Software is pervasive: from the computer on your desk to the washing machine at home, in the car, in the phone and coming soon in your wallet. But who is making the choices that are shaping our future? Who knows better than software developers the impact all new computer products will have on our everyday life; whether they will invade - or not - our privacy? There are some choices to be made now and these are not purely technological anymore, but a matter of ethics. Software developers have a duty to inform the public of what is going on: you have to spread the word. This was expressed by the Computer Ethics Institute, back in 1991 at their first annual conference, as the ninth of their ten commandments: ‘Thou shalt think about the social consequences of the program you write’.
The Powers That Be (TPTB), ie government and industry, take decisions in their own interest. The public tends to accept these decisions where they concern software related issues, because the issues seem too technical to understand and, besides, the decision makers have ‘experts’. Software developers, at the forefront of the technology, can and should explain to the layman what it is all about.
Take the banking industry, which is very bullish about the security and reliability of its ATM software: all errors are customer errors. But the opposite has been proved the case in several documented instances. Surprise, surprise - how many entirely bug-free programs do you know? But the naivety of some people is such that they believe printed output, simply because it comes out of a computer! Nobody is better placed to correct this view than the software developer.
One area not generally well understood outside technical circles is the issue of the state's need to protect itself versus the individual's right to privacy. To the lay person, this appears to be a trade-off: the extent to which you have one limits the extent to which you can have the other. The address and personal details on, say, a driving licence, are vulnerable to abuse by TPTB. Why put all these details on a driving license, what have these to do with the fact that you can or cannot drive a vehicle? Most authorisation processes today are based on the physical identification of the authorised person. Is there really such a need? Recent advances in cryptographic technology have allowed the separation of the identification and authentication processes. It is now technically feasible to have a smart card containing the information describing what type of vehicles you are allowed to drive but no personal information. To read and validate the information, a cryptographic key would have to be entered by you.
The combination of smart cards and cryptography has many applications, but decisions must be taken now if we do not want TPTB to control everything in our life. The Department of Transport is experimenting with schemes for automatic motorway tolls. Will these toll devices, affixed to vehicles, be identifiable? They don't need to be to perform the job of collecting tolls.
Yet some governments have already opted for schemes which identify the driver. In some Scandinavian countries, for example, you can buy a small gadget that is fitted to your car and which pays tolls automatically. This device identifies your car uniquely, so the system could easily be modified to include detection of drivers breaking the speed limit, causing a ticket to be dispatched without human interference. It will be easy to find the right address: every citizen (in at least Korea, Sweden and Norway) already has a unique number, issued at birth, which is then used in every state controlled database. Software developers are involved right at the beginning of such projects, and are key people since the software is controlling the whole project. They are the only persons that can, and must, inform the public at the start.
Somebody's program, somewhere, is watching you. Developers wake up to your duty and spread the word...
David Mery
(C)1995, Centaur Communications Ltd. Reproduced with the kind permission of EXE Magazine.