Friday, July 09, 2004

Easy Touch Screen Voting?

My bank recently changed the local ATM from one made by NCR to one made Diebold. Diebold is the notorious maker of touch screen voting machines whose results cannot be verified. The ATM is also a touch screen. When it went to get money the other day, I touched what I thought was the "Get Cash" icon on the screen, but the ATM thought I touched the nearby "Quick $40" icon instead, and I was immediately served $40 and handed back my card without an opportunity to correct the mistake. I hope that the Diebold touch screen voting machines are not as difficult to use as their ATMs.

Wednesday, July 07, 2004

IT Does Matter

Nicholas Carr caused a storm last year when he wrote an article called "IT Doesn't Matter" for the Harvard Business Review. Recently he published a book on the same subject. For the article to generate the response that it did, it has to contain more than a grain of truth. In the long run, he may be right. At some point in the future, for the vast majority of companies, IT will not matter in the same way that accounting does not matter. Accounting is a function that needs to be done, and it needs to be done correctly, but it is not something that can give a company a decisive competitive advantage or a superior business model.

The problem is that we are not yet at the point where IT does not matter. Technology continues to advance, and we are always building new systems to take advantage of the new technology. What's more, it takes time to develop the understanding and standardization of an IT application to the point where it runs smoothly enough to be taken for granted, or outsourced.

I think that it takes a minimum of 25 years to get a application or technology properly under control. For example, payroll was a white hot application in the 60's with companies hiring talented programmers to write their payroll applications. By the 90's, payroll had gotten to the point where it was almost entirely outsourced.

Payroll is a relatively simple application. How long is it going to take to get the PC or the Internet under control to the point where they can be taken for granted? Then there are much more complex applications like ERP or CRM that have been around for a few years but certainly not long enough to be satisfactorily stable. Finally there are still emerging categories such as content management and business process management and new technologies such as RFID and sensor networks.

Unfortunately, Carr's writing distracts us from a much more important and corrosive problem, that of the IT divide. At a recent conference, the IT divide emerged as the dominant topic during the wrap up panel. I will have more to say about it later.

Tuesday, July 06, 2004

More Thoughts on Internet Explorer Security

Maybe my last post was too severe. Windows Internet Explorer has a lot of security problems, and it will continue to have problems. The people who created it may prove to be misguided, however they are in the experimental phase of a new technology, and with anything new, "mistakes are made". In fact, we have not properly explored the design space unless mistakes are made.

A major source of security problem in Internet Explorer is the worldview that underlies its architecture. Just as pet owners come to resemble their pets, software reflects the organization that creates it. Microsoft is a large company that expects to dominate any field that it enters. Internet Explorer security is based on the concept that a small number of large media companies will dominate the internet and provide content for the masses. These companies need to install helper applications to web enable their content. ActiveX and other mechanisms are there to make this process work seamlessly without bothering the user. Also, because the applications are platform specific, they help cement the domination of Windows.

In practice the internet is more like the Wild West, with lawless thugs riding roughshod over whatever they can. Mechanisms to seamlessly deliver helper applications are exploited by the bad guys to seamlessly deliver unwanted programs of all sorts. Butler Lampson (now at Microsoft Research) recently published an excellent paper on security in IEEE Computer. He talks about trusted computing bases and sandboxing applications to prevent them from doing things that they should not. Now all we need is for the right people to listen to what he has to say.