Friday, December 19, 2014

With Super Power Comes Super Responsibility

Earlier today several people told me that my name was referenced on SlashDot. Specifically it was in reference to me calling programming a super power in a post on my old blog back in 2010. The post on SlashDot said that the recent events with regards to Sony demonstrated that software was a super power and ended with the line “remember to always use your coding superpower for good.

One of the things we discuss in my classes is the impact of technology on society. I tell students to remember that just because something can be done doesn’t mean is must or even should be done.

Software is very powerful especially when connected to data. We’re collecting huge, almost unimaginable, amounts of data these days. Some by governments but even more by companies. The Sony break in shows the damage that exposing data can create. I have heard people speculate that this could bring down Sony as a company and that at the minimum it will be terribly harmful in the near term. Clearly many people have been negatively impacted.

It seems like a lot of people are ready to blame the crackers and their technical expertise for the break in. Friends of mine who are in the business of information security are skeptical that all the information was taken without inside help though.  While there is a tendency to blame the technology or poor software for break-ins like this one thing people who have been around for a long time know is that many big break ins take place with inside help – knowingly or unknowingly.

Social engineering is a huge part of the information security situation. That is where someone convinced someone to give them access or information my claiming to be someone they are not. It is how a lot of systems are broken into. It turns out that the ability to program is not the only “super power.” Sometimes just the ability to access data or computer systems comes with a lot of power. Power that not everyone realizes is intrinsic with that access. Power that not everyone guards as closely as they should. No matter how much people talk about firewalls, access codes, viruses, Trojans, Zero Day exploits and other software security issues the weak link in most systems is still the people who have access to them.

That is not something we spend enough time talking to students about. And frankly most companies don’t talk about it or train about it enough either. A company that trains people to look for shoplifters often has more to lose when people are careless with passwords or leave terminals/computers logged in and unattended.

We need to teach more about security. I remind people that increased security training was added to the CS 2013 Undergraduate curriculum recommendations in recognition of how important this issue has become. But in many ways university is too late and computer science majors are a much smaller group of people who needs to understand these issues better. As educators we have the power to improve this condition and I would argue the responsibility as well.

2 comments:

Arta Szathmary said...

Here, Here! Alfred, you are right on the mark. We need to take the responsibility to talk about what is right and what is wrong. Good citizenship and ethics are both valuable lessons.

Mike Zamansky said...

I think it's important to remember that, particularly in K12 that we don't teach computer science. We teach kids computer science.

I describe my job as working with kids and I try to:

1. Teach them to think (in a new way)
2. Teach them to problem solve (in a new way)
3. teach them to learn on their own.

and 4. show them some neat ****.

I don't say it, but there's really another bullet before the 4 which is being a force for good (yeah, I know it sounds corny).

In our case, number 4 is CS.

Just as a huge part of what our biological kids pick up is from what we model as parents, so do our students so we have a huge ability to make an impact well beyond specific lessons in the curriculum.

A couple of weeks ago, I was watching a panel discussion and Nathaniel Granor, TEALS east regional manager said that 20% of all his volunteers were my former students. I might have been prouder of the fact that they want to give back than of what they've accomplished in tech.

Our impact can go far beyond merely CS and we have to be aware of it and have to use that super power for good.