Thursday, March 18, 2010

Another Dark Side of the Internet

When it comes to using the Internet as an enabler through which resources can be managed remotely, I have to confess that I was directly involved with one of those "bleeding edge" research projects behind such thinking. It certainly seemed like a good idea to those of us exploring it in its earliest days. The project with which I was involved was specifically aimed at small businesses that needed more powerful computer technology to avoid being swamped by larger competitors but that could not afford to take on additional staff to look after the hardware and software. As I began to survey the field of who was out there providing what kind of remote management, it all felt as if we were pioneers on the threshold of a brave new world.

In the decade since I was one of those dreamers, any number of be-careful-what-you-wish-for scenarios have come into play. As I wrote in December of 2008, I was discovering the hard way that, wherever there is management, there is also mismanagement; and, when one has to deal with a heavily human-oriented service sector, that mismanagement can get pretty painful. These days, it seems as if the pain knows no limits. Put another way, we seem to be experiencing a new axiom: The more technology you deploy to provide services remotely, the more opportunities that technology has to do harm.

Last night Associated Press Writer Jeff Carlson reported an incident in Dallas that reinforces this axiom in a way that probably no system developer had anticipated. The good news is that the perpetrator was caught and is now in the process of facing the consequences of his malice. The bad news is that this is probably another example of a barn whose door has been closed after the horse was stolen (which seems like the right metaphor for a report from Texas). Here is Carlson's basic account of what happened:

A man fired from a Texas auto dealership used an Internet service to remotely disable ignitions and set off car horns of more than 100 vehicles sold at his old workplace, police said Wednesday.

Austin police arrested Omar Ramos-Lopez, 20, on Wednesday, charging him with felony breach of computer security.

Ramos-Lopez used a former colleague's password to deactivate starters and set off car horns, police said. Several car owners said they had to call tow trucks and were left stranded at work or home.

"He caused these customers, now victims, to miss work," Austin police spokeswoman Veneza Aguinaga said. "They didn't get paid. They had to get tow trucks. They didn't know what was going on with their vehicles."

The irony is that the technology that enabled this episode had been deployed to protect the dealership against abusive customer practices:

The Texas Auto Center dealership in Austin installs GPS devices that can prevent cars from starting. The system is used to repossess cars when buyers are overdue on payments, said Jeremy Norton, a controller at the dealership where Ramos-Lopez worked. Car horns can be activated when repo agents go to collect vehicles and believe the owners are hiding them.

Carlson also provided an account of just how technology deployed to be good had gone bad:

Starting in mid-February, dealership employees noticed unusual changes to their business records. Someone was going into the system and changing customers' names, such as having dead rapper Tupac Shakur buying a 2009 vehicle, Norton said.

Soon, customers began calling saying their cars wouldn't start, or that their horns were going off incessantly, forcing them to disengage the battery. Norton said the dealership originally thought the cars had mechanical problems.

Then employees noticed someone had ordered $130,000 in parts and equipment from the company that makes the GPS devices.

Police said they were able to trace the sabotage to Ramos-Lopez's computer, leading to his arrest.

Norton said Ramos-Lopez didn't seem unusually upset about being fired.

"I think he thought what he was doing was a harmless prank," Norton said. "He didn't see the ramifications of it."

Once again I am reminded of one of the oldest adages about information technology: "To err is human; to really screw things up, you need a computer." However, to be fair to the technology, the screw-up came from a human who happened to see a way to use the computer for "a harmless prank." You would think that systems designers have the sort of mentality to imagine the sorts of "harmless pranks" that could be committed; but, given the sort of pressure they are probably under in their workplaces, I suppose that such imagining gets put on a back burner in the face of the ongoing release-something-that-works management philosophy. Whether or not we wish to single out Microsoft as the originator of that philosophy is left as an exercise for the reader!

1 comment:

DigitalDan said...

Seems to me the prime miscreant here is the dealer who authorized the installation and continued access to GPS/control devices installed in vehicles now owned by others. It would be interesting to know whether the lien held by the seller would legally extend to this kind of invasion of ownership rights. I'm assuming the purchasers were unaware these devices were still installed and active. Major privacy concerns.