Tom MacWright

Ethics are not enough

ethics aren't enough

Ethics are not enough to fix the technology industry. We need regulation and laws to draw bright lines around what is and isn’t acceptable, in terms of privacy, competition, risk, and health.

The movement to introduce ethics into computer science education is well-intentioned and will likely succeed at raising personal awareness. But the idea of actual regulation has been missing from the conversation. I think that the omission stems from tech culture, which has long shunned any government involvement, and from tech leaders, who are economically motivated to minimize oversight. The current norm is good for business: companies make public ethical promises and break them without consequence.

Focusing solely on individual ethics is a seductive trap because the technology industry treats startups as collections of workers, not like the faceless corporations of the past. That has never been true. Technology companies are corporations, and corporations are designed to take risks and make decisions that no individual would make alone.

And the drive for ethical oaths misses the point. They reference the Hippocratic Oath, which has been taken by physicians for hundreds of years, and swears them to uphold ethical standards. But when a doctor commits medical malpractice, it’s a legal matter, usually as negligence. Violating a symbolic oath is the least of their worries.

Oaths are useful for daily self-guidance, but where there are severe consequences, we’ve supplemented them with laws. Privacy is encouraged by the Hippocratic Oath, but enforced by HIPAA: a federal law.

The tech industry has suggested that there should be more regulation than presently exists, but less than any law has proposed - with the exception of net neutrality. We’ve seen the tech industry rally behind net neutrality laws in the last few years. Maybe we can see the same enthusiasm for common-sense user protections.

We, people who make technology, who have a stake in the future, should know and care about ethics, but we should also rally for smart regulation. It’s time for a wider range of digital wrongdoing to become illegal, not just unethical.


The need for regulation doesn’t invalidate or devalue the push for ethics. We need both. A useful historical reference is the rise of interest in business ethics which, combined with deregulation, hasn’t especially worked.

Regulation is not necessarily positive, and many past examples have missed the mark. But if techno-futurists can imagine worlds where cars drive themselves, they should be able to fathom a world where technology is required to meet a basic level of privacy and equity.