Shostack + Friends Blog Archive

 

Computer Capers and Progress

We’re coming up on the 30th anniversary of the publication of “Computer Capers: Tales of electronic thievery, embezzlement, and fraud,” by Thomas Whiteside.

What, might you ask, can we learn from a 30 year old text?

Nothing has changed.

Except, for some of the names. Donn Parker is in there, as are a melange of consultants. But read this:

As the result of such revelations of security weaknesses in IRS computer systems–and, in particular, the critical [date] GAO report–the commissioner of the IRS, while conceding that the IRS had not been as aggressive in the past as it might have been in correcting situations that potentially weakened its overall security, declared that he is committing the IRS to a “vigorous course of improvement” in the management of computerized tax data in order to assure the maximum security for information on taxpayers. (pp71 of the paperback)

That was in 1977. Compare and contrast this 2008 Associated Press article:

IRS records, including taxpayer information, are vulnerable to tampering or disclosure because it has not yet fixed dozens of information security weaknesses, according to a government report issued Tuesday.

The existing problems, the GAO said, included giving too many people access to sensitive material, failure to encrypt all sensitive data and weak physical security controls.

Acting IRS Commissioner Linda Stiff, in response to the report, wrote that the agency recognizes “there is significant work to be accomplished to address our information security deficiencies and we are taking aggressive steps to correct previously reported weaknesses.” (Associated Press, 2008, “Report Cites IRS Security Flaws” [link to http://ap.google.com/article/ALeqM5hHMaRlskFnF9Ji800ULW1Tk8nO1QD8U1TVL80 no longer works]

I could go on about similarities between what’s in Computer Capers, oh, ok, one more:

Top management people in large corporations fear that publicity about internal fraud could well affect their companies’ trading positions on the stock market, hold the corporation up to public ridicule, and cause all sorts of turmoil… (Computer Capers, page 72)

I could go on quoting, but can we as a profession go on making the same mistakes?

The fetishization of secrecy has got to stop, or in thirty years, we’ll be looking back at the same problems.

One comment on "Computer Capers and Progress"

Comments are closed.