The Risk Factor

Here at the Risk Factor blog, our focus is going to be on the risks and rewards of information systems and technology, or more broadly put, the social implications of IS&T. As moderator of this blog, my hope is that we can hold a conversation about what IS&T works and what doesn’t, what past, present and future IS&T trends portend, and, of course, why.

Joining me – Bob Charette – from time to time will be a number of guest bloggers from academia, industry and government who are involved in some of the more important IS&T risk and reward issues of the day. Joining me in this little endeavor are some pretty interesting folks.

There is Peter Ladkin, a Professor of Computer Networks and Distributed Systems in the Faculty of Technology at the University of Bielefeld. Peter specializes in the analysis of safety-related and safety-critical complex heterogeneous systems and their behavior, including accidents.

Next we have Phil Neches, who is one of America's leading technologists and a true database expert, among other things. Phil was Founder, Chief Scientist, and Vice President, of Teradata Corp, and is heavily involved in venture capital investment.

Then there is Peter Neumann, a senior scientist at the SRI International Computer Science Laboratory. Peter, who is the moderator of the ACM Risk Forum newsgroup, has been looking and discussing IS&T risks since nearly the inception of modern computing, is in my opinion the most thoughtful and insightful commentator on the subject.

There is also Martyn Thomas, an expert in large, real-time, safety-critical, software intensive systems. Martyn was the Founder of Praxis, the internationally recognized leader in the use of rigorous software engineering, including mathematically formal methods, is a visiting professor at Oxford University, and is the first person to receive Commander of the British Empire (CBE) award for “services to software engineering.”

Also joining us is John Stone, a Strategy Executive at the consulting firm Monroe Partners. John has worked in and written on all aspects of IS&T across a wide-variety of industries, and brings a wealth of practical knowledge and experience in what it takes to create successful large-scale IS&T projects and programs.

Finally, there is Ed Yourdan, a recognized expert witness and computer consultant who specializes in project management, software engineering methodologies, and Web 2.0 development. For the couple of you who don’t recognize the name, Ed is one of the most influential voices and keen observers of what is happening in the IS&T industry.

I think you’ll agree, the folks above provide a pretty good initial set of eyes on the risks & rewards that IS&T create. Over time, II will be asking more guest bloggers involved in different parts of the IS&T field to join us to continue to enrich the conversation.

An article that caught my eye a few weeks back was the announced acquisition of the Reuters Group by the Thomson Corporation for over $17 billion. The combined companies would create the largest financial news provider.

More interestingly to me than the acquisition itself is the potential impact on future stock market trading. About one-third of stock market trading is currently performed through program or automatic trading. During the week of 14 – 18 May, for example, the New York Stock Exchange reported that “program trading amounted to 35.3 percent average of NYSE daily volume of 3,233.2 million shares, or 1,142.9 million program shares traded per day. This included program trading associated with the May 18 monthly expiration of stock-index options and futures.”

Program trading is inherently “backward looking” in the sense that the trades are automatically made based on price fluctuations that meet certain criteria. The focus in recent years has been on increasing the speed of such trades.

However, both Reuters and Thomson have been working on what is generally called machine readable news, for instance, a “Reuters system will 'read' news articles and score how positive or negative they are. The system will enable customers to analyse news across thousands of companies, far more quickly than can be done by humans. This will enable trading machines to react to market moving news in milliseconds.” Not only are current news stories being made “machine readable,” but Reuters is making its archives machine readable as well.

The Financial Times reports that Thomson has developed software that can automatically “generate the stories work so fast an earnings story can be turned around within 0.3 seconds of a company making results public.” In addition, as noted in the FT story, program trading, “… is set to rise much further in the coming years as fund managers, along with brokers and exchanges, strive for ever-greater speed and control over the trading cycle amid heightened market competition and consolidation.”

The combination of incredibly fast automatic news generation along with historical data to create predictive market responses to such news may create some interesting program market trading impacts. It will be interesting to see, as machine readable news becomes more available, whether the market becomes more volatile as a result, or whether dangerous feed-forward loops are produced during boom times, or more likely, individuals or governments will make use of this capability to deliberately hoax financial markets for either personal or strategic gain.

A government run news agency, for instance, could find it in its self-interest to plant a financial story, say involving some scarce resource – say petroleum – which could cause a panic in the market. By studying the conditions that caused market panics in the past, it might turn into a potential non-military but very effective weapon. Maybe governments (and the exchanges) may want to start thinking about how financial companies could use all this information for not only creating financial rewards, but how others could manipulate it to create major financial risks.

A nice little controversy concerning risk and IT systems has been brewing in the UK. As first reported by ComputerWeekly, government officials are ordering the destruction of what are called Gateway review reports. A Gateway review is “a ‘peer review’ in which independent practitioners from outside the programme/project use their experience and expertise to examine the progress and likelihood of successful delivery of the programme or project. They are used to provide a valuable additional perspective on the issues facing the internal team, and an external challenge to the robustness of plans and processes.” There are several “gateways” an individual UK government IT project is supposed to pass during its life, starting with Gateway 1 (Business Justification) to Gateway 5 (Operations Review & Benefits Realisation).

The reviews are meant for internal project consumption only, but there has been a long-standing demand by newspapers like ComputerWeekly and government critics to make the results of these reviews public. The Gateway reviews of two major UK IT projects in particular – the National Health Service electronic medical record project National Programme for IT (NPfIT) and the National Identity Scheme’s Identify Cards Programme – both of which are highly controversial, costly, and in trouble.

Supporting ComputerWeekly’s bid to have the Gateway Reports made public has been a ruling by the UK government’s Information Tribunal, an organization that hears appeals regarding whether government information should be publicly released or not, stating that the public interest trumps the desire of the government agencies to keep the reviews private. The UK Parliament’s Public Accounts Committee (PAC) also supported their disclosure.

However, the government – through the Office of Government Commerce (OGC) – which oversees the Gateway review process, insists that making these reports public would fundamentally undermine their use. The OGC claims that IT program management would not get open and honest appraisals of their programs if the people involved knew that there private opinions would be made public.

I can sympathize with that view. Having conducted hundreds of risk assessments over my career and many high profile government ones at that, there is something to be said for confidentiality. I promise confidentiality to programs as a matter of policy myself. Public disclosure will put people on their guard, and the tendency is for you to get optimistic, rather than realistic, estimates of the state of the project’s problems and risks.

When I was involved in the US DoD Tri-Service Assessment Initiative (TAI), program managers were the sole owners of the assessment reports. They could disclose them as them pleased. Our advice to program managers was they should disclose the reports as widely as possible, since for the most part, many of the probelms and risks they faced were created by events and situations outside of their control, and which they needed outside help to address. What we did do, however, was to take the results of every project assessment, sanitize the results, and conduct analysis on the aggregate to try to discover systemic issues that were plaguing most DoD programs.

On the other hand, the public does have a right to know of the technical, financial, and social risks being taken in their name. Both NPfIT and the Identity Card programs will affect every person in the UK, and both not only have seen major cost increases, but there are major issues of privacy protection involved.

Also undercutting the OGC’s arguments somewhat is that many IT projects ignore the results of the Gateway reviews, including some that should never have been initiated or should have been cancelled more than once. Further, a report yesterday by the PAC on Delivering Successful IT-enabled Business Change states that many senior managers responsible for major IT programs are inexperienced, don’t pay much attention to the programs they are responsible for, and don’t seem to care much about the Gateway review or other risk reviews of their programs.

Also, one can’t help wondering whether the real reason that the OGC is so adamant about not wanting to make Gateway review reports public is plain, old embarrassment. As the US FBI found out with its Virtual Case File (VCF) project, not taking the warnings of outside reviewers seriously can end up making you a poster child of poor judgment, an eternal business case study, and also a laughing stock to all your peers.

It will be interesting to watch how the little rhubarb in the UK ends up. But it does raise a set of questions about the public’s right to know about the risks posed by large, government IT projects. How much should be disclosed? How does a program or project manager get honest opinions on the state of their project if everything can be disclosed? And don’t most government program managers have too many backseat drivers and second guessers in trail already?

There were news reports that an air traffic control computer failure in Atlanta on Friday caused cancellations and flight delays along the US East Coast. The Atlanta FAA computer processes pilots' flights plans and sends them to air-traffic controllers – when it failed, the Salt Lake City center took over, but it became overloaded and temporarily failed as well.

The Atlanta system failure lasted only from 0657 to just before 1100, but the effects, coupled with the effects of the thunder storms that moved from the Midwest to the East Coast, compounded the trouble. Residual effects were still being felt into this morning.

This is the third major computer problem in the past several months. On Friday, 25 May, at the start of the Memorial Day holiday weekend, the mapping software in the San Diego Terminal Radar Approach Control (TRACON) facility used by controllers to guide flights for 21 airports in the Southern California region, failed for about an hour when staff attempted to update the maps.

Then on early Monday morning 5 March, there was a software failure in the ATOP (Advanced Technologies and Ocean Procedures) system that air traffic controllers in New York use to guide aircraft over the Atlantic Ocean. About two dozen flights were affected.

Until the FAA’s latest air traffic control (ATC) modernization effort called NextGen is complete – and that is not scheduled until 2025 according to current projects (and hopes) – and the current fragility of the current ATC computer and radar systems, one can expect more and more of these failures to occur. A complete system meltdown is probable in the next few years if there is a major computer or radar failure on a major travel weekend that happens during a spate of bad weather spanning several regions of the US. Just hope you aren’t flying when that happens.

The controversy over the drug-resistant TB patient Mr. Andrew Speaker who flew back to the US from Europe over his doctors’ objections, and his ability to enter the US even though he was on a travelers’ watch list, illustrates the very old IS&T designer admonition to users that, “It may be the system design you specified, but it isn’t what you wanted or needed.”

As you may recall, Mr. Speaker flew to Montreal from Prague and then drove into the US at the Champlain, New York border as a deliberate means to by-pass the likelihood that would be kept from flying directly back to the US from Europe because he would be on the US “no fly list.” Although the US Customs and Border Protection inspector saw that there was an alert on Mr. Speaker stating that if he should try to re-enter the US, Speaker should be detained and isolated, and public health officials immediately contacted. Instead, the inspector ignored the warning and waved Speaker through because, according to reports, “he didn’t look sick.”

As additionally described in a Washington Post story, US Custom and Border Protection “ … officials testified that they caught the inspector's error only by a mix of caution and luck, because starting May 22 they had ordered a special, twice-a-day check of a database of airline reservations to see if Speaker had changed his expected June 5 return to the United States.

As it turns out, the database is linked to records that also show when a passport flagged by authorities has been swiped at a border crossing, as Speaker's did when he reentered at 6:18 p.m. on May 24.”

The Post story goes on to quote US Customs and Border Protection Commissioner W. Ralph Basham, as saying, “I'm not going to sit here and say the system worked. It may have worked the way it was designed, but it was not good enough.” No kidding.

To reduce the possibility of something like this happening again, US Custom and Border Protection officials are now saying they are putting new procedures in place. Of course, this won’t keep highly infectious and multi drug-resistant TB out of the US, which Nils Daulaire, president of the Global Health Council argues, requires a more active risk management approach to attack TB at its source.

To me, the risk of a single point of failure like a Border official ignoring a warning is symptomatic of what happens in many information system designs. Few IT systems are ever examined in depth after they are deployed for their operational limitations until after an incident like the one occurs. And in my experience, most limits turn out to be, as described by Harvard Business School professor Max H. Bazerman and INSEAD professor Michael D. Watkins, “predictable surprises.”

I'll be interested in seeing whether this event will trigger a wider review of the limitations of the Custom and Border system as well as its systemic role in being able to manage the risks of travelers having infectious diseases, but my expectations are not high for this happening any time soon.

There is an interesting paper written by Dan Geer appearing on the ACM Queue website titled, “The Evolution of Security” concerning the management of IS&T security risks. In 2003, you may remember, Geer published a controversial paper about the potential security problems of computing monocultures and Microsoft in particular as an example, which got Geer fired from his job at @stake.

Geer makes a number of good points in his paper but the one I especially liked was his spelling out the clear differences between cost benefit and cost effectiveness, to wit:

“…. where cost-benefit asks whether you would rather have the money or the benefit, cost effectiveness assumes that you will, indeed, spend the money and thus your interest is in how much benefit you can get for your money, not whether you would rather keep your money in the first place. This means asking questions such as, ‘Would you save more lives by spending the $10 billion on safer cars or on law enforcement?’ ‘Would you get better availability by spending the $1 million on 10 percent uptime or on instant recovery?’ ‘Would your own pursuit of happiness lead you to spend $100 on one fine dinner or on 20 lunches?’

CE is always tractable; CB is tractable only when the conversions of benefits to dollars are stable and noncontentious. To be blunt, CE is worth doing and CB is not. CE is decision support; CB is self-congratulation. If we are doing risk management rather than contemplating our navel or pandering to the electorate, then we must make decisions about allocating scarcity. We must remember that the purpose of risk management is to improve the future, not to explain the past.” Geer attributes this last sentence to Daniel Borge in his book, The Book of Risk.

Geer’s article is a good reprise of some of the fundamental issues of investing in risk management, and should be read. Once you have read it, you may want to look at yesterday’s column by Cindy Skrzycki in the Washington Post titled, “Does Cost-Benefit Matter?” Her column is on a recent report by AEI-Brookings Joint Center for Regulatory Studies on the use of cost benefit by the US government to determine whether governmental regulations should or should not be put into place. As she notes, “The practice of estimating the costs and benefits of U.S. government regulations is ‘frequently done poorly,’ with scant evidence that it makes a difference on policymaking.” You can download the AEI-Brookings report which is titled, Has Economic Analysis Improved Regulatory Decisions?, here. This report, together with Geer’s article, give a good sense of why cost benefit is difficult to do, and may not be the best measure for managing risk.

While the information systems and related technology problems on the ISS dominated the news this week, there were several other IS&T problems being reported as well. In Marin County, California, their new $15.8 million computer system called MERIT (Marin Enterprise Resource Integration Technology) continued to cause problems. In January, problems with the MERIT system some 310 employees received their paychecks late. Now it seems the system is not to be able to interface well with the accounting program used by the Marin County Employees Retirement Association.

Then Central Train System commuters in Adelaide, Australia were delayed once again by on-going computer problems. TransAdelaide announced that an audit was already underway to look into recurring instances of computer delays.

In addition, what appears to have been a software problem at the Japanese Social Insurance Agency kept its staff at 130 of its pension insurance offices across Japan from responding to inquiries from people seeking conformation or advice about their accounts. This incident did nothing to enhance the agency's status, which has been struggling to explain why it failed to record properly premium payments into the public pension system, which also seem to be IS&T related.

The most interesting IS&T related incident was took place at court - or more accurately, was debated at court. At the trial of polygamous sect leader Warren S. Jeffs' last August, the judge gave attonery's until 25 June to submit briefs on the legality of the long traffic stop Jeffs had been subjected to.

When Jeffs was pulled over by a Nevada Highway Patrol Trooper because of a partial obscured rear license plate, the trooper was not able to access an information system that links into a national criminal database to check on the validity of licenses and registrations. According to Jeffs' lawyers, if the trooper had been able to access the database, then Jeffs' license and registration would have been shown to have been valid, and Jeffs would likely have been let go probably with only a ticket.

However, the trooper ended up questioning Jeffs for two hours. Another trooper who joined the stop thought that maybe Jeffs was a fugitive wanted by the FBI - which Jeffs admitted to when an FBI agent later joined the scene.

So here we have a situation where the lack of access to a operational and reliable information system might be a benefit to a criminal defendant. I don't know whether this plows new legal grounds, but I have never heard of anything similar. If anyone knows, please let me know.

Late last week, US Secretary Defense Robert Gates discussed (subscription) with other NATO defense ministers the possibility of invoking NATO's Article 5 in case of a cyber attack on any NATO country. Article 5 states that, “The Parties agree that an armed attack against one or more of them in Europe or North America shall be considered an attack against them all and consequently they agree that, if such an armed attack occurs, each of them, in exercise of the right of individual or collective self-defence recognised by Article 51 of the Charter of the United Nations, will assist the Party or Parties so attacked by taking forthwith, individually and in concert with the other Parties, such action as it deems necessary, including the use of armed force, to restore and maintain the security of the North Atlantic area.”

The reason for the discussions was the coordinated cyber attacks that NATO member Estonia suffered during April and May. The cyber attacks against Estonia, one of if not the most wired country in Europe (its nickname is E-stonia), started soon after the Estonian government decided to move a Soviet-era World War II memorial. Estonia strongly suggested that the Russian government was behind the attacks, but the Russian government denied the charge and blamed “hooligans.”

Back in 2001, a similar incident occurred after the collision of a US surveillance aircraft with a Chinese jet fighter, leading to the US plane making an emergency landing in China and the Chinese fighter pilot being killed. Chinese and US hackers went at it for a few weeks defacing or bringing down websites in each other’s country.

While Gates was talking with NATO ministers, US Air Force Lt. Gen. Robert Elder was explaining how China is actively seeking to increase its cyber war capability, as is the US. Elder is to head up the new cyber war command established last July at Barksdale Air Force Base in Louisiana. According to Elder, the US needs to maintain cyber domain dominance, just as the US seeks to maintain air dominance in conventional warfare.

As cyber war becomes an ever increasing reality, it natural that parallels to conventional warfare are going to or have already emerged, such as countries secretly funding cyber war proxies, mercenaries and or privateers to carry out their wishes. These proxies could also become involved in the manipulation of news which could have major financial consequences, something that I have already written about.

While Gen. Elder may have the task to deal with these new threats from a US perspective, how NATO proposes to deal with the political issues involved this type of indirectly sponsored cyber warfare will be interesting to watch.

As warfare moves to the Net with active governmental support, I wonder what the new term for “collateral damage” will be in cyber space.

The UK NHS director-general of IT Richard Granger, announced his resignation late last week. Granger, who has lead what is called the largest non-defense IT project in the world for almost five years, cited his desire to return to the private sector.

Granger has been a controversial figure during his Connecting for Health tenure, and the results decidedly mixed. Granger, who did not like criticism, late last year tried to suppress a critical report by the British Computer Society on the implementation of the electronic medical record program, which has seen costs increase dramatically over the past several years. Recently, it was reported that while addressing an IT conference in London, Granger said: "I think with a bit less whingeing and more support we might have got the programme done quicker."

It is a bit early to tell whether Granger's departure will have any significant impact on the roll-out of electronic health records, which is scheduled to begin in earnest next year with every patient in England supposedly having a Summary Care Record by the end of 2008. I suspect that once he departs, there will be a re-examination of the overall strategy, some Granger vehemently opposed, but which the overall record shows, is sorely needed.

The FBI announced last week that it had deployed the first phase of Sentinel, the FBI’s next-generation information management system. The $425 million Sentinel project is the follow-on program to the failed Trilogy effort which included the infamous Virtual Case File (VCF) system, which was written about in gory detail by IEEE Spectrum’s Senior Associate Editor Harry Goldstein in September 2005. The deployment was about a month behind schedule due to “unexpected problems.”

As FBI Mueller stated in testimony to the Senate Committee on Appropriations, Subcommittee on Commerce, Justice, Science, and Related Agencies on 26 April 2007 that Phase II of the Sentinel roll-out, which was more important than Phase I because it “addresses more of our business practices, would take from one year to 18-months to occur, but he could not say when that would be completed. The four phases of the planned Sentinel roll-out is scheduled to be completed by 2009.

While the current roll-out is some good news for the FBI, there are still storm warnings in the air. Sen. Patrick Leahy (D-Vt), said at the April hearings that, “Since the FBI announced the VCF’s successor, the Sentinel program, I have seen nothing to boost my confidence in the Bureau’s ability to manage the status and cost of this project. While the FBI estimates that Sentinel will ultimately cost the American taxpayers $425 million, a December 2006 OIG audit report questioned the reliability of the total estimated costs for the program…. By my calculations, at least $253 million has been invested in Sentinel alone from FY05 to FY07 between reprogramming dollars and Congressional appropriations. The President’s FY08 Budget proposes no funding for the project. … Director Mueller, this committee has to ask: Is this déjà vu all over again?”

While criticism of the FBI from Leahy is expected, Sen. Richard Shelby (R-Ala), a strong supporter of the FBI, also told Mueller at the hearing that, “As I stated last year, given your Trilogy failure, I will not support unlimited and unchecked resources and will not tolerate broken promises for results for IT projects that are not fulfilled or delivered.”

Director Mueller testified that Sentinel is under budget at this time, and he expects it to complete under budget. He said that he meets with the Sentinel team every week, and I have been told that Lockheed Martin, the prime contractor, has daily discussions with the FBI CIO Zalmai Azmi to review progress and outstanding program risks. Mueller also said that they provide bi-weekly briefings to Congress on the status of Sentinel in an effort to keep everyone informed. "No surprises" seem to be his desire.

At the hearing, Mueller said that Phase II is in a re-planning stage, which should be complete by the end of the summer or early fall. If things continue to go as planned, the Sentinel project at least may keep from doing any further damage to the FBI's reputation. However, if there are any unexpected hiccups, watch out. The Senate is definitely ready and armed for bear.

The American Medical Association’s (AMA) Council on Ethical and Judicial Affairs reportedly announced on Monday a policy that implantable radio frequency identification (RFID) devices that may promote the timely identification of patients and expedite access to their medical information. While I cannot find the actual wording of the policy voted on, the ideas are spelled out here and here.

It has been reported that less than 250 patients have agreed to implanted RFID chips, mostly likely because of privacy concern, but as noted by the FDA in its 2004 rule on implantable radiofrequency transponder system, "The potential risks to health associated with the device are adverse tissue reaction, migration of implanted transponder, compromised information security, failure of implanted transponder, failure of inserter, failure of electronic scanner, electromagnetic interference, electrical hazards, magnetic resonance imaging incompatibility, and needle stick."

Even though the AMA claims that it is concerned about the potential social consequences - e.g., government or private surveillance - it is not apparently concerned enough not to not recommend their use until these consequences are fully thought out. Currently, the FDA has approved only passive RFID chips, but active RFID chip use is likely not too far behind. It will be interesting to see whether, given the rush of the technology imperative, the AMA ethics folks approve that specific use, given the far greater ease of bio-surveillance.

I doubt very much that Monday's AMA recommendation will make much of a difference in the short or medium term. But it does mark an important point in the debate on the ethics of these types of implantable devices - one that seems to have gone generally unnoticed in the mainstream press.

On Wednesday, the American Medical Association (AMA) rejected listing excessive video-game playing a formal psychiatric addiction. Instead, voted for a directive encouraging more research on whether video gaming can be classified as a mental disorder. The AMA tabled any further possible classification until 2012, when the next update is scheduled for the American Diagnostic and Statistical Manual of Mental Disorders. This is used by the American Psychiatric Association (APA)to diagnose mental illnesses, while insurance companies, pharmaceutical companies and government policy makers use it as a decision making guide. The APA released a statement outlining its position on the issue last week.

While this was going on, there appeared an interesting little article in the Wall Street Journal on the same day of the AMA vote by Lee Gomes titled, "Computer Scientists Pull a Tom Sawyer To Finish Grunt Work," (subscription required). The story is about "Elite computer scientists are using highly addictive computer games to trick unsuspecting Web users -- possibly including children -- into toiling without pay for some of the world's richest companies on stupefyingly dull grunt work." It describes the ESP Game which connects two random players via the web, and according to Gomes, "Both are shown the same picture, then have to type in possible keywords to describe what they see. If the keywords match, points are awarded; people have been known to play for hours."

I wonder how long it will be before the ESP game and ones similar that are being created by other university computer scientists who are looking to emulate its success will attract the attention of university research ethicists. Even though the AMA has rejected the notion - for now - that excessive video game play is a mental disorder, it does express concern about the possible deleterious effects of long term game play. Is the ESP game exploiting those who are susceptible to excessive game play for profit?

In yesterday's London Telegraph, there was a story on how the NHS had a new website that was meant to help people understand their health risk. As the story describes, your risk was more of a function of where you lived (i.e., your post code), than your lifestyle or genetics. A 40-year old woman living in central London was most likely to be hospitalized for breast cancer, but if she moved to Manchester, it would be for gynecological issues. Interesting, but useless from an individual decision making point of view. Or, as it was put in the story," the British Medical Association (BMA), accused the Government of offering patients 'totally misleading and useless' information which only increases anxiety."

The article brings up once more the issue of the Web and its value in providing health information, as well as whether this information really informs or worse mis-informs patients when they are trying to understand the risk(s) of a particular disease or treatment. There is an intersection of IT as information purveyor, health care, business and ethics, and risk analysis and management that has not been well explored, but definitely needs to be.

I often wonder why government officials think your private information is their private information.

A news item that appeared on the UK Register website reveals that the NHS appears to be planning to share patient information with the social services, education and police. The controversy about patient privacy in the age of electronic health records is not new in the UK, and has been simmering over the past couple of years. Patients who are worried about their privacy can opt-out: I suspect many more will decide to now.

Give government the capability to gather information, and it will.

A couple of years back, I wrote a story for IEEE Spectrum on Why Software Fails. I opened with the story that has been floating around the software business for the past twenty years about the disappearing warehouse. Well, yesterday I read a story in the Wall Street Journal about another "disappearing" warehouse - this time to help hide accounting fraud.

Some 20,000 ex-Enron workers who finally received their first payment for some of their lost retirement funds were told that they were over-underpaid (12,800 total) or maybe worse over-paid (7,700 total) because of a computer burp. Those over-paid are probably going to have to pay the money back.

Of course, the company involved could just reprogram the software to account for the over-payment/under-payment in the next payment due, but ...

In another software burp reported last week, some Scotiabank customers in Vancouver, Canada were surprised to find that their pre-authorized payments had been withdrawn twice from their bank accounts.

I personally know the fun that can cause. Many years back, I tried to withdraw $50 at my local bank's ATM. I was informed that this wasn't possible, since my account was overdrawn by roughly $1.4 million. That was news to me. Since I discovered this on a Friday night, I had to stew on it until Monday morning.

A "small software problem" (the bank's terminology) caused my overdraft which in turn meant my pre-authorized payments (like my mortgage) weren't paid on time. It took a good long while to get this mess straightened out, especially with the credit scoring companies who saw that I had missed a whole bunch of payments. Try telling them that it was just a computer error. I stopped using pre-authorized payments after that little episode, as well as changed banks.

Anyway, what caught my eye in the article were some quotes allegedly made from a person at a local university who said that he "wasn't surprised to hear of a technical error with banking systems." Me either - been there.

A small story was published over at Government Executive magazine on the possibility that the wireless network used to support the Secure Border Initiative Network (SBINet) might be susceptible to hacking, and that the prime contractor Boeing is looking for ways to increase its security.

I wish Boeing luck. As my friend Peter Neumann wrote a long time ago, it is awfully hard to build security into a system after the fact.

It appears that the Security and Exchange Commission (SEC) is going to look, at least informally for now, at the blogs of John Mackey, CEO of Whole Foods. It appears that he posted rather unflattering opinions using a pseudonym of a major competitor, Wild Oats, which his company is now trying to buy.

While CEO's blogging and bad mouthing competitors is not unheard of, what is getting SEC attentions is that Mackey's musings might be interpreted as a means to drive down Wild Oats stock before an acquisition bid. Mackey also appeared to disclose company sensitive financial information in his blog. The question is whether there was "intent" to damage Wild Oats or "intent" to disclose information that could be interpreted as inside information.

Another interesting story from the UK from ComputerWeekly.com. It seems that HM Revenue and Customs is having trouble matching pay and tax details to individual taxpayers - about 13 million of them or 32% of taxpayers.

To make matters more "interesting," Revenue and Customs is about to transfer taxpayer files from one computer system to another, before all the taxpayer discrepancies are resolved. A Revenue spokesperson said that at least 75% of taxpayers had paid the right amount of tax (gee, only a 1 out of 4 chance that you paid too much or too little) and that the "good news" was that the back log of open cases would be reduced to 10.5 million having discrepancies by April 2008. I hate to know what bad news means to Revenue and Customs.

The US Internal Revenue Service has had long-term problems itself in trying to achieve modernization, but I don't recall it ever having reached this level of poor data quality. Those of us in the US may complain about the IRS, but I think our friends in the UK should have our profound sympathy.

There was a great commentary piece in the Wall Street Journal (subscription required) yesterday titled, “Where are the Innovators in Health Care?” written by Regina Herzlinger, a professor at Harvard Business School, a senior fellow at the Manhattan Institute and the author of the book "Who Killed Health Care?"

Herzlinger describes the perverse disincentives to innovation in the health care industry, something that I wrote about last year for IEEE Spectrum and the various electronic health record initiatives being implemented by governments around the world. Basically, she argues, if a health care provider finds innovative ways to reduce the cost of treatment, the health care provider cannot share in the savings.

As I wrote about in my previous post, world-wide efforts are underway to replace the paper-based medical record with electronic medical records (EHRs). For information on the US effort, you can visit the White House website to get some background information of the US effort, as well as the US Department of Health & Human Services (HHS) website to see current status information.

Something that has gone surprisingly unnoticed is that this month marks the hundredth anniversary of the modern paper medical record. This innovation, which we all take for granted, can trace its origins to Dr. Henry Plummer, a partner at the Mayo Clinic, in the year 1907. Plummer recognized that each patient’s medical history needed to be recorded, stored and retrieved in a different manner than was the current practice if the quality of patient care were to improve.

About 30 patrons of the Caesars Indiana casino in Elizabeth, Indiana reportedly might be facing felony criminal charges for winnings that the casino is claiming is not theirs. Seems that there was a software error in the slot machine called Easy Money which registered $10 worth of credit for every dollar inserted. Caesars reported that it had lost $487K over the July 21 weekend.

Turns out this is not a new occurrence. The Majestic Star Casino in Gary, Indiana lost more than $300K in February to the same software problem. Seems strange that the problem wasn't fixed on every machine after that incident, or if it was, maybe the patch caused a new problem with the same result.

As most of you know, I have been regularly writing about the various initiatives involving electronic health records (EHRs). EHR advocates claim that they are necessary to empower consumer-driven health care.

One of the assumptions, however, is that consumers are medically literate - which is a problem if they are in fact illiterate. Articles in the New York Times and Baltimore Sun (registration may be required) this week highlight the problem.

As reported in the Sun in a study conducted by Northwestern University's Feinberg School of Medicine, for patients over 65,

Almost 40 percent of those deemed medically illiterate died during the study, compared with 19 percent of those who were literate. Factoring in health at the outset and other variables, medically illiterate patients were 50 percent more likely to die than the others.

California Secretary of State Debra Bowen must decide by this Friday whether to decertify any or all electronic voting machines used in California. A recent test of three popular voting machines showed that they were vulnerable to various forms of hacking.

There is some controversy about whether the tests were realistic - the "red" hacking team from the University of California had unfettered access to the machines - and now that the vulnerabilities/threats have been exposed, whether they can be defended against by officials at state polling locations. Before the decision is made, a risk assessment of these factors, as well as whether the magnitude of any voter fraud or lost votes that could occur in comparison to paper ballots needs to be done. Given the time, I doubt a thorough risk assessment is possible.

The day before California Secretary of State Debra Bowen decided to pull the plug on e-voting machines, across the country another electronic voting problem was causing fits. Seems that the US Congress electronic voting system went down during a extremely politically charged and extremely close vote dealing with agriculture and immigration. Republicans claimed they had won the vote 215 to 213, but Democrats claimed they won 216 to 212. Since they control the House, they indeed did win.

This has led to the creation of a special select committee that has subpoena powers to see if there was any "skulduggery" afoot. I doubt this action would have been taken if the vote was 400 to 28 for or against.

The lesson to be taken away: computer cock-ups only appear when consequences don't matter - it is always conspiracy when they do.

As reported in the London Guardian Unlimited, the UK Custody-National Offender Management Service Information System (C-NOMIS) that was intended to keep close track of the 330,000 prisoners and those serving their probation, is in deep trouble. The cost of the development, originally estimated at ₤240 million has jumped to an estimated ₤950 million.

An "urgent review" is now being ordered to see in anything can be salvaged from the effort, which has been halted. About ₤155 million has been spent so far, and cancellation the program would cost ₤5o million in cancellation fees.

A government official said without irony that the original cost and schedule were "optimistic." I guess so.

The review will be published this autumn - we'll keep you informed of the outcome.

The UK government has decided against suggestions made earlier this year by the Commons Public Accounts Committee to conduct an independent assessment of the NHS's electronic medical records project's business case.

The NPfIT program has been plagued by uncertainty since its inception four years ago. The government insists that everything is fine, but as the testimony taken by Commons Public Accounts Committee suggests, there are plenty of reasons to be concerned.

It is more than likely that in a few years, some government spokesperson will, like in the C-NOMIS situation, call for