In the 1980s, when I first began thinking and writing about ethics and computing, there was much speculation about how computing would and should develop as an occupation or a set of occupations. At that time, of course, one had to turn to the histories of other fields to learn about paths to professionalization. With more than 25 years behind us, the picture remains unclear. What is the state of the field of computing now and where should it go?
Professionalization is of interest not for its own sake, but for what it would do to promote a socially responsible deployment of computing expertise. To get quickly to the heart of the matter, we might use a distinction as a foil: although it oversimplifies a complex situation, the distinction between guns-for-hire and professionals frames the issues of professionalization in stark form. A gun-for-hire is someone who puts his or her expertise up for sale to the highest bidder; he or she will do anything anyone wants as long as it is legal. By contrast, and in what is admittedly an idealized paradigm, professionals have standards; they take responsibility, individually and collectively, for setting standards of practice acknowledging that law is limited and will not adequately protect the values that should guide the field. Typically, professions act collectively through an organization that promulgates and enforces a code of ethics and professional conduct, and that articulates the core values of the profession, for example life (in medicine), safety (in engineering), and accuracy (in auditing). Are computer experts guns-for-hire or professionals?
Sociological accounts of professions have suggested that we think of professions as systems or mechanisms for managing expertise. A group convinces society that restrictions should be placed on who engages in a particular occupation. It convinces society there is a body of knowledge that should be mastered before one practices, for example, before one treats the sick or represents another in a court of law or audits a financial statement. The group convinces society that competence can only be determined by those who have already mastered the relevant body of knowledge. Thus, experts, not outsiders, should be in charge of specifying requirements for the field and deciding who has met the requirements.
When a group successfully makes these claims, society grants the group the power of self-regulation. However, this power is granted in exchange for the group’s commitment to manage its activities to achieve social good, or at least not in ways that are harmful to society. When doctors professionalized, the intention was to distinguish themselves from "charlatans" and "quacks," those who claimed they could heal patients but who had no scientific understanding of how the human body worked. Once the system of medicine was established, patients could expect that when they went to a "doctor," they would be treated by someone with a certain level of competence. This serves the interests of those who are sick and, in turn, the broader society.
Professionalization often occurs against a backdrop of concerns about the pressures of the marketplace; that is, professionalization is targeted, in part at least, to take certain issues out of the marketplace. When an occupational group has specified standards and articulated its values, then members will (at least, they are expected to) refuse to do anything inconsistent with those standards and values—no matter how much a client or customer is willing to pay. The standards and values become part of the professional culture.
The distinction between guns-for-hire and professionals doesn’t map neatly onto computing. Rather than a sharp division, there seems to be a continuum with computer experts falling at different places in terms of their adherence to standards and recognition of professional or social values. Perhaps the most striking characteristic of computing is variability. Clients, customers, and the public encounter computer experts with a wide range of qualifications, experience, and competence. There is enormous variation in the kinds of jobs that computer experts have, in the nature of their expertise, and in the type and amount of education they have. Education is perhaps the easiest way to distinguish one computer professional from another, though it isn’t necessarily the most telling. Certification is another means by which skill and competence are established, though certification is used for fairly narrow domains of expertise.
Certification and degrees in higher education are means by which individuals obtain "credentials"; they fulfill one of the functions that are associated with professions. In the paradigm of professions, a single overarching organization such as the American Medical Association is in charge of credentialing. In computing, software engineering is the subfield that has taken the biggest steps toward professionalization. The field has adopted curriculum requirements in higher education, requirements that are targeted to ensure a particular kind of competence. The state of Texas has taken the establishment of requirements one step further by creating a system for software engineering licenses. Still, software engineering aside, variation is the most salient feature of computer experts.
A key feature of any profession—from the perspective of professional ethics—is how it manages the differential in knowledge between its members (experts) and those whom they serve. Computer experts generally work either as employees in organizations (including corporations, government agencies, and nongovernmental organizations) or as consultants hired to perform work for clients. Often their employer or client does not have the expertise to understand or evaluate the work being performed. Moreover, the work of computer experts often has implications for many who are indirectly affected—users of the products produced, recipients of services that are computerized, the public who rely on computerized systems in everything from public transportation to the Internet. The important question here is: how do computer experts understand and manage their relationships with non-experts who rely upon them?
A key feature of any profession—from the perspective of professional ethics—is how it manages the differential in knowledge between its members (experts) and those whom they serve.
These relationships are central to practice in the field and how experts manage these relationships is an important aspect of professional ethics. Consider the following three different ways to conceptualize expert/non-expert relationships. First, computer experts might think of themselves as merely agents. They might presume that their client, employer, or supervisor is in charge and the expert’s role is merely to implement the decisions made by those higher up. Essentially the expert sees him- or herself as the means to an employer’s or client’s ends. This model takes us back to thinking about computer experts as guns-for-hire. There are at least two problems in adopting this model. First, we know that when computer experts implement decisions, they often have a good deal of latitude and their choices can have powerful consequences. "Code is law" as Lawrence Lessig argued in his 1999 book, Code and Other Laws of Cyberspace. The work of computer experts may structure an environment, facilitate and constrain behavior, and materialize social values in one form or another. To characterize this work as that of an agent is to deny the real power that computer experts have. Second, if computer experts operate as if they are agents, their clients and employers don’t get the full benefit of their expertise. Clients, employers, and the public need computer expertise for higher-order decisions, that is, they need help identifying goals and strategies, not just implementation. When you go to a doctor, you don’t tell the doctor what to do, leaving implementation to the doctor’s discretion; you want the doctor to determine what needs to be done and to discuss with you the options that are available; you want the doctor to explain the risks and benefits of alternative approaches.
Second, we might think of the proper role for computer experts as paternalistic. Computer experts, it might be argued, are in the best position to understand needs, comprehend potential risks and benefits, as well as foresee the consequences of implementing a system in various ways. Thus, non-experts need computer experts to act on their behalf. According to this model, a client, employer, or the public should transfer all decision-making authority to the computer expert. This provides what is missing in the first model for clients, employers, and the public to get the full benefit of the expert’s knowledge. The problem is that computer experts aren’t experts with regard to values, interests, and preferences. The model oversteps the expertise of anyone who is competent in computing for no matter how well trained or how much experience a computer expert has, he or she is not an expert on someone else’s needs and values.
The third model of the relationship between non-experts and experts combines elements of the first two models and is best suited to the complexities of decision making in computing. It is a model in which experts and those whom they serve share responsibility. Decisions are made through interaction and iteration. Referred to as the fiduciary model ("fiduciary" means trust), this model calls for a relationship of trust between experts and non-experts. The client/employer/public must trust the expert to use his or her knowledge to pursue their interests and values. The professional must trust that the client/employer/public will give the professional relevant information, will listen to what the professional says, and ultimately share in the decisions that must be made.
The fiduciary model seems the best model to emulate because it recognizes both the multidimensional character of decision making in computing and the differential in knowledge between experts and non-experts. Computer experts aren’t just building and manipulating hardware, software, and code, they are building systems that help to achieve important social functions, systems that constitute social arrangements, relationships, institutions, and values.
What is the simple message in all of this? In a word, it is "trust." In two words, it is "public trust." I used the fiduciary model as the model for all expert/non-expert relationships when in reality there are significant differences between a client-professional, employer-employee, and expert-public relationship. However, one of the distinguishing features of professions, as hinted at earlier, is that they are committed to public good even when they are serving clients and employers.
Computer experts have power—in virtue of their expertise, in virtue of their occupational roles, and simply because so many non-experts depend on their work.
Whether the field of computing evolves to come closer to the paradigm of a profession (or not), whether computer experts choose to see themselves as guns-for-hire (or not), computer experts must act so as to be worthy of public trust. There is much to be gained in doing this and much to be lost in failure. If computer experts don’t act in a manner that garners and maintains public trust, then the field and its potential to create enormous benefit will not be fully realized. Sure, computing won’t go away, but progress will be slowed and diverted as outside regulators jump in and the public has a mixed experience. Computer experts have power—in virtue of their expertise, in virtue of their occupational roles, and simply because so many non-experts depend on their work. While it is rarely acknowledged and even less often stated, this power has been implicitly granted on the basis of a tacit promise that computers and computing would make for a better world. We go forward building computer infrastructures for essential functions and the public—which does not have the expertise to judge—presumes this is for the good. While computing has taken some positive steps to develop public trust, a lot more could be done.