When it came time to manufacture the car, the defeat device (the hack that detects testing and cheats) was only supposed to be in for a little while. The plan was that they’d fix the software and update it before shipping. But one thing led to another and, six years later, the hack is still in the code.
I can recognize the path where a junior engineer was browbeaten into creating the defeat device and few others knew about it. Maybe the junior engineer was told everyone else did it or that his career was on the line. But who did the browbeating? And how far did it go?
I can envision many slippery slopes where one small thing led to another. None of them were all that bad individually. But, the culmination is 11 million cars that emit 10-40 times more than they claim to.
What I don’t want to imagine is that some senior embedded software engineer said, “Hey, this is a good idea: let’s make cars that pollute and lie about it so we make more money.” I don’t want to believe in immoral engineers.
So, faced with the pressure to allow this to happen, what do you do? Standing up and walking away is an option. Software engineers in Silicon Valley use quitting as a panacea: the new startup is always better. Not everyone has the luxury to job-hop. You can be a whistleblower if you know about the issue. Of course, that is likely to trash your career. How can you be a force for good within an amoral organization?
- Be the best you can be. Apply your own moral compass to work. Be such a goody two-shoes that no one asks you to do shady things. (Perhaps they’ll ask someone less technically competent and be caught sooner.) And if they ask, make it clear you are not comfortable, possibly not able, to go against your personal code of honor. I use the goody two-shoes method to deflect other unsavory things: asking for an explanation as to why an inappropriate joke is funny goes a long way to avoiding such humor in the future. Likewise, asking how a requested change makes for a safer or more reliant product may help deflect shoddy or fraudulent features.
- Do code reviews. Too many people think of reviews as a way to catch bugs (or, worse, a way to enforce syntax guidelines). Consider the code you review as cross-training. The goal is not to determine if this is how you would have implemented it. Instead, ask “what can I learn from this code?” and “how can I make this system better?” If you had reviewed the defeat device software, would you have gotten the (possibly) elegant bit of code and considered the ramifications of it? Make thinking it through part of your personal goals of reviewing.
- Say no. There are many ways to say no politely, practice them. You don’t have to start out with “over my dead body” but you do have the responsibility to say “this is a bad idea” instead of staying silent. At ShotSpotter, making gunshot location systems, whenever we talked about privacy, security, or encryption in the sensor, one of the embedded software engineers would say, “We have to do the right thing. I don’t want my face on the cover of Wired magazine as the person who let this all go wrong.” It was a flip comment but it reminded all of use that there are consequences to our choices, making it easier to push back as a group.
- Say yes. If you don't do this, someone else will. If you can do this horrible thing in the safest possible way, it might be better than letting the next person do it in a worse way. This is a slippery rationalization but sometimes you can only be an agent of good from the inside.
- Quit. Oh, I know, I said this isn’t an option for everyone. But if the possible outcome is bad enough, I believe you’d rather be out of a job than in jail (charged with fraud and/or negligence).
Sometimes you have to make tough choices. The choices are even tougher when surrounded with “only for a little while” promises and “everyone cheats” exhortations. In the end, you are responsible for your code and its consequences. You are who you choose to be.
Note: this was originally posted on element14 on September 22nd, 2015.