Wednesday, September 14, 2011

Why I worry.

I am very concerned about how computing interacts with the world at large.  Many people are not, but perhaps if I relate some experiences from my life, it will help explain my concerns.

When I was an undergraduate, I had a part-time job working in my school's computing facility.  I had a much more responsible position than I should have had given my youth and inexperience, simply because as a student I worked for minimum wage, and my boss wanted to take advantage of my cheap labor. 

It is incredible to me now, but the fact is that I re-wrote the payroll system and tested with live data.  I would NEVER trust an undergraduate with either of these.  A payroll is a fairly sophisticated system, but I was trusted to get it right.  Part of this trust was inspired by the fact that I ran my system parallel to the then-current system for a period of time, and matched every figure dollar for dollar.   How did I know that?  In fact, I had access to every salary and every bonus for every campus employee up to and including the college president. 

What would have prevented me from doing what I shouldn't have with this kind of access, both to the data and to the software?  Only my own personal compass of right and wrong.  There is no professional association for computer people that has any kind of policing function on professional ethics, as exists for the medical or law professions.  My boss paid no attention to my activities, my programs, or my testing. 

I also wrote programs for the student academic system, and helped to run the end of semester grade reports.  I had access to every grade for every student.  At the time, the grades were on punched cards, and so all the grades were in big trays of cards that were fed into the computer.  One evening as I was preparing to help with a "run", a student friend of mine came in and just HAD to find out his grade in so-and-so class, so I found the appropriate card and showed it to him.  But, the silly boy spilled the beans on me, and I was reprimanded for this.  I didn't argue the case, but the fact is, that grade was to be printed and mailed to him that very evening, so why was telling him his grade a few hours early such a problem?  He could have easily found out his grade from his professor, except the professor was not in his office. 

The real problem here was not that my friend found out his grade.  The real problem here is that some undergraduate (me) had access to everyone's grade every semester.  I could get all grades, all salaries, all accounting numbers from the general accounting system, in fact,  almost all sensitive data for the entire university at any time I wished.  No professional organization to know or care.  No boss or any other university employee to know or care.  Nothing. 

This was the start of my concerns in this area.  Lots and lots of people in computer related jobs have this kind of access. Data can be used.  Software can be altered in subtle ways for unscrupulous ends.   What's keeping them honest?  Nothing.

That's why I worry.

1 comment:

  1. You should tell the story of what you discovered running those two systems in parallel!

    ReplyDelete