Some Challenges for Computer Science/Engineering in the 21st Century
A speech delivered at CRA's Conference at Snowbird 2000
July 9, 7:30-9:30 pm
| Speaker:
|
William A. Wulf (President, National Academy of
Engineering; AT&T Professor, University of Virginia)
|
|
|
[slides] [transcript]
|
"Some Challenges for Computer Science/Engineering in the 21st Century"
a transcript
presented by
William A. Wulf
President, National Academy of Enginnering, and
AT&T Professor, University of Virginia
CRA Conference at Snowbird
Dinner Speech
July 9, 2000
I vividly remember the last time I spoke at a Snowbird Conference. It was in 1990
and I was, at the time, the Assistant Director of NSF for CISE, and they had the same
music! But it went on for the whole talk. And I swear it got louder.
First, I want to warn you to be suspicious of anyone who presents a talk with a
title like this one. I will try to talk about some challenges, with the emphasis on the word
some. I'm not sure that any of the challenges will be a surprise to you, but, on the other
hand, maybe putting them all together in one place will be useful. Second, I'm going to
focus on the non-technical challenges. I discovered that I had really a tough time putting
the slides together because the issues are orthogonal--they don't parse out into a nice little
tree structure.
The record of the information processing community in predicting the
implications of information technology is very bad. You all know about the famous IBM
prediction that there would be a global [????] market for six computers. You may or may
not know about Ken Olson's prediction in 1978 that nobody would want a computer in
his home. This was, of course, two years before the IBM PCs debuted. And of course
there was Bill Gates' famous comment that he couldn't see why anybody would want
more than 640 kilobytes of memory.
I think the common thread that runs through these mispredictions is that people
make a set of assumptions about what the future is going to be like, which roughly
translates to: "It's going to be like now, just better." When the need for six computers
was predicted, the only computers in the world were used to compute ballistic tables.
And if you asked how many ballistic-table computations you need, six might have been a
very reasonable number. We are also talking about a refrigerator-sized device that
required air conditioning and an hour or two of preventive maintenance every day. I
wouldn't want one of those in my home either. And Bill Gates didn't have color or sound
or motion when he made his prediction.
I'm going to try not to make that mistake because I know it is hard for me to ferret
out the assumptions that I make. So I'm going to primarily ask questions rather than
answer them.
Challenge 1?the challenge of being so damned relevant. I think I overheard at
least three or four conversations during the day today talking about the problems of the
commitment on the part of both faculty and students because of the dot.coms, because of
stock options, and because of signing bonuses?something that has touched virtually
everybody in this room.
The second point I probably need to explain. And I don't think this is just being an
old guy thinking the past was better. But I think the quality of the interaction between
computer science departments and industry has changed. I did a lot of work with industry
as a young faculty member, and it was a marvelous two-way street because they had
problems and we had ideas. And nobody talked about intellectual property. The Bayh-
Dole Act didn't come along until the early 1980s and so universities had no way to own
intellectual property. Our benefit was simply the recognition from our colleagues in
terms of our intellectual contributions. There's still a lot of interaction between industry
and academia, particularly in our field, but the quality is different and I think lesser.
We have little or no post-doc pool. I used to think that was because we weren't
producing enough Ph.Ds. I think we could double the production and it would be exactly
the same because there is such a great market for that talent. But it really has an impact
on the way we conduct research, compared with certain other fields. And I happen to
think the life sciences are irresponsible in their overproduction of Ph.Ds. [a few words
following here were not clear.]
This notion that we're so damned relevant is something that is not customary for
academic departments. So we as academics are being asked to behave in ways that are
different from, and hence not understood by, our academic colleagues.
I was sitting next to Fran Allen, and she made a comment about having devised a code of
ethics for software engineers for IEEE CS and ACM. And I told her I thought I might
challenge that. What I meant was that I don't understand what it means to behave
ethically when you literally don't know what you're doing and can't know. If I get
anywhere close to a technical issue in this talk, it is on this slide. I've had a very
checkered research career. But one of the things I've done over the years is correctness of
programs; another is security. We all know what the security problem is for ordinary
equivalents, given some set of assumptions. a) precondition p opposed to condition
q?the questions is, under the assumptions, does p imply this precondition, or at least
does this precondition apply to the program [unintelligible]. Easy enough. You can't ever
prove anything, but at least the problem is well formulated. I think the problem is not
well formulated for computer security. Basically the correctness statement for security is:
Prove that there does not exist a sequence of commands such that those commands
applied to the program will make something bad happen, where something bad is
undefined and undefinable. I'll come back to that point and explain a little bit more what
I mean by it.
But the second issue, having to do with "you can't know," deals with original
properties. These are properties of programs that, in fact, may be perfectly correct in the
sense of doing whatever the post-condition said to do. But they also do some other things
that you didn't anticipate.
In 1992, there was a big research lab study of 50 problems in security. It turned
out that 22 were problems with the specifications. I don't want to say errors in
specifications; rather there were things in the specifications that someone thought were
essential to the correct operation of the program, but which, in fact, could be exploited by
a clever person to cause the program to do something bad. The problem wasn't the
program; the problem was not understanding all of the ways in which those properties
might be used.
I happened to be sitting at the top of some very clever engineers. I flapped my
gums until they got sore trying to explain to them that the usual engineering solution
doesn't work. The usual ethical thing for an engineer to do is to overdesign--you make it
bigger and stronger than all your calculations show it has to be. But in a piece of
software, if you add more you're probably making the problem worse. There are more
ways in which things can interact that you might not anticipate.
By the way, I think all the rest of the engineering fields are going to experience
the same thing as they build more and more complicated systems, as they build systems
that have more and more interactions between different kinds of components, including
IT components. We just have to face it a little bit sooner.
I don't know what it means to behave ethically when you can't know what you are
doing. I think it's a profound problem, and I think this field has to think it through.
Growing Responsibility?I'm going to talk about it in a number of different areas.
First of all, the broad [ ] education. Not too long ago, the NRC produced a report,
the title of which used the name "fitness" (fluency in IT). I don't see how someone can
call himself a liberally educated adult in the 21st century without having a much deeper
understanding of the fundamentals of IT or computation than he currently has. I have
struggled to think of an analogy in the physical world. The difference is you don't realize
how much implicit knowledge of the physical world is embedded in our culture that kids
acquire as a part of growing up. Newton's law of gravitation in its particular form may be
a surprise in high school, but the notion that there is a force pulling you down, even the
name Newton and the apple bouncing off his head, is a part of the culture. IT and
computation are such relatively new concepts that there is no counterpart. They are not a
piece of our culture, and somehow we must compensate for that in our educational
system. I don't know any way to do that, other than for information processing
technologists, computer scientists, and computer engineers to take an aggressive
leadership position.
I believe two things. First, that there is going to be a more profound effect on
scholarship in the humanities over the next few years because of IT and all the sciences.
I think it is going to radically transform scholarship in the arts. Second, I believe that
every time computer scientists and computer engineers have walked up to a radically new
problem, they've learned a lot. So I think there's an enormous opportunity to further the
computer science field by helping humanities scholars and artists. There's a funding
problem, but in terms of really novel intellectual nuggets that you haven't thought about,
they're here.
I am asked to do all kinds of funny things in this position. One of them was to
speak to new Members of Congress on issues of IT that were likely to come up in the
106th Congress. I wrote down a list for myself. I have to tell you, creating a list surprised
me. One list was of issues that I knew would come up in their session. The other was of
things I thought were further off, but important. The list surprised me in three ways. It
was longer than I ever anticipated--five pages of cryptic notes to myself. Most items
were no more than 2 lines. Second, I was surprised at how fundamental many of the
issues were. Third, I was really struck that what I thought of as the far-off stuff wasn't all
that far off if you thought in terms of things you ought to be thinking seriously about. So
let me just give you some examples.
The first one I became aware of when I was in a workshop with Professor
[ ] at Georgetown University, and she said to me: "You know, there are a handful
of philosophies for legal systems around the world, and they really can be quite different
from each other. Islamic law is based on a whole set of philosophies that are very
different from English law. But there are only one or two things that are common to all of
them. One of them is jurisdiction?the notion that laws are defined by place. What about
cyberspace? There have actually been some cases--one some years ago that received a
lot of notoriety but never actually came to trial where a prosecutor in Tennessee tried to
prosecute someone in California for hosting a pornographic website. The application of
national and state standards concerning pornography come into play.
It is not a trivial question. Germany has brought down AOL at least once over
exactly this issue. What scares me is that although I can talk to a group like you and you
nod your head, in fact I know of no scholarship being done on the issue.
An even tougher issue is: What does it mean to be a sovereign nation in
cyberspace? It is not clear. It is clear to me, on the other hand, that we are very strongly
moving in a direction away from representative democracy toward participatory
democracy. It is most evident in the ballot initiatives in a number of states, which are
increasing. However, if you don't think that the Senate vote on Monday morning is not
influenced by a CNN poll on Sunday night, you'd be wrong. The ability of a Member of
Congress to stand up and do what is right, or what she perceives to be right, in the face of
a negative poll is increasing exponentially.
Issues of national defense and law enforcement. One of the really special things
about this country is the civilian control of the military. Essentially the military operates
outside the United States, and law enforcement inside. The military is never used to
enforce civilian law. With the use of IT, the borders are not obvious. It is often not clear
who has authority or what the rules of engagement are. It is clear, for example, that all of
the UN regulations enable us to take military action against another country only if force
is used against us. It is not clear what would happen if people in the United States were
being killed because of a cyberattack. According to UN treaties, we would be unable to
do anything about it using physical force.
We have incredibly important social institutions, like universities, that I think are
going to be profoundly transformed because of IT. I have written on this, if you want a
copy. I can't think of a better example of an entity that's in the information business than
a university. Universities create information, they store it, they wholesale it, they retail it-
-they are fundamentally in the information business. And whenever a technology comes
along that changes the business climate, you have to believe that the organization is either
going to change dramatically in response, or is not going to exist anymore.
I have finally managed to get an NRC study going on the impact of IT on the
future of the research university. I think there are going to be profound changes.
I put three things here that are different challenges, but I think they are all of a
piece.
I was recently at a conference in Zurich, where the speakers were made up of a
group of old guys like myself. One of them stood up and said that all of the hard
problems in computer science had been solved. My personal opinion about that is that
we picked the low-hanging fruit. I think there are new kinds of problems. I think, for
example, that if we were to try to aggressively support humanity scholars, we would find
a class of hard problems that no one is thinking about yet.
The second challenge is being both a discipline and an infrastructure. I can't think
of anything else on campus, except maybe mathematics, that has the same problem, and
math does not require stringing wires or air-conditioned rooms. It is a real challenge. It is
a real challenge at the NSF, which houses both computer research and science and
computer engineering research, and the supercomputer centers, in the same directorate.
There's a tension there that you don't get in more purely disciplinary-oriented
directorates. Is that bad? No, it just is.
We have the same problems with computer centers, and with IT organizations and
the academic departments in universities. I don't need to say anything more about that to
this group.
I frequently seem to get involved in discussions about whether this discipline is a
science or engineering or something else. I'd like to shoot whomever it was who came up
with the name "computer science." I think one of the [hardest] things about this
discipline is that it's been both--it's managed to embrace everything from computability
theory, logic, through crafty net programming, and every point in between. There's a
great strength in that. We should pity the other departments on campus. There's only one
nature. There's not a physics nature and a chemistry nature and a biology nature. Those
are human constructs. If you set out to understand nature, you've carved it up in such a
way that people can't talk to each other because their vocabularies are different, their
technologies are different, their funding agencies are different, and their cultural morals
are different. This is not a way to improve the understanding of nature.
I think we are science, we're engineering, we're infrastructure, we're a whole
bunch of things. We are different. We don't have a choice. If you think that you're like
another academic department or you want to model yourself on the traditional academic
disciplines, you'll lose something very important because we're not like those folks.
That leaves us with a bunch of problems. How can we be a discipline and an
infrastructure? How do we form a code of ethics when we don't know what we are doing?
But these problems are also opportunities. The whole reason that I formulated this talk
the way I did was I came to [sell] opportunities to you?the leadership of the computer
science and computer engineering intellectual community. You can all go off and do your
research, that's great, but there are some really deep social?philosophical almost?
problems that in some ways only you can think about. You nab an ethicist, as I have
done, and try to explain some of the issues here and you don't get very far because they
don't have a sense of the problems. I just had an extended e-mail communication with
someone who couldn't get through his head what Moore's Law meant to us as a
discipline. I think this group needs to take this initiative and grapple with these problems.
7/31/00
JS