The role of ethics on a licence to practice

Just because it's dark doesn't makeit unethicalI’m firmly of the opinion that the IT industry should have a licence to practice, or at least a recognised qualification or membership that indicates that you are serious about your conduct within your career. The best body for this as it appears to stand in the UK is the British Computer Society. Unfortunately, the BCS remains  an embarrassment and continues to fail to make an impact on employers and professionals in respect of a licence to practice, or even recognition of any ethical standing. Despite their reinvented Chartered IT Professional status, they remain invisible and irrelevant.

IT is an industry that now touches us all and the risk of our data traversing physical, network, jurisdictional and geographic boundaries has come into sharp focus with an increase in the number of data leakages and ‘hacks’ that serve to showcase anything from a security hole to the hubris of an anonymous script kiddie. As an individual working within this profession, one should have to commit to exercising every possible effort in maintaining one’s own ethical position, which would include their role in ensuring the projects within which they work make every possible effort to perform to the same standard. The BCS has their own Code of Conduct which attempts to create a position of professional and ethical performance but this does not offer any real sanctions other than being “struck off” as a member of an entirely irrelevant register.

Had a workable and enforceable code of conduct or ethics existed, would we have seen any of just a few of the recent scandals?

  • Volkswagen’s discovery (not admission) that they had used software to cheat in emissions tests for their vehicles under specific test conditions required effort by at least one developer who knew exactly what they were trying to achieve. These developers breached ethical considerations which surely span cultures; thou should not lie. VW’s American CEO Michael Horn claimed in congress that it was two software engineers that came up and implemented the cheat. Of course, we should consider that they may have felt pressured to implement the cheating software, but had there been a substantial professional body behind them they may have felt confident in blowing a whistle.
  • Adobe had 153 million accounts exposed in 2013 which revealed usernames, email addresses, encrypted passwords and unencrypted password hints. Unfortunately, the passwords were encrypted weakly meaning it was fairly easy to brute force the encryption based on repeated sequences of data. Coupled with an unencrypted password hint which only serves to undermine the weak encryption and it makes one wonder whether the developers stopped and thought, “are we doing enough?”
Then there is the incompetence:
  • This year saw 780 people “outed” as HIV sufferers by a leading sexual health clinic. The cause was a basic human error of pasting the email addresses into the wrong field. It’s very easily done. This very basic administrative error has major repercussions on lives.
  • We have our own case of gross incompetence on the Isle of Man. Earlier this year, hundreds of individuals’ email addresses were shared across email, again as a result of the basic administrative error of using the wrong email field. What happened? The Data Protection Commissioner took no action and all that could be seen were some red faces.
Such examples of incompetence are not malicious, but they are indicative of lack of training and oversight. Had ethics been considered, any transaction with any personal data would have been conducted with the greatest of care. Even more shocking is the lack of action by a Data Protection Commissioner whose very position is based on ethical and competent use of data.

I did miss one recent high-profile hack, that of Ashley Madison. This raises an interesting point. Within an ethical framework, where does one’s professional ethics come into play? Personally, I believe that as long as the programmers were honest in what they were doing, regardless of society’s view on the ultimate effect of their actions which are quite rightly extremely serious, then they should feel confident in their professional conduct. The programmers have apparently gone to great lengths to safeguard the identities and security of their clients. We still don’t know how the hack was performed or whether it was an inside job, but based on the news and discussions, security was seemingly tight. This notwithstanding, their managers’ decision not to delete data from individuals paying to be deleted is blatantly unethical and these individuals should feel the full force of the law as punishment.


Open data, open dictionaries

Dictionary pageThe Isle of Man branch of the British Computer Society had a fascinating presentation on open data and mash-ups on Friday. The talk was given by Prof. Robert Barr OBE, and the gist of the session was that data should flow freely to the people in a useful data structure, yet also that the open-ness should be considered with attention to commercial considerations such as intellectual property and the benefits to the wider economy.

While listening to Robert, it struck me that I am in my very own battle for the extraction of data that should be more readily available. As you may know, I am learning Manx. As part of this, I am generating my own revision notes, references, blog posts and the like that may someday see the light of day. Part of this work is the development of a Manx language dictionary for Windows  Phone 7.

To achieve my goal, I needed a copy of the Manx dictionary. Having asked around and researching myself, I gathered a number of links to existing on-line resources. These ranged from PDF formatted documents to fully indexed dictionaries. The PDF version (English to Manx, Manx to English) was unsuitable because it would be difficult to accurately extract the words from the PDF “printed page”. The RoadLingua and FreeLang dictionaries appeared promising, and the dictionaries appeared to be out of copyright. But these were encoded in proprietary dictionary file formats. So ironically, even though the dictionary was “open”, the software needed to be reverse engineered to access the dictionary, itself a violation of copyright. So it was that I was left with the remaining two options that may prove to be useful. These were the Phil Kelly dictionary and the Faragher’s. These were, however, only HTML sites. Between the two, Faragher’s seemed the best, as it provided value-added content such as use of the words within sentences and Manx phrases – ideal if you are interested in the many idioms in use in Manx Gaelic.

So it seemed that I would need to use the Faragher’s site as a “back end” to my application, essentially screen-scraping the site for translations. And indeed, to accomplish this, I would be best served if I wrote my own web site, which acted as a bridge between my Windows Phone 7 application and the dictionary itself. This would double my work, but the reasons were various; the extended platform on a server would allow me to parse the HTML from the site more reliably and by caching words as they were requested, I could – over time – create a reliability buffer in case the original site was to fail. I set about the task and have just launched the site in a very early form of initial testing (take a look, at This was particularly challenging, as the HTML from the Faragher’s dictionary is flakey at best. However, by inserting that middle layer, I could hide this trickery from the user.

All this, because the dictionary was not available electronically in an indexed form. And this resonates with Robert Barr’s point about open data. Open data should not only be open, but also be usefully formatted to allow for its use. An unindexed dictionary is hardly a dictionary! More frustration was in the encapsulation of the indexed dictionary within copyrighted software which was quite closed! I approached RoadLingua about how they would feel about releasing the file formats to their dictionary but I received no response.

So it was with great surprise and relief when I realised that by navigating to an unpublished URL (that should have been concealed from internet users) I could extract the entire Faragher’s dictionary from the site, and put it to my own use! So, after playing with MySQL scripts in order to format them into T-SQL, I now have two 50,000 word dictionaries, one for each direction (Manx to English, English to Manx). Am I going to keep this to myself?

No. I’ve checked about copyright, and I’m informed that this is not an issue, certainly in the spirit of expanding the availability of Manx learning resources. So, as part of my Taggloo project, which already has an effective and reliable API for XML and JSON consumers, I’m going to make the entire database available for use by other applications (maybe mobile phone applications, competing with my own) and web-sites (it becomes possible to “embed” Manx dictionaries on even the simplest of sites). Although the final API has yet to be defined, and there will likely be changes to it in the coming weeks, this data will obviously be free for use by anyone and everyone (subject to fair use – ie. not crashing my server), the API will ask for one thing: the opportunity to record the words being indexed. This itself, over time, will create a second rich data-set. What words are people regularly using? Do these correlate to students’ progress in classes, or do the translations point to any cultural significance such as house names, which are regularly seen in Manx, yet seldom understood?

I have many plans around this project, with further data-sets springing from them, and adding further depth to what will hopefully become reliable and rich data-set containing both formal dictionary content and community contributions. This complements the already available learning resources for the user, particularly those found at I’ll be blogging about them very soon, hopefully in line with an exciting new blog design.

BCS EGM: Which way to vote?

The BCS is currently ” in crisis” or being ” transformed“, depending on who you listen to. I’ve spent much time of late trawling through opinion and comment on the EGM that was announced in a bid to modify the somewhat arrogant management mindset, an arrogance that is often required to drive forward change in an organisation. I’m not about to give you any insightful thoughts on which way you should vote, as I have no idea myself at this point. But, I have some concerns.

The rebrand was all a bit of a shock, with some very attractive brochures being sent to me on my membership renewal. Sort of felt like I was buying a toothpaste, rather than a membership to a professional organisation. However, the old-skool “BCS-key” was getting quite dated and the organisation was lacking relevance.

My personal view on IT practitioners is that to operate in IT, some degree of professional qualification or endorsement is required. It is hard to find a job within IT which you do not come into contact with private or sensitive data, which should be treated with as much respect as a doctor with medical notes. This is a multi-disciplined requirement, ranging from physical infrastructure to secure programming. There are too many amateurs in the profession, and it is seen to be too easy for people to gain access to the industry and present themselves as experts. While membership of the society goes some way to endorsing you as a professional, it hardly qualifies you. The CITP membership level, however, does go some way and seemed to be the most appropriate option for me.

The Chartered IT Professional qualification (CITP) that I obtained is now of the “older order”. This is one that required me to meet the BCS’ SFIAPlus Level 5 criteria, be endorsed by 2 peers and to have worked as a professional in IT. I feel that this is the closest I can come to indicate my belief and subscription to the view that IT professionals must operate under. However, it seems that this qualification is being seen by some quarters as a lower qualification. The BCS has traditionally been an academic and science-focussed, who put a lot of value in the CEng and CSci qualifications. Some of that membership are resisting the change from “Computer” to “IT”-focus. If you are working with computers, you are working in IT – be it computers, internet, or policy. Computers are only one medium through which IT is delivered. The CITP is therefore regarded by these people as being irrelevant.

So I am on-board with the change in focus towards “IT”, rather than simply “computers”. If the BCS is to be seen as an industry professional body, it needs to span the industry, not just the machines it uses. What disturbs me is the BCS lack of understanding of how it should engage with its membership. Of the management, David Clarke and Elizabeth Sparrow recently conducted a road-show around the UK to meet the membership, but they seem to have missed out on the Isle of Man – a shame as the Isle of Man is a very engaging and open branch. Their understanding of the web seems to be below that of the general industry they claim to represent, too. The new web-site was riddled with bugs at launch, undermining any sense of quality assurance an IT professional should claim to practise. The society is spending some time reaching out to members and non-members via social media, which is very welcome, and the Savvy Citizens campaign is a welcome “entry-level” point at which non-IT professionals can interact with members. But why spend the money and effort on developing its own social network, under the banner of “BCS Members’ Network”? Such networks already exist. I keep up to date with the various BCS-related groups on LinkedIn, which has ably met my social media requirements – because they are already in the business and know how to do it.

The dilemma I find myself in is: do I vote for the transformation and overlook the arrogance of the management and possibly undemocratic removal of members’ rights to object in the future, or do I vote for the EGM and at least contribute to a “kicking”; hopefully sending a message to the management that while not all members agree with the principles behind the EGM, there is some unhappiness at ground level. For me, the wrong questions are being asked and the society is using the budget of the BCS to market the anti-EGM agenda quite aggressively, which is somewhat unfair as the EGM-agenda do not have access to the membership to provide their argument – even if the required money was available. Instead, the management seem to be counting on the members submitting their vote to the chairman, resulting in a landslide.

That said, although against an undemocratic process, I feel obliged to vote with the transformation – and the long-term agenda. It is up to the society’s members to drive change for the IT industry as a whole and use the BCS as a vehicle for that. So I reluctantly find myself on-board.

Communicating the value of IT

My response to a BCS seminar as a developer within an average
small-medium size company.

Last year, as a member of the British Computer Society (BCS) I
attended a seminar held by Sherrilynne Starkie, of Strive PR entitled
“Communicating the Value of IT”. I remember it well. A room full of IT bods
(call them what you will), many of whom feel disenfranchised from their
colleagues and slightly under-valued. After all, people just don’t ring IT to
say “Gee, thanks, my computer is working just fine today” – and nor should they!

We were most enthused by this session, in which different suggestions were
made as to how IT can improve their image to the rest of the company. Walking
out of that room, I felt a warm glow as the ideas started to flow and images of
my colleagues lining up in a march of honour as the IT department took their
seats the next morning. Okay, well, maybe I was hoping for too much.

Sherrilynne’s message was simple: the key is to develop a better
representation of the department by tentatively introducing your colleagues to
the ideas and processes IT are involved in. How this can be achieved can range
from the traditional (and rather limited) technical approach of adopting
academic methodologies suchas DSCM, RAD, etc. that are aimed to effectively
ensure an accurate requirements capture by inviting users to read and comment on ideas and thoughts that emanate from the department. I definitely came away from the session with a distinct impression of what we did need as a department of 5: a PR manager!

Without the budget of a finance house, or the government, this was clearly
not an option. But we were introduced to some interesting alternatives. Most
companies have an Intranet, providing access to internal resources such as
expenses forms, files, etc. An Intranet can easily be improved by implementing
some form of community. A Blog or Forum would be an ideal way of encouraging
users to read about what IT are up to, and maybe comment on it.

Let’s consider where we were as an IT department within a SME. Our IT systems
are quite advanced, as we have sufficient IT resource to actively push and
improve the performance of internal systems. People ask for things, and 9 times
out of 10, we do them. No problem there. We try to make sure that people’s
machines are adequately specified for their jobs. No problem there. Where our
problems seem to occur is in inter-departmental communication and – more
importantly – communication.

This was in November last year (2006) and now, six months later, I
think I can blog about how the ideas I have implemented as a result of this
session went.

We have a new project coming soon, which is a new version of an existing
application. Since its implementation more than a year ago, we have had mostly
positive feedback, but some frustrations have been aired and suggestions made.
As the new version approaches the early conceptual stages, we thought “wouldn’t
it be useful if these ideas were captured?” We were using an existing forum
application for the internal knowledge base within IT, which was opened up to
include a new topic. This topic was then presented straight on to the Intranet
home page, with the clear message that anything can be submitted – anonymously – and every idea printed off and considered in subsequent specification
meetings. How better can you entice people to submit their thoughts?

Take-up of this has been slow, with many ideas being aired and submitted into
the system by IT. Two people who are not in IT have actively posted a couple of
ideas in there, but out of a company approaching 60 people with 90% of those
immediately involved with some aspect of this project, it was a pretty poor
show. The topic remains on the Intranet home page to this date, with most topics
submitted by IT on behalf of others. Reflecting on the reasons why this might
have failed led me to one concern by manager had (who was most enthusiastic
about the idea of opening up IT to our colleagues), which was that people don’t
go where they don’t normally go. They feel unsure, are they “allowed” in there?
What do they do when they get in there? It’s all seemed to be confusing for
them. Or maybe it’s the same old thing; complaining is easy, helping to solve
the problem requires effort.

Another issue I wanted to see addressing is the relationship between IT and
Marketing. IT are exposed to the latest in web standards and are keen to see
web-sites and other on-line resource developed in a usable and accessible
manner. Marketing are concerned about how to line things up, how to attract the
eye and the quality of the copy. There was always underlying tension between the
two departments, both having expertise in their area, but being reluctant to
give away ground to the other department. For instance, while Marketing used
capitals as a useful means of attracting the eye, IT would vehemently object to
this on account of readability on the web. In the end, to their absolute credit,
Marketing arranged to have a refresher course on web techniques using the
software they know. This has had the result that while we may not always agree,
we can be sure that the correct thought processes have been used and the end
decision has been made for reasons other than “it’s just done like that”, or “I
like it this way”. To the same extent, IT has had to step back, accepting that
it is not an IT role to dictate design. IT should perform the role they are good
at: which is to keep track of the latest web techniques and advise as

All in all, the session was very useful. I think that the uptake by users to
participate in discussion on the intranet has been a failure, to be honest. This
is a shame, as we have the resources and the enthusiasm to make this work – both
in IT and as raw ideas from people directly involved with the systems and
processes. For some reason, the link was never made between identifying a
problem and recording it in a specially created area. This is not to say that
capturing ideas was a complete failure. Ideas on how to improve some smaller
systems have been listened to and improved, but this tended to be on a more
one-to-one level; that is developer-to-stakeholder rather than, as perhaps we
had hoped, IT-to-company. What has been a success, as shown by the current
project we are involved in, is an improved understanding of roles and domains of
knowledge between the technically-minded and standards-aware IT and artistic and creative Marketing. While IT have made changes in their approach to their
colleagues, I feel the bigger effort has been made by Marketing and the improved
relationship is paying off.

I look forward to the next project ….