Yeah, unless your management has other priorities and their management has other priorities. The buck actually stops at the CEO.

As a member of an unrelated professional body, the buck always stops with me on issues of ethical behaviour. I don't care how much the CEO wants me to do a thing that is good for the bottom line - if I want to keep letters after my name I have to behave in a way that is in line with the professional code of conduct I signed up to.

I'm not saying that such a model is the right one for devs, but it would certainly be an interesting move away from "not my fault - nobody would let me do it right".

CEOs would, of course, then have the choice to hire non-accredited engineers to work on their software, and then the buck does stop there because they made an active decision.

> I'm not saying that such a model is the right one for devs, but it would certainly be an interesting move away from "not my fault - nobody would let me do it right".

I would say I'm in a similar position, but that's because I'm more or less essential (no ego here, and can't explain obviously, but I am) and if I walk out, the company has a lot of BFPs to deal with.

Perhaps there should be some sort of guild? Some way that we could make it harder for ourselves to be replaced in such a way where we can actually stop bucks without just getting fired while they find some script kiddie to do what we wouldn't.

But ideally, "I was just following orders" should not be an excuse. Part of the reason we need proper professional accreditation is so that engineers can say "No, this is wrong.", and the CEO can't say "you're fired, I'm going to hire someone who will do what I say". We need to put loyalty to the profession ahead of loyalty to the business.

I'm not sure many IT Engineers are professionals (as in members of a professional body that they have to answer to, with training, licensing and code of ethics etc)?

https://en.wikipedia.org/wiki/Profession#Characteristics

That I think is the real problem? I mean how many of us on this thread alone are pushing around troves of consumer data today? Maybe just browsing habits or analytics or what have you but nevertheless, here we are, handling possibly terrabytes of data on people we don't know, who don't know us, and have no current way to hold us accountable if we do it wrong and they are subsequently affected.

I mean how many firms do we read about a DAY on here who are collecting by the truckload consumer data, either to be used or sold later? And how many of said firms are taking proper steps to anonymize or secure (or both) said data properly?

Bingo. That's why so much of HN doesn't want to be held to the same standards as actual Professional Engineers - all the shady shit Google and Facebook and their ilk do is enabled because of the lack of personal accountability among the mercenaries who enable the giant surveillance apparatus to exist by implementing it. Then they come here and hand-wring over why privacy is dead or why it's really not so bad what they're doing over there, honest. The cognitive dissonance is palpable.

Possibly a little more of a pessimistic view than I'd take personally, but I get what you're saying. Talking privacy and security is one thing, actually fighting for it in your own org is another.

I had an interesting debate a couple years back in another forum about this. The other person was saying that until people who build software are held personally responsible for our work the way other engineers are, we shouldn’t be calling ourselves engineers. I disagreed then but stuff like this makes me wonder.