Every once in a while I encounter someone’s work whose sanity of argument, integrity of passion, and elegance of expression convinces me in an instant that I have found a comrade. Recently reading the new book Geekonomics by David Rice was such an encounter.
Rice is a prophet, and like most true prophets, what he is saying is something you won’t like hearing. Geekonomics warns against the dangers of software. That’s right—software—which we rely upon every day to a rapidly increasing degree. Rice is no crackpot or self-proclaimed guru looking to make a quick buck with this book. His warnings are akin to those of Alan Cooper in The Inmates are Running the Asylum and my own as well. While Cooper and I rail against software’s inexcusable dysfunctionality, however, Rice points out very real dangers that threaten the world. Most software is bad, not just because it is much harder to use and far less effective than it ought to be; it is also insecure, which invites danger. The more we rely on software, the more vulnerable we are to the whims of those who would do harm.
Earlier this year, the country of Estonia, “the most wired nation in Europe,” was crippled for more than two weeks by cyber attacks that were launched by Russian hackers. These attacks so overwhelmed Estonia that its leaders had no choice but to sever the country’s connection to the Internet, and “with it the country’s economic and communications lifeline to the rest of the world” (from the preface of Geekonomics, David Rice, published by Addison-Wesley, 2007). Why was Estonia attacked? “The Russian government objected to Estonia’s removal of a Soviet-era war memorial from the center of its capital, Tallinn, to a military cemetery.” By becoming well wired, Estonia had inadvertently become highly vulnerable to attack. Why? Because it relied on an infrastructure—software—that was insecure.
Geekonomics does not address data visualization in particular, which is the focus of this blog, this entire website, and my work. Rather, it explains the fundamental reasons why software of all types usually fails to deliver what we need, especially security, and the threat that this failure invites. The dangers that Rice describes are on the scale of global warming. Did this statement get your attention? Good, because it’s true, and the magnitude and imminence of this problem deserves your attention. Just like the threat of global warming, we dare not ignore the threat of insecure software, because software has become the infrastructure of the modern world.
Rather than saying more about this book, I’ll let it speak for itself by including a couple of quotes, which should whet your appetite. I’ll begin with Rice’s synopsis of the book’s arguments.
There are three primary themes in Geekonomics:
- First, software is becoming the foundation of modern civilization; software constitutes or will control the products, services, and infrastructure people will rely on for a wide variety of daily activities from the vital to the trivial.
- Second, software is not sufficiently engineered at this time to fulfill the role of “foundation.” The information infrastructure is the only part of national infrastructure that is destructively tested while in use; that is, software is shipped containing both known and unknown weaknesses that software buyers are made aware of and must fix only after installation…The consequences are already becoming apparent and augur ill for us all.
- Third, important economic, legal, and regulatory incentives that could improve software quality, reliability, and security are not only missing, but the market incentives that do exist are perverted, ineffectual, or distorted. Change the incentives and the story and effects of insecure software change also.
Rather than fixing the problems in their software, most vendors spend their time cramming new features as quickly as possible into each release—new features that are rarely used.
So why, then, would software vendors provide an increasing and ever more fantastic array of features in applications when it is clear that users do not use newer features, and additional features tend to promote the very unreliability that keeps users from enjoying new features in the first place?
Compared to sufficient testing and proper security development practices, features are much less expensive to implement and provide an easier method for users to differentiate products even if newer features are not employed in practice. From a business perspective, even if features are irrelevant to a purchaser from a functionality perspective, features are not irrelevant to the software vendors where it counts most: the point of sale.
For the copious time and effort consumers spend comparing one list of features against another, the software vendor understands that the number of features matters more than anything of true consequence, whether quality, reliability, and/or security.
Geekonomics is not only an important book, it is also a good book. Rice is smart and thoughtful, and he knows how to write. If you rely on software (and who doesn’t?), you should read this book. If you produce software, you should read this book. You might not like what you read, but you need to hear it, and we all need to do something about it.