% fortune -ae paul murphy

Parts of a system: beyond the e-voting case

Probably the most common response to my blogs about e-voting last week was that fixing the voting machine doesn't fix the process. Here's how Erik Engbrecht put it in one of his responses:

So hack the servers

...or better yet get someone with access to subvert the results.

You're just shuffling the problem around in order to obtain an incremental improvement in security. Which from a practical perspective is probably fine, but it's not meeting your theoretical standard.

Other people, including devguy, offered broader versions of the same response: emphasizing that the issue is overall system integrity, not simply fixing the voting machine.

I couldn't agree more with all of these people, but those blogs were only about the voting machine part of the process - largely because the voting machine is the visible component in a complex process much of which is outside the mainstream discussion on E-voting.

For the record, it's my belief that an E-voting proposal based on using Solaris servers with Sun Rays would have to take a strong states rights position, argue that much of the existing regulatory framework reflects obsolete technologies, treat the issue of correctly obtaining, counting, and proving the vote as an implementation excerise, and sell mainly on the basis of what adoption could do for electoral officials facing the litigation and related risks now associated with the decisions they have to make on individual vote and voter eligilibility.

What I found most interesting about the discussion, however, was something nobody noted explicitly: that generalization of this discussion from e-voting to generic corporate IT suggests that we may be missing the forest for the trees (or vice versa) more often than we know.

It raised the question, in other words, of how often our tendency to focus on a specific device or task to which IT is obviously and directly applicable blinds us to the larger realities of the process or processes in which those efforts are embedded?

As I noted on yesterday, I think the current popularity of greening issues among data center managers is an example of this with most of what most of us are doing either completely missing the boat or simply putting local IT priorities ahead of our broader corporate responsibilities.

Server virtualization (in the PC/IBM sense of hosting multiple equivalent OS instances on one machine), for example, is extraordinarily popular right now and can definitely reduce data center cost - but almost always does so at greater cost to the business and so is generally net negative for the employer.

I suspect that another example of how doing the right thing for IT can actually work against the best interests of our employers may be found in IT emphasis on standardization -on products, on brands, on processes, on data, on qualifications, or in fact on almost anything else where we take a one size fits (almost) everyone approach.

All of which leads to my challenge to you: is there really a selective blindness thing happening here? can you offer either better examples or counter-examples? and thus the bottom line question: how often do we get the balance between IT and corporate interests wrong - and not know it?

Paul Murphy wrote and published The Unix Guide to Defenestration. Murphy is a 25-year veteran of the I.T. consulting industry, specializing in Unix and Unix-related management issues.