Usually I take some pride in being a software developer - in being someone who can make these complex machines of practical use. Sometimes, however, something occurs that makes me ashamed to be a part of this industry. Take a recent article on MSNBC for example.

A developer - the article names Mark Dennis but we don’t know if that is accurate or not - was asked to write some software to manipulate a database recording the fosterage of hundreds of children in New York. When he had problems with his task, he turned to a public website to find someone to help.

No problem with that, you might think, and normally I would agree.

Except, in this case, he posted the entire database onto the website along with his question, thus releasing the confidential details of these children (including names, addresses, family situation and daily routine) into the public domain.

At best, his actions exposed those children to abduction by parents already denied access through the courts, at worst they were exposed to predation by the sicker members of society.

It gets worse. He did this not once, not twice, but three times, with two separate datasets. This was in spite of receiving a good natured warning from a concerned netizen about the breach of security.

I’m not going to mince my words here. Exposing sensitive information once, through error, is unfortunate, but understandable. Doing it deliberately, multiple times, even after being advised of the problem. This guy needs to be dealt with severely. Even supposing that he had received no official direction about the confidentiality of the data involved, he knew that the private information of children was involved and he should therefore have never distributed the information.

It is astounding to me that Mark Dennis ever considered posting such information to a public forum. Like many developers, I’ve had access to private and confidential information in many forms - from files on hard drives of computers undergoing service, to enterprise database systems containing both personal and financial records. And like most of my fellow professionals, the only actions I’ve taken with this access are the actions necessary to do my job.

Think of what we expect from our dealings with other professionals. Doctors, Counsellors, Lawyers and Accountants have access to our private and confidential records, and are (excepting a few disclosures required by law) expected to keep our confidence. Plumbers, Electricians and other service people have access to our homes and businesses, and are expected not to roam around the house poking in drawers and cupboards.

Equally, IT professionals often have the ability to access all kinds of information. This capability is necessary for us to do our jobs, yet we have a responsibility not to abuse the trust we are accorded.

The lack of foresight and consideration in this situation is mind boggling. If our industry had a professional ruling body (such as that required of doctors, accountants and lawyers) then Mark Dennis would be kicked out on his ear. As it is, we can do nothing but sit back, hope this guy gets nailed through conventional means, and pray that none of these children suffer as a result.

Comments

blog comments powered by Disqus