Working Up

by Dwayne Phillips

Systems built by persons often have more capability than intended. Someone will arrive who will find and use these.

I stumbled onto this story recently about persons in Angola who have limited Internet access. They found ways to use Wikipedia and Facebook that the creators of those systems did not intend. The systems, however, had capabilities, so these Angolans used them. These Angolans used Wikipedia to store and share full-length Hollywood movies. That was just one use of unintended capabilities.

I have recently studied a bit on Internet security and hacking into systems that people at one time deemed secure. The vast majority of these hacks are examples of finding and using unintended capabilities.

Did you know that if you… you can …?

And so the story goes.

This post could be a plea for better systems engineering where you build systems that meet user requirements and do nothing else. Those systems have no extra capabilities and no unintended capabilities. Those systems also do not exist.

I always go back to the numbers game. Builders of systems hire a group of smart, dedicated persons to build a system. Once out in the wild, another group of persons start poking at the system to see what else it might do. The second group of persons is usually several thousand times larger than the first. The second group has massively more numbers of persons. The second group always eventually “wins” (whatever winning means).

It is now the time to find the moral of the story. I suppose there are many morals. Here are a few:

• Try harder at systems engineering
• Hire a few thousand outsiders to pick at your system for a few weeks before releasing it
• Be ready with a press release that puts a good spin on the persons who find your unintended capabilities
• And so on