COMPUTER UTILITY Paul Armer August 1967yg201wp3748/yg201wp3748.pdf · 3 "A our labor force willbe...
Transcript of COMPUTER UTILITY Paul Armer August 1967yg201wp3748/yg201wp3748.pdf · 3 "A our labor force willbe...
o
OC
SOCIAL IMPLICATIONS OF THE COMPUTER UTILITY
Paul Armer
August 1967
Copyright © 1967THE RAND CORPORATION
P-3642
1
SOCIAL IMPLICATIONS OF THE COMPUTER UTILITY
Paul Armer
The RAND Corporation, Santa Monica, California
I am concerning myself in this Paper with the social
implications of the computer utility concept. The emphasis
will be on the privacy issue and what we can do about it.
But before I deal with this problem, I'd like to devote a
few minutes to some of the others; in particular, the un-
employment problem.
In the 1950s a number of people were predicting mass
unemployment as a result of the introduction of computers
and automation into the U.S. economy. Predictions were
made that a few percent of the labor force, utilizing ma-
chines, would soon be able to produce all the goods and
services society could consume. In these days of near
full employment, such predictions are less numerous. But
the emergence of the computer utility concept appears to be
bringing the prophets of mass unemployment back on stage.
For example, in The Challenge of the Computer Utility [I] ,
Any views expressed in this Paper are those of theauthor. They should not be interpreted as reflecting theviews of The RAND Corporation or the official opinion orpolicy of any of its governmental or private researchsponsors. Papers are reproduced by The RAND Corporationas a courtesy to members of its staff.
This Paper was delivered at the Informatics/UCLASymposium on "Computers and Communications - Toward a Com-puter Utility," held at UCLA, 20-22 March 1967.
2
Douglas F. Parkhill says, "For the plain truth is that we
are fast approaching the day when very little, if any,
human labor will be necessary in our economy." I think
this is nonsense. My argument goes like this.
Even though the U.S. is the richest nation in the
world, in 1963 the average family had about $6700 to spend
annually. Let's assume several rates of growth of produc-
tivity (productivity is defined as output-per-man-hour) and
see how that $6700 might increase by the year 2000. If the
present rate of approximately 2.6 percent is maintained,
each family will have about $14,700. Even if the rate
increased to 4 percent per year, the number is less than
$27,000. At those figures, I think you will agree thatpeople won't be sitting around with more money than they
know how to spend. The rate of growth of productivity would
have to more than double for average family income in the U.S
to become significantly large in even 50 years, a possibility
which seems to me to be extremely unlikely for the economy
as a whole. And this analysis ignores the rest of the world-
an omission we can hardly afford, even if we wanted to do so.
The base for the world starts out much lower. Excluding the
U.S., the world's per capita income is about 12 percent of
what we enjoy in this country. Looking at that part of the
world outside of Europe and North America, the base is but
6 percent of the U.S. income.
I want to emphasize that what I've been saying is
that I disagree with the prediction that a few percent of
3
"A
our labor force will be able to produce all the goods and
services that society can consume. I have not denied that
computers and automation displace people from jobs—that
is often the very motivation for their introduction. Con-
sequently, I do believe that computers and automation do
cause problems in the employment arena—problems for which
society must develop solutions. But I disagree with the
prediction that the problem will be one of massive un-
employment. Rather, I believe, the chief problem will be
one of retraining, relocation and placement; of providing
for continuing education, and of keeping the economy grow-
ing. Further, I have not said that we will not suffer from
unemployment in the future. Rather, I have said that we
will be in need of the output of our entire labor force.
Unfortunately, we may not be socially sophisticated enough
to keep everyone producing. For example, a great many con-
struction workers are out of work today even though we
badly need more schools, hospitals, and housing.
Before leaving the topic of unemployment, let me make
an observation. It used to be that an individual could go
to school, take a job, learn through experience, move up
in his organization, and do well until retirement—drawing
in his latter years, so to speak, on the intellectual
capital he coined in school and on the job. This is be-
coming less and less true. Now the pace is such that
significant changes take place in a period of time which
4
is short compared to the life span of man. Today we find
companies terminating men of a given speciality while
hiring younger men in that same speciality. We find com-panies restricting the percentage of older men among new
hires; we find companies in trouble because their managers
are obsolete. We find individuals psychologically dis-
turbed because they feel that they are obsolete. Society
must find ways of dealing with these problems by facili-
tating the process of continuing education. A big question
is how to finance such education, where the losses
associated with foregone wages and salary while going to
school will be very large.
Let me briefly touch upon several other issues
Parkhill [1] uses the phrase "altered almost beyond recog-
nition" to describe the society that will exist after the
current computer revolution has run its course. Although
I find those words somethat extreme, I do believe that we
are in for some very significant changes. One of the few
safe things one can say about the future is that it will be
fantastic and full of surprises.
Richard Hamming [2] has pointed out that large quanti-
tative changes often bring about profound qualitative
changes. He notes that when things are changing rapidly
an "order of magnitude" or "factor of ten" is a convenient
measure. For example, we can travel by foot at about 4miles per hour, by auto at 40 miles per hour, and by jet
5
aircraft at something more than 400 miles per hour; i.e.,
each mode differs from its predecessor by an order of mag-
nitude—a factor of ten. The capability of getting around
at 40 miles per hour has profoundly affected our way of
life, and jet travel has shrunk our world immeasurably.
Contrast the pace of these changes with what has been
occurring in the computer field. The last order-of -magnitude
change in transportation took about 50 years for us to achieve,and while another factor of ten may be but 10-15 years in the
making, another order of magnitude beyond that, at least for
earthbound travel, is probably infeasible. But the speed
of the electronic portions of computers has been increasingby an order of magnitude about every four years, and it looks
like that pace will continue for some time. Size (againI'm talking about the electronic portion of the computer)
decreased by an order of magnitude in the last ten years,
and will probably decline by three orders of magnitude during
the next decade. More importantly, the cost of raw com-
puting power has declined by an order of magnitude every
four years, and this trend looks like it will hold for
awhile.
The amount of computing power in the U.S. has been
expanding by an order of magnitude in something less than
four years. Shouldn't we expect a great impact on society
from such rapid change in computer technology? And now,
with the advent of the computer utility, we foresee that
6
computing power will be distributed in much the same way
as electrical power and telephone service. Developments
in the computer field will indeed alter our way of life
significantly.
Concomitant with dropping costs and utility-like
distribution of computing power, information— as a com-
modity—will become inexpensive, widely marketed, and
readily available. That may not sound like either a very
profound or a very significant prediction—until you stop
and think about its implications.
As you know, the computer-utility and information-
processing technology will have tremendous impact on
medicine, government, education, and law enforcement.
Legal practice will change considerably. The impact on
banking and finance will be revolutionary. The cashless
and checkless society is obviously technologically feasible
now and will soon be economically feasible. (Political
feasibility is another question.) Personally, the thought
of a system that will record and store information on what
I purchased for how much at what time and place everytime
I purchase so much as a newspaper or candy bar frightens
me. And that brings me to the privacy question.
I have predicted above that information, as a commodity,
will become inexpensive, widely marketed, and readily
available. Here we are concerned with information on indi-
viduals. As we go through life we generate an endless
7
+
stream of information about ourselves and our activities.
We are born and immediately have medical records; we go
to school and generate grades, IQ test scores, psychological
profiles, and behavior information; we get a Social
Security card and have an employment history; we may enter
military service or take a job requiring a security clearance
we may get married and have children; we take trips and make
purchases. Today, much of the information about our ac-
tivities is never recorded; e.g., most of our cash financial
transactions. What information that is recorded and col-
lected is widely dispersed and somewhat difficult and ex-
pensive to assemble. Information exists in small, widely
dispersed puddles. But the advent of computer utilities
and rapid changes in related technology are making it
feasible to draw these puddles together into large pools of
information. To put it another way, present systems give
the individual a measure of privacy that he may lose in
the computer utility era.
The Panel on Privacy and Behavioral Research of the
Office of Science and Technology [3] defined privacy in this
way :
The right to privacy is the right of the indi-vidual to decide for himself how much he willshare with others his thoughts, his feelings,and the facts of his personal life. It is aright that is essential to insure dignity andfreedom of self-determination.
I trust that the importance of privacy, both for indi-
viduals and organizations, is self-evident. It apparently
8
isn't to everyone; I've been asked at various times whenspeaking on this topic: "Why are you so concerned—what
have you got to hide?" The fact is that individuals and
organizations do need, at times, to hide. The Constitutionof the United States was itself hammered out behind closed
doors in Philadelphia. Historians are agreed that if ourforefathers had been forced to work in a fishbowl, the
results would have been much different. The individualneeds personal autonomy—he needs the emotional release of
"off stage" moments when he can be "himself," free of thevarious roles he plays in his daily life; he needs limitedand protected communication. I trust I needn't dwell on
the specter of Orwell's 1984.
On this question of the need for privacy, I would liketo call attention to two articles by Alan Westin appearing
in the June and November (1966) issues of the Columbia Law
Review [4,5]. (These will be incorporated in Westin 'sabout-to-be published book.)
But if privacy (like God and motherhood) is inviolable,
what's the problem? The problem arises out of conflictsbetween the individual's right to privacy and society's
right of discovery. By the latter I mean the belief that
society has the right to know anything that may be known
or discovered about any part of the universe— and man ispart of the universe. Society aspires to know the universe.
Society has raised its level of aspirations in many
ways—we look for improved efficiency in government, better
9
1
1J
law enforcement, and more rational programs in general.
To do this, government needs more and better information
about what is going on —information about people and or-
ganizations. Government also feels that it must have
information to protect society from disorder and subversion
Thus, today, we read of proposals to consolidate govern-
ment files and to establish National Data Banks of various
types .The common good cannot be realized in a society con-
sisting only of private entities—it requires some re-
nunciations of the rights of personal and corporate privacy
But the threat to privacy is not confined to the
public sector. Many believe that the private sector repre-
sents a much more serious threat. The market for informa-
tion on individuals and organizations has always existed.What is new is that computer technology is introducing
orders-of-magnitude change into the economics of that
market. Information about people is useful in making de-cisions about hiring, granting credit, and myriads of otherissues. Information about people is the stock in trade
of many magazines and newspapers. There are, of course,
nefarious uses of information—e.g., the stock-market caper
early in 1967 involving the manipulation of stock brokers
around the country [6] .Thus we see that threats to privacy arise in both the
public and private sectors. And we see that privacy is not
10
an absolute—we must strike a balance between the right
of the individual to privacy and the common good. Achieving
the proper balance is the problem.
What can be done about assuring individuals and or-
ganizations an appropriate level of privacy in the era of
the computer utility? First, let me repeat that the problem
has been with us for a long time and has not been brought
about by the computer. But the computer, by introducing
orders-of-magnitude change into the economics of the situ-
ation, is bringing about significant qualitative changes.
We might consider one aspect of this change as positive:
the computer is focusing light on a situation of long
standing, where reality is undoubtedly much worse than most
people realize. As a result of the examination going on,
some aspects of the problem may be improved over the present
A system of controls on the invasion of privacy must
have four elements: rules, safeguards, penalties, and
remedies. Rules are mainly the province of Congress and
state legislators. They must decide on what information
can be collected and consolidated, and who can have access
to it for what purposes. This will not be an easy task,
and the lawmakers should be able to draw on the computer
industry for advice and counsel. The rules with respect
to interrogation of a computer file must require that the
enquirer have a legitimate need to know. The question must
be material—i.e., important to the inquiry. It must be
11
relevant to the inquiry; and it must be lawful —i.e.,information obtained for one purpose should not be used
for some other purpose.
We are apt to see new rules as a result of this in-creased attention to the overall problem of privacy. For
example, it is likely in many instances that the individualwill be given the right to know what is stored about himin the computer utility and the right to challenge that
information. Rules may be enacted to require that the
system record every consultation of an individual's file,
and that the individual be notified of each consultation.John McCarthy once proposed a new civil right for the era
of the government computer utility: no one may be asked
by the government for information it already has.
Along more serious lines, McCarthy has also proposed
[7] that we invent the right to prohibit the maintenance of
files of information on individuals, by the government or
by private industry, without specific authorization. Such
a policy would represent a marked change from present
practice, but it is one that I believe should be seriously
considered. As I have stated earlier, I believe that thethreat to privacy from the private sector is most serious.Legislation limiting the existence of files would appear
to be one way of dealing with this threat. I also believethat the right of confrontation and of being notified of
consultations should apply to the private sector as well as
the public.
12
Let me skip over the topic of safeguards for the
moment and briefly discuss penalties and remedies : Thereis apt to be considerable incentive, financial and other,
to breach the security of information utilities. If
penalties are to be an effective deterrent, they must be
severe. The remedy problem is knottier. We do haveprecedence in the law of libel with respect to remedialaction if an individual or organization were to be damaged
by incorrect information. But if the damage results from
the truth, things become muddy. I'm obviously not a legal
expert, but this looks to me like a problem needing
attention.
Returning to safeguards: Let me first reiterate a
basic principle recently stated by Frank Wagner—"a de-
termined intelligent penetrator can crack any security
system if he has adequate resources available. Absolutesecurity cannot be achieved." What we must do is make thecost of breaking the system sufficiently high so as to
discourage most potential violators.
What are the vulnerabilities of a computer utility?
Let us briefly review the makeup of such a system. At the
user's end are terminals connected by communications linesto a switching center connected by other lines to thecentral processor, to which are connected the physical files.
Such a system is vulnerable to wiretapping or listening every
where it exists. An obvious remedy, of course, would be an
13
encryption (or privacy-protection) program. Encryption,
however, is not cost free; and cost-effectiveness criteriaare indicated. We'll need a lot more data here before any
intelligent decisions can be made. Cost data on variouslevels of protection will be easier to arrive at than
assessment of the loss resulting from a breach of the
system.
At the console end of the computer utility, we are
faced with problems of both user and terminal identifica-
tion and authentication. We can anticipate the use of keys,
identification cards, passwords, and "computer hang-up and
call back" procedures. It should be borne in mind thata password may be compromised by a single use; there islittle protection in the present practice of repeated use
of passwords.
At the other end of the system are the physical files
themselves. The threats here are theft, copying, and un-
authorized access. We're probably in pretty good shape
with respect to protecting such files against physical
theft—that's a problem we've had to deal with for a long
time. Unauthorized access and copying are more difficultmatters, requiring much more work and inventiveness. At
the central processor we must provide security in bothhardware and software, including schemes to monitor theprotection features built into both. We are all painfullyaware that we've much homework yet to do here. The central
processor represents the acme of system security since it
14
not only has access to all files and programs, but also
to necessary passwords, file access authorization lists,
and keys to the encryption schemes. Clearly, here, we
need the highest available level of protection.
Computer-utility personnel will include the user at
the terminal; the men involved in the maintenance of the
terminals, communications, and the computer system itself;
computer operators; and system programmers. These last
are obviously in the most sensitive position of all, for
they "know all" concerning the protective features built
into the hardware and software. You're probably all aware
of the recent instance of a programmer for a bank who
"patched" a program so that it paid his overdrafts and
suppressed the printing of the fact that his account was
overdrawn. All this suggests the need for personnel-
security systems similar to those required for the handling
of classified military information. (Incidentally, here
we see an example of the fact that privacy is not an
absolute thing--i . e . , individuals involved must give up
some of their privacy, through security investigations,
for the common good.) I would also hope that we will find
personnel-security systems required in the processing of
sensitive information in the private sector. If that sounds
like a somewhat radical proposal, I would point out that it
is akin to the accepted practice of licensing.
Clearly, we will need the equivalent of bank examiners
to insure the overall integrity of computer-utility systems.
15
Such monitors should have the authority and duty to con-
duct random audits, legislate practice, license and bond
personnel, etc. They might also employ teams of people
charged with attempting to penetrate systems.
In closing, I'd like to quote from Edward Shils [8]
Everyone needs to be allowed to live somewhatin the shade—both rulers and ruled —in orderto "keep" what "belongs" to one.
Intrusions on privacy are baneful because theyinterfere with an individual in his control ofwhat belongs to him. The "social space" aroundan individual, the recollection of his past, hisconversation, his body and its image, all belongto him. He does not acquire them through pur-chase or inheritance. He possesses them and isentitled to possess them by virtue of thecharisma which is inherent in his existence asan individual soul—as we say nowadays, in hisindividuality--and which is inherent in hismembership in the civil community. They belongto him by virtue of his humanity and civility—his membership in the human species and hismembership in his own society. A society whichclaims to be both humane and civil is committedto their respect. When its practice departsfrom that respect for what belongs to the privatesphere, it also departs to that degree fromhumanity and civility. A civil society cannotexist without that respect.
16
REFERENCES
1. Parkhill, D. F. , The Challenge of the Computing Utility,irkhill, D. F. , The Challenge of the Computing UtilityAddison-Wesley Publishing Company, Palo Alto,California, 1966.
2. Hamming, R. W. , "Intellectual Implications of the Com-puter Revolution," The American Mathematical Monthly,Vol. 70, No. 1, January 1963, pp. 4-11.
3. Privacy and Behavioral Research, Executive Office ofthe President, Office of Science and Technology,February 1967; U.S. Government Printing Office,Washington, D.C., 244-490-67-2, 1967.
4. Westin, Alan F. , "Science, Privacy, and Freedom: Issuesand Proposals for the 1970 *5, Part I: The CurrentImpact of Surveillance on Privacy," Columbia LawReview, Vol. 66, No. 6, June 1966, pp. 1003-1050.
5. , "Science, Privacy, and Freedom: Issues andProposals for the 1970 's, Part II: Balancing theConflicting Demands of Privacy, Disclosure, andSurveillance," Columbia Law Review, Vol. 66, No. 7,November 1966, pp. 1205-1253.
6. "Mob Blackmailing Broker to Push Stocks, Paper Says,"Miami Herald, March 15, 1967.
7. McCarthy, John, "Information," Scientific American,Vol. 215, No. 3, September 1966, pp. 65-72.
8. Shils, Edward A., "Privacy and Power," Computer Privacy,Hearings before the Subcommittee on AdministrativePractice and Procedure, Committee on the Judiciary,U.S. Senate, 90th Congress, Ist Session, March 14-15,1967; U.S. Government Printing Office, Washington,D.C., 77-577, 1967, pp. 231-248.