Risk Factor iconRisk Factor

This Week in Cybercrime: You Can Be Convicted of Hacking Even If You’re Not a Hacker

Hacking the Meaning of Hacking

It’s happened before: someone is convicted for robbery who never set foot inside the store that was held up, or serves a long prison stretch for murder, but is later exonerated when DNA evidence reveals that they and the perpetrator are not one and the same. But you rarely associate computer crimes with such miscarriages of justice. Nevertheless, in a California courtroom this week, David Nosal was convicted of six counts, including violating the federal Computer Fraud and Abuse Act—which went on the books in 1984 as part of an effort to make it easier for prosecutors to take down hackers bent on stealing data or in some way vandalizing the machines they infiltrate. The problem: There is no question about the fact that he did not hack into the system from which he acquired proprietary information. The jury came back with a guilty verdict despite having heard evidence that Nosal managed to convince—mostly through bribery—his former colleagues who were still employed at Korn/Ferry International, an executive search firm, to access the company’s database and turn over trade secrets. And get this: Those folks, who actually accessed the Korn/Ferry database with malicious intent, were not charged with any criminal wrongdoing.

But Nosal likely won’t don prison stripes anytime soon. If the pattern of this case holds, the verdict is, for the accused, merely a setback in a long and winding journey. The judges of the Ninth Circuit Court of Appeals in San Francisco have banged their gavels on this case on two separate occasions, and legal observers say they’re likely to see it again. Last year, the Ninth Circuit jurists decided that bringing charges against an employee for what amounts to a violation of his or her employer’s computer use policy is a bridge too far. That saved the bacon of Nosal’s aforementioned accomplices and got some charges against him related to data thefts back when he was a still a Korn/Ferry employee dropped. Furthermore, chances are good that a final decision on Nosal’s fate won’t be made until the Supreme Court weighs in. Stay tuned.

Read More

The Hacked Tweet That Took Down Wall Street

I am only surprised it took so long.

Yesterday, a “breaking news” tweet at 1:07 PM EDT from the Associated Press reported that two explosions had occurred at the White House and President Obama had been injured. The news immediately sent the Dow Jones Industrial Average down 143 points, as this graph at the London Telegraph shows. There's also a lovely animated display of the “flash crash” by market research firm Nanex LLC.

It took about three minutes for the tweet to be repudiated, and a bit longer for the AP to acknowledge that its Twitter account had indeed been compromised. According to its own story posted last night, all of the AP's Twitter accounts (including its Mobile Twitter account) were suspended and it was “working to correct the issue.” The AP also stated that the “Syrian Electronic Army claimed responsibility for the hack,” but added that, “This couldn’t be corroborated.”

The SEA, which supports the Syrian Government, has taken credit for a number of recent Twitter account compromises, including the  BBC, National Public Radio, CBS News and the President of FIFA. Last August, there were a number of fake news stories published regarding the Syrian conflict as well. Facebook is also a Syrian conflict social battleground.

A more intriguing statement in the AP story generated lot of speculation: “The attack on AP's Twitter account and the AP Mobile Twitter account was preceded by phishing attempts on AP's corporate network.” This suggests that someone in the AP downloaded a phish email (seemingly confirmed by AP reporter Mike Baker) which led to the compromise of the AP Twitter accounts. However, when asked for clarification, the AP refused any further comment, maybe on the advice of the FBI and the U.S. Securities and Exchange Commission, who are looking into the incident.

Read More

Face Recognition Failed to Find Boston Bombers

Recent comments by the Boston Police Department to the Washington Post confirm what Tech Talk said last week: Facial recognition was not a factor in the hunt for the Boston Marathon bombers.  According to the Post, “facial-recognition software did not identify the men in the ball caps. The technology came up empty even though both Tsarnaevs’ images exist in official databases: Dzhokhar had a Massachusetts driver’s license; the brothers had legally immigrated; and Tamerlan had been the subject of some FBI investigation.” Image analysis software has not caught up with the grimy reality of street photography: low-resolution, long-range images—often poorly focused, rapidly moving, and caught from odd angles.  

But if analytical cameras were not a factor last week, they may be soon.

NYPD Commissioner Ray Kelly, NY Mayor Michael Bloomberg, and Microsoft VP Mike McDuffie announce Domain Awareness SystemThe New York Police Department and Microsoft have built what they call the “Domain Awareness System.”  Early in April, before the Boston bombing, the New York Times described the combination of “more than 3500 cameras in public places, license-plate readers at every major Manhattan entry point, fixed and portable radiation detectors, real-time alerts transmitted from the 911 emergency system and a trove of Police Department data, including arrests and parking summonses.”

The system can spot cars on its watch list the moment they enter the city, and trail them by camera throughout their trip. The system also uses medium-time-scale scene analysis to spot and report changes in the relatively static features of a video image—a backpack left by a railing on a busy street, for example—while ignoring rapidly changing components like people and vehicles passing by. It’s like those spooky, ultra-long-exposure pinhole camera photos that turn a busy street into an empty post-apocalyptic dreamscape, unpopulated under the noonday sun. You can see demonstrations of the Domain Awareness System in action in this Today Show segment. (The technique has broad application to cluttered environments. See the LandTrendr analysis that researchers from Oregon State University and the U.S. Department of Agriculture used to transform Landsat satellite images of the Pacific Northwest into a pristine, cloud-free, season-by-season time series yielding a clear picture of bark beetle damage creeping across the region over 23 years.)  

Why is the NYPD going public with a description of its high-tech crime-fighting tools? New York Police Commissioner Ray Kelly says that knowing the odds against them will deter potential terrorists. We should also note that the NYPD and Microsoft have recently agreed to market the system, and New York stands to receive 30 percent of the gross revenues on the multi-million-dollar licenses.

Read More

IT Hiccups of the Week: Excel Spreadsheet Error Heard Around the World

After the previous week’s quietude, IT-related problems, issues and faults returned to their normal rate of occurrence. We start off with a human-induced spreadsheet error that is reverberating around the economic and government financial policy worlds.

Oops: Excel Error Calls Into Question Widely-Cited Economic Study on the Impact of Government Spending

Economics has long been called the “dismal science.” Last week, an error in an Excel spreadsheet used by two Harvard University professors served to help reinforce that moniker.

Back in 2009, Carmen M. Reinhart and Kenneth S. Rogoff published a book with the provocative title, “This Time It’s Different.” The professors asserted in their book that, among other things, their empirical research demonstrated that when advanced economies’ public liabilities reach or exceed “the important marker of 90 percent of GDP,” long-term economic growth and stability are placed at peril. Upon reaching that 90 percent of GDP point, the two argue, governments need to act swiftly to rein in public spending or increasingly risk stifling future economic recovery and growth.

Reinhart and Rogoff based their conclusions, which many governments (especially in Europe) embraced as a sound rationale for their current policies of cutting public spending, on what the two said was “clear” and “sharp” empirical analysis of “comprehensive” financial data. The information they collected “cover[ed] sixty-six countries across five continents” going back to the early 1800s. The two professors have not been shy about promoting the importance of their research; a quick scan of the book’s website turns up this statement: “An important book that will affect policy discussions for a long time to come, This Time Is Different exposes centuries of financial missteps.”

The book's analysis drew the expected reactions from the two main opposing factions of economists: those who support Reinhart and Rogoff and their call to reduce high public debt levels and governmental spending, and those who argue that in tough economic times, it is imperative that governments increase spending to stimulate their economies. The latter group, while arguing that Reinhart and Rogoff’s conclusions were wrong, have been off-footed by the duo’s seemingly strong, data-driven analysis of 200 years of financial data. That is, until last week.

Last Monday, Thomas Herndon, Michael Ash, and Robert Pollin, three economists at the University of Massachusetts, published a review of the conclusions reached by Reinhart and Rogoff using the original data set upon which "This Time It's Different" is based.  What did they find? The Massachusetts economists say they spotted “coding errors, selective exclusion of available data, and unconventional weighting of summary statistics.” These, they said, “lead to serious errors that inaccurately represent the relationship between public debt and GDP growth among 20 advanced economies in the post-war period.” The takeaway: “when properly calculated, the average real GDP growth rate for countries carrying a public-debt-to-GDP ratio of over 90 percent is actually 2.2 percent, not -0.1 percent, as published in Reinhart and Rogoff...average GDP growth at public debt/GDP ratios over 90 percent is not dramatically different than when debt/GDP ratios are lower.”

Reinhart and Rogoff, as they admitted after the UMass paper was published, accidentally forgot to include the first five rows covering data from five countries (Australia, Austria, Belgium, Canada, and Denmark) from an Excel spreadsheet in their analysis—a “coding error” which they said was “a significant lapse on our part.” Others who were being nice called the oversight a "numbskull error." However, the professors took exception to the charge of deliberately manipulating the data to match their beliefs about the need for government austerity, and insisted that their conclusions were not much affected by the error anyway.

As expected, discovery of the error has caused quite a stir over the veracity of Reinhart and Rogoff's findings and the resulting implications for public economic and financial policies across the world. In other words, does high public debt indeed cause slow economic growth (as Reinhart and Rogoff argue) or does slow economic growth cause high public debt? I'll let Risk Factor readers argue the merits of either case if they are so inclined.

The Excel kerfuffle probably doesn’t matter much in the long run, as economists are fond of saying, given that most governmental economic data (especially old data) is so noisy as to be pretty useless for detailed analysis. Just as important is the fact that no one seems to understand how to spur economic recovery happen anyway, regardless of what side of the economic policy debate they sit. Further, as this commentary at Forbes insightfully notes,  “In reality, the only lesson to be drawn from this episode is that academic economics, like many social sciences, is grounded in hubris and pseudoprecision. And that the modern urge to demand an academic study to ‘prove’ or justify inherently complex and ambiguous decisions is antithetical to clear thinking.”

The other lesson the Reinhart and Rogoff Excel error shows is that “this time it isn’t different,” at least in regard to human-related data error. Two compilations of previous spreadsheet and other data-driven errors aptly demonstrate the point.

H&R Block Sued Over Tax Filling Issues That Delayed Refunds

As we noted a few weeks ago, H&R Block, one of the world's largest tax services providers, had a problem electronically transmitting Form 8863 (American Opportunity and Lifetime Learning Credits) to the IRS. The issue delayed refunds for hundreds of thousands of taxpayers. At the time, H&R Block’s CEO said that he “sincerely” apologized for the filing snafu. However, that apology hasn't counted for much in some quarters, apparently, since according to a story at Consumer Affairs, lawsuits in California, Michigan, and Illinois have been filed against H&R Block. The lawsuits are generally claiming that the company did not live up to its advertised 100 percent accuracy claim, and or failed to provide adequate compensation to those affected by the refund delay.

And speaking of tax filing problems, on the evening before U.S. tax returns were due on 15 April, Turbo Tax Online was “intermittently unavailable” for about an hour, which scared more than a few last minute filers, according to Forbes.  No lawsuits are expected to be filed over the temporary increase in taxpayer heart rates brought on by the issue, but you never know.

In what is hopefully the last of the tax season-related computer problems, a faulty switch and router made it impossible for Utah taxpayers to access the state's tax filing website on 14 April. Utah addressed the issue by giving residents an extra day to file their state tax forms.

Server Malfunction Affects 15 000 Minnesota Students Taking Math Test

Freaking out over a problem with your tax software probably pales in comparison to the emotions experienced by the 15 000 Minnesota students who were trying to take their Minnesota Comprehensive Assessment online math test last Tuesday, but either couldn’t sign in or had their tests ended prematurely.  According to the Star Tribune, American Institutes for Research, the testing vendor, attributes the snafu to a problem on one of its servers. A story at the Pioneer Press quoted Charlene Briner, chief of staff for the Minnesota Department of Education, as saying the problem was “unacceptable.” In response, the vendor stated that while the company’s online testing system isn’t perfect, “it's pretty damn good.” Maybe the vendor should solicit the opinions of the students who had their test ended mid-way through.

Briner said that the affected students will be able to pick up where they left off and review their answers or restart their tests. No doubt the students, who just love taking math tests, were overwhelmed with feelings of joy on hearing that.

New Hampshire’s New Medicaid System Has a Few Problems After All

After telling everyone to expect problems with the roll-out of the state’s new Medicaid Management Information System (MMIS) at the beginning of the month, and then saying that there weren’t any after all, New Hampshire’s Health and Human Services Commissioner Nick Toumpas reversed course again last week. Toumpas admitted to the Union Leader that there were indeed some issues cropping up. He noted that some small Medicaid and Medicare providers have had problems since the system rollout commenced—mainly, the suspension of their submitted invoices for payment. Of the bounced back invoices, he said that, “It was unclear if it was their problem, whether they submitted something incorrectly, or whether it was getting kicked out legitimately.” Interestingly, he did include in his statement the alternative that there may actually be something wrong with the MMIS itself.

To his credit, Toumpas is still allowing payments to be made to the small providers with provisos for getting the money back if it is indeed a problem on the providers’ end, and not with the new MMIS.

American Airlines Still Not Explaining Cause of “Software Issue;” ERCB Outage Continues

American Airlines has still not given a reason for the “software issue” that affected its reservation system and disrupted flights last week, according to the LA Times. It is doubtful that it ever officially will.

And the routine hardware upgrade to the computer system servers at Alberta’s Energy Resources Conservation Board (ERCB), which went bad on 2 April (mentioned here last week), continues. The ERCB reports some progress in fixing the problem, but remains uncertain as to when its servers will be finally fixed.

Also of interest…

Computer Issue Excludes Eligible Jurors in Polk County, Florida

Google Gmail Outage Blamed on Log-in System

Singapore Check Clearing System Hit by Technical “Glitch”

Photo: John Turner/Getty Images

This Week in Cybercrime: U.S. House Passes Bill Allowing Firms to Share Customer Info With the Government

U.S. House Votes to Immunize Companies Against Privacy Lawsuits

The U.S. House of Representatives passed the Cyber Intelligence Sharing and Protection Act (CISPA) on Thursday by a margin of 288 to 127, despite warnings that President Barack Obama would likely veto the controversial bill if passes the Senate and makes it to his desk. The bill, which was reintroduced in February after being voted down last year, would make it impossible for consumers to sue the government or businesses for breaching the consumer's privacy by sharing data with each other.

The legal shield that CISPA provides would cover the entity divulging the information as long as the company or agency says that doing so was part of its effort to help fight cyber threats. During a House floor debate on the measure on Wednesday, Dutch Ruppersberger (D-Md.), one of the bill’s co-authors, focused on dollars and cents, claiming that trade secrets worth US $400 billion to U.S. companies are stolen each year. Opponents of the bill acknowledged the economic toll that cybercrime takes on U.S. businesses and consumers, but argued that the bill, though modified from a version that passed the House last year, still doesn’t, in the words of House Minority leader Nancy Pelosi (D-Calif.), strike a “crucial balance between security and liberty.” Pelosi added that, “Unfortunately, it offers no policies and did not allow any amendments or real solution that upholds Americans' right to privacy.”

A coalition of critics lined up against the bill. Among them was online advocacy group Fight For the Future, whose co-founder, Holmes Wilson, told the UK Guardian that, "It would have been so easy to fix this bill and require sites to strip out personal information before passing them to the government." Kurt Opsahl, senior staff attorney for The Electronic Frontier Foundation, which also came out against CISPA, had urged the House to include an amendment allowing companies to enter into privacy contracts with their customers. The legislators’ decision not to add the change to the bill’s language leaves a “gaping exception to bedrock privacy law,” Opsahl told The Guardian.

Several influential industry groups, including the wireless group CTIA, the U.S. Chamber of Commerce and TechNet, which represents large internet and technology companies, have lobbied for the measure.

Read More

American Airlines Still Recovering from “Software Issue” That Grounded Flights Yesterday

Yesterday, American Airlines and its regional carrier American Eagle were forced to cancel some 970 flights and delay another 1068 after the airlines experienced “intermittent outages” in communicating with its reservation system. The outages effectively shut down the airlines’ operations, stranding passengers and flight crews alike.

The airline, headquartered in Fort Worth, Texas, publicly acknowledged the problem about 11am CDT, and the problem was not fully resolved for another four and a half hours. The reservation system situation caused the airline to request the U.S. Federal Aviation Administration (FAA) to place a ground stop on its aircraft for several hours.

Late yesterday afternoon, American CEO Tom Horton issued an 84-second video statement in which he said, “We experienced a system-wide network outage, causing flight disruptions and inconveniencing many of you. And for that, we are very sorry.”

Horton went on to say, “As you’d imagine, we do have redundancies in our systems, but unfortunately in this case, we had a software issue that impacted both our primary and back-up systems.” 

The airline acknowledged that the "software issue" did not reside with the Sabre Holdings reservation system it (and many other airlines) uses, but with its own IT operations.

American has said that it will accommodate yesterday’s affected travelers. However, the airline also warns that although it has tried to get its aircraft and flight crews where they needed to be this morning, some residual knock-on effects may linger into today.

It was recently announced that when US Airways and American merge later this year to form the world’s largest airline, American Airlines’ legacy systems will be the ones used.

Given yesterday's events and United Airline’s recent experience, the reservation system cut-over period would probably be a good time to stay home or try another airline.

Photo: Max Faulkner/The Fort Worth Star-Telegram/AP Photo

IT Hiccups of the Week: New NHS 111 Helpline Needs to Call 999

It has been an unusually quiet week in regard to IT-related problems. Of greatest significance seems to be the ongoing technical and training issues associated with the new UK National Health Service (NHS) 111 patient helpline service.

NHS 111 Healthcare Helpline in Meltdown Mode?

Earlier this month, the UK National Health Service began its England-wide roll-out of a new helpline service; to access it, NHS patients can simply dial 111. The service is meant to provide one simple number that people can call to get timely and appropriate information about non-life-threatening but still important medical issues—especially after normal business hours. The plan is that a patient calling in will be quickly connected to a trained call-handler who will assess the patient's request for information and then use a directory of medical services available in the caller's area to provide specific advice on which NHS services could best meet his or her healthcare needs. If the call taker assesses that immediate care is required, an ambulance will be summoned. Patients with life-threatening or other urgent medical emergencies are still able to call 999 to get an immediate emergency service response.

The NHS 111 telephone service is replacing NHS Direct, which was started in 1997, and is staffed primarily with NHS nurse advisors. But to reach NHS Direct, the patient has to dial an 0845 number and incur a charge for the call. Calls to the NHS 111 line are free, but the service uses non-clinically trained call takers who are supposed to be supported by a much smaller number of experienced nurses. This change—along with a setup whereby the provider of the NHS 111 service is contracted for and operates locally rather than the service being provided for by the NHS nationally—is seen as a bid to save the NHS money.

Last month's soft roll-out of the 111 service in the London, Manchester, and Birmingham areas went poorly, according to various news outlets. The weekly medical publication Pulse, for instance, reported of doctors warning that “patient care [was] being hampered by the service due to improperly trained staff, a lack of personnel, long waits and out-of-hours GPs having to take on extra work.”  The BBC reported that in the Greater Manchester area, the entire 111 system crashed, which meant that an unknown number of patient calls went unanswered.  

The British Medical Association was so concerned at the scope of the initial problems being experienced that it said, “The Department of Health needs to reconsider immediately its launch of NHS 111 which clearly is not functioning properly. They must ensure that the system is safe for patients before it is rolled out any further.” In response, the NHS said the April rollout, despite the “teething problems,” would go on as planned, but that it would “carry out thorough testing to ensure that those [111] services are reliable.”

Well, in light of news reports last week, it looks like even more 111 system testing is called for.  The London Telegraph reported that there were long delays in responding to patient 111 calls in 30 out of the 37 areas across England where it has been rolled out. In some instances, instead of a patient's call being routed to a central triage center where the medical issue would be prioritized, a vaguely described “system error” caused patient cases to be automatically closed instead.  The Pulse reported that despite the NHS insistence that things were going well with the 111 roll-out, “more than 40% of calls to NHS 111 [over the Easter weekend] were abandoned by patients in some regions [because they couldn’t get through], while elsewhere one patient had to wait more than 11 hours for a call-back.”

The Daily Mail reported, in its usual understated manner, on emergency services workers' complaints about the staff handling the 111 calls. The call takers are so poorly trained, say the ambulance crews, that they have sent ambulances to deal with obvious non-emergency situations,  e.g., an ingrown toenail. In some cases, ambulance crews complained that their workload has doubled since 111 was introduced (researchers last year identified increases in "emergency ambulance incidents" as a possible consequence in an evaluation of four NHS 111 pilot programs (pdf)).  One hospital trust in Kent was even said by the Mail to be so overwhelmed by patients being sent to it via the local NHS 111 service that it had to declare an “internal Major incident,” which usually only happens when there is a major traffic accident, fire, plane crash, or other emergency event that threatens to overwhelm its care-giving capacity.

The NHS 111-related chaos has spurred a Parliamentary review of all emergency services by the House of Commons Health Committee. The review is supposed to be completed by mid-July.

Read More

This Week in Cybercrime: Tax-related ID Thefts Hit 1.8M in 2012

IRS Tax Refund Fraud Epidemic

Monday, April 15, is the deadline for individual income tax returns to be filed. This year, the U.S. Internal Revenue Service is expecting more than 146 million individual tax returns to be sent in, of which some 121 million will be entitled to refunds totaling approximately US $333 billion. However, among those 146 million returns, the IRS is also expecting millions of tax returns to be filed using stolen social security numbers and other personal information in an attempt to fraudulently obtain refunds, Senator Susan Collins (R-ME) said at a Senate Special Committee on Aging hearing earlier this week that looked into tax-related ID theft.

According to Collins, tax-related ID theft has exploded over the past five years. In 2008, the IRS reportedly confirmed “only” 52 000 such cases, compared to the nearly 1.8 million incidents the Treasury Inspector General for Tax Administration said the IRS identified last year. Another 1.5 million tax-ID fraudulent returns apparently slipped through without being caught in 2011 as well, Collins said. The total cost of refund fraud in 2011 was estimated to be as high as $5 billion (which does not include the hundreds of millions of dollars the IRS spent in trying to identify all the tax-related identity theft).

Deputy Commissioner of the IRS Beth Tucker wrote in an editorial in USA Today yesterday that in 2011, the IRS blocked $14 billion in fraudulent refunds, while in 2012 she said $20 billion in fraudulent refunds were blocked. She also stated that already this tax season, 2 million suspicious returns have been blocked (a total of 5 million were blocked in 2012, and 3 million in 2011, but it should be noted that not all of these were ID-theft related).

ID thieves have figured out that if they file fraudulent tax returns early in the tax season, they have a good chance of getting a refund before the IRS is able to discover their scam because the taxpayer information the IRS needs to verify a taxpayer’s earnings and withholdings aren't available until the end of March. In one case, scammers successfully used a single address in Lansing, Michigan to file 2137 fraudulent returns, which netted a total of $3,316,051 in refunds.

Tucker claims that the IRS is making progress in its fight against tax ID-theft and other tax fraud by claiming, “We're also going after the bad guys. We've started 800 criminal investigations since October. And crooks are going to jail for up to 20 years.”

Somehow I don’t think the tens of thousands of tax refund scammers are too worried.

Read More

NTSB: Texting While Flying Contributed to 2011 Helicopter Crash

Yesterday, the U.S. National Transportation Safety Board (NTSB) reviewed the findings of its investigation into the crash of a Eurocopter AS350 B2 helicopter operated by Air Methods Corporation (and doing business under the name LifeNet). On Friday, 26 August 2011, at 1840 CDT the helicopter, which was on an emergency medical services (EMS) mission, crashed following a loss of engine power as a result of fuel exhaustion a mile from Midwest National Air Center (KGPH), Mosby, Mo. The pilot, flight nurse, flight paramedic and patient were fatally injuried.

At yesterday’s NTSB inquiry, the board cited (pdf) as the probable causes of the accident “the pilot's failure to confirm that the helicopter had adequate fuel onboard to complete the mission before making the first departure, his improper decision to continue the mission and make a second departure after he became aware of a critically low fuel level, and his failure to successfully enter an autorotation when the engine lost power due to fuel exhaustion.”

In the preliminary NTSB accident report, the pilot was thought to have successfully entered into autorotation mode before the crash. However, the full NTSB investigation found this not to be the case, and believed that he may have been unsuccessful because of “the lack of practice representative of an actual engine failure at cruise airspeed in the pilot's autorotation training" in the model and make of helicopter being flown. The pilot, the NTSB found, had not received any of his autorotation training in a simulator which, the NTSB stated, would have made him “better prepared” to deal with an emergency situation.

Also contributing to the accident, the NTSB said, were “(1) the pilot's distracted attention due to personal texting during safety-critical ground and flight operations, (2) his degraded performance due to fatigue, [and] (3) the operator's lack of a policy requiring that an operational control center specialist be notified of abnormal fuel situations.”

Read More

IT Hiccups of the Week: Computer Technology Upgrade Sours Small Michigan County

Last week saw a real hodgepodge of IT-related errors. While none of them could be called of major significance, they did serve to exemplify the daily annoyance and exasperation for those experiencing them, as well as the unexpected good fortune that sometimes results.  We start off with a story whose plotline is no doubt experienced with some regularity. This time it is set in Lenawee, Michigan (population 100 000), where a new computer system intended to make life easier and more productive for county employees has instead made it more difficult and highly stressful.

New Computer System “Overwhelms” Lenawee County Employees

Back in December 2011, Michigan’s Lenawee County Commission approved a US $1.45 million technology upgrade for outdated county computer systems and equipment, the Daily Telegram reported at the time. Poor economic conditions caused county tax revenue shortfalls, which in turn forced the county government to reduce its staff, yet the public was still expecting that “the same level of services” be provided. The Commissioners' expectation was that the new computer software and hardware would make county employees not only more productive but help avoid future staff lay-offs. The goal was to have all the system upgrades, which would affect every government Lenawee County agency and department, in place by the end of 2012.

The Daily Telegram reported last July that the upgrade had reached the half-way mark. While the county's IT staff were reported to be “under stress” from having to install the new system as well as maintain the legacy system (some county agencies had complained about the IT staff not responding quickly enough to on-going problems involving the legacy system),  the county administrator informed the County Commissioners that, “We’re actually on the downhill side for IT.” County staff members were beginning their training on the upgraded system, the installation of which looked to be generally within budget and on schedule.

Last week, however, the Daily Telegram published a story indicating that all was not well with the tech upgrade. The Telegram quotes the county treasurer at a County Commissioner hearing as saying, “Things with the new system, they’re going slow and there are things we haven’t conquered yet.” The county clerk stated, “It’s not just a learning process. It’s the system itself. There’s things we thought it would do but it doesn’t do.” One example is the new financial and payroll system, which has created “more work and stress” for county employees instead of making them more productive and efficient, the Telegram reported.

The Lenawee county sheriff is none too happy either. With apparent anger, the sheriff told the Commissioners that, “There is no way we should be in the position we are in right now…  We’ve got a system that’s supposed to save us time, but they’re overwhelmed over there.” He also complained that the technology contractor was unresponsive to the technical problems being raised, and that the “level of training” the contractor provided was less than expected.

In addition, the sheriff, as well as other county agency officials, said that the county’s IT staff, which was resource thin, was over in over its head and unable to cope with all the problems cropping up.  The Lenawee IT department head basically agreed, saying that “…we probably faltered along the way,” and added that “The stress level everywhere is up through the roof right now.”

Unfortunately, exactly what happened between last July’s “downhill side for IT” and today’s IT tar pit is not explained in any other Telegram or newspaper stories that I can find.  It makes one wonder whether upgrade progress was being reported as “green” up until the day it was reported as really instead being “red.”  The latest Telegram story indicates that the Commissioners are now thinking of allowing the county IT department to hire another person “to help with a logjam of computer problems.” Whether that will help much, at least in the short-term, is debatable.

Read More
Advertisement

Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Contributor
Willie D. Jones
 
Advertisement
Load More