Letters to the Editor
ondelette
Published Letters: 1988 Editor's Choice: 19
-
Blame the system, not Colon or the FBI
[Read the article: When it asks for a password, just hit "return"]
[Read more letters about this article: Here]While it is fun to gripe about the incompetence at the FBI over their new computer system, and even more fun to take a well deserved jab at the Bush administration for yet another bungle, the culprit in this hacker in the FBI case is the adoption by the government of the same system of "productivity increases" and "accountability" that is currently screwing up most corporations. It has the following components:
1) Increasing productivity by having each working group increase the output of their group while decreasing the labor costs. This results in a subtle outsourcing the work in a single department to the rest of the enterprise by "onlining" the paperwork and "streamlining the workflow". So instead of calling up the sys admin in the Illinois field office, the workers there now get on an online system and report a problem, and get a "ticket" for the solution. The work order to grant access to the system to install a printer has now gone in a cue, with a priority that is low (because it isn't a crash or a virus).
2) Having streamlined the workflow with the ticketing system, we now don't need to "duplicate the work effort" by having multiple sys admins in all the field offices, so we "centralize" the administration of the system in corporate headquarters: for the FBI this is putting system administration in Washington. So a request for a system change, like a password permission, now needs to go to Washington for the ticket resolution.
3) In Washington, the request now runs into a two part system for solving all problems in the business world: bottom up accountability, and top down authority. These are the imperial dogma of the corporate and MBA world, because they can always be defended in fact-free meetings among executives (fact-free comes from each level of management condensing the next lower level's powerpoint presentation to a single slide, but that's a whole other chapter of this sorry story). If something has gone wrong, demand accountability of the people beneath you. If security or decision making needs to be improved, demand that those below seek your authorization. So because of a concern for security, the ticket resolution, always a long-shot because of it's low sys-admin level priority, now needs to wait for approval by a "busy" executive or manager. That manager could delegate, but the risk is high, so if s/he does so, it will be to a team that runs a "background check" on the person asking for the permission.
4) So there you have it. Adding a printer to the system has now gone to close to a month. The field office personnel are now faced with the prospect of getting in trouble for their "low productivity", and forced to produce some "accountability" if they don't find a way to get their printer installed a bit quicker, not to mention that this is where they start to complain that they joined the FBI to catch criminals, not to chase printer permissions in what now begins to look like a "useless desk job".
5) Enter Mr. Colon, who is a "can-do computer guy". He doesn't really care about the people in Washington and their problems, he wants to succeed in his job by becoming indispensable and endearing to the people in Illinois. He knows, like about 10 million other people in this country know, that he can go out to the internet and find software to hack, he knows that if a few frustrated people give him access, he can solve a lot of problems in the eyes of the Illinois field office. Much of the software for hacking has been written by other can-do guys to solve identical problems in other enterprises. So he does it. The printer is working, and Illinois can get its paperwork in on time to Washington.
6) This works for a while until a sys-admin realizes that the system security has been compromised. The sys-admin's Hippocratic Oath is "Above all, security must not be compromised." He tracks it down, he alerts authority, and the can-do computer guy is suddenly exposed with 38,000 passwords and unlimited access to the very highest levels of "stuff".
The irony of all of this is that nothing, and I do mean nothing, will be done about several key components of the system that caused this breach. Nothing will be done about the moves done in the name of "productivity" that centralized the system administration. Productivity is a God among gods in today's business world, and it is today's business world that will criticize the government if it "wastes taxpayer money", say by having a sys-admin on site in a field office. Nothing will be done about the bottom up accountability system and its siamese twin the top down authority system. To do so would be to admit that too many decisions are being made with too little information, and that would destroy the profession of "business management" which postulates the ability to manage any business free of the content of the business involved. It would also disrupt the chain of command, and unlike supply chains, no one has yet made a famous comment or written a famous tract about how these chains can be too long. And nothing will be done about hacking and security and centralized password databases that all use the same hacking algorithms. This would require the person making a very important decision to know much more about security and computers than your average business/political CEO/Director.
So, while the screw-up couldn't have happened to a more appropriate administration, it didn't happen because of special Bush administration ideologues or incompetence. It happened because it is a necessary rite in the current corporate religion.