What should a software engineering Hippocratic Oath equivalent be?

There can't be one because

1. The ethical decisions that happen in the industry aren't made by the software engineers.

2. The boundaries around those decision are very grey. Can I create a feature that breaches user's privacy? What if I don't build the feature but just write documentation for it? What if I do pure research but then my research is used for a morally questionable purpose by the company? What if my company does a bunch of shady things but not my department? What if my company respects its users but mistreats its employees? What if my company treats employess and users fairly but it's in a questionable industry like gambling for example? Or what if I make a game that's perfectly fine for most players but a small number of them get addicted to the point that it ruins their lives? And so on, these questions go on forever and it's not as straightforward as "do no harm".

In addition to the other answers, there's already a comprehensive Code of Ethics from both the ACM (https://www.acm.org/code-of-ethics) and IEEE (https://www.ieee.org/about/corporate/governance/p7-8.html). For those in the US, the NSPE also has their Code of Ethics (https://www.nspe.org/resources/ethics/code-ethics). In short, there's already plenty of that sort of thing floating around (sotto voce) and being ignored by practitioners.

You might want to look into the Archimedean oath https://en.wikipedia.org/wiki/Archimedean_Oath

For traditional engineering disciplines, we have one already!

I am an Engineer. In my profession, I take deep pride. To it, I owe solemn obligations.

As an engineer, I pledge to practice integrity and fair dealing, tolerance and respect, and to uphold devotion to the standards and dignity of my profession. I will always be conscious that my skill carries with it the obligation to serve humanity by making the best use of the Earth's precious wealth.

As an engineer, I shall participate in none but honest enterprises. When needed, my skill and knowledge shall be given, without reservation, for the public good. In the performance of duty, and in fidelity to my profession, I shall give my utmost.

https://en.wikipedia.org/wiki/Order_of_the_Engineer#Oath

I shall respect the physical, mental and digital wellbeing of a person. I shall respect their personhood, both physical and digital. I shall do no harm, neither direct or indirectly. And I shall willingly assist those in need, wherever and whenever I can.

I say look no further than the Oath of the Engineer.

Sometimes the simplest is the best. There'll always be differences in everyone's moral fiber, but generally speaking, be professionial, be efficient, come up with a plan to build every project that comes your way, ybe willing to say "No" when everyone else wants you to say "Yes" when put in a position in opposition to the interests of the Public.

It'll change from country to country, but the essence of it is universal to the field of endeavor, and legalism should have nothing to do with it.

Note discretion is nowhere included in that except maybe implied in professional. That's intended; as Engineers, we all must be on guard for those building things harmful to the public, and be willing, if Fate deems it necessary to inform other Engineers of the danger, and educate the non-Engineer enough that they can come to a reasonable conclusion on the matter, even if they don't end up swinging the way we think they should.

For ours is a postion of systemic guardianship and stewardship of the Will, made manifest through artifice, of humanity. Every nut and bolt fastened, every line of code written, compiled, interpreted, and executed; every transmission, transaction, every automated task, and task left unautomated is another fold in the delicate structure of the societies in whose service we ply our trade.

Ethics remains the same no matter the tool. If there's something specific to programmers then perhaps it would be:

- Don't create software you don't want to work.

There's lots of good things mentioned so far. I'd like to add something to the effect of -

"I shall not attempt to manipulate user behaviour in order to increase revenue or metrics. The usage of my product shall be driven entirely by the user's conscious and deliberate desire to engage with it."

Yeah, I know — it's vague and completely unrealistic. Still... a man can dream.

Turns out I wrote one a few months ago. This is its first outing. I just put it there without accompanying explanations, so it may seem a bit obscure. And it is clearly unfinished, if finishable. It is more a moral code in the sense of the ten commandments. And I am not native english speaker. So here it is:

Do not make computer programs that force humans into repetitive tasks. Computers are made for automating tasks, not enslaving humans.

Do not pass onto users a responsibility that is on the program side.

When the user has a responsibility, make it clear. The computer program must warn users when their input could cause a valid output for which they would be held responsible.

Programs must never silently fail.

Once users have used a computer program, you must not remove it from them, render it useless or make it available at a price higher than agreed beforehand. Once users have used a feature of a computer program, you must not remove it, hide it from them or make it available at a price higher than agreed beforehand.

Programs must not override users inputs solely based on a probability of them being wrong.

Users can always override program outputs that are based on probability or incomplete information.

You must document all the features of the computer program accurately and make the documentation available to all users. Documentation is written in good faith.

Documentation must at a minimum describe the program inputs and the valid program outputs. If the output is based on probability, the documentation must explicit the probability for the program giving a valid output, and the probabilities of giving whatever invalid output.

When the program performance varies between users, any user can obtain the program performance in his/her particular case.

Every citizen is a user of a computer program used for law enforcement. Every citizen is a user of a computer program operating in the public space. Every citizen is a user of a program collecting its inputs.

While I think an effective code of ethics is essential at this point, I think broader professional practices, organisations and boards will have a larger impact on the field and the perception of the field to others.

i'd start with rfc8890 "the internet is for end users" as some baseline behavior

https://tools.ietf.org/html/rfc8890

i like very much that the hypocratic oath starts with a long section on freely teaching & sharing. i believe both in teaching, but also taking great lengths to insure the machines we build are understandable, learnable, visible. any system closed off remote & far away from us is untrustworthy, almost certain to bring about surprising costs & damage to us, over time. the only responsible softwares & systems are ones that everyone can investigate & assess, can evaluate, to look for embedded elements of harm. and learn from, take the knowledge of- as all natural sciences grant!!- & learn from.

the oath goes on to say that those who don't uphold the oath should be denied the teachings & learnings. trust only those who will act for good & virtue.

the oath says we should act in a pure way, doing only the good we purport to bring, taking no other actions (ex, seducing someone in the house). again it is utmost to retain trust, to act only virtuously, for the end user, for the stated recipient.

things that happen between practitioner & their, i dunno, practitioner, are to be held in confidence, not shared, not spied on or surveilled for other use/misuse.

violators of the oath are to live short disrespected lives.

Security researchers act in a very ethical manner.

Product engineers are, in average, the most unethical of the bunch: the ones that will release broken software and charge the customer as if it was finished, the ones that will wait for the customer to find bugs before fixing them, the ones that will market their software as safe and fill their page with words like "secure, safe" and security related imagery like lock icons without actually backing it up with good practices... etc.

Any opinions on the matter completely ignore the fact that the software engineers are NOT the shot callers.

And the fact that changing jobs -- in case you have an ethical disagreement with your employer -- is awful abs hugely taxing on both your physical and mental health. And yes, that goes to programmers as well. It ain't all sunshine and rainbows as many claim.

In short: having an ethical code is irrelevant. It will be overridden by the business anyway so why waste your time composing it?

The BCS have a code of ethics for their members (note the BCS goes beyond software development and incorporate roles such as business analysts amongst their members). It's pretty good imo https://www.bcs.org/membership/become-a-member/bcs-code-of-c...

I solomly swear not to pretend I can control or even forsee the use of my work or how it will be extended by others.

I'm surprised no one (including the IEEE and NPSE, linked in another comment) has mentioned that software engineers should be responsible for disclosing knowledge of any data breaches (and probably security vulnerabilities) that they know about. This would be at the top of my list.

Text of the Hippocratic Oath

https://en.wikipedia.org/wiki/Hippocratic_Oath

--

TL;DR:

Respect and look after my mentors.

Teach my art for free to those following this oath; but not to others.

Do the best job I can according to my ability and judgement.

Always work in an ethical way; do no evil.

Respect privacy.

Do not lock users out their own hardware. (Aka iPhones, gaming consoles, tractors ect...).

Do not create hidden/activated functions.(Think of VW diesel scandal, or other triggered back doors).

Respect peoples privacy.

The "ethicality" of any given program is a non-trivial semantic property. It follows that any software engineering "Hippocratic Oath" is an undecidable concept.

None. As I told to a judge in a criminal case I was asked to testify: if you want I can swear with a hand on the Bible or promise I will tell only the truth, but I don't believe in any of these. You can trust my word or not, these are the only options. No matter how many codes you have in place, there is no way to guarantee they will be respected by everybody at all times. That does not mean I ever did something wrong by intention in any job that I had, but this is coming from my principles of life, not because laws or codes.

Order of the Engineer is a similar thing that already exists. You swear an oath and get a sick pinky ring.

Protect/Sell people’s personal data is like the main ethical issue with software engineering.

I thought about it a lot, and i really can't see a way. Being an independent developer or running a custom development company we all always face the problem of building knowingly hopeless software: that cannot exist, targets nonexistent market, and is built for a client who with full confidence unable to make any benefit out of it - Dunning-Kruger effect being on our side. I spent my entire career seeing stuff built which shouldn't be built because it makes no sense, from ICQ clones in 2000 to Chatroulette clones in 2010 to Tik-Tok clones in 2020. And i can't see any probable way out of it: pick projects that make even the remote semblance of sense and you have to work for much smarter clients -> won't make any money...

Do not harm any software.

GDPR is a good start for user data. It's like sex. Get consent, stop if they say stop, and everybody has a good time.

You'd want other aspects for software freedom (see: GPL?) and ingrained limits in AI (see: all Isaac Asimov).

First do no spam.

I shall not force my own political opinions on users of my code.

I shall forego code of conduct for the users of my code and let them behave freely.

No. This is a non-starter. A doctor deals with a patient. A developer deals with a small number of abstractions of a bigger system.

Forget it. The idea is sort of well meaning but completely divorced from reality.