§ January 7, 2009 01:26 by
beefarino |
Jay Field today posted The Cost of Net Negative Producing Programmers, where he describes his view of how the software development industry fosters NNPPs via overpromotion and a lack of accountability. A good read, with some good points, especially about the total cost of keeping NNPPs on a software team. However, I don't agree that developers are never held to the same legal and financial accountability as, say, doctors or lawyers. Consider industries I've worked in my career....
Education: producing software that exposes certain identity information of a public school student, such as their SSN, is considered a crime in some states.
Gaming: code up software for a slot machine with a hidden a payout indicator (like a pixel that turns red when the machine is ready to pay out) and you win a nickel in the joint.
Medical: a programmer can be held liable in civil court if the software controlling a medical device causes an accidental death. A friend of mine likes to relay the story of a programmer who skirted civil liability by proving that a third-party software library had mishandled a divide-by-zero error that ended up killing three people with radiation poisoning before the problem was noticed.
And the coup de grâce: as a U.S. defense contractor, if you produce software that leaks secret information to an enemy of the state, you could be charged with treason. If the enemy leverages the information in a way that results in the death of an American citizen, you become eligible for the death penalty.
You're probably thinking that my examples are obtuse, rare or from highly-regulated industries. So the lack of accountability is isolated to business software...
Think again. Consider that some states, like Oregon, have inane "anti-hacker" laws that effectively elevate corporate IT policy into state law. Just ask Randal Schwartz about it (that's his mug along-side this post, BTW). In these states, someone who writes code that even attempts to access what ACME considers "sensitive data" could go to prison and pay massive fines, even when ACME chooses to place that sensitive data on a public network. If you've ever had to wade through the corporate IT security policy for a large corporation, you understand why this is so freaking retarted and should scare you out of your khakis.
All that said, I do agree with Jay in that I believe the software industry overall to be a prima donna when it comes to liability and accountability. In most industries when you produce a product that fails to meet its intended purpose, you can be held accountable. E.g., when ACME makes a can opener that fails to open cans, they can be held accountable for the cost to the end user. Software is the only industry I can think of where you can produce a product that is purchased by the end-user to meet a purpose, and then force the end-user to agree to a usage license that alleviates you from having to meet that purpose at all.