Ethics Overview | Ethics in IT

Slide 1 of 34 | ETH-W1-01 | Week 1

Ethics, Morals, and
Why IT Changes Everything

Definitions • Frameworks • Business Ethics • CSR • Decision-Making

Warehouse memo: A software engineer at a major automaker discovers the engine management software can be tuned to pass emissions tests automatically -- and fail them in real-world conditions. She tells her manager. The manager says to stay quiet. What does she do? That is not a technical question. That is an ethics question -- and the answer has consequences for millions of people.

34 Slides ETH-W1-01 Week 1 Ethics in IT

Slide 2 of 34

Why Ethics in IT Is Not Optional

Technology amplifies human decisions. Good decisions scale well. Bad ones scale catastrophically.

Scale Changes Everything

A biased hiring manager affects dozens of people. A biased hiring algorithm trained on that manager's decisions affects millions, instantly, across every geography the company operates in. IT professionals are not just building tools -- they are building institutions.

Invisibility Creates Risk

Software decisions are often invisible to the people they affect. A credit scoring algorithm denies a loan. A content moderation system suppresses a voice. A facial recognition system misidentifies a person. The harmed party often never knows the system was involved.

You Will Face These Choices

Not in a philosophy class. On a Tuesday, in a sprint meeting, when someone asks you to implement a feature that feels wrong. You need frameworks before that moment -- not after. Ethical reasoning is a professional skill, not a personal preference.

The Warehouse Question

Who is responsible when a system causes harm -- the engineer who wrote the code, the manager who approved the spec, the executive who set the incentive, or the board that accepted the risk? The answer to that question determines who acts next time. This course develops the vocabulary to answer it.

Slide 3 of 34

Ethics, Morals, and Law

Three overlapping but distinct concepts. Confusing them leads to bad decisions and worse defenses.

Morals

Personal, internalized beliefs about right and wrong. Formed through upbringing, culture, religion, and experience. Morals are subjective -- they vary between individuals and across cultures. A person's morals guide their private behavior and judgment even when no one is watching.

Ethics

Shared standards of conduct within a community, profession, or society. Ethics are externally defined and publicly defensible. Professional ethics are codified in codes of conduct. Unlike morals, ethics can be debated, revised, and enforced by professional bodies.

Law

Minimum standards of behavior enforced by the state, with codified penalties for violation. Law is prescriptive and reactive -- it defines what you must not do and imposes consequences after the fact. Law often lags technology by years or decades.

The Critical Overlap

Something can be legal but unethical. Something can be ethical but illegal. Something can be required by law while violating personal morals. IT professionals routinely operate in all three zones. The question "is it legal?" is necessary but not sufficient. The question is always: "should we?"

Slide 4 of 34

The Three Zones Model

Mapping decisions across legal, ethical, and moral space reveals where conflicts actually occur.

Legal AND Ethical

The standard operating zone. Following data retention laws, protecting user passwords with appropriate hashing, disclosing breaches on schedule. These actions satisfy law, professional ethics, and most reasonable moral frameworks simultaneously.

Legal but Unethical

Selling user behavioral data to third parties without meaningful disclosure -- technically permitted by terms of service, ethically questionable. Building software that maximizes engagement by exploiting psychological vulnerabilities -- legal in most jurisdictions, widely criticized as harmful.

Ethical but Technically Illegal

A security researcher discovers a critical vulnerability in medical device software and notifies the vendor. If no fix comes after 90 days, they disclose publicly. Depending on jurisdiction, this may violate computer fraud statutes even though it protects patients.

Ask yourself: where does "collect all data you can, store it forever, and figure out what to do with it later" fall on this map? It may be legal. It creates enormous ethical exposure. And when that data eventually leaks or gets subpoenaed, the moral cost lands on the users who trusted you.

Slide 5 of 34

Business Ethics

Ethical principles applied to commercial decision-making. Not charity -- structured accountability for how organizations affect stakeholders.

What Business Ethics Addresses

Corporate governance, fair competition, honest marketing, supply chain accountability, environmental impact, employee treatment, and treatment of customers. Business ethics provides the framework for decisions that affect people who have no contract with the company.

Stakeholder Theory

A business has obligations beyond shareholders. Employees, customers, suppliers, communities, and the environment are all stakeholders. Ethical business management balances these competing obligations rather than optimizing solely for shareholder return.

Why It Matters in IT

IT departments build the systems that execute business decisions. Biased compensation algorithms, predatory subscription cancellation flows, dark patterns in privacy settings -- these are IT outputs with business ethics implications. The engineer is not neutral by building what is requested.

When Business Ethics Fails

Enron: financial engineers designed systems to obscure debt. Wells Fargo: IT systems automatically opened unauthorized customer accounts to meet internal quotas. The technology enabled the fraud. The engineers who built it bore moral accountability regardless of the instructions they received.

Slide 6 of 34

Corporate Social Responsibility

CSR is the commitment to operate in ways that enhance society and the environment rather than merely extracting value from them.

Economic Responsibility

Be profitable. A business that fails financially cannot fulfill any other responsibility. Economic responsibility is the foundation -- it enables the rest. But it does not override them. Profitability achieved through harm is not responsibility; it is extraction.

Legal Responsibility

Comply with all laws and regulations. This is the minimum bar, not the goal. Companies that celebrate regulatory compliance as an ethical achievement have set the bar at the floor. The question is what they do above the floor.

Ethical Responsibility

Do what is right, fair, and just -- even when the law does not require it. Protect user privacy beyond what GDPR mandates. Pay suppliers fairly even in markets where exploitation is legal. Disclose data use in plain language even when legalese would suffice.

Philanthropic Responsibility

Contribute positively to society through programs, donations, and community investment. In IT: free educational resources, open-source contributions, discounted access for nonprofits, cybersecurity support for critical infrastructure. Desired but not required.

Slide 7 of 34

Framework 1: Utilitarianism

The right action is the one that produces the greatest good for the greatest number. Outcome-focused. Consequentialist.

Core Principle

Judge actions by their consequences. An action is ethical if it maximizes overall well-being across all affected parties. The pain of the few can be justified by sufficient benefit to the many. Associated with Jeremy Bentham and John Stuart Mill.

Applied to IT

A platform removes content that harms a small group but keeps 99% of users engaged. A government deploys mass surveillance that prevents terrorism but violates privacy for millions. Utilitarianism requires calculating all outcomes -- the harm to the minority counts in the calculus, it just may be outweighed.

Strengths

Practical. Quantifiable in principle. Forces consideration of all affected parties rather than just the decision-maker's interests. Supports cost-benefit analysis that organizations can act on. Aligns with public policy frameworks.

Weaknesses

Can justify harm to minorities if the aggregate benefit is large enough. Difficult to predict all consequences. Ignores rights and justice -- torturing one person to save ten can be "justified" under strict utilitarianism. Who counts in the calculation, and how much?

Slide 8 of 34

Framework 2: Deontological Ethics

The right action follows from duty and rules, not consequences. Some actions are right or wrong regardless of outcome.

Core Principle

Immanuel Kant: act only according to rules you would want universalized for everyone. Treat people as ends in themselves, never merely as means. The morality of an action is determined by the rule it follows, not the outcome it produces.

Applied to IT

Do not deceive users regardless of business benefit. Do not collect data without informed consent even if the data would be used for good. Do not build backdoors even for law enforcement -- if you would not want every actor to have that power, you should not build the mechanism.

Strengths

Protects individual rights absolutely. Provides clear rules that do not bend to situational pressure. Prevents "ends justify means" reasoning that enables the most harmful decisions. Consistent and predictable -- no calculation required in the moment.

Weaknesses

Rigid. Two deontological duties can conflict with no resolution mechanism. Cannot adapt to novel situations the rule-maker did not anticipate. In IT, rules written in 2010 may be actively harmful when applied to a 2025 technological context.

Slide 9 of 34

Framework 3: Virtue Ethics

Focus on character, not rules or outcomes. The right action is what a person of good character would do in this situation.

Core Principle

Aristotle: ethics is about cultivating virtuous character traits -- honesty, courage, prudence, justice, temperance. A virtuous person does the right thing not because a rule demands it but because it is who they are. Character precedes action.

Applied to IT

Would a person of integrity build this feature? Would an honest professional send this communication? Would a courageous engineer escalate this safety concern? Virtue ethics asks about the professional's character, not just the decision's compliance with rules or optimization of outcomes.

Strengths

Handles novel situations where rules are absent. Recognizes that ethical behavior is a habit, not a one-time calculation. Aligns with professional identity and culture. Explains why codes of conduct matter: they cultivate virtuous professional character over time.

Weaknesses

Vague in hard cases -- reasonable people disagree about what a "virtuous" professional would do. Provides no clear action guidance in novel dilemmas. Can be used to justify inaction: "I am a good person, therefore my actions must be good."

Slide 10 of 34

Using All Three Frameworks

Professional ethical reasoning applies multiple frameworks and looks for convergence. Single-framework analysis is fragile.

Scenario: Your company wants to collect location data from users at all times, even when the app is backgrounded, to improve ad targeting. No law prohibits this. The privacy setting is buried in screen 4 of the onboarding flow.

Utilitarian View

Does it maximize aggregate benefit? Some users get relevant ads. The company earns revenue. But users did not meaningfully consent and may be harmed by surveillance, targeted manipulation, and data breach exposure. The harm distribution is highly unequal -- the company captures benefits, users bear risks.

Deontological View

Would you want this universalized? If every app silently tracked location, the result is a surveillance infrastructure no individual controls. Users are being treated as means -- their attention and location are raw material -- not as ends with rights. The rule fails the universalizability test.

Virtue Ethics View

Would an honest, prudent professional build this? No. Burying a consent choice in screen 4 is designed to prevent informed decision-making. A person of integrity would demand prominent disclosure. The design itself reveals that the engineers know users would reject it if asked clearly.

Slide 11 of 34

Ethical Decision-Making Process

A structured process prevents rationalization. Without a process, people justify what is convenient rather than what is right.

1 Identify the ethical issue. Is there a conflict between interests? Is someone being harmed? Is trust being violated? Name it explicitly before anything else.

2 Identify all stakeholders. Who is affected by this decision? Include people who have no voice in the room -- future users, affected communities, people who cannot yet anticipate the harm.

3 Consider the facts. What do you actually know versus what are you assuming? Many ethical failures rest on unchecked assumptions about user behavior, risk probability, or organizational intent.

4 Apply the frameworks. Evaluate through utilitarian, deontological, and virtue lenses. Look for convergence. Where frameworks diverge, examine why -- that divergence reveals the real ethical tension.

5 Consider alternatives. Is the choice binary, or are there options that reduce harm while meeting legitimate business needs? Most ethical dilemmas have more than two paths.

6 Make and document the decision. Record the reasoning, not just the outcome. If you must justify this decision later -- to an auditor, a court, the public -- the reasoning is what matters.

Slide 12 of 34

Practical Ethical Tests

Heuristics for fast ethical screening in real-world settings where time is limited and pressure is high.

The Newspaper Test

Would you be comfortable seeing this decision reported on the front page? Both versions of the test: would a journalist report it as harmful? And would a journalist report you for being overly cautious and failing to act when action was needed? Ethics runs in both directions.

The Reversibility Test

If this decision turns out to be wrong, can it be undone? Irreversible harms -- permanent deletion of data, public disclosure of private information, deployment of autonomous systems that cannot be recalled -- demand higher ethical scrutiny before action.

The Disclosure Test

Would you make this decision the same way if all affected parties could see exactly what you were doing and why? Transparency pressure is a powerful ethical filter. If the answer changes when observers are present, the private version of the decision is suspect.

Warning

These tests are filters, not verdicts. A decision can pass the newspaper test and still be wrong. Use them to catch obvious failures quickly -- not to certify that a decision is ethical. Deeper analysis is required for consequential choices.

Slide 13 of 34

Relativism vs. Universalism

One of the deepest questions in applied ethics: are there universal ethical standards, or does context determine everything?

Ethical Relativism

Ethical standards are culturally determined and vary between societies. What is right in one culture may be wrong in another. A global tech company operating across 150 countries must navigate deeply different local ethical norms around privacy, surveillance, political speech, and data rights.

Ethical Universalism

Some ethical principles apply across all cultures. Prohibitions against torture, deception, exploitation of children, and denial of basic dignity are widely held to transcend cultural variation. Human rights frameworks attempt to codify universalist ethics into international law.

The IT Problem

A US tech company builds a platform used in 80 countries. The government of Country X demands access to dissident user accounts. Relativism says: local law applies. Universalism says: some human rights do not yield to local law. The company must choose a position. That position is an ethical stance, whether it is acknowledged as one or not.

Common Ground

Most professionals operate in a middle ground: acknowledge cultural variation in many domains while maintaining universalist commitments in a small number of core areas. Defining those core areas is the hard work of professional ethics.

Slide 14 of 34 | Case Study

Case Study: Volkswagen Emissions Scandal

Dieselgate. The largest automotive scandal in history. A software decision with global consequences.

In 2015, the EPA discovered that Volkswagen had installed software in approximately 11 million diesel vehicles that detected when the car was undergoing emissions testing and switched the engine to a low-emission mode. During normal driving, the engine operated in a high-performance mode that emitted nitrogen oxides at up to 40 times the legal limit.

The Technical Decision

Engineers wrote a "defeat device" -- software that read steering input, vehicle speed, barometric pressure, and engine operating parameters to detect test conditions. This was not an accident or a bug. It required deliberate design, testing, and validation across multiple engine variants and model years.

The Business Context

VW had marketed its TDI diesel engines as "clean diesel" -- a key competitive differentiator in the US market. The real-world emissions performance and the advertised performance were irreconcilable without the defeat device. The fraud was the product strategy, not a deviation from it.

Slide 15 of 34 | Case Study

VW Dieselgate: Consequences

What happens when an engineering organization normalizes deception as a business practice.

1 VW paid over $33 billion in fines, settlements, and remediation costs across the US, EU, and other markets -- the largest automotive industry legal settlement in history.

2 Multiple VW executives and engineers were criminally charged. Former CEO Martin Winterkorn was indicted in the United States on fraud and conspiracy charges. Several engineers received prison sentences.

3 Estimated additional NOx pollution from affected vehicles caused approximately 59 premature deaths in the US alone according to MIT analysis, plus thousands of additional cases of respiratory illness across Europe.

4 VW's stock lost over 30% of its value in the days following the EPA disclosure, wiping out more than $25 billion in market capitalization.

5 The engineers who built the defeat device later testified that the decision was made at multiple levels of management. They followed orders -- and that defense did not prevent prosecution.

Slide 16 of 34 | Case Study

VW: Ethical Framework Analysis

Apply the three frameworks to the decision made by VW engineers and executives.

Utilitarian Analysis

Did it maximize aggregate benefit? VW shareholders and dealers benefited from sales. Consumers got high-performance engines. But the public -- including children with asthma, elderly people near highways, communities downwind of vehicle traffic -- bore the health costs without consent or compensation. The calculation fails badly.

Deontological Analysis

VW deceived regulators, customers, and the public simultaneously. The universal rule being followed: "deceive test systems when real performance cannot meet standards." Universalized, this rule destroys the entire regulatory infrastructure designed to protect public health. It fails Kant's categorical imperative completely.

Virtue Ethics Analysis

What virtuous engineer builds a system designed to lie? Honesty, integrity, and professional responsibility are foundational engineering virtues. The engineers who built Dieselgate knew what they were building. The organizational culture had normalized deception to the point where engineers no longer recognized it as a violation of character.

What Would You Do?

You are an engineer on the TDI emissions project. You are told to implement the defeat device logic. You understand what it does. Your manager says it is necessary to hit sales targets. What is your next action?

Slide 17 of 34

When to Speak Up

The ethical obligation to report misconduct -- and the professional and personal cost that comes with it.

The Obligation

Professional codes of ethics in IT universally include some form of obligation to report significant ethical violations to appropriate parties. ACM Code of Ethics (2.10): report violations in computer science to appropriate parties. IEEE Code: speak out against misconduct. Silence is not neutral -- it is complicity.

Internal vs. External Reporting

The escalation path matters. Start internal: supervisor, compliance officer, ethics hotline, general counsel, board. If internal channels are compromised, captured, or unresponsive, external reporting to regulators, law enforcement, or the press may become the only ethical option.

The Personal Cost

Whistleblowers face retaliation: termination, blacklisting, legal action, social isolation. Legal protections vary widely by jurisdiction and industry. The Dodd-Frank Act protects securities whistleblowers in the US. OSHA covers certain safety violations. Most IT professionals have minimal protection.

Ethical vs. Strategic Calculation

The utilitarian question: will this disclosure cause more good than harm? The deontological question: do I have a duty to disclose regardless of outcome? The virtue question: what would a person of integrity do? These questions rarely converge on "stay quiet and keep your job."

Slide 18 of 34

Organizational Ethics Culture

Individual ethical decisions are shaped by organizational culture. Culture is the default behavior when no one is watching.

Tone at the Top

Executive behavior sets the ethical ceiling. If leadership bends rules, manipulates metrics, or retaliates against honest feedback, the organization learns. Employees are rational: they observe consequences, not speeches. Ethics programs without ethical leadership are theater.

Normalization of Deviance

Small ethical violations that go uncorrected become the new normal. Teams that ship features with known privacy problems "just this once" are conditioning themselves for larger violations. The Challenger disaster and Dieselgate both involved organizations that had normalized engineering warning signs over time.

Psychological Safety

Teams with psychological safety surface problems early. Teams without it hide problems until they become crises. Google's Project Aristotle identified psychological safety as the top predictor of high-performing teams. It is also the top predictor of ethical team behavior -- people only report problems when they believe they are safe to do so.

Warning Pattern

When an organization talks about ethics constantly but punishes people for raising ethical concerns, the message employees receive is: ethics is for external audiences, not internal behavior. That gap between stated values and lived culture is where the most serious violations originate.

Slide 19 of 34

Professional Codes of Ethics

Codified standards that define minimum acceptable professional behavior. They are floors, not ceilings.

ACM Code of Ethics

Association for Computing Machinery. General moral imperatives: contribute to society, avoid harm, be honest, be fair, honor intellectual property, protect privacy, honor confidentiality. Professional imperatives: improve professional competence, know and respect existing laws. Organizational leadership principles and compliance obligations.

IEEE Code of Ethics

Institute of Electrical and Electronics Engineers. Ten commitments including: accept responsibility for decisions, avoid conflicts of interest, be honest and realistic in claims, improve understanding of technology, maintain and improve technical competence, seek, accept, and offer honest criticism.

What Codes Cannot Do

Codes cannot replace judgment. They enumerate principles; they cannot enumerate every situation those principles apply to. A code that says "protect privacy" does not tell you what to do when your government demands user location data or when your data retention policy conflicts with a user's deletion request.

Enforcement Reality

Most IT professional codes are aspirational. Unlike law, they lack state enforcement. The ACM can rescind membership; it cannot impose fines or prison sentences. Real enforcement comes through employment consequences, regulatory action, and civil litigation -- not professional body sanction.

Slide 20 of 34

Ethics Under Pressure

Ethical reasoning in real organizations happens under time pressure, hierarchy pressure, and financial pressure. Abstract frameworks are not enough.

Rationalization Patterns

"Everyone does it." "It is not illegal." "I was just following orders." "The benefits outweigh the risks." "No one will find out." "Someone else will do it if I refuse." These are the standard patterns through which ethical violations get normalized in professional settings.

Obedience to Authority

Milgram's experiments: ordinary people administered apparent electric shocks to others when instructed by an authority figure. The IT equivalent: engineers build surveillance systems, write discriminatory algorithms, or deploy deceptive UX because their manager said to. Authority does not transfer moral responsibility.

Moral Disengagement

Bandura: people disengage morally by displacing responsibility ("it was management's call"), dehumanizing victims ("users are just data"), and distorting consequences ("the harm is minor or theoretical"). Recognizing these mechanisms in your own thinking is a prerequisite for resisting them.

Building Ethical Resilience

Pre-commitment helps. Decide in advance how you will respond to certain categories of requests: "I will not build systems designed to deceive users." "I will escalate safety concerns regardless of project timeline." Pre-committed positions are far more durable than in-the-moment ethical reasoning under pressure.

Slide 21 of 34

Ethics and Power Asymmetry

IT systems concentrate power. The ethical obligations of those who build and control technology are proportional to that power.

Concentration of Control

A handful of technology companies control information access, communication infrastructure, financial systems, and increasingly physical infrastructure for billions of people. The engineers who build these systems exercise power over people who have no say in system design and often no alternative to using the system.

Algorithmic Power

A content recommendation algorithm decides what information billions of people see. A credit scoring model determines who gets housing and employment. An ad targeting system influences election behavior. These systems have more political and social influence than most government agencies.

Accountability Gaps

Traditional accountability mechanisms assume visible, attributable decision-makers. Automated systems are opaque, distributed, and often designed so no single person made the "decision" that caused harm. Accountability architecture must be intentionally designed into systems -- it does not emerge naturally.

The Engineer's Responsibility

You will build systems that affect people who cannot examine or challenge them. That asymmetry creates ethical obligations that go beyond the employment contract. The professional's duty to public welfare, codified in every major engineering ethics code, exists precisely because of this power gap.

Slide 22 of 34

The Social Contract and Technology

Technology companies enter implicit agreements with the societies that permit them to operate. What are the terms?

What Society Provides

Infrastructure, educated workforce, legal system, market access, limited liability corporate structure, intellectual property protection, government contracts. Technology companies are not self-created -- they exist within a social and legal system that grants privileges with implicit conditions attached.

What Is Expected in Return

Tax contribution, employment, compliance with regulations, non-exploitation of market power, respect for democratic institutions, protection of users from harms the company enables. When companies extract value while externalizing costs onto society, the social contract breaks down.

The Current Tension

Platforms profit from engagement driven by outrage, misinformation, and psychological exploitation while externalizing the social costs onto democratic institutions, public mental health systems, and news organizations. Whether this is an ethics failure, a market failure, or both -- and whose responsibility it is to fix -- is one of the defining policy questions of the decade.

What Would You Do?

You are a product manager at a social platform. Your engagement data shows that outrage-inducing content drives 3x more session time than neutral content. Leadership is asking you to tune the algorithm to optimize for session time. What do you do?

Slide 23 of 34

International Ethics Frameworks

When technology crosses borders, whose ethical framework applies? Key international instruments that shape global IT ethics.

UN Universal Declaration of Human Rights

Article 12: no arbitrary interference with privacy. Article 19: freedom of expression and opinion. Article 20: freedom of assembly. These rights predate the internet and have been interpreted to apply to digital contexts by the UN Human Rights Council. They represent the universalist anchor for digital rights debates.

OECD AI Principles

Adopted by 46 countries. AI systems should be transparent, explainable, robust, secure, and accountable. They should respect the rule of law, human rights, and democratic values. They should not be used in ways that undermine democratic institutions. Nonbinding but influential in regulatory design.

EU AI Act (2024)

First legally binding AI regulation in a major jurisdiction. Risk-based classification: prohibited (social scoring, real-time biometric surveillance in public spaces), high-risk (employment, education, credit, law enforcement), limited and minimal risk. Fines up to 35M EUR or 7% of global revenue.

Practical Impact

If you build AI systems used in the EU, the AI Act is your compliance floor. If you build systems that process EU resident data, GDPR applies regardless of where your company is located. Technology ethics is not local -- it is global, and the regulatory landscape reflects that.

Slide 24 of 34

Algorithmic Bias as an Ethics Issue

Bias in automated systems is not a technical defect -- it is an ethical failure with distributional consequences.

COMPAS Recidivism Tool

ProPublica analysis (2016): COMPAS risk scoring tool used in US sentencing predicted Black defendants as high-risk at nearly twice the rate of white defendants with similar criminal histories. The algorithm's bias was invisible to defendants, their attorneys, and often to judges relying on its scores.

Amazon Hiring Algorithm

Amazon's ML hiring tool trained on 10 years of resumes -- predominantly from men -- systematically downgraded resumes that included the word "women's" (as in "women's chess club"). Amazon scrapped the tool. The bias was not programmed; it was learned from historical human bias in the training data.

Facial Recognition Errors

NIST testing found that facial recognition systems from major vendors had error rates for Black women up to 100 times higher than for white men. Law enforcement use of these systems has produced wrongful arrests. The engineers did not intend bias -- the training data encoded existing societal disparities.

The Ethics Obligation

Unintended does not mean unaccountable. Engineers who deploy systems affecting protected classes have an obligation to test for disparate impact before deployment, monitor for it during operation, and disclose it to decision-makers. Ignorance of bias in your own system is not a defense -- it is a failure of professional due diligence.

Slide 25 of 34

AI and Emerging Ethics Challenges

Generative AI is introducing ethical challenges faster than frameworks can adapt. Core tensions to understand now.

Consent in Training Data

Generative models are trained on vast amounts of human-created content -- text, images, code, voice -- most of which was produced without consent to that use. The legal frameworks are contested. The ethics question is cleaner: should you use someone's creative work to build a competing system without permission or compensation?

Deepfakes and Deception

Synthetic media creates the ability to generate realistic video and audio of people saying and doing things they never said or did. The technology is neutral. Its deployment for non-consensual intimate imagery, political disinformation, and fraud is not. The ethics of building and releasing generation tools is not separate from the ethics of the harms they enable.

Autonomous Decision-Making

Systems that make decisions about employment, credit, bail, insurance, and healthcare without human review raise accountability questions that existing frameworks do not cleanly resolve. When the system is wrong, who is responsible? The answer must exist before deployment, not after.

The Pace Problem

Ethics frameworks develop over decades. Technology deploys in months. The gap between "this is possible" and "someone has thought carefully about whether this should exist" is where most current ethical crises in tech originate. Slowing down to think is not an obstacle to innovation -- it is a precondition for responsible innovation.

Slide 26 of 34

Privacy as an Ethical Value

Privacy is not a compliance requirement -- it is a foundational human value that technology uniquely threatens.

Why Privacy Matters

Privacy is the condition under which individual autonomy, freedom of thought, and freedom of association are possible. Mass surveillance changes human behavior -- people self-censor, avoid associations, and alter beliefs when they know they are being watched. The harm is not just data exposure; it is the chilling of freedom itself.

The Privacy Paradox

Studies consistently find that users express high concern about privacy but willingly trade personal data for minor conveniences. This does not indicate that privacy is not valued -- it indicates that privacy choices are systematically structured to be difficult and that the long-term consequences of data collection are not salient at the moment of exchange.

The Design Implication

If your system is designed so that the privacy-preserving choice requires more steps, more effort, or more confusion than the data-sharing choice, you have made an ethical decision -- you have structured behavior through architecture. Privacy by default is an ethical position. Data collection by default is also an ethical position. Own it.

Professional Standard

Build systems that collect only what is necessary for the stated purpose. Retain only for as long as required. Delete when no longer needed. Give users meaningful control. These are not just compliance requirements -- they are what an honest professional would do with other people's data.

Slide 27 of 34

IP and the Ethics of Copying

The line between learning from others' work, being inspired by it, and stealing it is both legal and ethical.

Software Licensing Ethics

Using open-source software under a GPL license in a closed-source commercial product without complying with GPL terms is not just a legal violation -- it is taking value from a community that offered it conditionally. The ethical obligation of license compliance exists whether or not the copyright holder is likely to discover the violation.

Code Plagiarism

Copying substantial blocks of code from Stack Overflow, GitHub, or other sources without attribution, license compliance, or understanding is professional plagiarism. The ethical dimension goes beyond legality: code you do not understand is code you cannot maintain, secure, or take responsibility for.

Trade Secret Obligations

When you leave a company, you carry knowledge. The ethical obligation to protect former employer trade secrets is real and independent of whether you signed an NDA. Using proprietary algorithms, client lists, or system architectures at a competitor harms the people who trusted you with that information.

Ethical Violation Example

An engineer memorizes database schemas, customer lists, and pricing algorithms before resigning to join a direct competitor. No data is physically taken. The ethical violation is complete regardless. The harm to former colleagues, shareholders, and customers who trusted the company with that information is real.

Slide 28 of 34

Technology and Sustainability

The environmental costs of technology are real, measurable, and largely borne by people who did not make the technology decisions.

Energy and Carbon

A single large language model training run can emit hundreds of tons of CO2 equivalent. Global data centers consume approximately 200-250 TWh annually -- comparable to the entire electricity consumption of some mid-sized countries. These costs are externalized to communities near data centers and ultimately to global climate.

E-Waste

Planned obsolescence in consumer electronics generates 53 million metric tons of e-waste annually. Most is exported to developing countries for processing under conditions that expose workers to toxic materials. The supply chain of your phone or laptop traces back through labor and environmental conditions you were not asked to approve.

The Engineer's Question

Is the additional server capacity required to serve this feature worth its energy cost? Is training a larger model justified by the marginal performance improvement? These are engineering optimization questions with environmental ethics dimensions. The ethical professional considers both.

Slide 29 of 34

Ethics Across IT Roles

Ethical responsibilities are not uniform across roles -- they scale with access, influence, and the nature of decisions made.

Software Engineers

Build what is asked -- with full awareness of what is being built. Responsibility to flag harmful requirements, refuse to implement deceptive patterns, maintain code quality that others must trust with their careers, and document decisions that will outlast your employment at the company.

Data Scientists / ML Engineers

Audit training data for bias before deployment. Test for disparate impact across demographic groups. Document model limitations honestly. Refuse to deploy models in high-stakes contexts without human oversight. The asymmetry between model confidence scores and model reliability in edge cases is your ethical responsibility to communicate.

System Administrators / Security

Access to infrastructure and data creates disproportionate trust obligations. Confidentiality of user data seen during administration. Ethical use of access privileges. Responsibility to report system misuse even when the misuser is a superior. The privileged access you hold is held in trust for others.

Slide 30 of 34

Ethics of Security Tradeoffs

Security decisions often involve genuine ethical tensions between competing values, not just technical optimization problems.

Security vs. Privacy

More monitoring produces more security -- and more surveillance. Keyloggers catch insider threats and capture every private communication an employee sends. Full network inspection stops malware and reads encrypted messages. Where you draw the line is an ethical position about the relative weight of security and privacy, not a technical calculation.

Encryption Backdoors

Governments regularly request backdoors in encryption systems for lawful intercept. The technical reality is that a backdoor for one government is a vulnerability exploitable by all. The ethical tension: law enforcement needs vs. security of billions of users and the integrity of global communications infrastructure.

Vulnerability Disclosure

A researcher discovers a critical vulnerability. Full immediate disclosure protects users who are currently at risk but gives malicious actors time to exploit before patches are deployed. Responsible disclosure (90-day embargo) balances these. But who decides the timeline, and what is the researcher's obligation when the vendor refuses to patch?

Offensive vs. Defensive

Security tools -- exploit frameworks, zero-day exploits, network scanners -- are used by both defenders and attackers. Building dual-use tools carries ethical responsibility for how they will be used. Selling vulnerabilities to the highest bidder without transparency about the buyer's intent is widely regarded as professionally unethical.

Slide 31 of 34

Applied Ethics Scenarios

Apply the frameworks. No right answer is given -- you are expected to argue a defensible position using the tools from this module.

1 Your employer asks you to add a feature that makes subscription cancellation require 8 steps, a phone call, and a 24-hour waiting period. The legal team has approved it. What do you do? Which framework drives your answer?

2 You discover your company's ML system is denying loan applications at significantly higher rates for applicants in zip codes with high minority populations. Your manager says the model has not been shown to be discriminatory in the legal sense. What is your ethical obligation?

3 Your government client is asking you to build a system that identifies political dissidents in social media posts using NLP. The contract is legal. Your personal moral position is that it will be used to harm people. What do you do?

4 A competitor's open-source project contains code that, if slightly modified, would give your company a major competitive advantage. The license is MIT. The original author is a solo developer who would be financially harmed by your use. Is it ethical to use it?

Slide 32 of 34

Ethics as a Career-Long Practice

Ethical reasoning is not a one-time course. It is a professional competency that requires continuous development.

Stay Current

The technologies you build change. The regulatory landscape changes. The social understanding of what constitutes harm changes. A professional who stopped thinking about AI ethics in 2018 is operating with obsolete frameworks in 2025. Continuous learning in ethics is as mandatory as continuous learning in technology.

Build an Ethical Network

Find colleagues who will tell you when your reasoning is weak. Participate in professional communities where ethical questions are openly discussed. Read across disciplines -- philosophy, law, sociology, psychology. The perspectives that will most improve your ethical reasoning are usually outside your immediate technical domain.

Document Your Positions

Keep notes on ethical decisions you face and how you resolved them. Review those notes periodically. Were your frameworks consistent? Did your reasoning hold up over time? Pattern analysis of your own ethical decision-making is a form of professional self-audit that few engineers practice but all benefit from.

Teach Others

The obligation to raise the ethical competency of your team is part of professional responsibility. An organization where only some individuals think about ethics is an organization where ethical behavior depends on who happens to be in the room. Distribute the capability broadly.

Slide 33 of 34 | Exercises

Practice Exercises

Complete these before moving to the next module. Written responses required for exercises 2 and 3.

1 Identify one real-world IT decision from the past five years that was legal but widely criticized as unethical. Map it to at least two of the three ethical frameworks covered in this module. Does the analysis converge or diverge across frameworks?

2 Write a one-paragraph argument that the VW engineers who built the defeat device bore individual moral responsibility, even if ordered to do so. Use at least one named ethical framework. Address the "following orders" objection directly.

3 Your company's leadership has asked you to implement a dark pattern -- a UX flow designed to make users accidentally opt-in to marketing emails. Write a one-paragraph internal communication to your manager explaining why you will not implement it as specified, citing professional ethics standards.

4 Carroll's CSR pyramid has four levels. Rank three current major technology companies on each level and justify your rankings with specific examples of their behavior in each category.

Slide 34 of 34 | Summary

Module Summary

Ethics is not a filter applied at the end of a project. It is a lens used throughout design, development, and deployment.

Morals are personal. Ethics are shared and defensible. Law is the minimum enforced by the state. All three apply simultaneously to your work -- and they will not always agree. Your job is to reason through the conflict, not to pick the one that is most convenient.

8 Facts to Carry Out of This Lecture

1 Morals are personal. Ethics are professional standards. Law is the minimum floor. Confusing these leads to "it is legal" as the terminal ethical argument.

2 Utilitarianism: maximize aggregate good. Deontology: follow duties regardless of outcome. Virtue ethics: act as a person of good character would. Use all three; none is sufficient alone.

3 CSR = economic + legal + ethical + philanthropic responsibilities. Companies that optimize only for profit while externalizing costs are failing three of the four levels.

4 VW Dieselgate: a deliberate software deception caused $33B in penalties, criminal prosecutions, and real health harms. Following orders was not a defense for the engineers involved.

5 Rationalization patterns -- "everyone does it," "I was following orders," "no one will find out" -- are how ethical violations are normalized in organizations. Recognizing them is a prerequisite to resisting them.

6 Algorithmic bias is not a technical defect -- it is an ethical failure. Engineers who deploy systems affecting protected classes have a professional obligation to test for disparate impact before deployment.

7 The ethical decision-making process: identify the issue, identify all stakeholders, check your facts, apply frameworks, consider alternatives, document the decision and the reasoning.

8 Technology amplifies human decisions. Good ethical reasoning scales. Bad ethical reasoning at the system level scales catastrophically to millions of people who never consented to the decision.