Where is the sabotage? The article you're sharing is from 2013. In the 6 years since, has there been a followup that shows that this malfunction was intentional, i.e. not a bug? And any documents that describe the intended malbehavior?
The Boeing 737 MAX crashes killed a lot of people, but the corporate behavior behind that is going to be treated differently than an airport mechanic who tries to sabotage a plane's equipment (nevermind leaves evidence of intent, and later pleas guilty to it)
> In the 6 years since, has there been a followup that shows that this malfunction was intentional, i.e. not a bug?
Why assume it's a bug? That should be for them to prove. And why would there be a follow-up if they never get prosecuted in the first place? Follow up by who?
> And any documents that describe the intended malbehavior?
Selling devices that betray their owners isn't enough - they'd have to also be incompetent enough to create documents that is what they intended?
Just what kind of insane standard of proof do you require for a prosecution to start (not convict, start)?
So are you going to cite the specific section, or are you avoiding it because you don't want to talk about the parts that say "knowingly and with intent"?
They knowingly and with intent implemented spying functionality, and knowingly and with intent made a button that claims to turn it off. The only part they might not have done knowingly and with intent is the part where that button does nothing.
Now they're free to argue that was a bug, but they should do so in court - just how much benefit of the doubt do you think they should get before a prosecution is launched? If there's a murder, do you just assume it was in self-defense, without any evidence offered to that effect?
Spreadsheets are a remarkably effective way to get things done, especially table driven things.
Lots of “non programmers” can accomplish a huge amount with spreadsheets, and if you occasionally need something more advanced you can get a professional software dev to implement it.
Compress that to the alternative: paying someone to develop a pile of custom software, and then if your needs change you require a contractor to come in a modify that code for you. Typically you have to use the original contractor because such contract don’t usually include source access.
But seriously: don’t underestimate the power of spreadsheets.
It's always cheaper to add one more patch, or bring in the contractor one more time than it is to rebuild the entire system from scratch. In aggregate this stops being true eventually, but I imagine this isn't a part of the system that may people are even aware of until it breaks -- and at that point you need a fix yesterday.
Reminds me of the printers that would show error messages after a while just to get you to buy a new one. Seems to be part of the culture to cheat people that don't know too much about IT and that is really unfortunate.
Wow, I'm surprised this is considered a crime, and not just some civil lawsuit case. What are the criminal laws that this applies too to justify the jail time?
While I'm not familiar with this exact case I'd bet on it being covered by the computer fraud and abuse act. It gives law enforcement a lot of latitude to charge you for misuse of a computer system and has criminal penalties.
Take what follows with a grain of salt, these are just thoughts that quickly crossed my mind, I haven't spent much time elaborating the ethics of this all.
First I thought of all the things that warrant and don't warrant jail time, the financial crimes, the inappropriate loaning practices, the breaking of NDAs, the intentional lock in that some software systems put in place, the theft of code by John Carmack, the lack of security measures to protect user data of most companies, the inappropriate use of open source work without respecting the license terms, etc. If these don't warrant jail time, why this?
Then I just wondered about the inherent act. Let's say it was unethical. It still feels harsh to me to give it jail time. You say great damage, but I see it more as lesser benefits. Clearly, the excel sheets actually saved the company money over many years, otherwise they would just have gone back to doing it manually or paid for some other system. This is even including the time bomb. So overall it feels like Siemens was still content and happy with the whole thing. There was no act of say infecting other systems or stealing data, or ramsoning, etc.
Then I wondered about the precedent this can set. Could I be liable for jail time for a bug I mistakenly introduced, what if a company with good lawyers made a case it was introduced on purpose as a time bomb? Maybe I made a variable an int instead of a long one day and it overflows and I get sent to jail for it? Do I have to worry about that now? Any limits I put in a system could be seen as a time bomb and cause me to go to jail.
Finally I thought about the idea of shelf life. I hire a home contractor and they cheap out on the number of nails and material used? Doubt they go to jail for that, even though it was intentional. What about appliance manufacturer building appliances they know won't last very long? What about products that can't be repaired intentionally? None of that, that I know of, results in Jail time? So why is making software that doesn't last forever warranting jail time? Why isn't just contractual? Did they specify how long it had to work? Why can't software have a shelf life?
What's interesting about coding is how self-incriminating it can be. Unless you are being sly (which apparently was not the case), you are writing down your whole intent.
