SSSCA Hearings Postponed Under Heavy Opposition

Concerned Citizen writes "Both the EFF and WIAFLW are reporting that the "Senate Commerce Committee's hearings on the Security Systems Standards and Certification Act (SSSCA or DMCA-2) which had been originally schedule for today (Oct. 25, 2001) have been postponed due to mounting opposition, particularly from those in the tech community." Senator Fritz Hollings has yet to reschedule a hearing (it's likely that he won't), and has also indicated that he would consider modifying the bill."

Certification

[pieterh]

Let's face it. Within a few years the profession of 'programmer' will be protected by law, and any practicing programmer will have to be certified by a recognised educational establishment and/or Microsoft. Programming for fun will be allowed only for personal reasons. Any software intended for commercial use will have to confirm to the appropriate certification act.
If this sounds outlandish, think about how we construct buildings. Why should software developers be treated differently than architects and engineers?
(This is a leading question, but one I think will be asked by parties seeking to regulate the IT domain).

Re:Certification

[Masem]

Most engineering professionals can take what is known as a Professional Engineering exam; this is equivalent to the bar for lawyers or AMA certification for doctors. The test is typically done in two parts, one that you can take right after college, and the other after 5 years of 'practical' experience in the field. The first test is very general, covering all fields of engineering (fluid dynamics, chemistry, physics, mathematics, statistics, statics, etc), but the scores are weighted based on your profession; a mechanical engineer probably doesn't need to know much chemistry or statistics, but better dang well be up to speed on statics and the like. If you pass this test, you are "an Engineer in Training" (thus, this is typcially the EIT test). The second part is much more open ended and typically geared towards your profession. Passing this grants you the Professional Engineer title. (that's why you'll see P.E. after some names).

Now, the rules vary from state to state, but in most cases, you have to be a PE to design any facility, structure, or whatever that is larger than a small room, in where there may be possible issues with the public safety. Thus, you'd obviously want bridges done by mech e's, chemical plants by chem e's, etc. The idea is that the PE certification of the design ensures that the public safety has been met to a certain degree.

While this idea is great and all , there are currently major problems due to the state-by-state nature of it. For example, just like with bar tests, you need to be recertified in a new state if you move. Another problem is that because of how some aspects are designed, there's a lot of overlap of displines, and some state rules force the weaker displine to have more effect. In CA for example, in designing a chemical plant, you'll typically have a Mech E., Chem E., and Civil E. all working together on the design. However, current law states that only a Mech E's can certify the plant design; thus, the mech E can add, say, a hugh vat of sulfuric acid (a highly toxic safety hazard) for no reason, and yet could get the plans certified by him with no input from the Chem. E. In effect, the PE certification of chemical engineers is worthless in CA. There's a large number of industrial Chem E's fighting these types of rules to make it better.

Will Computer Engineers need to be certified? I would that those that are designing systems that pose potental harm to the public good, such as air traffic control systems, medical systems, water and power plans controls, should have some sort of certification, but in conjunction with those that would normally work on those projects as well. However, for the end-user's casual programs, including Windows, office software, browsering, servers, etc, it's unnecessary because those items pose very little *direct* harm to the public. (Do note that even Microsoft signs off on libilities for malfunctions of their software, and says that it shouldn't even been used in critical situations as listed above).

Of course, the other question is that where do you draw the line at what 'programming' is. Is writing a Visual Basic script programming? Is JavaScript programming? These are all tools that cannot be easily controlled as too many users use them already. So trying to limit all programming is near impossible. But certainly regulating and certifying programs that run the public infrastructure and those that write them is a good step.