The Hippocratic Oath

tl;dr:

The Hippocratic Oath, studied by medical ethics students, has a wide variety of applications even in the digital space.

---

When you visit your doctor, you have a certain degree of trust that your doctor is acting in your best interest. You expound on deeply personal feelings and sensations, and are deeply vulnerable to the care provided by your physician. This only works because of the Hippocratic oath. You’re probably familiar with the common quote, “Primum non nocere” or “first do no harm”.

While the actual text of the Hippocratic oath has fallen out of fashion among our modern world, I believe it’s worth an examination in full. (Translation by W.H.S. Jones; retrieved from Wikipedia)

I swear by Apollo Healer, by Asclepius, by Hygieia, by Panacea, and by all the gods and goddesses, making them my witnesses, that I will carry out, according to my ability and judgment, this oath and this indenture.

An appeal to authority. This oath is not simply “I promise because I promise” or even “I swear”, but it begins by particularly calling out the authorities well known at the time. If we write an IT oath, it’d probably begin with “I swear by Linus Torvalds…”. Importantly this oath doesn’t stop merely at “I will do it” but goes on to say “According to my ability and judgement”. There’s a particular recognition here, as in the classic sudoers lecture, I have powerful abilities and skills. But also “I have judgement” which I must use.

Hippocrates is out here quoting Uncle Ben 2,000 years before he even said it. This oath is really the long version of “With great power comes great responsibility”. Where Uncle Ben’s pithy admonition stops short, Hippocrates expounds by saying “And here’s how I will use my judgement, here are my responsibilities, here’s how I will use my power:”

To hold my teacher in this art equal to my own parents; to make him partner in my livelihood; when he is in need of money to share mine with him; to consider his family as my own brothers, and to teach them this art, if they want to learn it, without fee or indenture; to impart precept, oral instruction, and all other instruction to my own sons, the sons of my teacher, and to indentured pupils who have taken the Healer’s oath, but to nobody else.

Interestingly, the world of IT does this already. The venerable deities of the digital world, Torvalds, Stallman, Ritchie, Dijkstra, Wozniak, and other names are well known and even revered among IT professionals, programmers, and general tech enthusiasts¹.

The world of IT absolutely works on the principles of money and art sharing as described by Hippocrates². The foundation of so many systems is based in Free and Open Source Software, which receives its funding from programmers who use it (at least in theory). And interestingly, IT people generally don’t share every detail of their art form with just anyone. Ask any hacker “how do you hack” and they’ll tell you “magic” and nothing else. But prove you’re on the level with the elite IT professionals and they’ll tell you everything you need to know about any question you ask.

I will use those dietary regimens which will benefit my patients according to my greatest ability and judgment, and I will do no harm or injustice to them.

This particular line here is worth investigation because it has such tremendous application to our IT world. The diet part for one. But in particular the idea that as an IT professional, I must use my skills for the greatest benefit of the people that I serve. There is a tremendous degree of trust that non-tech-savvy people place in anyone who speaks 1s and 0s. Anyone who’s set up a new smartphone for an aging relative can surely attest to this.

In fact, just recently I shared a taxi with a woman who asked what I do. I said I worked in tech. She handed me her phone and proceeded to ask me how to get her Bluetooth headphones working. I would never hand my phone even to a friend, let alone a complete stranger. But somehow tech-saviness affords an odd degree of trust.

We have a responsibility not merely to provide a solution that works, but one which works best for a given person. When people ask “what kind of laptop should I buy”, notice that IT people don’t start with “this one”. Instead, we start by asking “what for?” Are you using your laptop for rendering animations? CAD work? Web browsing? Photo editing? What extraneous goals do you have, do you need it light, or a 10-key number pad, or particular peripheral connectors, etc. Yes, it means “prescribing” a device recommendation for someone takes more work than a simple “just take one dose of iPhone”. But we take the time to find what works for that person. Not for all people. That person.

Here’s our first mention, “I will do no harm or injustice to them.” There is a trust that’s placed in tech-savvy people. Because we know what’s up, surely our recommendations will be sound and will work both in the short and long term. To honor that trust, we tech-savvy people have to provide people with workable solutions, and do no harm or injustice to them. We cannot saddle our relatives with the latest and greatest XYZ Laptop that breaks once a month. Nor should we saddle our enterprises or organizations with beautiful and unmaintainable bash scripts that automate every aspect of the job. We cannot, in good conscience, publish buggy code, especially in environments where bugs cost lives. And how can you know where your code will run, or what work it will support?

Neither will I administer a poison to anybody when asked to do so, nor will I suggest such a course. Similarly I will not give to a woman a pessary to cause abortion. But I will keep pure and holy both my life and my art. I will not use the knife, not even, verily, on sufferers from stone, but I will give place to such as are craftsmen therein.

“I will not administer poison”. So many ethical hackers and IT professionals are more than capable of causing tremendous damage to systems. sudo rm -rf / --no-preserve-root comes to mind as the poster child for “digital poison”. It’s out there, it exists. And even if this were not the exact syntax (there are other ‘poisonous’ commands out there), the concept remains. As IT pros and even just tech-savvy gurus, we have a responsibility to know our poisons and protect people from them. A casual “sure just rm -rf /” sews distrust for the industry.

“I will keep pure and holy both my life and my art”. Your life is up to you, but it’s absolutely true that programming, and technomancy is an art form. Ed Nather put it so well when he said “I have often felt that programming is an art form, whose real value can only be appreciated by another versed in the same arcane art…” (The Story of Mel). And of course as Donald Knuth said, “Computer programming is an art, because it applies accumulated knowledge to the world, because it requires skill and ingenuity, and especially because it produces objects of beauty. A programmer who subconsciously views himself as an artist will enjoy what he does and will do it better.”

The last sentence here took me a bit of googling. Basically, back in the day, people who had kidney stones had to have them cut out surgically, and Hippocrates, as a physician was saying “because I’m not a surgeon I must leave the surgery to the surgeons.” Still true today, your primary care provider will almost certainly not cut you open, that’s what a referral to an expert surgeon is for. So how does that apply to our IT world?

We have general-purpose practitioners in the IT space, and specialists. As someone who knows what a database is, I know that databases should be left to database engineers. Writing SQL is difficult and can be dangerous, and is an art best left to the people who have dedicated their careers to writing SQL. We have a respect for “backend vs frontend” engineers, and “dev vs ops”. We should try to bridge those gaps, and encourage our operators to take infrastructure-as-code seriously, and help our backend engineers understand why the frontend needs the API to look kinda ugly. But one well established rule in the programming space is “don’t roll your own crypto”. Everyone uses the tried and true OpenSSL libraries that have been written by true experts in the encryption space. And when it comes to operations, developers should trust when the ops team says that “docker is the best way to deploy your app.”

Into whatsoever houses I enter, I will enter to help the sick, and I will abstain from all intentional wrong-doing and harm, especially from abusing the bodies of man or woman, bond or free.

The Digital Divide was a big topic about a decade ago. I haven’t heard much about it recently; perhaps that’s just me. But even Hippocrates taught that it it would be wrong to apply his craft to one sex, or to those of a particular class over another. In the tech world you’ll find this from some of the big tech companies, but often I find that in software and devices from outside the strictly big-tech world, there’s not often this respect for software design with digital-immigrants (pre-Millenials, as opposed to digital-natives, like Gen Z) not kept in mind. Consider how complicated it is to explain checking your email to your relatives… now imagine if they had to use GitHub. There’s absolutely a place for power-user tools and features when these would benefit your target audience. But if your target audience is nurses in a hospital, please don’t design it around a command-line interface. Point and Click exists for a reason.

And whatsoever I shall see or hear in the course of my profession, as well as outside my profession in my intercourse with men, if it be what should not be published abroad, I will never divulge, holding such things to be holy secrets.

Discretion is a crucial skill to have as an IT professional. And in the sudoers lecture this is explicitly called out: “Respect the privacy of others.” The second part of discretion is the one everyone thinks of: don’t say what you know if you’re not supposed to. But the first part of discretion is important too. “Don’t poke into places you’re not supposed to be”. If you don’t know details that don’t impact your job, then you don’t have to try to recall what things you can or cannot talk about.

Now if I carry out this oath, and break it not, may I gain for ever reputation among all men for my life and for my art; but if I break it and forswear myself, may the opposite befall me.

Yeah. Hackers are cool. There’s no denying it. Cyber-criminals not so much, but those absolute legends like Andres Freund who found a backdoor because of an extra millisecond delay in sshing into a server³, or Linus Torvalds who is the BD4L of the operating system that powers the entirety of the internet, these names are so famous I’ve heard them even from my non-technical friends. And of course, everyone hates on those darn ‘Russian Hackers’ or ‘Chinese Hackers’ every time their data is leaked.

---

Anyway. I suppose all this is to say:

• Respect the privacy of others
• Think before you type
• With great power comes great responsibility

Long live the sudo lecture :)

---

Footnotes

1. If you don’t believe me, check out the reaction of the popular YouTuber Linus Sebastian regarding his work with Linus Torvalds: Linus Met The Real Linus; and the actual collaboration video: Building the perfect Linux PC with Linus Torvalds. I promise, revere is the right word. ↩

2. The actual origin of the text of the Hippocratic oath, while attributed to the Greek physician Hippocrates, is disputed. But that’s beyond what I can attest to as a coder. For the purposes of this post, I’ll just refer to the author of the Hippocratic Oath as “Hippocrates”. ↩

3. Of course a reference to the famous xz backdoor in case you missed it. ↩