Risk Factor

" ... the technology road is bumpy... This is life in the technology lane"

And it is full of pot holes. No, that wasn't in Steve Jobs open letter to early adopters of Apple's iPhone, but it was at least implied.

Mr. Jobs had to issue the apology after thoroughly irritating customers who shelled out $599 a few months ago for their new iPhone only to learn that Apple was cutting its price by $200 to try to gain a strategic if not insurmountable market share during upcoming Christmas season.

Jobs appears to be following former HP Chairman and CEO Lewis Platt's old dictum, â''We have to be willing to cannibalize what weâ''re doing today in order to ensure our leadership in the future. Itâ''s counter to human nature, but you have to kill your business while it is still working.â''

Investors didn't take to kindly to Jobs announcement, as they viewed it as Apple cannibalizing its earnings too soon and therefore their investments. Apple also didn't help matter much by announcing a new iPod which appears a lot like an iPhone without the calling features. Apple's stock dropped about 5% in all this week.

Probably more of an issue is that many folks who bought iPhones now think they were not only out $200, but went from being cool to being uncool. Even my local small town newspaper has an article about how much coolness that $200 bought.

It will be fascinating to watch whether Jobs $100 rebate offer to those customers who bought the iPhone early will be mollified. It will also be interesting to see how Apple prices products in the future - it will be hard to have another rapid price drop without driving away a sizable portion of your early adopters.

A bigger problem problem may be news stories like the one that appeared in today's Newsday about some iPhone customers getting monthly bills in the thousands of dollars. One man received a $4,800 phone bill when he got back from a Mediterranean cruise. He brought along his iPhone which kept checking his email accounts, all at international phone rates.

While his iPhone contract with the AT&T Web site says: "Substantial charges may be incurred if phone is taken out of the U.S. even if no services are intentionally used," the point is made in one of six different agreements an iPhone user has to agree to.

As pointed out last July by Wired magazine, the iPhone contract is very long and legally murky, and warned potential iPhone users that they needed to spend some extra time reading the 6,700 word contract. If you don't, you may get surprised, as obviously the person with the $4,800 phone bill did.

If all this buzz starts to create a perception that it is better to be a late adopter of Apple's products, investors may be even quicker to sell the company's stock when things go a bit funny.

In case you missed it, this week was the 25th anniversary of the first personal computer virus. The virus, dubbed, "Elk Cloner" was created for the Apple II by Rich Skrenta, when he as a ninth-grader as a prank.

It is also the fiftieth anniversary of the launch of the Ford Edsel, which became synonymous with the word blunder.

Just thought you'd want to know.

Dr. Brian Randell, Emeritus Professor, and Senior Research Investigator, School of Computing Science, University of Newcastle upon Tyne, was kind enough to let me know that the Journal of Information Technology has just released an issue focused on the UK National Health Service's (NHS) National Program for IT (NPfIT), its electronic health record initiative.

I think you'll find the articles very informative.

Sorry to go off the IS&T trail, but the news that a B-52 was flying around with six unauthorized nuclear weapons made me think fondly (or not so fondly) of my time long ago as an Air Force airborne communications, navigation and electronics warfare technician in Strategic Air Command (SAC).

Say what you will about Gen. Curtis LeMay, he insisted upon and made damn sure that high operating standards were developed, instituted, trained to, and maintained in SAC even after he left - and there was hell to pay if you didn't meet those standards. Maintaining positive control over nuclear weapons was an absolute, non-negotiable; working on an alert bird was always a bit tense as there were these ever present military police with loaded weapons around ready (and I think hoping) to take you out if you violated protocol.

The episode shows how easy it is for risk management even when nuclear weapons are involved to become "routine." The Air Force, of course, says this was an isolated incident ("All evidence seems to point to this being an isolated mistake"), however, it should never have happened. This was supposed to be an "impossible event."

LeMay once supposed said, "I have neither the time nor the inclination to differentiate between the incompetent and the merely unfortunate." In this case, no matter how you slice it, the unfortunate was a matter of incompetence.

The Department of Homeland Security (DHS), after spending $42 million, has shut down its anti-terrorism data-mining tool Analysis, Dissemination, Visualization, Insight and Semantic Enhancement (ADVISE). Seems that it was being tested with information on real people rather than made-up data, which was against policy and probably the law.

According to the AP story, "ADVISE is not expected to be restarted," DHS spokesman Russ Knocke said. DHS' Science and Technology directorate "determined that new commercial products now offer similar functionality while costing significantly less to maintain than ADVISE."

ADVISE (I wonder how long and how much it cost to come up with that acronym) was supposed to, among other things, report on suspicious people going through customs. In a bit of multiple ironies, the London Guardian disclosed just the day before ADVISE was being closed, that the Metropolitan Police's Special Branch had been spying on George Orwell.

One report from 1942 noted that Orwell was a suspicious character because he dressed "in a bohemian fashion both at his office and in his leisure hours."

Hmm, I wonder if ADVISE was also data mining for people who fit the profile "bohemian fashion," "work hours"and "leisure hours" as a match for "suspicious person." If not, maybe the new, commercial data mining products can be set to be lookout for these characteristics - never know who you might catch.

And just think what Special Branch could have done with ADVISE back then.

One final thing - Orwell was also deemed by those watching him as holding Communist views. Obviously, Animal Farm nor 1984 were high on Special Branch's reading list.

As I wrote a a couple of days ago, the UK seems determined on making 1984 a reality. A senior UK judge, Lord Justice Sedley, in the name of fairness, called for everyone in the UK including visitors to have their DNA captured in a database. He objects that only those who come in contact with the criminal justice system have their DNA captured.

According to the London Guardian, Sedley said that "disproportionate numbers of people from ethnic minorities were on the database. 'It also means that a great many people who are walking the streets, and whose DNA would show them guilty of crimes, go free,' he said."

If George Orwell were alive today and updating 1984, I wonder how IS&T would influence the story line.

The UK Public Accounts Committee (PAC) published its report regarding the The Delays in Administering the 2005 Single Payment Scheme in England. The delays are estimated to cost UK taxpayers some £500 million.

As reported in the London Times, "the Single Farm Payment Scheme, introduced two years ago, aimed to pay farmers for their stewardship of the land rather than the number of animals they reared for meat."

The Times went on to say that Edward Leigh, the Tory MP who chaired the review committee, said the farmers' payment project was â''a masterclass in bad decision-making, poor planning, incomplete testing of IT controls, confused lines of responsibility, scant objective management information and a failure by the management team to face up to the unfolding crisis.â'' Sounds like a classic IT blunder to me.

The PAC report listed some 15 lessons learned, or maybe better put, not learned. As an example, this is from number 14:

"The implementation of the single payment scheme was subject to four Office of Government Commerce Gateway Reviews between May 2004 and February 2006, and three of these Reviews assessed the programme as "red". Development work on the computer system nevertheless continued and no contingency plan was invoked, despite limited confidence that the system would be ready on time. If 'red' reviews are to be taken seriously, departments need to be explicit about the circumstances in which they would lead to fundamental review or termination of a project."

Maybe the first lesson is to teach senior government IT managers that red means stop, green means go. Or maybe better, test them to see if they are color blind.

Last month, malfunctions at the US Custom and Border Protection computer system at LAX caused massive problems for internationally arriving passengers. Today's LA Times reported that the planned overhaul of the computer system is being moved up. According to Ken Ritchhart, assistant commissioner in the Office of Information and Technology with Customs and Border Protection:

By Thanksgiving, or Christmas at the latest, the entire customs system at LAX will be redone, with not only new workstations, network switches, routers and cables, but also a snazzy new satellite backup system that will allow screeners to access network databases should local routers fail.

It bothers me when someone hedges their bets on an IS&T delivery date like that - it says the plan was made in haste - but we won't have to wait long to see whether that "snazzy" new system is put into place by Christmas.

The past few weeks we saw another flood of news about IS&T security lapses. We had Monster.com reporting that 1 million or more of its customers' had their information stolen, and the same hackers broke into the US Office of Personnel Management's website USAJobs.gov and made off with personnel information on 146K more people. Monster provides technical support to the OPM website. Monster admitted that it has been hacked several times, and only recently reported the fact.

Then there was a report that in the state of Connecticut, there was a "theft of a Department of Revenue Services laptop containing sensitive taxpayer information (which) it took eleven days to notify affected citizens of the incident."

At the same time, another report noted that, "A Maryland Department of the Environment laptop computer stolen from an employee's car last weekend held personal information, including Social Security numbers, for 10,000 residents registered with one of four state boards."

Back in Connecticut, there was this report: "Pfizer Inc. has revealed its third data breach in three months, this time affecting the personal information of an estimated 34,000 people... Pfizer said it did not realize sensitive information had been compromised until July 10. Letters to attorneys general around the nation alerting them to the data breach were dated Aug. 23, more than seven weeks after Pfizer became aware of the problem and more than eight months after the information was exposed."

There are others, but you get the idea.

Now, given that corporations and especially government (local, state, federal) are pretty well insulated from any penalties for breaches, it is clear that something else needs to be done.

While I am extremely hesitant of proposing it (I am highly skeptical that government mandates are particularly cost or performance effective), maybe we do need a Sarbanes-Oxley Act for IT security. Let's hold CEO's, CFO's and CIO's or their equivalents in government personally responsible for the security of their organization's IT systems. We can start with the folks in government first this time - after all, fair is fair.

It would be interesting to see how many government CIOs would voluntarily sign a statement that their IT systems posed very low risk of being breached.

AT&T is now offering a Web-based feature called AT&T Smart Limits that will "allow parents to stay in touch with their children while controlling their children's mobile phone use." The service will, according to AT&T's website:

"Set limits for:

* Minutes

* Text and instant messages

* Download purchases

* Time of day or night the phone can be used

* Numbers the phone can call or text (incoming and outgoing)

* Internet content access

Once a limit is reached, the service will be restricted. Calls to and from phone numbers designated as Allowed Numbers and calls to 911 will continue to be allowed, regardless of the limits you set."

All yours for $4.99 a month.

AT&T decided to offer this service, according to the CNN story, because:

Results of a recent AT&T survey revealed that 84 percent of consumers believe parental controls and safety tools are extremely or very important in keeping children safe while they use today's entertainment and communications technologies. Nearly one-third (31 percent) of those adults do not feel that they have adequate knowledge of how to use those tools to protect children from today's threats.

It will be interesting to see how quickly the children of parents who buy the service figure a way around it, or an Internet VOIP company offers a friendly buy-pass, say for, $3.99 a month?

Of course, the next logical step would be for parents to give phone companies permission to have all of their children's voice conversations recorded, and then have them data mined for hints that they are calling numbers or viewing sites that have been banned by their parents. It should be too hard to put in an automatic message announcing at the beginning of every call that this calls may be monitored for quality control purposes.

Maybe AT&T could offer this service for $5.99 a month.