Hair dryers have standards, why not software? A call for Rights by Design.
We can plug and use electrical appliances without fear, thanks to the existence of SIRIM certification. We can go grab food from friendly neighbourhood restaurants, without having to carry a test kit to check for food safety. But what about software? There are groups and organizations keeping hair dryers and teh tarik safe to consume, but there's no equivalent of those things for software.
The message above, was brought up a lot in my few conversations with Jean from the IO Foundation. While attending the workshop titled Rights by Design hosted by the foundation yesterday, the message was echoed throughout the session.
Rewinding to last week, I received a message from a friend, saying he referred me to Jean from the IO foundation. Jean and I then got into a video call to discuss about potential work collaboration shortly after. In the physical meet up a few days ago, he kindly extended an invitation for me to attend a workshop that discusses the topic of standards and their applications within Standard Developing Organizations (SDOs).
One of the many questions raised throughout the workshop is, "Do we want to build software that harms human beings (or otherwise)?", which follows by "How do we ensure that?". It somehow fits into the theme of the workshop, which is also one of the aspects of the IO foundation. Digital rights considerations should receive more emphasis and preferably incorporated into the design of any software.
The workshop featured some SDOs in the tech industry, so it is safe to say it was quite tech-heavy. The effort to keep the content engaging for both techies and non-techies alike is very encouraging, considering all the alphabet soup of acronyms.
Software engineering relies heavily on best practices. But here’s the thing: 'best' is a subjective measure, and software engineers are very vocal with their opinions. The theme of the workshop, Rights by design, is a key principle in the Data-Centric Digital Rights (DCDR) proposed by the IO Foundation. The DCDR framework provides guidance to respect digital rights into the software design and development.
It is not uncommon to hear stories about how our gadgets are always listening to our conversations, or worse, data breaches where our personal information is leaked or caught on sale. Data privacy is certainly a concern these days. We hear experts advise us to be mindful of what we share, use multiple email accounts and safeguard our passwords. It gives an illusion on how we have control over data privacy.
That may be correct where we do have some control over what data we share, but we often do not have control over how it is used or where it is sent. The argument where the intent matters more was raised, and I fully agree. Data is only useful when it is being used, and even if we are careful with what we share, it is possible to identify individuals from completely anonymized datasets. There are also published research papers on the mathematical models used to combine these seemingly unrelated pieces of information.
The internet is modelled after a layered architecture of technologies. Each layer consists of components implementing standards or recommendations from various SDOs. In the second segment of the workshop we learned about some of the more prominent ones, namely the IETF, the ICANN, the ITU and the W3C. These organizations have different governance structure, and their own process for developing standards and recommendations. The IO Foundation introduced these organizations to raise awareness within the local community and encourage greater participation in standards development.
The workshop concluded with a thought experiment, challenging us to think through what we learned. We were asked how SDOs affect our work. As a software engineer primarily building web applications, my main source of reference is usually standards published by W3C. Beyond many core web application standards, they also develop standards for other areas. Some of the more interesting ones I had experience in the past are related to data representation. These include semantic web, linked data, rdf, owl, and json-ld.
Although I attended the workshop with limited prior knowledge, I still find this workshop very interesting. It was a helpful refresher on the networking stack and gave valuable insights into how standards are developed. It does leave a lot of food for thought. For instance, we should stay mindful when building software to uphold digital rights. I often see computer code as a manifestation of business rules, and if the analogy is valid, I wonder if I can deduce that code that causes harm means the business itself is unethical.
This article was written by me, and edited with the assistance of Gemini to ensure clarity and flow. Contact me here on Medium or LinkedIn to discuss project collaboration and job opportunities.
