This is the first in what is proposed to become a series of articles addressing ethical issues affecting professional geoscientists, ideally with particular relevance to Australia but where the nature of the topic makes contributions more broadly relevant.  David Abbott has been writing a column in professional ethics for the American Institute of Professional Geologists (AIPG) for many years.  David approached me at the International Professional Geologists’ Conference, organised by Geoscientists Canada in Vancouver a couple of years ago and suggested that a column dealing with professional ethics was a notable omission from AIG News and the Institute web site.  AIG, after all, requires all members to comply with the Institute’s Code of Ethics.  Many would also agree with the concept that willingness to adhere to a code of ethics and a commitment to continued professional development are the two principal factors that distinguish professionals from others in the workforce.

With this in mind, here’s the first instalment in what will, hopefully, become an ongoing discussion of professional ethics relevant to geosciences.  The AIG web site provides an ideal platform for turning these articles into a discussion of issues.  You can comment on each post (if you’re an AIG member), post a discussion on the AIG Linkedin group, or even contribute an article to this series.  The time you take to contribute will help to enhance the value of this discussion.  We will also look at republishing articles from kindred societies around the world to help provide a different perspective on a subject that, after all, is fundamental to being a professional.

“What’s a professional?”

In essence, there are two aspects of personal practice that set professionals apart from other workers in their selected field:

1. A commitment to continued professional development: ongoing, self-initiated actions to at least maintain, if not improve, knowledge and awareness of both technical and non-technical developments and issues relevant to their chosen field; and,
2. Conducting their professional practice in an ethical manner, usually in accordance with a code of ethics representing best practice standards, set and enforced by a professional institute.
3. To be considered to be ethical, your professional activities must be conducted in a manner that does not cause harm to others.

The latter is an element of ethical practice that is frequently overlooked but is considered by many to be fundamental.

Central to most professional institute codes of ethics are a series of fundamental principles or duties of professionals to the public, their employer or client, fellow professionals, their profession and themselves.  These principles extend to most aspects of professional practice.

Computers, Data Management and Ethics

Computers have become an integral part of professional geoscientific practice.  Email has been a near universal means of communicating with colleagues and clients for some years.  On-line advertising and websites such as LinkedIn have, with little doubt, become the principal means by which professionals seek new employment opportunities and recruiters search for candidates for positions they have been charged with filling.  The Internet is considered by many to be an indispensable research tool, providing access to a vast range of information resources.

The ability of computers to manage, analyse and assist in the visualisation of large, complex data sets has also revolutionised many facets of exploration, mining and environmental geology and geophysics.  Analysis of spatial data is almost invariably performed using GIS software or even more sophisticated visualisation and modelling software systems.  Perhaps the most striking developments, however, have been the dominance of portable computers and the cost of software.  Desktop computers are a thing of the past for most of us, with notebook and tablet computers delivering data processing and visualization capabilities that were the province of sophisticated, high-end workstations only a few years ago.  Changes have been in the software arena have, arguably, been the most striking with the cost of “mainstream” word processing, spreadsheet, and presentation software falling dramatically.  We have also moved from having one computer to, in many cases having three in regular use: a smartphone, a tablet and a laptop used principally for “heavy lifting”.  Very few of us purchase software now from a physical retailer.  Software sold on shop shelves frequently contains a website link from where the software can be downloaded and a licence key to activate the product.  More frequently, we’re completing the entire software evaluation, selection, acquisition and purchasing process on-line using the Internet.

We’ve recently seen “cloud computing” emerge as the next big thing.  “The cloud” makes it easy to share data between our different devices and to keep the data shared across devices synchronised.  Both Apple and Microsoft have released cloud enabled versions of their office software that provide access to storage beyond the physical limits of tablet computers in particular, or promote collaboration in the preparation of reports or analysis of data by teams which may comprise members working in different locations.  Project management systems have emerged to facilitate and effectively manage work by distributed teams.  There are, without doubt, applications that contribute to greater productivity by both individuals and teams.  The advent of cloud computing has led to software being bundled with the ability to store documents and information on-line, and for software to be leased to users rather than sold.  There can be onerous commercial conditions attached to this which need to be carefully reviewed and understood before agreeing to use these services.

In all, however, surely this is all good.  There can’t be any ethical issues associated with these developments?  In principle; probably no, but there are some issues that need to be carefully considered.

Data Security

We’re all responsible for the security of information in our possession, irrespective of whether we are an employee dealing with company data, or a consultant working with information owned by our clients.  This information can be a significant asset and we have an obligation to ensure it is secure while in our possession.

Controlling access to your information is critical.  This most frequently involves establishing a password that is used to restrict access to your computer and on-line accounts to just you.  Passwords are not something that should be shared or given to others to gain “temporary” access to data for which you are responsible.

Every professional geoscientist needs to have a data management plan that documents how data is managed to ensure it remains secure in the event of a disaster that could range from destruction of a computer system (e.g. in a fire or flood) or loss of a laptop, tablet or smartphone while travelling, accidentally or due to theft; hardware failure, data corruption; or by virtue of being connected to the Internet, a malicious act such as a software virus, an unauthorised intrusion or even action by others that results in even temporary loss of Internet access.  Backups are an essential component of any effective plan, made regularly according to an established schedule and stored both on and off site.

Intellectual Property Concerns

“The cloud” is a great place to store off-site backups in theory, but there are some potential traps in practice.

Consider the following case.  Do you take photographs in the course of your work?  Outcrops, drill core, drilling rigs, geophysical contractors at work, faces in open cut mines or even underground exposures?  We all do.  Who owns the images you collect?  You, your client, or your employer?  Are there restrictions on the use of the images?  It’s not uncommon for contractors to insist on photographs only being used for “internal” purposes that preclude the photographs being used at any time for anything else, probably in perpetuity.  Did you read the fine print when you signed up with your Cloud service provider?  Did you notice the clause that says that anything you place on their Cloud may be used by them for their own purposes, or in some cases even sold by the service provided to other parties?  The same provisions could apply to reports or other documents that may contain considerable intellectual property.  The chances of anything untoward happening are possibly negligible, but not being aware of the potential for issues like this is an unnecessary exposure that could threaten your professional reputation at least, or lead to more serious issues arising from what could be described as an error of omission.

Explaining to a client or employer how a photograph that wasn’t meant to be in the public domain got there would, without any doubts, be a difficult conversation at the very least. You could complain to your service provider, but you did agree to the terms and conditions of your cloud service when you clicked past the fine print when establishing your account.  Information in documents could receive the same treatment through you unwittingly assigning rights to use information that you elect to store on your service provider’s servers if your user agreement includes these provisions, as some do.

If you are going to use any form of data storage service for management of anything that may be considered or proprietary, or either your, your employer’s or your client’s intellectual property, read the user agreement closely before establishing your account.

Spam; Spam, Spam, Spam, Spam…

I was staggered recently, when discussing a draft of this article with an I.T. professional employed by a mining company in Australia, to learn that something like 97% of the email traffic received by that company’s servers never reaches an employee’s Inbox.  It’s unsolicited, unwanted, frequently unwelcome, possibly unsavoury, maybe even malicious material sent by people trying to cause inconvenience or annoyance at least, through to criminal elements looking to steal your personal information, access your data or misuse your computer’s resources and Internet connection to pursue their own objectives.

I receive unwanted emails constantly.  I expect that you do too.  At best, they promote some form of unwanted advice or attempt to entice us with unparalleled investments or apparently outstanding, never to be repeated offers on goods and services.  Many entice us down the road to identity theft, while a few are simply malicious attempts to open the door to our computer systems, allowing access to either data or system resources that may then be used for other purposes, usually with little indication that some questionable activity is taking place.  The means by which unauthorised access our computers is established may be something as seemingly innocent as a consignment note for a package we weren’t expecting or a file with an unusual extension.  Any file type capable of carrying active content, even a simple macro normally used to automate repetitive work in a word processing program or spreadsheet, should be treated with caution if at arrives in your inbox unexpectedly.

There was a much-publicised case of computer system intrusion in Brisbane last year where a medical practice found its patient records had been encrypted one morning and the person responsible was prepared to sell the practice the encryption key.  A friend in the United States found his email service no longer worked one day last year because the entire domain used by his Internet service provider (ISP) was “blacklisted” by a large number of other service providers because of the volume of Spam email and other undesirable traffic emanating from that domain.

My Internet service at home was blocked by our ISP for several days last year when my son downloaded a piece of software, embedded in a game shared by a friend of his, that sent emails to thousands of addresses globally. Our ISP, quite appropriately, insisted that we demonstrate that the cause of the problem had been dealt with and all computers in our home had appropriate security software installed (which they had but there’s surely nothing wrong with deactivating it to ensure software recommended or sent by a friend wouldn’t be blocked by it) before the service was restored.

The AIG web site is subject to something between 500 and 1,500 attempts each and every day to place unwanted content on-line, presumably for your interest and edification, which is dealt with by security software built into both the web site itself and the servers on which it is hosted.  The site also deals with a number of attempts each day to obtain unauthorised access to the administrator accounts.  It’s absolutely relentless, to the point where software to help enhance the security of the site is essential.  One of the reasons for the recent, major update of the web site was to complete a major change to its underlying security systems.  I often ask why and come up with the mountaineer’s answer: because it’s there; for the least sinister cases but wonder about the motivations for many others.

Personal computers need to be protected too.  There are some good software packages that help to prevent malicious software being installed.  There are some pretty poor products on the market too, some of which are so bad that they can render your computer next to useless while protecting it from intrusion, creating a situation where the cure is worse than the disease.  Seek advice when choosing security software from an I.T. professional, knowledgeable friend or perhaps a computer retailer.

The Internet isn’t a nice place.  Access to email and the ability to deliver information to others, however, makes it an essential business and professional resource.  It’s clearly a professional and ethical responsibility to protect our own profile and reputation, data, information and the resources used to store and deliver it.  The need to have a personal business continuity plan is just as important for individuals, consultants and small businesses, as it is for corporations.

Software Errors

Software is an interesting product.  It’s one of the few products that is marketed and willingly purchased with the knowledge that it may be flawed in some way.

We expect a lot from our computers in terms of ease of use, functionality and increasingly, an ability to communicate readily with a range of other devices: printers, scanners, cameras, the ubiquitous smartphone, the little gadget that straps around your wrist and keeps track of how you’ve slept, how many stairs you’ve climbed and how far you’ve walked, your refrigerator or a remote camera in the lounge room; the list goes on and grows daily.

The software that controls all of the computer’s fundamental functions, the operating system, is becoming more and more complex each time a new version is released and the applications we actually use to make our computers productive, follows suit.  Software vendors are constantly pulled in different directions by the need to deliver functionality sought by customers while ensuring that their products remain compatible with changes in operating system services.

It’s difficult to find a software package that is completely free of flaws.  It’s not unusual for updates, containing minor enhancements and bug fixes, to be released as frequently as every month or so.  I use half a dozen or so applications on a frequent, almost daily basis, at least one of which will be updated every few weeks.  The situation for tablet computers is potentially worse, with the tendency for applications to deliver a limited suite of functions resulting in the use of more, variably interoperable, applications.  Each change to one component of a piece of software has the potential to create a ripple that progresses through all of the other components – some new, unexpected incompatibility, that becomes a catalyst for the next update.  Responsible developers are vigilant in seeking feedback from users of their products to help identify issues that could affect the performance of their products and, usually, adhere to well designed software testing procedures and an orderly strategy for releasing updates, where update schedules reflect their urgency.  Software users need to be equally diligent in ensuring that their use of software is not affected by design and operational shortcomings.

I strongly believe that there is a distinct difference between someone who knows how to “drive” a piece of software and someone who truly understands what that software does.  This is especially critical in the case of geological modelling, mine planning and scheduling software where almost anyone can apply an estimation algorithm to data and obtain a result, but may be blissfully unaware of how that data has been processed and manipulated to produce the resulting estimate.  The well-worn adage “garbage in – garbage out”, referring to data and consequent estimates, is certainly applicable in many situations but doesn’t draw attention to our ability to independently generate “garbage” from reliable inputs.

There are two important ethical principles here:

• A requirement to ensure that software we elect to use for a particular task is fit for purpose; known to produce reliable results by a process of testing and verifying the results it provides; and,
• Possessing the expertise and knowledge required to produce the results that will be presented from the software application.

These requirements apply irrespective of whether the software selected for use is mandated by an employer, or selected by a self-employed consultant or contractor to support their practice.  As a professional, I’m solely responsible for the quality of the work I undertake and deliver to others.  We all are, irrespective of how we are employed.  This makes it a requirement to ensure the quality of all tasks that we undertake and the information that we deliver, which can only be achieved by careful testing of the software tools we employ in the course of our work.  How many of us have a dataset that can be used to generate a geological model and populate the model with a set of attributes that can be compared for consistency with a previous version of the same model to confirm that an existing error has been fixed, or new errors have not been introduced during the latest software update?  Of course, we all run parallel estimates to confirm that the estimate provided by our selected approach is not wildly inconsistent with a broadly comparable estimate derived using a different approach; don’t we?  For example, a kriged estimate of ash content in a coal seam could be checked against a comparable estimate derived using nearest neighbour or inverse distance estimation.  The results won’t be the same: one accounts for data distribution and continuity while the others could be considered an accident of data configuration in many instances, but the results won’t vary wildly at a global level which provides a useful and important check.

I’ve seen consulting agreements where the consultant states that no responsibility can be accepted for errors and inconsistencies attributable to software used by them in the course of their work.  I also have a special filing cabinet for them that’s emptied regularly.  I wouldn’t employ a carpenter who couldn’t drive a nail straight and blamed his hammer.  The ethics of this practice are highly questionable.  Professionals have a responsibility for the quality and completeness of their work.

Conclusions

The management, modelling and interpretation of data, and the communication of results facilitated by modern computer systems is subject to a number of important ethical constructs, as is any other aspect of professional geoscientific practice.  Our use of “cloud computing” shouldn’t result in data security or even intellectual property rights being compromised.  Networked computers, which includes even modest devices such as smartphones and tablets, should not be exposed to unwanted intrusion that could affect access to, or even result in loss of information.  The processes by which data is modelled to produce estimates by technical software must be thoroughly understood.  The reliability of critical software should be tested carefully whenever software updates are installed, prior to use in the course of your work.

Failing to do so results in delays and re-work that could have been avoided.

“The dog ate my homework” type of excuse is one that wears thin very quickly when adherence to basic principles is shown to have been lacking.

Dos and Don’ts

I was asked to add a list of dos and don’ts to the article to help readers who don’t like delving into the “back-end of their computers.  The comments made here are based on my experience.  I’m not an I.T. professional and any knowledge or insight inherent in these comments is the product of experiential learning.  Any additional thoughts, comments or corrections can be added to the AIG web site or Linkedin group page.

“Dos”

1. Be cognisant of how you use your computer and manage data in the course of your work, as a professional, has ethical implications.
2. If you are signing up to any service that involves management or communication of information review the terms of service agreement carefully.  You may be unsuspectingly granting others the right to use information you are entrusting to them.
3. Have a plan for how you will continue your practice in the event of a disaster – computer hardware failure, theft of a tablet or laptop or a fire for example.
4. Secure your data – ensure that at the very least your computer, tablets and smartphones can’t simply be switched on and accessed by others.
5. Don’t open suspicious email attachments.
6. Proof read emails before sending them.  Predictive text can be a wonderful thing but can dramatically alter the meaning of a message, which can be problematic when automatic insertions and corrections go unnoticed.
7. If you rely on a piece of important technical software for making technical decisions or delivering products and services to clients, or other professionals in your company (e.g. geologists, engineers, environmental scientists and metallurgists), test the accuracy and reliability of your results.  Run a parallel estimate.  Establish a test data set that can be used to verify that software updates have not introduced unexpected problems that may otherwise go unnoticed.
8. Don’t just know how to drive a particular piece of software.  Thoroughly understand how it treats the data you provide for analysis in every respect.  If you don’t fully understand what a piece of software does, it may be the case that someone else should perform that work.

“Don’ts”

1. Don’t disclose your passwords and PINs to others to facilitate temporary access to data.  Deliver and share data in a managed manner.  There are no shortage of means by which even large volumes of data and information can be securely shared.
2. Don’t respond to unwanted emails.  This tells the sender that your email address is valid and a target for further attacks.
3. Don’t assume your computer and data are secure if you have an Internet connection.
4. Don’t send sensitive information via email.
5. Ensure that any web sites that request personal information or credit card details do so via secure, encrypted links (your web browser will tell you if the link is secure).
6. Don’t enter into commercial agreements without carefully reviewing the terms and conditions first.  If it’s work related, and the terms and conditions appear confusing or ambiguous, it may be best to seek professional advice.

Emails sent to you by marketers must include a means by which you can immediately and simply opt out of any further communication with the sender, such as replying to the email with “unsubscribe” in the subject line or an unsubscribe link.  The email must also include the full business address, telephone and email contact details for the sender.  If the unsubscribe process proves to be complicated, or the sender’s contact information is not provided, complain to the Australian Communications and Media Authority (ACMA) by simply forwarding the offending email to report@submit.spam.acma.gov.au.  This is an automated service used by ACMA to identify and prosecute companies and individuals who use Spam email as a marketing technique, which is illegal in Australia.  If ACMA pursue the case you will be asked, and should be prepared to provide a statement.  I’ve been asked to provide two statements for two prosecutions, which went before a court and heavy fines were imposed.

Andrew Waltho