Hunt, Lucy and Hall, Tracy (2024) Whistleblowing in Software Engineering : A Study of Interactions and Escalations in Whistleblowing Situations. PhD thesis, Lancaster University.
![[thumbnail of 2024HuntPhD]](https://eprints.lancs.ac.uk/style/images/fileicons/text.png)
Abstract
High-profile incidents and scandals involving software at Boeing, Volkswagen and the UK Post Office have resulted in loss of life, environmental damage, and societal harm. Why were there no apparent whistleblowers during the development of these systems, why did issues only come to light after the systems were in production? Whistleblowing can be described as a public interest disclosure about organisational wrongdoing or harm. Organisations have a responsibility to demonstrate effective mechanisms for detecting, evidencing, mitigating, and speaking up if professional values, practices, or standards are breached on IT projects. Specifically, the ACM Code of Ethics advises software professionals to “blow the whistle” if leaders do not act to mitigate risks of harm. Recent stories in the media demonstrate that software professionals with insider knowledge of issues at Google, Uber, Twitter, and Facebook do take individual and collective action to disclose wrongdoing and harm, often at great personal cost. My published literature review finds software engineering research lacks empirical in-practice studies of whistleblowing, reflective of the frequency, sensitive nature, and obtrusiveness of studying such events. In this thesis I ask, “why and how do software engineers blow the whistle?” and report on actions taken (or not taken) by software engineering professionals to mitigate harm and wrongdoing in software engineering practice. I use existing whistleblowing research and theories to inform the development of a Whistleblowing in Software Engineering (WISE) analysis framework. The framework guides the systematic analysis and abstraction of story data from interviews. Important findings, specific to software engineering practice, are presented through cases in the health, transport, and nuclear industries; my findings are discussed in light of existing whistleblowing research. Key findings relate to tampering with software artefacts to remove, disguise, or leave evidence of issues, and the creating of team and organisational secrets. The cases notably evidence issues being suppressed or covered up by management, in breach of regulatory standards and compliance processes. I find practitioners motivated to uphold professional values and standards despite the negative consequences for themselves. Some experienced practitioners seek help from professional and regulatory bodies to mitigate concerns; some less experienced staff keep quiet, raise issues discretely with colleagues, or are threatened into complying with management wrongdoing. The cases confirm findings reported in laboratory studies and call for further in-practice studies with researchers given timely access to stakeholders and software artefacts linked to recent or emerging whistleblowing situations.