Monday 27 May 2013

The three lies of modern IT systems

I've rather belatedly realised there has been yet another IT catastrophe, this time at the BBC.  I don't know the details, so I can't go on endlessly about how it fits into my uber-theory of IT cock-ups (basically because the systems that fail so expensively are really designed to take power away from people, not to enable them to do their job better).

There is another uber-theory, of course, which is that big mega-organisations like governments and mega public service broadcasters are staggeringly bad at specifying and managing IT projects, because they always over-complicate things.  Perhaps we should be grateful that they only threw away £98 million.

More about where IT works and where it patently doesn't in my book The Human Element.

But as I was listening to the news about the BBC's digital sharing failure, I happened to be logging onto the website of yet another quango, using the same one of the variations of passwords I always use - and being asked for permission to plant cookies on my computer.  It made me think how little we consider these apparent trifles.

After all, if I had said to myself - well, actually, now you mention it, I would prefer not to have cookies, I would have been excluded from their 'digital by default' services.

I don't actually have any choice.  Rather as those companies which warn people with serious nut allergies that their products might contain traces of nuts, they are not actually being helpful - usually they don't - they are saying they can't be bothered to make sure.

So, since this is a bank holiday weekend, and the weather is brightening up (fingers crossed), here are the three lies of IT:

1.  We are asking permission to embed cookies in your computer.  It actually means: 'we will have nothing to do with you unless you let us plant our spy machines in your home'.

2.  People are free to choose whether they accept our rules or not.  Not actually.  If you are confronted with agreeing to rules and conditions on a page from one of the semi-monopolist corporates that now dominate our lives - Microsoft or Google - then, unless you sign, you will be excluded completely from modern life.  Probably arrested at airport security for good measure.

3.  Our passwords are designed to give you security.  Really?  How many passwords do you have now?  How many offices have you been where people keep their secure passwords on post-it notes above their screen?

I was 55 last week, so this may be may age speaking, but I find the reliance on passwords increasingly irritating.  I have to juggle six of them just to get into my two children's homework.  Of course, we need to keep identities secure, but there is a limit - and once you make passwords complex enough to keep you safe, then you increasingly need to write them down and render them insecure.

I offer this up as another Boyle's Law.

What I find especially irritating is that all the organisations we all deal with assume that they are the only one we deal with in the world.  In fact, every store, service, quango and government department we use loads us down with more passwords and usernames.

It isn't sensible to use the same password for every organisation - and I don't - but I have recently been refusing to accept new passwords (from the bank and the tax credits megalith) and feel better every time.

They always sound a little hurt, but it doesn't seem to make any difference to accessing them.  Of course it goes onto your records...


Left Lib said...

I work in IT and I have a few things I want to say about this. On the issue of passwords you are right. If the password is too complicated people write it on a post it note and attach it to their PC. This is recognised as a security risk, although not by everyone. On the other hand make it too easy and everyone chooses the password of "password" or their surname. In other words the kind of passwords hackers can guess and break into your account.
So yes passwords are a problem.
As for public sector projects going wrong; actually there has always been a high failure rate of IT projects and the record of the private sector is just as bad. Of course the bigger the project the more likely it will fail. The problem with IT projects is similar to building a house. You can try building a house with no preparation, no plans, just start building. This happens in many third world countries. The building may collapse 3 years after it is built and the builders are no where to be found.
Often in IT projects in order to stick to the budget you cut corners. In order to win your bid you become optimistic about how long it will take and how many developers you need. Then the pressure is to spend less time designing your solution, and later less time testing it before the release date. If you can avoid taking on extra staff in order to meet your deadlines, you can keep your profits.
In general the best IT solutions are more expensive. But they are only more expensive in the short term, in the longer term they are more reliable and easier to fix if there are any bugs. However it would be wrong to judge a bid purely by how much it costs. As always it is a question of what is behind those costs that matters.

Anonymous said...

Left Lib is right about passwords. I think the best approach is to devise a scheme in which passwords follow a common theme e.g. they might contain a date which you can remember without writing it down - and I don't mean your date of birth - but they also contain something unique to the organisation for which you want to use the password. That might enable one to write down clues to passwords - clues which you understand but others don't.

I also think the private sector is quite capable of major IT failures - however private sector projects might be abandoned without the public finding out. Although I believe some of the Co-Op Bank's current difficulties arose from the cost and problems of integrating the Britannia Building Society's IT systems with its own.