ETH-15: Final Assessment | Ethics in IT

Ethics in IT — Week 4 · Module 15

Final Assessment · 20%

Final Assessment

Four weeks of ethics. Foundations, rights, builder obligations, organizations and codes. Time to bring it all together.

13 slides ~13 minutes Reynolds Ch. 1-10 + Appendices

Slide 2 of 13

"This is not the end of the questions. It is the beginning of having to answer them without a syllabus."

For four weeks the cases have been historical. Therac-25, VW, Cambridge Analytica, Haugen. Reference cases with known outcomes. The next case will be yours, and it will not come with a textbook.

Week 1

Ethics, professionalism, cybersecurity

Week 2

Privacy, expression, IP

Week 3

Software quality, AI, society

Week 4

Social media, organizations, codes

Slide 3 of 13 · Review

Week 1 — Foundations

Foundation — Ch. 1-3

Ethics, Professionalism, Cybersecurity

Ethics is a code of behavior defined by a group. Distinct from morality (internal) and law (external). Something can be legal but unethical, or ethical but illegal.
VW emissions scandal (2009-2015): defeat-device software was maintained by multiple engineers over years through incremental decisions that prioritized institutional loyalty over professional responsibility.
IT professionals have obligations to five relationships: employer, client, supplier, user, society. When they conflict, society comes last in daily practice but first in ethical priority.
Reasonable assurance in cybersecurity is a proportionality standard, not a guarantee — controls must be appropriate to the risk, not exhaustive of every possible control.
Sony Pictures hack (2014): 47,000 employee records exposed including SSNs and medical data. The ethical failure was security controls not proportionate to the sensitivity of the data held.

Slide 4 of 13 · Review

Week 2 — Rights

Rights — Ch. 4-6

Privacy, Expression, Property

The Fourth Amendment protects against unreasonable government searches. HIPAA, COPPA, FERPA create specific privacy obligations for healthcare, children's data, and educational records. ECPA and PATRIOT Act govern electronic surveillance.
Section 230 of the CDA (1996) protects platforms from liability for third-party content. Its ethical legitimacy is contested as platforms scale to billions with algorithmic amplification.
Copyright protects expression (70+ years). Patents protect inventions (20 years). Trade secrets protect confidential business info indefinitely if protected. Distinct rights, distinct obligations.
Reverse engineering for interoperability is generally permitted under US law. Competitive intelligence becomes corporate espionage when it involves unauthorized access, deception, or theft.
The DMCA prohibits circumvention of technological protection measures and provides a safe harbor for platforms that respond promptly to takedown notices.

Slide 5 of 13 · Review

Week 3 — Impact

Impact — Ch. 7-8

Software Quality, AI, Society

Therac-25 (1985-1987): removing hardware safety interlocks without adequate software validation caused lethal radiation overdoses. Engineers dismissed early warnings. Safety-critical software requires independent verification, not assumption of inherited safety.
2018 Uber autonomous vehicle fatality: detection suppression implemented to reduce false-positive phantom braking also degraded true-positive response. The engineering tradeoff was made before anyone died and was foreseeable.
IBM Watson for Oncology was trained primarily on hypothetical scenarios and recommended "unsafe and incorrect" treatments. It was marketed as evidence-based. The marketing decision was the bigger ethical failure.
Productivity paradox (Solow, 1987): IT investment does not automatically produce productivity gains. Gains require complementary organizational change. Workers displaced bear costs they did not choose to accept.
AI displacement increasingly targets routine cognitive work (legal review, radiology, loan processing) — categories previously considered automation-resistant. Novel obligations for developers and employers under active debate.

Slide 6 of 13 · Review

Week 4 — Society

Society — Ch. 9-10 + Appendices

Social Media, Organizations, Governance

Cambridge Analytica obtained Facebook profile data on ~87M users via friend-network API access. Used for psychographic political targeting. FB knew of the breach for 2+ years before disclosing. FTC fine: $5B.
Engagement algorithms optimize for interaction. False and provocative content generates more interaction than accurate content. "The algorithm is neutral" is technically illiterate — algorithms embed the values of whoever set the objective function.
Contingent workers and H-1B exploitation: using classification to avoid employment obligations, or requiring US workers to train their replacements, is legal in most circumstances but indefensible under professional codes.
Frances Haugen's disclosure of internal Facebook research is a reference case for whistleblowing analysis: internal channels failed, harm was significant, external disclosure may have been justified despite confidentiality obligations.
All four major codes (ACM, IEEE, PMI, AITP) agree on one structural priority: public welfare supersedes obligations to employers and clients when they conflict. Stated hierarchy, not aspiration.

Slide 7 of 13 · The throughline

What All Four Weeks Pointed At

Five principles every chapter circled back to.

Public welfare first

Every code, every case. The obligation to society sits structurally above obligations to employer and self.

Honesty & transparency

From VW defeat devices to Watson marketing to Haugen's disclosure: the failure mode is hiding what the engineer knew.

Proportionality

Sony's controls. Reasonable assurance. Defect tolerance. The rigor matches the stakes — nothing more, nothing less.

Refusal as a duty

"I was just following orders" has no standing in any code. The engineer's three options: tradeoff, refuse, escalate.

Documented analysis

Every defensible decision can be reconstructed: what was the issue, who was affected, why this option, why now.

Slide 8 of 13 · The framework you keep

The Five-Step Decision Framework

1. Identify

What is the ethical issue? Which code domain applies?

2. Stakeholders

Who is affected, in what way, and which obligations run to each?

3. Options

What can be done? What does the code prohibit, what does it require?

4. Priority

When obligations conflict, which governs? Public welfare wins by default.

5. Decide & document

Could you defend this in front of an ethics committee?

This is the framework you take to work. Before any nontrivial decision touching users, data, safety, or labor: walk the steps. The step you skip is the step that becomes the incident.

Slide 9 of 13 · The five defining cases

The Cases Worth Memorizing

Therac-25

Removed hardware interlocks + inadequate software validation + dismissed warnings = lethal radiation overdoses. The defining safety-critical software case.

VW Dieselgate

Defeat-device software, multiple engineers, decade of incremental complicity. The defining institutional-loyalty case.

Cambridge Analytica

87M user records, friend-network API harvesting, $5B fine, 2+ year non-disclosure. The defining data-ethics case.

Uber ATG (2018)

Detection suppression killed Elaine Herzberg. The defining case for "the engineering tradeoff was made before anyone died."

Frances Haugen

Internal research disclosure to the SEC. The defining whistleblowing case for the modern era.

Sony Pictures (2014)

47,000 records exposed. The defining proportionality case — controls did not match the sensitivity.

Slide 10 of 13 · Codes recap

The Four Codes, One More Time

ACM

Broadest. Public welfare, privacy, anti-discrimination. Reference standard in litigation.

IEEE

"Hold paramount the safety, health, and welfare of the public." 10 commitments.

PMI

Responsibility, Respect, Fairness, Honesty. Active enforcement — PMP can be revoked.

AITP

IT management focus. Obligations to mgmt, peers, profession, society.

The shared baseline: public welfare, honesty, competence, privacy, no discrimination — all four codes require all five. If you ever face a situation and your code does not seem to address it, the shared baseline always does.

"My employer told me to" is a description, not a defense. The codes were written to give you the language to say no.

Slide 11 of 13 · The rest of your career

Where You Go From Here

Read the code that governs you

Whichever certification or membership you carry: read its code, end to end, at least once. Then bookmark it.

Build the habit

Walk the five-step framework before nontrivial decisions. The first time it feels slow. By the tenth time it is reflex.

Keep a record

When you raise an ethical concern internally, document it: what, when, to whom, the response. The record is what protects you when the situation escalates.

Find the people

Ethics is easier with a community. ACM chapters, professional groups, mentors. The decisions get heavier; the support keeps you upright.

The codes do not make ethics easy. They make ethics possible. The rest is up to you.

Slide 12 of 13 · Assessment

The Final Exam

15 questions. 80% to pass. Server-graded. Worth 20% of your course grade.

What it covers

All four weeks. Foundational concepts, key cases, codes hierarchy, and applied analysis. No trick questions — if you understood the modules, you can answer the exam.

How to prepare

Walk the four week-recap slides above. Re-read the weekly checkpoints (ETH-04, 08, 11). Spend extra time on the six defining cases. The framework matters more than memorization.

One reminder: the exam is server-graded and you have multiple attempts. Take it seriously the first time, but the structure is built so that learning continues even when scoring does. Use the result as feedback, not verdict.

When you're ready, return to the course home and click "Final Exam." This module recap can be revisited any time.

Slide 13 of 13

Course Complete

Six anchors to carry into every system you ever build, ship, or refuse to ship.

1Ethics is a code of behavior defined by a group. The IT profession has codes; you are bound by whichever applies.

2The five obligations — employer, client, supplier, user, society — have a priority order. Society first, even when it costs you.

3Reasonable assurance is the standard. Controls proportionate to the risk; analysis proportionate to the stakes.

4The objective function is the ethics. The engineer who picked what to optimize made the moral choice.

5Refusal is a duty, not a luxury. The codes were written by people who knew using them would sometimes cost you something.

6Document the analysis. The defensible decision can be reconstructed in code language. The undocumented one cannot.

Mark this module complete to record your progress through the recap. Then take the Final Exam from the course home page.