Risk Factor iconRisk Factor

FDA: Science and IT Risks Place Nation at Risk


The Food and Drug Administration (FDA) Science Board's Subcommittee on Science and Technology released a very worrying report late last week on the current state of science and technology at the FDA:

"The Subcommittee concluded that science at the FDA is in a precarious position: the Agency suffers from serious scientific deficiencies and is not positioned to meet current or emerging regulatory responsibilities."

According to the FDA, it is responsible for protecting the public health by assuring the safety, efficacy, and security of human and veterinary drugs, biological products, medical devices, the nationâ''s food supply, cosmetics, and products that emit radiation. The FDA is also responsible for advancing the public health by helping to speed innovations that make medicines and foods more effective, safer, and more affordable; and helping the public get the accurate, science-based information they need to use medicines and foods to improve their health.

As the Subcommittee points out in its report,"The nation is at risk if FDA science is at risk."

In addition to the scientific deficiencies, another one of the critical findings of the Subcommittee's report is that, "The FDA cannot fulfill its mission because its information technology (IT) infrastructure is inadequate."

The report notes:

The Subcommittee was extremely disturbed at the state of the FDA IT infrastructure. While some good progress is being made to improve information sciences and technology, the Subcommittee found that the FDA lacks the IT infrastructure necessary to meet its mandate. It also found that the FDA has insufficient access to data and cannot effectively regulate products based on new science due to lack of a supportive IT infrastructure. The Subcommittee noted that the FDA IT infrastructure is obsolete, unstable and lacks controls to execute effective disaster recovery protocols that ensure continuity of operations when systems are compromised. Finally, the IT workforce is insufficient."

The report notes that FDA IT systems fail frequently, and even email systems are unstable. The report goes on: "More importantly, reports of product dangers are not rapidly compared and analyzed, inspectorsâ'' reports are still hand written and slow to work their way through the compliance system, and the system for managing imported products cannot communicate with Customs and other government systems (and often miss significant product arrivals because the system cannot even distinguish, for example, between road salt and table salt)."

I urge you to read the report; it makes for some very sad as well as scary reading.

What's par for the course these days in Washington, but is still depressing nevertheless is that the Subcommittee blames Congress for insufficiently funding the FDA while asking it to do more, while Congress says the FDA hasn't been asking for more money because the current Administration wants less government regulation of business and more "market-based regulation."

The truth is a bit of both, which means a standoff and so science and technology at the FDA languish. Even where there is agreement between Congress and the Administration over the necessity some of the FDA's missions, the FDA is no longer able perform these well if at all.

A sorry state of affairs, indeed.

I guess we'll all just have to be a little more cautious when we eat, or take medicines, or use medical devices, or apply cosmetics, or are near products that emit radiation.

Fixing the AMT: Politicians As Software Architects

I love politicians who think they are software architects or system engineers. I wince whenever they pass some ill-conceived legislation, the success of which critically depends on information systems & technology (IS&T) without ever bothering to consider the technological and management risks involved. Like Captain Jean-Luc Picard, they just order, "Make it so."

This time Congress has screwed around and not passed legislation that has another signficiant IS&T component, namely the promised fix to the alternative minimum tax (AMT). The AMT was passed in 1969 as a way to make 155 very wealthy families (of the time) pay some taxes (they were able to avoid doing so by claiming lots of state and federal deductions).

Over time, the AMT has grown (it isn't inflation adjusted) to hit more and more taxpayers - 4 million in 2006. If changes aren't made, it will likely hit 25 million taxpayers this year, most who aren't aware that they will owe lots more money (about $2,000 on average), and possibly penalties for underpaying their taxes.

Congress is supposed to legislate a fix, but squabbling between Congress and the White House has delayed progress. Any legislative change, of course, may require changes to millions of lines of software in IRS computer systems since the AMT affects so many different tax computations. Reprogramming the IRS computer systems to deal with new AMT legislation requires 12 weeks from the time the bill is signed into law; the IRS also needs three weeks to print new tax forms.

The IRS is warning that if Congress waits too much longer, it may have no choice but to delay not only the tax filing season start date of 14 January 2008 to mid-February, but also refund checks for another 25 million taxpayers to the tune of some $87 billion.

I also suspect that, on top of all the confusion that will ensue, those IRS computer systems won't be able to be fully system tested given the schedule pressure, so some AMT-related problems likely won't surface until well into next year. And even though the various makers of home tax preparation software claim the delay is no big deal, I bet it will be if things drag on much longer. The risk of both deliberate and unintended tax noncompliance will soar.

Congress has been warned about this problem for over a year, but I guess it had better things to do.

Sex and the Single Robot

As I was reading the New York Times book review section this morning, I came across a review of David Levy's book, Love and Sex with Robots: The Evolution of Human-Robot Relationships (Harper/HarperCollins Publishers, SBN: 9780061359750; ISBN10: 0061359750, 2007).

Quoting from the review:

"Humans, Levy writes, are hard-wired to impute emotions onto anything with which weâ''re in intimate contact, to feel love for objects both animate and inanimate. And robots, he argues, might turn out to be even more lovable than some humans. By 2025 'at the latest,' he predicts, 'artificial-emotion technologies' will allow robots to be more emotionally available than the typical American human male. 'The idea that a robot could like you might at first seem a little creepy, but if that robotâ''s behavior is completely consistent with it liking you, then why should you doubt it?'

The review, by Robin Marantz Henig, a contributing writer for The Times Magazine goes on in its concluding paragraph:

"Levy spends so much time laying out his logical arguments about how and why we will fall in love with robots that he gives short shrift to the bigger questions of whether we would really want to. Iâ''d have liked a little less gee-whiz, and a little more examination about whether a sexbot in every home, a Kama Sutra on legs that never tires, never says no, and never has needs of its own is what we really want."

This book should provoke some interesting discussion. Robots that have are more emotionally available than the typical American human male by 2025? How about French or Italian men? Is that 2030? I guess I'll have to get the book to see what Levy says about the emotional availability of the typical American woman.

Maybe the idea of creating future sex robots can help get students interested in taking up computer science at Cambridge University again.

Another UK Government Agency Admits Lost CDs

If confession is good for the soul, then the UK government must be feeling awfully good right about now.

The London Telegraph is now reporting that the Department for Work and Pensions "has suspended all 'data exchanges' with local authorities because discs containing details of council tax and housing benefit claimants have been mislaid."

"At least 45,000 names and personal details are known to have gone missing from one council, with the DWP admitting last night that more authorities have lost discs."

According to the Telegraph, the DWP said that discs from only a "tiny number" of councils had been lost, and that the DWP "thinks" that the discs are "somewhere in the system."

The council discs were lost in September but the fact of their being lost - I beg your pardon, "mislaid" - is only coming to light now. I seriously doubt that if the HM Revenue and Customs ID scandal had not happened, the DWP security blunders would never have come to light.

Massachusetts Warns Senior Citizens of Possible ID Theft

ComputerWorld is reporting that Massachusetts is warning 150,000 members of its Prescription Advantage insurance program that their personal information may have been stolen.

According to the story, a lone identity thief was arrested in August who had been using information taken from the program in an attempted identity theft scheme. Massachusetts officials think that only a small number of identities were involved.

DC Tax Scam Gets Bigger

The Washington Post reports today that the DC tax scam has now increased to $44 million from $31 million just a week ago, the latter amount being one which grew from the original $16 million estimate at the beginning of November. The scam also looks like it has been going on for at least nine years now instead of the three year time frame first thought which was then revised to seven years.

The Post also reports that, "New information from the city's chief financial officer indicates that at least two and as many as four top leaders of the D.C. tax office, including its director, should have personally reviewed the refunds before they were issued." When questioned by the Post as to why they didn't, these folks naturally declined to answer.

The Post also reported that,"An FBI affidavit says that five more low-level employees helped process fraudulent refund paperwork before it got to Walters [the alleged ring-leader] but does not address what, if anything, they knew about the alleged scheme."

No doubt, this story will continue for awhile, and again, I say let's impose the same requirements on the equivalent government officials as are laid on those heading public corporations. Taxpayers deserve as much protection as shareholders do.

LAUSD Payroll Problem is Only A Matter of Image

The LA Daily News reported last week that the LA Unified School District decided to quietly hire two public relations consultants at a cost of about $270 thousand as well as hire the public relations firm Rogers Group for an unspecified cost to focus exclusively on dealing with fallout from the inept implementation of its new payroll system.

As the LA Times pointed out in reference to the LAUSD's hiring of its new image fixers, institutions in crisis tend to focus on their image. But as it also points out, maybe the LAUSD needs to concentrate more of its efforts on fixing the payroll problem, instead of its image.

I wonder if the money spent on PR shouldn't really be counted in as part of the payroll system IT project's budget?

UK Privacy: A New Closet Full of Shoes to Drop

The London Telegraph reports today that the confidential details of 9 million people's investments worth a total of £60 billion continue to be sent by post - and I love this - "HM Revenue & Customs (HMRC) requires these discs to be unencrypted."

The Telegraph article says that the "HMRC requires fund managers to submit details every year of all investors' names, addresses, dates of birth, National Insurance numbers and the amount each individual has invested in Isas and Peps. The intention is to prevent investors exceeding limits on individual savings account (Isa) and personal equity plan (Pep) tax shelters."

"But fund managers are alarmed that HMRC requires this data to be delivered in an unencrypted extended binary coded decimal interchange code (EBCDIC) or American standard code for information interchange (ASCII) text format."

The article goes on to note that there have been least two recent instances where Pep and ISA data has been compromised.

This whole, continuing UK HMSC data security fiasco reminds me of Karl Marx's quote, "History repeats itself, first as tragedy, second as farce." What is it when it repeats a third time?

TJX Pays Up

TJX will pay as much as $40.9 million in a settlement with Visa and the bank that processes TJX's credit card payments over a massive breach of TJX customers' card data, according to an AP wire report.

The money will be used to help U.S. credit card issuers recover costs related to the breach. Issuers of at least 80% of eligible cards must accept the offer by Dec. 19 for the settlement to take effect. TJX's press release about the settlement is here.

As far as I know, the person or persons who hacked into TJX's database still have not been discovered.

Suing Over Weather Forecasts

The Drudge Report has a link to a Orlando Florida television news story that tells of Central Florida's most famous hotel owner, Harris Rosen, who is threatening to sue hurricane expert Dr. William Gray of Colorado State University for his hurricane storm predictions saying they have damaged state tourism.

According to the story, Rosen rhetorically asks Gray:

"Look, doctor, you've made these forecasts and you were wrong once. You made the forecast and you were wrong twice. Are you going to continue to make these forecasts?"

Rosen said he believes Florida lost billions of dollars in business because of Gray's outlook, and claims that surveys show 70 percent of guests not returning to his hotels cited hurricane fears as the reason why.

I don't know why Rosen focused on Gray alone, and not the others who also had less than accurate forecasts the last two years. I also doubt Rosen is going to have much luck in filing a lawsuit, and his real target should probably be the media for over-hyping the accuracy of the forecasts which as one commentator points out "are experimental works in progress." If one could sue for inaccurate weather predictions based on computer generated models, the court system would grind to a halt in about three days.

As a side note, Herbert Saffir, who co-created with Robert Simpson the five-category hurricane-scale, passed away about a week ago.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Willie D. Jones
Load More