Volkswagen has done the whole IT profession a disservice. The software in their cars has recently been found to give false results when authorities tested the car for emissions. The software changed the engine tuning when there was a test going on. There are cries demanding that the proprietary software be inspected (apparently this is already required of elevator software). The public has now learned that software is not to be trusted.
There are no moving parts that the public can see to be sure that the software in their car will work correctly. Software is like that. It tends to be seen as a black box that everyone has to trust will work as they have been told it will. Banks have worked hard to convince the public that they are watching the computers and the software will not drop a digit and lose their money. Consumers are just learning to trust their cars to park themselves. Now they’ve seen that software code can have devious plans built into it.
At a 2015 Black Hat conference, a lawyer looked at the future 20 years out and described the “black box society” and predicted software liability and the end of the internet dream. Because nobody could be sure what the software would do. Suddenly that future is now.
Actually, this has become true as IT builds more and more complex systems. We have struggled to ensure the business rules are reflected correctly in the code. I’m sure many other IT workers have made the same kind of search that I have, where you follow dollar fields through the code of various programs checking what gets added in or taken out to determine what the number actually includes that got printed out. In one case we had had a series of early retirement programs and most of the folks that knew how the programs worked had left the company. We finally tracked down a piece of code that had been commented out with a note- it even had a date!- that said something like “Sally instructed she no longer wanted to include the tax in this total”. So the mystery of why we had conflicting opinions about the field was solved.
We have to find a way to ensure there are no mysteries. It should always be clear what the software does and does not do. The recent security problems for many android applications is another example where the people reusing the framework code assumed that framework had good security. And were burned for their assumption.
The CIPS ethics statements include one about “Upholding Responsibility to the IT Profession.”. The IT industry will only be trusted if all the professionals take care to make code transparent. Allow others to inspect it. And refuse to implement code that is meant to mislead people or put them at risk!
