Legality vs. Ethicality in Software Testing:

A Module for Classroom Exercises

Joseph H. Wujek, P.E.

University of California at Berkeley

Department of Electrical Engineering and Computer Sciences

Presented at the International Conference on Ethics in Engineering and Computer Science, Case Western Reserve University Cleveland, Ohio - March 22,1999

Presented at the OEC International Conference on Ethics in Engineering and Computer Science, March 1999

Engineering: The Creative Art of Applying Science for the Benefit of Humankind.

Dr. Wujek in front of a blackboard.

Abstract
Suitability of the Exercises
Scenarios for the Written Theatrics and Assignments
Bibliography
Use of These Notes

Abstract

This exercise will involve students by employing impromptu theatrics in arguing courses of action in a fictitious and credible scenario. The theatrics technique in ethics teaching has been used by the author for about ten years, with generally successful results. In addition to theatrics the instructor-user of this module has the option of several assignments which are not mutually exclusive. These combine engineering thinking, ethics reasoning, and communications skills. Readily assignable from the module are: writing a memorandum, holding a class discussion, negotiating consensus-building, and staging a debate.

The author has used a variety of engineering ethics scenarios in the classroom. To demonstrate the theatrical technique we chose software testing for the technical content. Software testing is not widely taught at the undergraduate level, and in the present case we believe that:

  1. The ethical issues are more subtle than found in many popular case studies, for example, the Challenger disaster or the DC-10 cargo door design flaw. Therefore, it is likely that they are in some sense more credible for most students.
  2. Questions of legality vs. ethicality are inescapable. Some of the many "shades of gray" should be exposed by the nature of the exercise.

Because the ethical and legal issues are embedded in a technical problem, the scenario satisfies a need to integrate ethics teaching into the engineering curriculum. The problem statement technical matters are not well defined. Hence:

  1. It allows the instructor-user latitude to fit the scenario to reinforce a particular technical concept. This helps to make it "more real" and relevant for students.
  2. It provides a vehicle for open-ended problem solving. It illustrates that determining "What is the problem?" and "What don't we know?" often are the more difficult aspects of engineering. An optional assignment may be used to explore the more elusive elements.
  3. For entry-level engineering students, or for students not majoring in engineering, the instructor can bypass some of the technical complexity and concentrate on the ethical consequences of recommended action and inaction to the scenario.

The module is adaptable. It may be used without ethics course prerequisites in such courses as controls/mechatronics, computer software development, engineering economy, and the capstone design of most engineering disciplines. Statements of ethical theories and a principle most often applicable in engineering ethics cases are included in the notes. These are intended to furnish background in ethical reasoning. A short bibliography is included.

The author believes that because role-playing is rarely used in the engineering classroom, doing so tends to make the occasion, and therefore the ideas, memorable.

Back to Top

Suitability of the Exercises

The assignments are intended for at least second-year students in engineering or computer science. The exercises may be part of a course in engineering professionalism or ethics; or integrated into design or analysis courses. Some understanding of Kant's Categorical Imperative, Utilitarianism, and the Principle of Informed Consent should enhance the pedagogic value of the drills. These are summarized below.

Two among Several Relevant Theories of Ethics

  1. The Categorical Imperative of Immanuel Kant (1724 - 1804): "Act on a maxim which you can will to be a universal law." This is a Respect for Persons (RP) morality, and a deontological, or binding duty, theory. In Kant's philosophy the Categorical Imperative means that it is both a necessary and absolute moral law, and that it is the ultimate rational basis of all moral conduct. Further, it is binding on all rational beings and is not based on conditional premises, wishes, or consequences. A maxim may be thought of as a "formula" of sorts, a prescribed behavior. For example, if A is a subjective condition, and if B is an action, then a maxim could take the form: If A occurs, I will do B. Law here is not used in the legal sense, rather it means a principle of action independent of fear of punishment, etc. Thus one applies the test of asking oneself: "Could I will (desire) that the action I am about to take, B, should become the duty of all rational beings in response to A?" Note that this is a cogent and rational argument for world peace.
  2. Utilitarianism, associated with Jeremy Bentham (1748 - 1832) and John Stuart Mill (1806 - 1873) may be stated as: "Act so as to produce the greatest happiness for the greatest number of people." Pleasure and pain are held to be the only intrinsic good and intrinsic evil, respectively. Utilitarianism is also called the Greatest Happiness Theory.

Another idea often relevant in engineering ethics is The Principle of Informed Consent. This means that the potential user(s) of our products and services must be made aware of hazards and other implications of using them.

Back to Top

Scenarios for the Written Theatrics and Assignments

The theatrics and written assignments may be given in any order after the scenario has been read and questions answered regarding it.

The Scenario: Personal and Corporate Ethics vs. Contract Law?

You ("you" may mean more than one person if so assigned) are employed by VaporWare, Inc. (VWI) in its Software Development Group. Among your responsibilities is the testing and quality sign-off of custom software before full release to the customer or client. Normally, this is the last in-house work prior to delivery of product.

VWI is a small, privately-held "start-up" which does custom hardware and software design. You own no part of VWI, but your employment contract specifies that in two years you will be considered for inclusion in the limited partnership. A majority vote of the owners is sufficient for you to be so rewarded.

You are the only person(s) involved in the testing of the software named APUDA. The product is to be delivered to One Big Monopoly, Inc. (OBM), who intend to use APUDA in an unstated process control system. The APUDA product was to be designed to a specification furnished by OBM, which has from the outset refused to discuss the application. Rumors have circulated that the product is being developed for the CIA. Still other rumors have it that market and trade considerations are the reasons for secrecy.

The profit to VWI, based on an on-time delivery of APUDA, is estimated to be $170 thousand. There is no bonus for early delivery. Other estimates indicate that for the current fiscal year the total VWI profits will be $1.2 million. A penalty clause in the contract stipulates that payment to VWI will be reduced by an amount such that VWI profit for the APUDA project will be reduced by about $20 thousand for each day of delay after the due day (D-Day). Thus, for example, if the product is 10 days late, VWI will suffer a loss of $30 thousand in the APUDA Project.

Your close friend Pat was the team leader in writing the code. Because of illness to one of the team members, and another leaving VWI for another job, you received APUDA 3 days after the scheduled time to begin full-functionality testing. If you work 18-hour days, and if only minor bugs need fixing, you are confident that you can complete the testing to the original schedule and thus ship "on time." You begin testing.

Testing proceeds well and is nearly complete at 3:00 a.m. on the last day. For on-time delivery APUDA source-code is to ship by overnight carrier at 4:00 p.m. this (last) day. You enter the next-to-last input sequence and to your horror observe that the output states are not as specified. You examine the input sequence just entered and are relieved to note that you made an error in two bits in entering the input-variable sequence. Entering the correct input sequence yields the correct output. You complete the test and all is well. Of the 1,024 allowed input sequences of 16-bit words, only the next-to-last word yielded erroneous outputs.

You check again the OBM specification and observe that it does not specify performance for input bit-errors, i.e., except that if an input sequence is not in the set of allowed inputs the outputs shall remain in its previous states.

You talk to Pat at 8:00 a.m. of D-Day and are assured by Pat that, "The code meets specifications."

Ethical Implications of Software Testing Impromptu Theatrics

A student plays the main character ("the engineer") in the scenario, and in the dialogues outlined below. The opposite character, e.g., "the boss," is played by the instructor or a student. Because conflict is necessary, but not sufficient (!) for a successful experience, it is important that this character oppose the position voiced by the engineer. Therefore, if a student is chosen to play the foil to the engineer it is essential that the person disagrees with the position of the engineer. Such may be noted by polling the audience before choosing the player(s).

The rules of performance are flexible and should be based on the backgrounds of the students, level of experience in ethics instruction, etc. Some suggested options are:

  1. Encouraging the audience to coach either actor. The actors are free to accept or reject the advice from the audience. The more articulate or interesting suggestions from the audience may be used by selecting as a new actor the person who made the suggestion. The instructor may choose to "reset" the action to the initial boss/engineer meeting or continue the play from the moment the new actor entered the scene.
  2. Stopping the play as needed to clarify a point, expand on the scenario, elaborate on something said in the theatrical dialogue, etc.
  3. Switching roles. Each participant takes the positive of the arguments just argued in the negative. A good exercise in rhetoric!

Have a general discussion after the theatrics to summarize what was learned. Do a critique of how each player represented a personal agenda and compare to ethical behavior ideals. A written exercise done immediately after the performance may be useful.

Sample Dialog Sub-Scenarios

In the following dialogues assume that the entire scenario given above has been completed, but the engineer has not yet signed-off on the testing and the engineer has not discussed the test results with anyone. If so desired, assume that the dialogues below are independent of one another.

Dialogue A

The boss meets the engineer by chance at the work site. This occurs only a few minutes after the engineer has been assured by Pat "The code meets specifications." The boss asks, "How'd the APUDA ("ah-poo-da") testing go?"

Dialogue B

A lawyer from the legal department of VaporWare meets with the engineer, and introduces self as Wilhelmina (if female role-player) or William (male) J. (for Justine, or Justice) De Litigious, Esquire (used for either f, m). The lawyer takes the entree line, "Just call me Will, forget the Esquire. Your boss asked me to chat with you about the APUDA testing, just in case you have some concerns about it."

If the engineer indicates no concerns the lawyer should explain some of the possible legal ramifications. Some of these implications may be "invented" ad hoc, but they should be consistent with the scenario and plausible. Because the scenario indicates significant unknowns such as the application for APUDA, the lawyer may elect to pursue a "what if" track in the discussion.

The lawyer must take always the legal position, that is, "Would the corporation breach the contract?" The lawyer seeks to minimize, or at least reduce, financial risks to the client from ensuing legal actions.

Dialogue C

A VaporWare employee asks the engineer, "How did the APUDA testing go? I understand that there's big bucks at stake for VaporWare, and that there are some serious bugs in APUDA!" Assume that the engineer knows the questioner.

Dialogue D

An OBM (the customer) engineer is announced as a surprise visitor to see the engineer. The OBM engineer explains, "I'm here to save you the trouble of shipping the APUDA source-code to us. I'll just carry a copy of it back to OBM on a late flight today. Are you ready to release it and sign-off?"

Ethical Implications of Software Testing Written Assignments

These assignments may be used to supplement the theatrical exercises or as "stand alone."

Main Assignment

  1. Write a memorandum (memo) to your boss, that is, the instructor or whomever the instructor designates as the addressee. Report the results of your testing of APUDA. Use the memo format specified by the instructor. In your memo be sure to:
    1. Indicate the status of the software testing as of D-Day.
    2. Make recommendations, not suggestions, for action, if appropriate.
    3. Attach calculations or supplemental data, i.e. "backup," if appropriate. Be prepared to defend, orally and in writing, the statements made in your memo.
  2. Write an essay that discusses one or more of the points listed below. The instructor may make the selection(s) or leave the choice entirely to the student.
    1. Compare the relationship to the employer of a lawyer representing VaporWare, Inc. as in Dialogue B, with the relationship to the employer of an engineer. How do each relate to VaporWare customers? To the public at large? To the competitors of VaporWare?
    2. Suppose the engineer recommends telling OBM management of the "anomalies" found in the test but VaporWare management orders APUDA shipped without informing OBM of the problems. What, if anything, should the engineer do? Support the position taken.
    3. Review the ethical code for any USA-based engineering or computer science society and cite any language that may be in it that would apply to the scenario. Many societies have worldwide membership.
    4. Same as (c) but for an engineering society not based in the USA.
    5. Comment on differences and omissions between the two codes of (c) and (d) above.
    6. Consider the isolation and anonymity between the designer and the user that often occurs in engineering. In the present scenario these factors are compounded by a third party, OBM. How may this affect the performance, responsibilities, and "ownership" of the quality of the product from the designer's perspective? Ideally, how should it affect these matters?
    7. How does the engineer's ethical responsibility change owing to the presence of a third party such as OBM in the scenario given here? Examine the matter in general and for the present scenario.
    8. Compare the differences between the fundamentals of problems of the kind given here versus the homework problems assigned in a typical engineering course.
    9. Suppose the engineer in the scenario discovers that APUDA is to be used in one of the systems noted below. Examine each application and comment on the engineer's responsibility depending upon the particular application.
      1. A computer or video game.
      2. A device for monitoring the production of individual factory-workers in a so-called Third World country.
      3. Part of the attitude control system of a commercial airliner.
      4. Patient-monitor for intensive-care hospital rooms.
      5. A surveillance system for use by law enforcement to monitor clandestinely the activities of known criminals. May be used to activate unknown devices.
      6. None of the above, and the application remains unknown.

Optional Assignment

Note: Do not use the information of this problem as known in problem 1 unless the instructor states otherwise.

Suppose that the input variables are 16-bit words which are read into the APUDA program. Assume that in any one word the probability of a 1-bit error occurring is 10 and that such errors are statistically-independent and distributed with equal probability over a word.

Back to Top

Bibliography

A highly abbreviated listing of works on engineering ethics and societal responsibility of engineers and technologists.

The World Wide Web is rich in ethics materials with many links. The Online Ethics Center for Engineering and Science at Case Western Reserve University is a good place to begin.

Use of These Notes

These notes may be duplicated/distributed for noncommercial educational purposes. They may be copied in part if the source is properly credited.

Back to Instructional Resources in Engineering Ethics
Return to Instructional Resources in Computers, Software, and Privacy
Return to International Conference on Ethics in Engineering and Computer Science