Technology is not neutral. Every system encodes the values of the people who built it -- whether or not those people were aware they were making value choices.
The major IT ethics cases in this course -- Manhattan Project, Cambridge Analytica, Snowden/PRISM, COMPAS, Therac-25, Uber AV -- share a structural pattern. Understanding the pattern is more useful than memorizing the cases.
| Component | Description |
|---|---|
| Technical capability precedes ethical analysis | The technology was built and deployed before adequate analysis of its consequences was conducted. The capacity to act preceded the judgment about whether acting was right. |
| Institutional pressure suppresses dissent | People inside the organization who identified the ethical problem were overridden, ignored, or did not speak up because the organizational culture made dissent costly. |
| Harm is foreseeable but not foreseen | In each case, an adequate ethical analysis conducted before deployment would have identified the risk. The harm was not unpredictable -- it was simply not predicted because the analysis was not done. |
| The response compounds the original failure | When harm materialized, organizations frequently delayed disclosure, minimized the problem, or prioritized institutional protection over affected parties. This is the second ethical failure layered on the first. |
The Manhattan Project developed the first nuclear weapons. The Franck Report (June 1945), written by a committee of scientists who worked on the project, argued against using the atomic bomb on Japanese cities without prior warning. The report predicted that use without demonstration would trigger a nuclear arms race, damage US international standing, and that the military advantage did not justify the civilian casualties.
The report was overridden. The bombs were used on Hiroshima and Nagasaki. The arms race the Franck Report predicted occurred.
The Franck Report is a reference case for IT ethics because it demonstrates that technical experts have an obligation to analyze the consequences of their work -- and that obligation exists whether or not decision-makers want to hear the analysis. The scientists who wrote it did not refuse to work on the project. They built the capability and then argued, through proper channels, for an ethical use of that capability.
The engineers who built the system are not absolved of responsibility by the fact that decision-makers chose how to use it. The Franck Report established that you can build a thing and still be obligated to argue for how it should and should not be used.
Facebook's API design allowed third-party apps to collect data not only from users who installed them but from those users' entire friend networks. Cambridge Analytica obtained data on approximately 87 million users through this mechanism. The data was used for psychographic political targeting.
Facebook knew the data had been improperly obtained and did not inform users for over two years. The FTC fine was $5 billion. Cambridge Analytica dissolved. The case catalyzed GDPR and accelerated US privacy legislation debates.
Facebook's API design that allowed friend-network data harvesting was a design choice that enabled a third-party app ecosystem, which increased engagement. The ethical failures were: not auditing how the API was being used, not disclosing the breach when it was discovered, and building a data collection system without adequate analysis of how it could be weaponized.
The developers who built the friend-network API feature were not individually responsible for Cambridge Analytica's actions. They were responsible for building a system with foreseeable misuse potential without adequate safeguards -- and for not raising that concern through appropriate channels when they had the knowledge to do so.
Edward Snowden, an NSA contractor, copied and disclosed classified documents revealing NSA surveillance programs (PRISM among others) that collected communications data on US citizens and foreign nationals at a scale most of the public was unaware of. Snowden argued the programs were unconstitutional. The government argued he violated his oath, endangered sources and methods, and had alternative legal channels available.
The Snowden case does not have a clean ethical resolution. It is used in this course because it presents the whistle-blowing dilemma in its starkest form: an IT professional who believed an organization was doing something systematically wrong, exhausted (by his account) internal options, and chose external disclosure with full knowledge of personal consequence.
The utilitarian argument for Snowden: the public's right to know about programs that affect their privacy outweighed the security risk of disclosure. The deontological argument against Snowden: he violated an oath and bypassed legal processes designed to adjudicate exactly this kind of disagreement. The virtue ethics question: what would a person of integrity do when faced with evidence of systematic constitutional violation? No single framework resolves this. That is the point.
These two cases illustrate algorithmic bias -- situations where automated systems produce systematically different outcomes for different groups in ways that cannot be justified by legitimate, non-discriminatory criteria.
COMPAS (Correctional Offender Management Profiling for Alternative Sanctions) is an algorithmic tool used in US courts to predict recidivism risk. ProPublica's 2016 analysis found it falsely flagged Black defendants as future criminals at roughly twice the rate of white defendants, while falsely flagging white defendants as low risk at roughly twice the rate of Black defendants. The algorithm's designers disputed the methodology but not the underlying differential outcome data.
Multiple studies (Georgia Tech, 2019) found that pedestrian detection systems in autonomous vehicles performed significantly worse on darker-skinned individuals. The training datasets used to develop the systems overrepresented lighter-skinned pedestrians. The harm was not intended. It was foreseeable from the composition of the training data and would have been identified by adequate bias testing before deployment.
Both cases follow the same pattern: a system was built and deployed without adequate analysis of whether it would produce disparate outcomes for different groups. In both cases, the harm was foreseeable. In both cases, the "we did not intend to discriminate" defense is irrelevant to the question of whether foreseeable harm was adequately analyzed.
| Component | Pattern | IT Ethics Implication |
|---|---|---|
| Capability without analysis | We can build it, so we do | The obligation to analyze precedes the capability to act. "We can" does not answer "we should." |
| Institutional suppression | Dissent is costly; consensus is rewarded | IT professionals who identify ethical risks have an obligation to raise them. Professional codes explicitly require it. |
| Foreseeable but unforeseen harm | The harm was predictable but not predicted | Adequate ethical analysis before deployment -- not after the lawsuit -- is a professional obligation, not an optional quality step. |
| Compounding response failure | Institutional self-protection prioritized over affected parties | When harm materializes, the ethical obligation is to the affected parties first. Disclosure, not concealment, is the required response. |
Work through each question before proceeding. There are no lookup answers. The reasoning process is the point.
Review the self-check questions before marking complete.