Info sec, AI and ethics – some thoughts #codemesh

I’m heading off to speak at the CodeMesh Conference in London shortly and I’ve been thinking about the emerging boundaries between information security, AI and ethics. I will post some thoughts as they evolve.

Developers (and others) and ethical approaches

We need to help everyone, from coders through info sec professionals to senior organisational leaders, to understand that information security, AI and ethics are part of the everyday landscape for everyone now. It is no longer something that someone else does and it needs to become embedded into our everyday practices.

Nobody has all of the answers, and nobody even has all of the questions. But this intersection between information security, privacy, AI and ethics is becoming increasingly important as we start to think about the kind of future we are building. We need to think about to create the kind of future we want and not merely wander blindly into some kind of dystopian future.

In particular, ethics is an area that we do fairly well in academic research. Universities have well-established ethics processes and there is a high level of consciousness among researchers of its importance. But in business this is not even a secondary consideration. There is general theoretical agreement that everyone ought to take an ethical approach to their work, but it is not always welcome in practice. And yet business folks have a part to play in creating ethical workplaces. We all do.

In software development some of the practices that have been proposed – things like Privacy by Design or Security by Design – are interesting,  yet I’ve not seen either in the wild. These are sensible approaches, and Privacy by Design is even part of GDPR so it might even work (eventually). Yet neither of these explicitly focuses on ethics.

And all of this is not much help when a developer is approached by a business person and is asked to develop something that might be ethically a bit shady. Look at the example of the developer for Volkswagen who went to prison for his role in creating software to deceive regulators around the world. There can be real world consequences for poor ethical decision making in the workplace.

VW engineer sentenced to 40-month prison term in diesel case: [he] was a “pivotal figure” in designing the systems used to make Volkswagen diesels appear to comply with U.S. pollution standards, when instead they could emit up to 40 times the allowed levels of smog-forming compounds in normal driving. – Reuters 26 Aug 2017

It all seems to point to a need to develop ways for business people to run an ethical lens over their ideas way earlier than when they approach a developer.

One approach that has merit is something like the Ethics Canvas, which is inspired by notions like the Lean Canvas or the Business Model Canvas. A simple and easy to use tool such as this could provide business folks with a way to consider the ethical implications of things that they ask developers to do. I’ve started to use the Ethics Canvas at work in some projects, it will be interesting to see how it goes.

Header image: By Martin420 [CC BY-SA 4.0 (, from Wikimedia Commons