Risk Factor iconRisk Factor

Census: Going Back to Paper Due to "Lack of Communication"

Census%20-%201.gif

The U.S. Census Bureau announced yesterday that it was reverting back to paper from its plan of using handheld computers for the 2010 Decennial Census. The reason?

According to Director of the Census Steve H. Murdock's testimony before the United States House Appropriations Subcommittee on Commerce, Justice and Science, "the problem with the FDCA (Field Data Collection Automation) program was due to a lack of communication between the Census Bureau and the prime contractor for FDCA, and to difficulties the contractor had in developing the full scope of the project within our deadlines. From the beginning, we did not effectively convey to the contractor the complexity of census operations, and the detailed requirements that needed to be fulfilled in order to complete the operations that FDCA covers."

In U.S. Secretary of Commerce Carlos M. Gutierrez testimony, he said that, "In 2007, the Address Canvassing dress rehearsal was conducted, at which time development and scoping problems emerged. Reports from the Census Bureauâ''s field staff, consultants from the non-profit MITRE Corporation working for the Bureau, and the Government Accountability Office confirmed these problems. The departmentâ''s Inspector General also raised concerns."

"In late 2007 and early 2008, more than 400 new or clarified technical requirements were identified by the Census Bureau. Upon the realization of the large scope of requirement changes, Census Director Murdock established the 2010 Census FDCA Risk Reduction Task Force, to begin to propose and evaluate options to keep the FDCA program on track. These efforts served to clarify the issues and confirm the urgent need for action."

The action was to punt (and bad mouth the contractor as much as possible even as the Bureau "accepted responsibility").

Gutierrez's testimony, as damning as it is, fails to mention that both technical and management issues with the handhelds were raised well before May of 2007 - all the May 2007 dress rehearsal did is to confirm them. Even as the sirens were going off that major trouble was brewing and that urgent action was required to be taken by July 2007 at the very latest, the Census Bureau and especially Gutierrez himself kept their collective heads in the sand, all the while claiming the project was moving along smartly, and that the critics (like me) were unjustifiably bashing the program.

Guess I wasn't, after all.

So, another $2.2 billion to $3 billion will be spent on top of the $11 billion already allocated to complete the census. What the hell, it's only taxpayer money.

Kudos to the Census Bureau for creating yet another case study on how not to manage a large scale software project in government. A classic IT blunder and debacle all rolled into one.

That said, let's hope that Congress demands a thorough, open and detailed analysis of this project be under taken now - before the files are "lost" - and a plan developed outlining how the Census plans to automate the 2020 census actually using for once the lessons learned.

Want to bet that this won't happen?

Air Force To Study Newly Discovered Flying Penguins for Stealth Characteristics

My friends in the UK alerted me to this amazing story and accompanying footage involving the newly discovered species of flying penguins that the BBC released yesterday.

I have been told by sources in the Pentagon that both the BBC and the British government are catching heat from the US Air Force, however, for disclosing the existence of the penguins, which have amazing stealth characteristics and a fantastic ability to generate power from a small wing surface.

Unofficial word is that the British version of the multi-nation F-35 Joint Strike Fighter under-development will be soon be named the Flying Penguins.

RFID Ecosystem Project : RFID Use in Our Future May Not Be Pretty

There is a very interesting article in the Seattle Times about a National Science Foundation funded experiment at the University of Washington called the RFID Ecosystem project. According to the story, a number of University of Washington "students, faculty and staff are being tracked as they move about the computer-science building, with details of where they've been, and with whom, stored in a database."

The point of the exercise is to "explore both positive and negative aspects of a world saturated with technology that can monitor people and objects remotely."

Computer science and engineering Professor Gaetano Borriello says in the article that, "Our objective is to create a future world where RFID is everywhere and figure out problems we'll run into before we get there."

The project has highlighted how easily a person's privacy can be penetrated without their knowing about it - something that governments around the world have started exploiting.

The article, for example, describes how the UK police are increasingly asking for information from London's RFID-based transit cards as well as the governmental activities in southern China, where "the government is installing RFID readers throughout the city of Shenzhen to track movements of citizens, and U.S. companies are helping deploy the technology. Chips in national ID cards contain not just a number, but a person's work history, education, religion, ethnicity, police record and reproductive history."

The article also notes that the Department of Homeland Security requires states to use an RFID chip in driver licenses that is readable from a distance and is compatible with its REAL ID initiative, which Borriello doesn't think is a good idea.

"There's no reason to have remotely readable technology in a driver's license," Borriello is quoted as saying in the article. Instead, he "recommends a system that requires contact with the surface of a reader, so the license-holder knows when information on his license is being read."

If you want to see how RFID may be used in your near-future, go read the story and the other publications at the UW RFID Ecosystem project website.

IEEE Spectrum also had an article last March on the ethics of implanted RFID chips and another in December 2004 on how employers are using surveillance technology to keep an eye on workers.

H-1B Visa Sweepstakes Starts Today

Stamp.gif

Beginning today, the US government begins accepting applications from employers for the 65,000 H-1B visas for Fiscal Year 2009. According to news reports, "Citizenship and Immigration Services has said it will accept H-1B visa petitions over five business days, ending April 7. In mid-April, the agency will run a computerized lottery to choose about 65,000 petitions."

For the first time, companies are prohibited from filing more than one petition for the same worker.

Reports also indicated that, "The three biggest users of the H-1B program in 2007 were three companies based in India that perform computer and software contract work here using foreign workers, mainly Indian."

"The three companies â'' Infosys Technologies and Wipro of Bangalore, and Satyam Computer Services of Hyderabad â'' accounted for more than 8,500 of the H-1B visas that received preliminary approval in 2007, figures show."

I wonder how many Microsoft is going to apply for?

Heathrow's Terminal 5's Never Ending Story

Baggage-Wait.gif

British Airways chief executive Willie Walsh said Monday that he was "bitterly disappointed" about the problems at London Heathrow's Terminal 5, and admitted "we got it completely wrong on day one."

Some 54 flights were canceled today and 50 more are likely to be canceled on Tuesday.

Walsh also said that reports that 28,000 passengers bags were in storage were wrong - it was only 19,000 (although it appears that a total of 28,000 bags may have not traveled with their owners). BA brought in 400 volunteers to start working to reduce the luggage backlog.

It will take a while longer for the software problems affecting the new baggage system to be fully explained. There is a lot of conflicting information out there. Walsh has said that, "We continue to work towards increasing the number of services in the days ahead. The baggage system is now generally working well. From time to time, problems have developed that were not encountered during the extensive trials. These issues are being addressed as they arise," by computer and baggage system experts.

BAA, the airport operator, seems to be backing off the claim that the baggage system problems were caused by inexperienced baggage staff alone.

There were other software problems at Terminal 5. A patron was charged £361,514.97 for four cappuccinos at the Giraffe Juice Bar at Terminal 5. Airport food is expensive, but that is a bit much.

Australia: Can Anyone Tell Me What Time It Is?

It is being reported that thousands of mobile phones, PDAs, and some computer networks in parts of Australia switched from back from daylight savings a week early over the weekend due to software glitches. Daylight savings had been extended this year a week in New South Wales to harmonize changeover dates across most of Australia.

The only major inconveniences reported, other than people waking up at the wrong time and such, was that six flights out of Adelaide were delayed by up to one-and-a-half hours because of a daylight time-related computer error in the Qantas check-in system. No other Qantas terminals reported being affected.

IBM Suspended From Federal Contracts?

Government Executive has a story that says that "International Business Machines Corp. and its subsidiaries are suspended from receiving new federal contracts, certain subcontracts and some types of federal assistance and benefits, due to an action taken by the Environmental Protection Agency that extends government-wide, according to federal documents."

"According to the Excluded Parties List System, maintained by the General Services Administration, the EPA took action against IBM on March 27, pursuant to Executive Order 12549, created in 1986 to curb fraud, waste and abuse in federal programs."

The article says that neither the EPA or IBM will say why the suspension happened.

Update:

The AP is reporting that EPA lifted its suspension of IBM today (Friday, 04 April). The suspension resulted from an $84 million EPA contract IBM lost in 2007 and is protesting, and EPA's suspicion that there was some unethical bidding on the part of IBM in relation to the contract (which the company denies). IBM earlier this week said it was blindsided by the suspension.

Sainsbury's Good IT News

Sainsbury.gif

As I wrote about here, in October 2005, the giant British food retailer J Sainsbury PLC had to write off its US $526 million investment in an automated supply-chain management system. Merchandise had become stuck in the company's depots and warehouses and was not getting through to many of its stores. Sainsbury was forced to hire about 3000 additional clerks to stock its shelves manually.

Sainsbury had outsourced its IT systems in 2000, but after the fiasco, decided to bring the work back in-house. Last week, chief executive Justin King said that the move placed the company on track towards saving £440m in costs a year.

It's nice to hear about good IT news.

Heathrow's Terminal 5 Problems Continue On

Baggage-Wait.gif

The BBC is reporting that 15,000 â'' 20,000 bags belonging to BA (British Airways) passengers are now stranded across London Heathrowâ''s five terminals because of the on-going problems at Terminal 5. The BBC is reporting that, â''Other carriers bringing passengers into Heathrow, to transfer to BA flights, have been asked by the airline to hold on to their bags while it (BA) clears the existing backlog.â''

BA says it doesnâ''t know how long this will take, although it is privately estimating it may take weeks before Terminal 5 operates â''normally.â''

BA, after initially saying that 15% of its flights would be canceled today, actually had to cancel 20% because of additional unanticipated problems.

BA had promised that all long haul flights would operate normally Saturday, but that also didnâ''t happen as some flights left without passengersâ'' baggage.

Having the flight canceled may have been the wish of passengers on their way to Larnaca who waited on the tarmac for four hours, saw their luggage loaded, and then removed from the plane. They were told that it had not been screened properly. The plane left without its passengers' luggage, which BA said would be sent to Larnarca by the next available flight or air courier.

Another 10% to 15% of flights are expected to be canceled on Sunday.

BA, however, is ever upbeat, with spokespersons saying that â''onlyâ'' 244 flights out of 1320 would be canceled from Thursday to Sunday, and that, "On the whole, the day (Saturday) has gone reasonably well.â''

BA apologized again today to the 24,000 people whose flights were (or are going to be) affected. It also had to apologize to stranded passengers for saying that it would only compensate them £100 for the inconvenience, when European Union regulations state that airlines must provide hotels for all passengers delayed overnight with no maximum cost.

BA may face fines of up to £5,000 per passenger for misleading passengers over compensation rights for delayed or canceled flights.

And to add a bit more salt in the wound, the fiasco forced BA to scrap a multi-million pound advert campaign planned for next week that was going to emphasize how easy it is for travelers to go through Terminal 5 and collect their bags.

I wonder if passengers have started to sing Monty Python's "I'm So Worried" yet.

Hannaford Breach: A Potential Sea Change in Attack Approach

The Boston Globe reports that malware was secretly installed on every one of the 300 or so Hannaford grocery stores' servers. The malware, according to the Globe, "intercepted card data from customers as they paid with plastic at store checkout counters, and sent the data overseas." Over 4.2 million Hannaford customer credit and debit card numbers were stolen, and at least 1,800 fraud cases have so far been reported.

Hannaford is not certain how the malware got installed (although an inside job is suspected), but regardless intercepting data in transit ratchets up the level of sophistication of hacking attacks and the level of danger to customer data.

Hannaford was certified as being Payment Card Industry Data Security Standard (PCI) compliant, which means it probably won't have to pay banks and others any breach-related expenses, like the costs of re-issuing credit cards.

It also points out that PCI compliance does not mean total security, either.

Advertisement

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Contributor
Willie D. Jones
 
Load More