Some Challenges for Computer Science/Engineering in the 21st Century

A speech delivered at CRA's Conference at Snowbird 2000
July 9, 7:30-9:30 pm

Speaker: William A. Wulf (President, National Academy of Engineering; AT&T Professor, University of Virginia)
[slides] [transcript]

<< return to program

"Some Challenges for Computer Science/Engineering in the 21st Century"
a transcript

presented by
William A. Wulf
President, National Academy of Enginnering, and
AT&T Professor, University of Virginia

CRA Conference at Snowbird
Dinner Speech
July 9, 2000

I vividly remember the last time I spoke at a Snowbird Conference. It was in 1990 
and I was, at the time, the Assistant Director of NSF for CISE, and they had the same 
music! But it went on for the whole talk. And I swear it got louder. 

First, I want to warn you to be suspicious of anyone who presents a talk with a 
title like this one. I will try to talk about some challenges, with the emphasis on the word 
some. I'm not sure that any of the challenges will be a surprise to you, but, on the other 
hand, maybe putting them all together in one place will be useful. Second, I'm going to 
focus on the non-technical challenges. I discovered that I had really a tough time putting 
the slides together because the issues are orthogonal--they don't parse out into a nice little 
tree structure.

The record of the information processing community in predicting the 
implications of information technology is very bad. You all know about the famous IBM 
prediction that there would be a global [????] market for six computers. You may or may 
not know about Ken Olson's prediction in 1978 that nobody would want a computer in 
his home. This was, of course, two years before the IBM PCs debuted. And of course 
there was Bill Gates' famous comment that he couldn't see why anybody would want 
more than 640 kilobytes of memory. 

I think the common thread that runs through these mispredictions is that people 
make a set of assumptions about what the future is going to be like, which roughly 
translates to: "It's going to be like now, just better." When the need for six computers 
was predicted, the only computers in the world were used to compute ballistic tables. 
And if you asked how many ballistic-table computations you need, six might have been a 
very reasonable number. We are also talking about a refrigerator-sized device that 
required air conditioning and an hour or two of preventive maintenance every day. I 
wouldn't want one of those in my home either. And Bill Gates didn't have color or sound 
or motion when he made his prediction.

I'm going to try not to make that mistake because I know it is hard for me to ferret 
out the assumptions that I make. So I'm going to primarily ask questions rather than 
answer them. 

Challenge 1?the challenge of being so damned relevant. I think I overheard at 
least three or four conversations during the day today talking about the problems of the 
commitment on the part of both faculty and students because of the dot.coms, because of 
stock options, and because of signing bonuses?something that has touched virtually 
everybody in this room. 

The second point I probably need to explain. And I don't think this is just being an 
old guy thinking the past was better. But I think the quality of the interaction between 
computer science departments and industry has changed. I did a lot of work with industry 
as a young faculty member, and it was a marvelous two-way street because they had 
problems and we had ideas. And nobody talked about intellectual property. The Bayh-
Dole Act didn't come along until the early 1980s and so universities had no way to own 
intellectual property. Our benefit was simply the recognition from our colleagues in 
terms of our intellectual contributions. There's still a lot of interaction between industry 
and academia, particularly in our field, but the quality is different and I think lesser.

We have little or no post-doc pool. I used to think that was because we weren't 
producing enough Ph.Ds. I think we could double the production and it would be exactly 
the same because there is such a great market for that talent. But it really has an impact 
on the way we conduct research, compared with certain other fields. And I happen to 
think the life sciences are irresponsible in their overproduction of Ph.Ds. [a few words 
following here were not clear.]

This notion that we're so damned relevant is something that is not customary for 
academic departments. So we as academics are being asked to behave in ways that are 
different from, and hence not understood by, our academic colleagues.

I was sitting next to Fran Allen, and she made a comment about having devised a code of 
ethics for software engineers for IEEE CS and ACM. And I told her I thought I might 
challenge that. What I meant was that I don't understand what it means to behave 
ethically when you literally don't know what you're doing and can't know. If I get 
anywhere close to a technical issue in this talk, it is on this slide. I've had a very 
checkered research career. But one of the things I've done over the years is correctness of 
programs; another is security. We all know what the security problem is for ordinary 
equivalents, given some set of assumptions. a) precondition p opposed to condition 
q?the questions is, under the assumptions, does p imply this precondition, or at least 
does this precondition apply to the program [unintelligible]. Easy enough. You can't ever 
prove anything, but at least the problem is well formulated. I think the problem is not 
well formulated for computer security. Basically the correctness statement for security is: 
Prove that there does not exist a sequence of commands such that those commands 
applied to the program will make something bad happen, where something bad is 
undefined and undefinable. I'll come back to that point and explain a little bit more what 
I mean by it.

But the second issue, having to do with "you can't know," deals with original 
properties. These are properties of programs that, in fact, may be perfectly correct in the 
sense of doing whatever the post-condition said to do. But they also do some other things 
that you didn't anticipate. 

In 1992, there was a big research lab study of 50 problems in security. It turned 
out that 22 were problems with the specifications. I don't want to say errors in 
specifications; rather there were things in the specifications that someone thought were 
essential to the correct operation of the program, but which, in fact, could be exploited by 
a clever person to cause the program to do something bad. The problem wasn't the 
program; the problem was not understanding all of the ways in which those properties 
might be used. 

I happened to be sitting at the top of some very clever engineers. I flapped my 
gums until they got sore trying to explain to them that the usual engineering solution 
doesn't work. The usual ethical thing for an engineer to do is to overdesign--you make it 
bigger and stronger than all your calculations show it has to be. But in a piece of 
software, if you add more you're probably making the problem worse. There are more 
ways in which things can interact that you might not anticipate. 

By the way, I think all the rest of the engineering fields are going to experience 
the same thing as they build more and more complicated systems, as they build systems 
that have more and more interactions between different kinds of components, including 
IT components. We just have to face it a little bit sooner.

I don't know what it means to behave ethically when you can't know what you are 
doing. I think it's a profound problem, and I think this field has to think it through.

Growing Responsibility?I'm going to talk about it in a number of different areas. 
First of all, the broad [ ] education. Not too long ago, the NRC produced a report, 
the title of which used the name "fitness" (fluency in IT). I don't see how someone can 
call himself a liberally educated adult in the 21st century without having a much deeper 
understanding of the fundamentals of IT or computation than he currently has. I have 
struggled to think of an analogy in the physical world. The difference is you don't realize 
how much implicit knowledge of the physical world is embedded in our culture that kids 
acquire as a part of growing up. Newton's law of gravitation in its particular form may be 
a surprise in high school, but the notion that there is a force pulling you down, even the 
name Newton and the apple bouncing off his head, is a part of the culture. IT and 
computation are such relatively new concepts that there is no counterpart. They are not a 
piece of our culture, and somehow we must compensate for that in our educational 
system. I don't know any way to do that, other than for information processing 
technologists, computer scientists, and computer engineers to take an aggressive 
leadership position.

I believe two things. First, that there is going to be a more profound effect on 
scholarship in the humanities over the next few years because of IT and all the sciences. 
I think it is going to radically transform scholarship in the arts. Second, I believe that 
every time computer scientists and computer engineers have walked up to a radically new 
problem, they've learned a lot. So I think there's an enormous opportunity to further the 
computer science field by helping humanities scholars and artists. There's a funding 
problem, but in terms of really novel intellectual nuggets that you haven't thought about, 
they're here. 

I am asked to do all kinds of funny things in this position. One of them was to 
speak to new Members of Congress on issues of IT that were likely to come up in the 
106th Congress. I wrote down a list for myself. I have to tell you, creating a list surprised 
me. One list was of issues that I knew would come up in their session. The other was of 
things I thought were further off, but important. The list surprised me in three ways. It 
was longer than I ever anticipated--five pages of cryptic notes to myself. Most items 
were no more than 2 lines. Second, I was surprised at how fundamental many of the 
issues were. Third, I was really struck that what I thought of as the far-off stuff wasn't all 
that far off if you thought in terms of things you ought to be thinking seriously about. So 
let me just give you some examples. 

The first one I became aware of when I was in a workshop with Professor 
[ ] at Georgetown University, and she said to me: "You know, there are a handful 
of philosophies for legal systems around the world, and they really can be quite different 
from each other. Islamic law is based on a whole set of philosophies that are very 
different from English law. But there are only one or two things that are common to all of 
them. One of them is jurisdiction?the notion that laws are defined by place. What about 
cyberspace? There have actually been some cases--one some years ago that received a 
lot of notoriety but never actually came to trial where a prosecutor in Tennessee tried to 
prosecute someone in California for hosting a pornographic website. The application of 
national and state standards concerning pornography come into play. 

It is not a trivial question. Germany has brought down AOL at least once over 
exactly this issue. What scares me is that although I can talk to a group like you and you 
nod your head, in fact I know of no scholarship being done on the issue. 

An even tougher issue is: What does it mean to be a sovereign nation in 
cyberspace? It is not clear. It is clear to me, on the other hand, that we are very strongly 
moving in a direction away from representative democracy toward participatory 
democracy. It is most evident in the ballot initiatives in a number of states, which are 
increasing. However, if you don't think that the Senate vote on Monday morning is not 
influenced by a CNN poll on Sunday night, you'd be wrong. The ability of a Member of 
Congress to stand up and do what is right, or what she perceives to be right, in the face of 
a negative poll is increasing exponentially. 

Issues of national defense and law enforcement. One of the really special things 
about this country is the civilian control of the military. Essentially the military operates 
outside the United States, and law enforcement inside. The military is never used to 
enforce civilian law. With the use of IT, the borders are not obvious. It is often not clear 
who has authority or what the rules of engagement are. It is clear, for example, that all of 
the UN regulations enable us to take military action against another country only if force 
is used against us. It is not clear what would happen if people in the United States were 
being killed because of a cyberattack. According to UN treaties, we would be unable to 
do anything about it using physical force.

We have incredibly important social institutions, like universities, that I think are 
going to be profoundly transformed because of IT. I have written on this, if you want a 
copy. I can't think of a better example of an entity that's in the information business than 
a university. Universities create information, they store it, they wholesale it, they retail it-
-they are fundamentally in the information business. And whenever a technology comes 
along that changes the business climate, you have to believe that the organization is either 
going to change dramatically in response, or is not going to exist anymore. 

I have finally managed to get an NRC study going on the impact of IT on the 
future of the research university. I think there are going to be profound changes.

I put three things here that are different challenges, but I think they are all of a 

I was recently at a conference in Zurich, where the speakers were made up of a 
group of old guys like myself. One of them stood up and said that all of the hard 
problems in computer science had been solved. My personal opinion about that is that 
we picked the low-hanging fruit. I think there are new kinds of problems. I think, for 
example, that if we were to try to aggressively support humanity scholars, we would find 
a class of hard problems that no one is thinking about yet. 

The second challenge is being both a discipline and an infrastructure. I can't think 
of anything else on campus, except maybe mathematics, that has the same problem, and 
math does not require stringing wires or air-conditioned rooms. It is a real challenge. It is 
a real challenge at the NSF, which houses both computer research and science and 
computer engineering research, and the supercomputer centers, in the same directorate. 
There's a tension there that you don't get in more purely disciplinary-oriented 
directorates. Is that bad? No, it just is. 

We have the same problems with computer centers, and with IT organizations and 
the academic departments in universities. I don't need to say anything more about that to 
this group.

I frequently seem to get involved in discussions about whether this discipline is a 
science or engineering or something else. I'd like to shoot whomever it was who came up 
with the name "computer science." I think one of the [hardest] things about this 
discipline is that it's been both--it's managed to embrace everything from computability 
theory, logic, through crafty net programming, and every point in between. There's a 
great strength in that. We should pity the other departments on campus. There's only one 
nature. There's not a physics nature and a chemistry nature and a biology nature. Those 
are human constructs. If you set out to understand nature, you've carved it up in such a 
way that people can't talk to each other because their vocabularies are different, their 
technologies are different, their funding agencies are different, and their cultural morals 
are different. This is not a way to improve the understanding of nature. 

I think we are science, we're engineering, we're infrastructure, we're a whole 
bunch of things. We are different. We don't have a choice. If you think that you're like 
another academic department or you want to model yourself on the traditional academic 
disciplines, you'll lose something very important because we're not like those folks. 

That leaves us with a bunch of problems. How can we be a discipline and an 
infrastructure? How do we form a code of ethics when we don't know what we are doing? 
But these problems are also opportunities. The whole reason that I formulated this talk 
the way I did was I came to [sell] opportunities to you?the leadership of the computer 
science and computer engineering intellectual community. You can all go off and do your 
research, that's great, but there are some really deep social?philosophical almost? 
problems that in some ways only you can think about. You nab an ethicist, as I have 
done, and try to explain some of the issues here and you don't get very far because they 
don't have a sense of the problems. I just had an extended e-mail communication with 
someone who couldn't get through his head what Moore's Law meant to us as a 
discipline. I think this group needs to take this initiative and grapple with these problems. 


<< return to program