Communications of the ACM

gation to protect fundamental human rights and to respect the diversity of all cultures. An essential aim of computing professionals is to minimize negative consequences of computing systems, including threats to health, safety, personal security, and privacy. When designing or implementing systems, computing professionals must attempt to ensure that the products of their efforts will be used in socially responsible ways, will meet social needs, and be broadly accessible.

In addition to a safe social environment, human well-being requires a safe natural environment. Therefore, ACM members who design and develop systems must be alert to, and make others aware of, any potential negative impact to the local or global environment.

1. 2 Avoid harm to others.

“Harm” means injury or negative consequences, such as undesirable loss of information, loss of property, property damage, or unwanted environmental impacts. This principle prohibits using computing in ways that result in harm to users, the general public, employees, employers, and any other stakeholders. Harmful actions include intentional destruction or modification of files and programs leading to serious loss of resources, or unnecessary expenditure of human resources such as the time and effort required to locate malicious software, purge it from systems, and mitigate its effects.

Well-intended actions, including those that accomplish assigned duties, may lead to harm unexpectedly. In such an event, those responsible are obligated to undo or mitigate the negative consequences as much as possible. Avoiding unintentional harm begins with careful consideration of potential impacts on all those affected by decisions made during design, implementation, use, and removal.

To minimize the possibility of in-
directly harming others, computing
professionals must minimize errors by
following generally accepted best prac-
tices for system design, development,
and testing. Furthermore, harm can be
reduced by assessing the social conse-
quences of systems. If system features
are misrepresented to users, coworkers,
or supervisors, the individual comput-
ing professional is accountable for any
resulting harm.

In the work environment, an ACM member has an additional obligation to report any signs of system risks that might result in serious personal or social harm. If one’s superiors do not act to curtail or mitigate such risks, it may be necessary to “blow the whistle” to help correct the problem or to reduce the risk. However, capricious or misguided reporting of risks can itself be harmful. Before reporting risks, all relevant aspects of the incident must be thoroughly assessed as outlined in imperative 2. 5.

1. 3 Be honest and trustworthy. Honesty is an essential component of trust. An ACM member will be fair and not make deliberately false or misleading claims and will provide full disclosure of all pertinent system limitations and potential problems. Fabrication and falsification of data are similarly violations of the Code.

An ACM member has a duty to be honest about his or her own qualifications, and about any limitations in competence to complete a task. ACM members must be forthright about any circumstances that might lead to conflicts of interest or otherwise tend to undermine the independence of their judgment.

Membership in volunteer organizations such as ACM may at times place individuals in situations where their statements or actions could be interpreted as carrying the “weight” of a larger group of professionals. An ACM member will exercise care not to misrepresent ACM or positions and policies of ACM or of any ACM units.

1. 4 Be fair and take action not to dis-
criminate unfairly.

The values of equality, tolerance, respect for others, and the principles of equal justice govern this imperative. Unfair discrimination on the basis of age, color, disability, family status, gender identity, military status, national origin, race/ethnicity, religion, sex, sexual orientation, or any other such factor is an explicit violation of ACM policy.

Inequities between different groups
of people may result from the use or
misuse of information and technol-
ogy. In a fair society, all individuals have
equal opportunity to participate in, or
benefit from, the use of computer re-
sources. However, these ideals do not
justify unauthorized use of computer
resources, nor do they provide an ad-
equate basis for violation of any other
ethical imperatives of this code.

1. 5 Honor intellectual property rights
and give proper credit.

ACM members are obligated to protect the integrity of intellectual property, unless there is an overriding ethical reason not to do so. Examples of types of violations include (but are not limited to) misrepresentation of authorship, misrepresentation of the origin or ownership of ideas or work, misappropria-tion of a commons, unauthorized use, unauthorized copying, unauthorized derivative works, and counterfeiting. In normal circumstances, violations of intellectual property laws pertaining to copyrights, patents, trade secrets, nondisclosure agreements, and license agreements are contrary to the Code. Even when not explicitly barred by law, such violations are contrary to the Code.

Fair uses of intellectual property are necessary for the progress of technology in the service of the public good. ACM members should not oppose appropriate fair uses of their intellectual property.

Efforts to help others by contributing time and energy to projects that help society illustrate a positive aspect of this imperative. This includes contributions to projects that are in the public domain, free software, or open source software.

1. 6 Respect privacy.

Technology enables the collection and exchange of personal information quickly, inexpensively, and often without the knowledge of the people affected. ACM members should use this personal data for legitimate ends without violating the privacy rights of individuals and organizations. ACM members should therefore implement security measures to maintain the privacy and integrity of personal data. This includes taking precautions to ensure the accuracy of data, as well as protecting it from unauthorized access or accidental disclosure to inappropriate individuals. Computing professionals should establish procedures to allow individuals to