P-L-E-H. The victim was typing “pleh”. That must of how he felt about dying.
Way back when I did helpdesk and had account access for the mainframe at a university, when users were stumped to following instructions or just wouldn’t follow directions I would ask for their password and they would balk at that even though I could at leisure change it to whatever I wanted and then do anything to said data. Mostly it came down to meh whatever I don’t care what you got in your email and more of I like my job and I want to keep it so why should I do something that will get me fired.
"As I am writing this, I am in the middle of the Mission District of San
Francisco. Outside my window, my tech worker colleagues are gathering on
the corners and waiting for busses. "
And there I was getting suddenly interested because I thought a tech worker was about to start discussing the ethics of tech wealth destroying communities.
It’s bad password security to give out one’s password under any circumstances, especially if the user is likely to be reusing the same password for another site (which of course they almost certainly are).
If you had the capability to change their password to what you wanted, you should have just done that rather than ask them for theirs. The users were right to balk.
This was quite awhile ago though before forums and a million web accounts. Actually in the proto web days when Gopher was still the hot thing.
ETA and most of them were not even doing internet/BITNET things, just COBOL programming 95% of the time.
As an IT professional the author is both correct and wholly incorrect at the same time.
First, I would like to point out that an NDA is essentially an ethics document in the first place. It is one that says (more or less) “I’m in a position of trust, and I will not violate that trust by disclosing your information/data/whatever”. Calling them bullshit is more of a statement that too many people seem to view their word as less than binding these days. (It’s frankly a wonder that there aren’t more lawsuits over NDA violations, IMO)
Second, the IT professions need to take a long hard look at how doctors and psychologists are required to handle the confidentiality of their clients. Right now, everybody runs around in this little bubble where they think “if I don’t get caught at it” or “if I ‘anonymize’ the data” that’s good enough. It isn’t. Client data needs to be considered confidential. Period. Not “because I feel like it”, but because masses of data can be used in complex and unexpected ways to derive a lot about the source.
The startup game in particular is unleashing a shitstorm the likes of which few people in IT can imagine. Probably half of the IT startups out there are planning to make their money by selling off user data. The public is only just starting to understand what that means, but when they do figure it out the mobs with the pitchforks and torches will come. IT can either adopt “do no harm” ethics now, or be forced to at the hands of an outraged public … which will be far, far less forgiving than you can imagine.
IT has a choice to make right now. It can continue to act like a bunch of adolescents hacking away in their parents’ basements and hoping not to get caught, or they can take real steps towards ethical practice standards. There are numerous starting points - the ethical codes of engineering have some application, as do those of the medical professions. The ethics have to be held by the individual practitioner and there must be the legal right and obligation to refuse work that violates those standards without penalty. (e.g. an employer should not be able to fire someone for refusing to violate the code of ethics)
Only because people are willing to sell out their communities and buildings in return for filthy lucre.
I really loved this article, it is a wonderful thing.
Yep, and the individual practitioner has to be held responsible.
If you write some code - or contribute to a s/w project - that plays fast and loose with personal data, expect to get disbarred/struck-off etc.
Honestly it is the worst of both worlds, from my perspective.
Either litely anonymized data is sold or traded, which is bad since it is trivial to track. Or everything is siloed, so everyone even CERTs turn into walled cities hoping the Visigoths and Vandals will attack the other one.
I don’t have time to go into much detail, but a few friends and coworkers for the last (mumble mumble) number of years have bandied around the idea of a non-profit clearing house for highly, highly anonymized data. Not just SHAing an email address (that gives you what, 40bits of entropy for any reasonable email regardless of hash), or IP (which is even worse), or CC number (oh dear gawd, the entropy is soooo low).
Do no harm, and don’t profit on ‘external pain’ (i.e. yeah you protect the bank, but screw the user).
I did my part and encourage others to do the same–don’t live in the bay area. Or perhaps live there for a time, then move anywhere else and telecommute.
This topic was automatically closed after 5 days. New replies are no longer allowed.