Earlier this month, Canadian science-fiction writer Bob Sawyer attracted a lot of attention with an editorial he wrote for a special robotics issue of the prestigious research journal Science. In his piece, Sawyer showed that writers of science fiction have been exploring the relationship between humans and robots at least since the early stories of Isaac Asimov in the 1940s. But far from coming up with a tidy solution to the moral implications of autonomous, seemingly intelligent machines, the sci-fi crowd appears to have concentrated on the dismal downsides of what could go wrong with robots despite the best intentions of humans to make them safe and obedient. Think Frankenstein, only with Energizer-Bunny endurance and superhuman powers.
Nevertheless, Sawyer is an optimist. He applauds the efforts of South Korea, Japan, and the European Robotics Research Network to develop guidelines for the ethical aspects of robot use, and chides the U. S. for lagging in this area. He uses phrases like "robot responsibilities and rights" and speculates that the main reason this country hasn't developed robot ethics is that many robots or robot-like machines are used by the military. He wants us specifically to explore the question of whether "biological and artificial beings can share this world as equals." He winds up with the hope that we might all aspire to the outcome of a 1938 story in which a man married a robot. That is, he looks forward to the time that all of us, like the lovers in countless fairy tales, can be "living, as one day all humans and robots might, happily ever after."
Well. Hope is a specifically human virtue, and is not to be thoughtlessly disparaged. But Sawyer has erred in blurring some vitally important distinctions that often get overlooked in discussions about the present and future role of robots in society.
I do not know anything about Sawyer's core beliefs and philosophy other than what he said in his editorial. But I hope he writes his fiction more carefully than he writes editorials.
The key question is whether a machine described by that term is under the control of a human being, and to what extent that control is exercised. He begins his editorial with the story of how a remotely piloted vehicle dropped a bomb on two people who looked like they were planting an explosive device in Iraq. He terms this vehicle, which was undoubtedly under the continuous control of a human operator, a "quasi-robot." No doubt it contains numerous servomechanisms to relieve the operator from tedious hand-controlled steering and stabilization duties, but to call a remotely controlled bomber a "quasi-robot" is to give it a degree of autonomy which it does not possess.
Autonomy is a relative term. There is no entirely autonomous (the word's roots mean "self-governing") being in the universe except God. The issue of autonomy is a red herring that distracts attention from the real question, which is this: is it even possible for a human-made machine to possess moral agency?
Now I've got to explain what moral agency is. We are used to the idea that children below a certain age are not allowed to enter into contracts, marry, smoke, or drink. Why is this? Because society has rendered a judgment that they are in general not mature enough to exercise independent (autonomous) moral judgment about these matters. They are not old enough to be regarded as moral agents in every respect under law. Of course, even young children seem to have some built-in ability to make moral judgments. Isn't "That's not fair!" one of the favorite phrases in the six-year-old set? We accord certain rights and responsibilities to humans as they mature because we recognize that they, and only they, can act as moral agents.
Sawyer's mistake (or one of them, anyway) is to assume that as progress in artificial intelligence and robotics progresses, robots will mature essentially like humans do and will be able to behave like moral agents. I would point out that this achievement is far from being demonstrated. But even if moral agency is simulated some day by a robot in a realistic way indistinguishable from humanity, this fact will always be true: machines have been, are, and always will be the products of the human mind. As such, the human mind or minds which create them also possess the ultimate moral responsibility for the robot's actions and behavior, no matter how seemingly autonomous the robot becomes. So the robot can have no "rights and responsibilities"—those are things which only moral agents, namely humans, can possess.
This fact is illustrated by one of Sawyer's own examples. He cites the case of a $10 million jury award to a man who was injured back in 1979 by a robot, probably an industrial machine. You can bet that in 1979, the robot in question was no autonomous R2D2—it was probably something like one of those advanced welders that you see in automotive ads, the ones that zip around making ten welds in the time it takes a human to make one. I merely note that the injured party did not sue the robot for $10 million—he sued the robot's operators and owners, because everybody agrees that if a machine causes injury, and one or more humans are responsible for the actions of the machine, that the humans are at fault and bear the moral responsibility for the machine's actions.
Another distinction Sawyer fails to make is the difference between good and necessary laws regulating the development and use of robots as robots, and the entirely pernicious and unnecessary idea of treating robots as autonomous moral agents. But as I'm out of space for today, I will take this question up next week.
Sources: Sawyer's editorial appeared in the Nov. 16, 2007 issue of Science, vol. 318, p. 1037. I addressed some issues related to the question of robot ethics in my blog "Are Robots Human? or, Are Humans Robots?" for July 30, 2007. Bob Sawyer's webpage is at http://sfwriter.com.
Monday, November 26, 2007
Monday, November 19, 2007
Yahoo Pays—A Little—for Internet Censorship in China
Shi Tao is still languishing in a Chinese prison. But now Yahoo, the company that helped put him there, has to pay something for what they did.
Until November of 2004, Shi was a journalist working for a Chinese business journal. Earlier that year, his newspaper received a message from the Chinese government warning the journal not to run stories on the 15th anniversary of the Tiananmen Square massacre of 1989. Shi emailed a copy of this message to an editor at Democracy News, a New York-based human-rights organization. Chinese government officials found out about the email and pressured Yahoo, Shi's internet service provider, to reveal the identity of the email's author. Yahoo did so, and on Nov. 24, 2004, agents of the government arrested Shi in the northeastern city of Taiyuan. He was convicted the following April of revealing "state secrets" and has been in jail ever since. In a similar case, Yahoo revealed the identity of engineer Wang Xiaoling, who had posted pro-democracy comments online about the same time. He suffered the same fate as Shi Tao, but Wang's wife Yu Ling decided not to take this lying down.
After years of delay trying to obtain court documents, Yu Ling filed suit in a California court against Yahoo last April. And last week, Yahoo announced that the suit had been settled out of court, though few details were released other than the fact that Yahoo executives promised they would do "everything they can to get the men out of prison." In a fight between a totalitarian sovereign government and the CEO of one U. S. company, I think it is fair to say the odds are stacked against the company—and any prisoners the company is trying to help.
A lot of engineering ethics involves shades of gray, ambivalent situations, and other complexities. That is not the case here. At stake is the question of whether freedom to criticize one's government is a good thing or not. The founders of the United States believed it was. It is a principle enshrined in the U. S. Constitution and defended to what some might view as an absurd degree today. If it is a good thing in one culture or state, it is a good thing everywhere. That freedom is just as valuable and worth protecting in Shanghai as it is in Peoria.
So what happens to your respect for this freedom if you run a large multinational company eager to profit from the giant potential market that is China? It appears that you agree to whatever compromises with freedom the communist government demands of you, up to and including the divulging of email account holder's identities. Now internet service providers in this country also divulge account names to law enforcement officials from time to time, but only after court orders with regard to what is likely to be truly criminal activity. Posting a blog saying you don't like George Bush will not get you sent to jail here. But as we have seen, doing something similar in China will get you sent to jail there, and Yahoo helped.
Only when one of the prisoner's relatives went to great personal trouble and expense to file a lawsuit against Yahoo did that company even start to act. In the past, and as recently as last week, it has justified its betrayal of Shi and Wang by saying if it doesn't follow the Chinese government's rules, Yahoo's own employees might be in danger. Well, duh! Better our customers go to jail than us. Is this the kind of attitude you want from a company that you do business with?
Rather than admit wrongdoing or even disclose what compensation is involved in the lawsuit's settlement, Yahoo convinced the dissidents to settle out of court for an undisclosed amount plus a promise to do whatever they can to gain the prisoners' release. If I were Shi or Wang, I would not hold my breath.
This kind of thing is what happens when a corporation allows profits to overwhelm its moral sense. The pressure on publicly owned corporations to make the most money while staying just within the bounds of the law is immense. And as someone whose retirement investments include corporate stocks and bonds, I am as much a part of that problem as anyone else who invests money in today's economy. But when that legal- economic principle is allowed to trump all others, you end up with situations in which settling lawsuits for doing heinous things is simply a matter of buying off those you have injured at the lowest negotiated price. That appears to be exactly what Yahoo has done.
If you are expecting me to pull any punches here, I'm not going to. Last week we invited a Chinese graduate student and her husband over for supper at our house. Both of the were born in the Peoples' Republic of China, but in different cities, and they met only last year when he was in his fifth year as a professor of mathematics and she was a new graduate student at Texas State University. They fell in love, got married, and now she is looking for a job. In this country there are no work committees to pass judgment on whether you can marry, what job you can take, where you can live, and so on. I did not discuss with them the reasons they emigrated to the U. S., but I think the answers are obvious.
Leaving one's native land is a terrible wrench, and these young people must have had very good reasons to abandon the land of their birth, learn a difficult foreign language, and excel academically in a strange environment. But it happens all the time. Wouldn't it be nice if stories like this could happen in China too? And some day they may, but only if the government decides to change its ways. And that will happen only when people like Shi Tao and Wang Xiaoling can make their voices heard without fear that a company based in the freedom-loving United States of America will rat on them and help send them to jail.
Sources: A report on the Yahoo settlement can be found in CNN's Asia online edition at
http://edition.cnn.com/2007/WORLD/asiapcf/11/13/yahoo.china/index.html. I first commented on this issue in a blog posted here on March 30, 2006.
Until November of 2004, Shi was a journalist working for a Chinese business journal. Earlier that year, his newspaper received a message from the Chinese government warning the journal not to run stories on the 15th anniversary of the Tiananmen Square massacre of 1989. Shi emailed a copy of this message to an editor at Democracy News, a New York-based human-rights organization. Chinese government officials found out about the email and pressured Yahoo, Shi's internet service provider, to reveal the identity of the email's author. Yahoo did so, and on Nov. 24, 2004, agents of the government arrested Shi in the northeastern city of Taiyuan. He was convicted the following April of revealing "state secrets" and has been in jail ever since. In a similar case, Yahoo revealed the identity of engineer Wang Xiaoling, who had posted pro-democracy comments online about the same time. He suffered the same fate as Shi Tao, but Wang's wife Yu Ling decided not to take this lying down.
After years of delay trying to obtain court documents, Yu Ling filed suit in a California court against Yahoo last April. And last week, Yahoo announced that the suit had been settled out of court, though few details were released other than the fact that Yahoo executives promised they would do "everything they can to get the men out of prison." In a fight between a totalitarian sovereign government and the CEO of one U. S. company, I think it is fair to say the odds are stacked against the company—and any prisoners the company is trying to help.
A lot of engineering ethics involves shades of gray, ambivalent situations, and other complexities. That is not the case here. At stake is the question of whether freedom to criticize one's government is a good thing or not. The founders of the United States believed it was. It is a principle enshrined in the U. S. Constitution and defended to what some might view as an absurd degree today. If it is a good thing in one culture or state, it is a good thing everywhere. That freedom is just as valuable and worth protecting in Shanghai as it is in Peoria.
So what happens to your respect for this freedom if you run a large multinational company eager to profit from the giant potential market that is China? It appears that you agree to whatever compromises with freedom the communist government demands of you, up to and including the divulging of email account holder's identities. Now internet service providers in this country also divulge account names to law enforcement officials from time to time, but only after court orders with regard to what is likely to be truly criminal activity. Posting a blog saying you don't like George Bush will not get you sent to jail here. But as we have seen, doing something similar in China will get you sent to jail there, and Yahoo helped.
Only when one of the prisoner's relatives went to great personal trouble and expense to file a lawsuit against Yahoo did that company even start to act. In the past, and as recently as last week, it has justified its betrayal of Shi and Wang by saying if it doesn't follow the Chinese government's rules, Yahoo's own employees might be in danger. Well, duh! Better our customers go to jail than us. Is this the kind of attitude you want from a company that you do business with?
Rather than admit wrongdoing or even disclose what compensation is involved in the lawsuit's settlement, Yahoo convinced the dissidents to settle out of court for an undisclosed amount plus a promise to do whatever they can to gain the prisoners' release. If I were Shi or Wang, I would not hold my breath.
This kind of thing is what happens when a corporation allows profits to overwhelm its moral sense. The pressure on publicly owned corporations to make the most money while staying just within the bounds of the law is immense. And as someone whose retirement investments include corporate stocks and bonds, I am as much a part of that problem as anyone else who invests money in today's economy. But when that legal- economic principle is allowed to trump all others, you end up with situations in which settling lawsuits for doing heinous things is simply a matter of buying off those you have injured at the lowest negotiated price. That appears to be exactly what Yahoo has done.
If you are expecting me to pull any punches here, I'm not going to. Last week we invited a Chinese graduate student and her husband over for supper at our house. Both of the were born in the Peoples' Republic of China, but in different cities, and they met only last year when he was in his fifth year as a professor of mathematics and she was a new graduate student at Texas State University. They fell in love, got married, and now she is looking for a job. In this country there are no work committees to pass judgment on whether you can marry, what job you can take, where you can live, and so on. I did not discuss with them the reasons they emigrated to the U. S., but I think the answers are obvious.
Leaving one's native land is a terrible wrench, and these young people must have had very good reasons to abandon the land of their birth, learn a difficult foreign language, and excel academically in a strange environment. But it happens all the time. Wouldn't it be nice if stories like this could happen in China too? And some day they may, but only if the government decides to change its ways. And that will happen only when people like Shi Tao and Wang Xiaoling can make their voices heard without fear that a company based in the freedom-loving United States of America will rat on them and help send them to jail.
Sources: A report on the Yahoo settlement can be found in CNN's Asia online edition at
http://edition.cnn.com/2007/WORLD/asiapcf/11/13/yahoo.china/index.html. I first commented on this issue in a blog posted here on March 30, 2006.
Monday, November 12, 2007
Safety's Sleuths: The NTSB Investigation of the Minneapolis Bridge Collapse
Bridges are not supposed to fall down. But last August 1, the 1,900-foot-long bridge that carried I-35W over the Mississippi in Minneapolis came apart and landed in the river, carrying thirteen people to their highly unexpected deaths. We fear dying from a lot of things, but it is safe to say that nobody on that bridge that day spent a lot of time worrying about whether they would die as an interstate-highway bridge fell out from under them.
That very fact attests to the rarity, in this country anyway, of major structural failures in transportation-related public works such as bridges. One reason they are so rare is that for the last four decades, the National Transportation Safety Board has investigated accidents involving the nation's transportation infrastructure. In so doing, it performs a critical task that historian of technology Henry Petroski says is essential to the continued safety of engineered structures. In "Design Paradigms," a book of engineering case studies that includes three famous bridge failures, Petroski writes, "The surest way to obviate new failures is to understand fully the facts and circumstances surrounding failures that have already occurred." That is what the NTSB is doing now with regard to the Minneapolis bridge collapse.
The same day of the collapse, the NTSB dispatched a nineteen-member "Go Team" from its headquarters in Washington, D. C. to Minneapolis. As rescue and recovery work allowed, members of this team collected many kinds of information. They used an FBI-provided three-dimensional laser scanning device and gyro-stabilized high-resolution cameras to establish exactly where the parts of the bridge came to rest after the collapse. They collected names and recollections from dozens of eyewitnesses and secured the original of the famous security-camera recording that showed part of the bridge in the act of collapsing. By the third week of August, NTSB officials had interviewed over 300 people, including over a hundred who called in to a specially arranged witness hotline. In the following month or so, critical pieces of the bridge were removed to a nearby secure site for detailed inspection and investigation.
One of the most important tools currently available to the NTSB is powerful computer software called "finite-element analysis." This is a way to solve the fundamental materials-science equations that describe how steel (or any other solid) behaves under complicated conditions of stress. While it can't predict exactly where cracks will occur in an overstressed beam, it can reveal locations in a complex structure such as a bridge, where the local stresses exceed the tensile strength of steel. It is in such locations that cracks and failures are most likely to occur.
But as with any computer program, finite-element analysis software is only as good as the data you put into it. This is why the NTSB has spent the last three months gathering as much information as they can on not only the details of the bridge structure, including core samples showing how thick the deck was, but also other factors such as loading. You may recall that at the time of the collapse, a construction crew with heavy equipment was working on a portion of the bridge. The NTSB has concluded that a total of 287 tons of construction equipment and materials were on the bridge at the time of the accident. The exact location and weight of this extra loading is critical input to the computer analysis. The NTSB has made good progress in procuring such information by talking with eyewitnesses and viewing an aerial photograph taken by an airline passenger from a plane that passed over the bridge shortly before its collapse. Although the NTSB turned the disaster site over to the Minnesota Department of Transportation on Oct. 12, some thirty NTSB staffers are still working full-time on the investigation, which is not expected to be wrapped up for over a year.
Well-run operations are often taken for granted. Things could be very different. In places where there is nothing like the NTSB, disasters like this can be much more frequent, and citizens trying to affix blame have little if any recourse if something terrible happens to them or their loved ones. The NTSB could be corrupt, for example, or subject to bribes or falsification of its reports in response to political pressures. To my knowledge, however, its reputation for probity and "just-the-facts" scientific integrity is essentially spotless. This is no minor achievement, and the engineers who work for the Board have accomplished great things in the service of informing the both the technical public and the general public about the reasons for tragedies such as the Minneapolis bridge collapse.
Every major engineering failure marks the start of a detective story. Accident investigation is one of the few lines of work where engineers can spend their professional lives in the role of detectives. Now and then the culprit is a true criminal, but most of the time, accidents are due to inattention, bad communications, or inadvertent mistakes rather than any active will to do harm. Nevertheless, harm is done.
We will have to wait a while longer before we have the full story of how a part of I-35W suddenly lost altitude that hot August day. But it will be a story worth waiting for, because we can learn from it how to keep accidents like it from happening again.
Sources: The NTSB posts updates periodically on its accident investigations at its website. The latest such release about the Minneapolis bridge collapse was posted on Oct. 23, 2007 at http://www.ntsb.gov/pressrel/2007/071023c.html.
That very fact attests to the rarity, in this country anyway, of major structural failures in transportation-related public works such as bridges. One reason they are so rare is that for the last four decades, the National Transportation Safety Board has investigated accidents involving the nation's transportation infrastructure. In so doing, it performs a critical task that historian of technology Henry Petroski says is essential to the continued safety of engineered structures. In "Design Paradigms," a book of engineering case studies that includes three famous bridge failures, Petroski writes, "The surest way to obviate new failures is to understand fully the facts and circumstances surrounding failures that have already occurred." That is what the NTSB is doing now with regard to the Minneapolis bridge collapse.
The same day of the collapse, the NTSB dispatched a nineteen-member "Go Team" from its headquarters in Washington, D. C. to Minneapolis. As rescue and recovery work allowed, members of this team collected many kinds of information. They used an FBI-provided three-dimensional laser scanning device and gyro-stabilized high-resolution cameras to establish exactly where the parts of the bridge came to rest after the collapse. They collected names and recollections from dozens of eyewitnesses and secured the original of the famous security-camera recording that showed part of the bridge in the act of collapsing. By the third week of August, NTSB officials had interviewed over 300 people, including over a hundred who called in to a specially arranged witness hotline. In the following month or so, critical pieces of the bridge were removed to a nearby secure site for detailed inspection and investigation.
One of the most important tools currently available to the NTSB is powerful computer software called "finite-element analysis." This is a way to solve the fundamental materials-science equations that describe how steel (or any other solid) behaves under complicated conditions of stress. While it can't predict exactly where cracks will occur in an overstressed beam, it can reveal locations in a complex structure such as a bridge, where the local stresses exceed the tensile strength of steel. It is in such locations that cracks and failures are most likely to occur.
But as with any computer program, finite-element analysis software is only as good as the data you put into it. This is why the NTSB has spent the last three months gathering as much information as they can on not only the details of the bridge structure, including core samples showing how thick the deck was, but also other factors such as loading. You may recall that at the time of the collapse, a construction crew with heavy equipment was working on a portion of the bridge. The NTSB has concluded that a total of 287 tons of construction equipment and materials were on the bridge at the time of the accident. The exact location and weight of this extra loading is critical input to the computer analysis. The NTSB has made good progress in procuring such information by talking with eyewitnesses and viewing an aerial photograph taken by an airline passenger from a plane that passed over the bridge shortly before its collapse. Although the NTSB turned the disaster site over to the Minnesota Department of Transportation on Oct. 12, some thirty NTSB staffers are still working full-time on the investigation, which is not expected to be wrapped up for over a year.
Well-run operations are often taken for granted. Things could be very different. In places where there is nothing like the NTSB, disasters like this can be much more frequent, and citizens trying to affix blame have little if any recourse if something terrible happens to them or their loved ones. The NTSB could be corrupt, for example, or subject to bribes or falsification of its reports in response to political pressures. To my knowledge, however, its reputation for probity and "just-the-facts" scientific integrity is essentially spotless. This is no minor achievement, and the engineers who work for the Board have accomplished great things in the service of informing the both the technical public and the general public about the reasons for tragedies such as the Minneapolis bridge collapse.
Every major engineering failure marks the start of a detective story. Accident investigation is one of the few lines of work where engineers can spend their professional lives in the role of detectives. Now and then the culprit is a true criminal, but most of the time, accidents are due to inattention, bad communications, or inadvertent mistakes rather than any active will to do harm. Nevertheless, harm is done.
We will have to wait a while longer before we have the full story of how a part of I-35W suddenly lost altitude that hot August day. But it will be a story worth waiting for, because we can learn from it how to keep accidents like it from happening again.
Sources: The NTSB posts updates periodically on its accident investigations at its website. The latest such release about the Minneapolis bridge collapse was posted on Oct. 23, 2007 at http://www.ntsb.gov/pressrel/2007/071023c.html.
Monday, November 05, 2007
Identity Theft Gets Personal, or, Licenses to Steal?
Well, it's happened to me—sort of. My identity wasn't stolen, exactly—just left out in a place it didn't belong for a few days. When the Commonwealth of Massachusetts discovered its error, it tried to fix the damage and then it let me know all about it. And as far as I know, no harm has been done. Still, it leaves me with an uncomfortable feeling.
Here's what happened. Some years ago, I decided to become a licensed professional engineer. Unlike the medical and legal professions, the engineering professions generally don't require a practitioner to be licensed, except in a few cases where an engineer involved in public works such as bridges or roads has to sign off on plans for legal liability reasons. The vast majority of engineers working in private industry and academia in this country do not have to be licensed in order to hold their jobs. (The reasons for this are interesting, but a story for another day.)
Nevertheless, if you're licensed you get a pretty certificate to put on your wall, and some university engineering departments technically require their professors to be licensed professional engineers, although I've never heard of anybody losing their job over it. At the time, I was living in Massachusetts, and so I got online and found out what I had to do to become licensed.
The conventional route is a two-step process. Undergraduate engineering students can take an EIT (engineers-in-training) exam, and if they pass they become engineers in training. After five years or so of practice or the equivalent, they can take a second exam and become full-fledged licensed professional engineers. For older types like me, with a lot more than four years of experience, the Massachusetts Division of Professional Licensure had an alternative: I could put together about five pounds of documentation on my career and send it in and they'd interview me, and if they thought it was enough, they would license me after that. So that was the course I adopted, and in due course I received Electrical Engineering License No. 40940.
That number is part of the public record, which, as it turns out, the Division sends out regularly in the form of computer disks when it receives requests for lists of professional engineers of various types. This is how I get all kinds of junk mail from companies selling engineering-related products, I suppose, but I don't mind that aspect of the situation too much. What I mind a little more is what prompted the letter I received from the Division last week.
For four days last September, some disks they sent out in response to requests for licensees' names and addresses also accidentally included our Social Security numbers. That is NOT supposed to be a part of the public record, and commendably, the Division caught their mistake before too much damage had been done. They called all the places they'd sent the numbers to, got them to return the disks, made them sign papers saying they didn't retain any information from the disks, and so the incident is presumably closed. Just as a precaution, however, the Division told me to call one of the national credit reporting agencies and put a fraud alert on my credit report. I may get around to doing that one of these days.
As identity thefts go, this is a pretty minor case, more of a slipup than any deliberate crime. And I must say that the Division appears to have handled it in an exemplary fashion, notifying the potential victims and so on and getting the unintended recipients of the sensitive information to promise they didn't do anything fraudulent. But it gives one pause, because I have no idea who else has my Social Security number, and how careful they are being with it, and whether they've slipped up or had stuff stolen from them without even knowing about it.
This issue is shortly going to become even more important as most medical records go online in the next few years. I'm pretty sure one of the things you are always asked for in a doctor's office is your Social Security number, and that's how many medical records are indexed. Medical records have a lot of stuff in them that's even more sensitive than Social Security numbers, and I only hope that the doctors will learn from the bankers how to protect sensitive information.
The trouble is that the motivations are different. If a crook perpetrates credit-card fraud, the consumer is liable for only the first fifty dollars, and the bank or credit card company is left holding the bag for the rest. That one law has prompted the financial sector to develop one of the most secure and reliable systems of online information transfer in the world.
Doctors and healthcare providers don't have the same kind of motivation. A breach in your medical security is no skin off their nose, so to speak. So the laws will have to be written in a way that motivates the holders of sensitive information to protect it at the price of some penalty that will be greater than the cost of doing a good job of data security.
As for my little identity problem, I do believe I'll give one of those credit agencies a call. I had a very minor problem with one of them a few years ago and they fixed it with reasonable promptness, so it can't hurt to take that extra step of caution. That's an engineer for you.
Sources: More info on becoming a licensed professional engineer can be found at the website of the National Society of Professional Engineers, www.nspe.org.
Here's what happened. Some years ago, I decided to become a licensed professional engineer. Unlike the medical and legal professions, the engineering professions generally don't require a practitioner to be licensed, except in a few cases where an engineer involved in public works such as bridges or roads has to sign off on plans for legal liability reasons. The vast majority of engineers working in private industry and academia in this country do not have to be licensed in order to hold their jobs. (The reasons for this are interesting, but a story for another day.)
Nevertheless, if you're licensed you get a pretty certificate to put on your wall, and some university engineering departments technically require their professors to be licensed professional engineers, although I've never heard of anybody losing their job over it. At the time, I was living in Massachusetts, and so I got online and found out what I had to do to become licensed.
The conventional route is a two-step process. Undergraduate engineering students can take an EIT (engineers-in-training) exam, and if they pass they become engineers in training. After five years or so of practice or the equivalent, they can take a second exam and become full-fledged licensed professional engineers. For older types like me, with a lot more than four years of experience, the Massachusetts Division of Professional Licensure had an alternative: I could put together about five pounds of documentation on my career and send it in and they'd interview me, and if they thought it was enough, they would license me after that. So that was the course I adopted, and in due course I received Electrical Engineering License No. 40940.
That number is part of the public record, which, as it turns out, the Division sends out regularly in the form of computer disks when it receives requests for lists of professional engineers of various types. This is how I get all kinds of junk mail from companies selling engineering-related products, I suppose, but I don't mind that aspect of the situation too much. What I mind a little more is what prompted the letter I received from the Division last week.
For four days last September, some disks they sent out in response to requests for licensees' names and addresses also accidentally included our Social Security numbers. That is NOT supposed to be a part of the public record, and commendably, the Division caught their mistake before too much damage had been done. They called all the places they'd sent the numbers to, got them to return the disks, made them sign papers saying they didn't retain any information from the disks, and so the incident is presumably closed. Just as a precaution, however, the Division told me to call one of the national credit reporting agencies and put a fraud alert on my credit report. I may get around to doing that one of these days.
As identity thefts go, this is a pretty minor case, more of a slipup than any deliberate crime. And I must say that the Division appears to have handled it in an exemplary fashion, notifying the potential victims and so on and getting the unintended recipients of the sensitive information to promise they didn't do anything fraudulent. But it gives one pause, because I have no idea who else has my Social Security number, and how careful they are being with it, and whether they've slipped up or had stuff stolen from them without even knowing about it.
This issue is shortly going to become even more important as most medical records go online in the next few years. I'm pretty sure one of the things you are always asked for in a doctor's office is your Social Security number, and that's how many medical records are indexed. Medical records have a lot of stuff in them that's even more sensitive than Social Security numbers, and I only hope that the doctors will learn from the bankers how to protect sensitive information.
The trouble is that the motivations are different. If a crook perpetrates credit-card fraud, the consumer is liable for only the first fifty dollars, and the bank or credit card company is left holding the bag for the rest. That one law has prompted the financial sector to develop one of the most secure and reliable systems of online information transfer in the world.
Doctors and healthcare providers don't have the same kind of motivation. A breach in your medical security is no skin off their nose, so to speak. So the laws will have to be written in a way that motivates the holders of sensitive information to protect it at the price of some penalty that will be greater than the cost of doing a good job of data security.
As for my little identity problem, I do believe I'll give one of those credit agencies a call. I had a very minor problem with one of them a few years ago and they fixed it with reasonable promptness, so it can't hurt to take that extra step of caution. That's an engineer for you.
Sources: More info on becoming a licensed professional engineer can be found at the website of the National Society of Professional Engineers, www.nspe.org.
Subscribe to:
Posts (Atom)