Punishment.
> I await the torrent of comments to the effect of "Well, if they don't know how to use a computer correctly, they deserve what happens to them."
There's always some of that, yes -- IT does seem to attract more than its fair share of misanthropes (I'm one myself) -- but I think the more prevalent attitude is simply a lack of understanding. IT people just don't seem to get that not only do most people not understand the inner workings of a computer, but that they shouldn't have to. This decision was made back when Gates and Jobs and their peers decided that computers should be mass-market machines for everyone: with that aim comes the responsibility to make them safe.
Someone below mentioned the internal combustion engine, apparently under the impression that people who drive cars know how it works. No they don't. Neither do we need to understand cathode rays or LED tech to watch TV, or materials science to use a ceramic frying pan. And if a manufacturer were to make a frying pan that catastrophically explodes if exposed to the highest temperature on a normal hob, a bit of small print in the packaging saying "Do not use the highest temperature with this pan" wouldn't protect them from the ensuing prosecution.
Computer firms have a choice: they can make highly specialised machines for a tiny market of specialist professionals, and trust those professionals to know what the hell they're doing -- and so leave them to clean up their own mess when stuff goes wrong. Or they can make general mass-market machines for everyone, and accept the duty of care that comes with doing so. The trouble with too many IT people is their belief that you can sell to the latter market but act like you've got the former customer base.
The big firms get some of this, as we see just from the fact that they do roll out security patches. But they don't get it enough. They still expect their customers to be watching the news for the latest "Install the latest patch immediately!" story and then doing so by the end of the week. Imagine if a toy manufacturer issued a product recall every week for a decade. They couldn't, actually, as they'd be bankrupt inside a year.
Customers hate this crap, and rightly so. But they are faced with an industry that, although it refuses to change its stinking attitude, makes undeniably useful and wonderful things. So they try asking their techie friends for help, and those friends say things that they genuinely believe are helpful, such as "Switch to Linux" or "Implement this new encryption algorithm I've found", but which actually all boil down to the same piece of shitty advice: "Become an IT expert." So the only rational course left to users is exactly what this study has discovered: resignation.
Since computer security is increasingly a safety issue, I'd like to see governments updating their laws to reflect that. If a young lady buys a laptop and happens to have it switched on in her room while she gets changed, she has an entirely reasonable expectation that video of her naked isn't going to be used to blackmail her. If it is, the manufacturer of the laptop and its software should be held liable. If a builder puts a new roof on your house and it's leaking six months later, they're simply not allowed to write an EULA that says it's not their problem because it's your roof and they didn't make the rain. They're liable, legally. The same principle applies to all other manufacturers and producers -- unless they're an IT firm. Car manufacturers don't get to shrug when their products crash due to design and manufacturing flaws, but IT firms do -- which is why Tesla are suffering from cognitive dissonance: they're full of IT people with IT attitudes, and are beginning to discover that that won't wash.
Well, it shouldn't wash anywhere. Next time someone is driven to suicide by identity theft or revenge porn, how about we identify some senior executives responsible for the tech that made it all possible and drag them through the courts and embarrass the fuck out of them? Do that a few times and just watch computer security improve. Incentives matter.
(Sorry, this comment went on a lot longer than I intended. Rant over.)
Biting the hand that feeds IT
