Whistleblowing software engineers are facing retaliation when reporting wrongdoing or malpractice, according to a new study.
More than half of software engineers have suspected wrongdoing at work, analysis from software auditing firm Engprax shows. Yet three-quarters of those who spoke up revealed they faced retaliation, leading many to avoid reporting issues.
A top reason for staying silent was retaliation from senior personnel and management figures, the study found, with 59% highlighting this reason specifically for not reporting malpractice.
Nearly half (44%) said they were concerned about retaliation from colleagues while a quarter feared “social rejection”.
16% also revealed their organization had no dedicated reporting policies or procedures in place to enable staff to flag issues.
Dr Junade Ali, principal investigator for the Engprax study said the report highlights a concerning culture of fear and avoidance among software engineers with regard to malpractice reporting.
"Our investigation has shown a tendency for problems to be swept below the rug until they reach boiling point rather than addressed," they said. “This is neither compassionate nor honest for those involved.”
Modern software delivery frameworks typically use subjective surveys within team settings to provide insights on team performance and activities, but are often dependent on engineers being able to express their opinions on peers, the study noted.
This, it warned, creates 'profound' concerns about whether employees feel they are able to speak up.
Gagging clauses keep devs silent
The research also revealed the use of contractual gagging clauses, despite legal protections that protect employees from suffering detriment or dismissal from making 'protected disclosures'.
These cover issues that are in the public interest, and related to criminality, failure to comply with legal obligations, miscarriages of justice, health and safety dangers, or environmental damage.
Some companies have sought to bypass public interest disclosure laws by getting employees to agree to warranty clauses during severance, stipulating that they know of no grounds to make protected disclosures.
These warranty clauses encourage the exiting employee to fully disclose concerns they have about their company they are leaving. However, they can also discourage employees from making reports, according to Richard Moorhead, professor of law and professional ethics at the University of Exeter.
Strengthen and streamline your organization with business continuity management
"They can be used to seek repayment of compensation under an exit package ('you breached the warranty so you owe us the money') or discrediting the report ('well, when they left us they told us there was no allegation that could be reported')," he said.
"If the clause is designed for this second set of purposes it is deeply problematic."
There have been a number of examples of whistleblowing in the tech industry recently - perhaps most notably from Frances Haugen, who in 2021 shared tens of thousands of Facebook internal documents over concerns about the company's algorithms.
In 2017, software engineer Susan Fowler revealed a culture of widespread sexism and sexual harassment at Uber; and a number of engineers working on the Post Office's Horizon IT system were instrumental in revealing its flaws.
"Recent developments demonstrate the fundamental importance of software engineers being free to raise the alarm when they become aware of potential wrongdoing; unfortunately our research has highlighted that software engineers are not sufficiently protected when they need to do so," said Ali.
"From software engineers facing mass retaliation for speaking up and banned gagging clauses still being used, to ‘industry-standard’ software development metrics not considering the public’s risk appetite, this investigation has highlighted systematic and profound issues with society-wide impact, given how integral computers are to all our lives."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.