Inside the Organization: Why Privacy and Security Engineering Is a Challenge for Engineers

Abstract

Machine ethics is a key challenge in times when digital systems play an increasing role in people’s lives. At the core of machine ethics is the handling of personal data and the security of machine operations. Yet, privacy and security engineering are a challenge in today’s business world where personal data markets, corporate deadlines, and a lack of perfectionism frame the context in which engineers need to work. Besides these organizational and market challenges, each engineer has his or her specific view on the importance of these values that can foster or inhibit taking them into consideration. We present the results of an empirical study of 124 engineers based on the Theory of Planned Behavior and Jonas’ Principle of Responsibility to understand the drivers and impediments of ethical system development as far as privacy and security engineering are concerned. We find that many engineers find the two values important, but do not enjoy working on them. We also find that many struggle with the organizational environment: They face a lack of time and autonomy that is necessary for building ethical systems, even at this basic level. Organizations’ privacy and security norms are often too weak or even oppose value-based design, putting engineers in conflict with their organizations. Our data indicate that it is largely engineers’ individually perceived responsibility as well as a few character traits that make a positive difference to ethical system development.