Sorry guys, but most of the comments in this thread remind me of why we IT people have so much bad PR to overcome.
We're blaming the user for our mistake. That's like blaming the cow for leaving the pasture because one of us forgot to lock the gate.
The simple fact is that this user should have never been able to be in a position for this to happen.
Where were the IT security policies and procedures? Why was mission critical data on someone's c: drive? When (if ever) was the last audit?
We curse enterprise IT departments because they are so slow at getting things done, but they are really, really good at putting in place the things that would never allow this to happen. I have customers with strict policies regarding the protection of mission critical data, and I bet that none of it is as important as what was routinely put onto this laptop and paraded around town.
Public companies are responsible to their shareholders and the SEC. Private companies are responsible to their investors and creditors. Why weren't the same protections put in place to the trustees and taxpayers in this case?
Every nanosecond this researcher has to worry about performing routine IT overhead is a nanosecond not spent on critical research. The technological solutions to problems like this have been around for years. Why weren't they in place?
It's about time for IT to stop blaming the user and fix the problem.
I'm sick of this attitude of "Always be super nice and make sure you over mother your users" crap. You know what: If my car engine seizes because I haven't changed the oil, no one tells the car makers or the mechanics they didn't do thier job right. If I leave the oven on all night and get CO poisoning, no one blames the oven maker for it. If someone doesn't buy renter's insurance we don't blame the apartment owner for them losing their net-worth.
PCs have been almost ubiquitous for 20 years now. For my entire freaking life I have been hearing about how "you need to back up your data". We have consistently made better and better backup tools, like mozy, or backblaze. Yet somehow it is our fault some idiot decided "It won't happen to me!". At some point, we just have to have the users be a tiny little baby step of a bit responsible for their stuff too. Just like accounting makes people responsible for their inventory and expense reports. Just like HR makes people responsible for their own insurance stuff. Sure they help, but crap - people need to be a little grown up in their lives and actions.
Just because this person did not bother to find out about backups from her IT does not make it ITs problem. Hell, you don't even know if there was or wasn't the ability for backups in place. Most university IT shops have lots and lots of capacity and backup options in place -- and they are documented, they just don't force users to do it. You know why? Sanctimonious asshats come from the other direction then, complaining not about how IT must mother the employees, but instead must back off the draconian rules to make users feel more welcome.
tl; dr -- Users should be held to some standard of responsibility and IT is damned when they do and when they don't.
What you say makes perfect sense, but as an academic I have to say it is extremely unlikely that the policies and procedures you mention can be carried over from corporations to academia in a straightforward way.
Academics react extremely badly to being told to follow procedures as part of their daily workflow, especially ones they don't understand the importance of. In fact, a big part of the reason that they're in academia in the first place is that they're not able to handle the mundane requirements that are usually in place in the "real world."
For example, someone I work with complains incessantly about the fact that department IT forced him to upgrade from pine — pine, in 2010 — because it is no longer supported. If the IT folks tried to institute rigorous procedures, they would be instantly vilified (and ignored). Unlike in a company where there's a hierarchy, professors don't have anyone above giving them orders, and aren't used to the concept.
Of course, scientific protocols themselves often require lots of procedures, but this is very different because it comes from within and is well-motivated from the point of view of the scientist.
Let me clarify: I do think it is very important that what happened here doesn't happen again, but ensuring that is much harder than someone not familiar with the system might assume. It probably needs to be a mixture of carrots and sticks; I'd say a lot more carrots than sticks.
Hear Hear, true for nonprofits as well, in my mind perhaps even more so, as they exist for the public trust.
I got some fire and ire, restricting users software choices and tools, as it was a zoo before. It is too bad, I dont want to restrict anybody, but to maintain the integrity of the organization information, offer reliability and keep cost low, choices and policy have to be enforced.
Every desktop folder and user folder is synced to a server, restrictions on personal data stores are monitored, and enforced. critical data is copied to an onsite and offsite datastore. I am met with some dissatisfaction by more advanced users at times, but when their desktop/laptop gets fucked (3 year avg for laptop harddrive it seems) login on to a spare and having your desktop just the way you left it, is a huge relief for users.
and we are just a museum, we are not solving the worlds most dire problems.
The reward is only $1,000. While their research may have offered some interesting insights into cancer, they clearly didn't have an absolute cure (for prostate cancer, which is mentioned in the article). If they had a real cure, then around this moment Merk would step in and offer a $10,000,000 reward for the return of the laptop, in exchange for the right to commercialize the technology.
I've several friends who have pursued biology in universities. They could claim that their laptops have data offering possible cures for diabetes, high blood pressure and AIDS. This is the kind of thing they will talk about when we meet for lunch. I realize, of course, that they are not on the verge of a genuine cure. But occasionally their research offers an important new insight. I sense that these researchers, in the story, had info at that level.
Otherwise, the reward would be more than $1,000.
I do think the university should do more to help researchers manage their data.
The idea that a "cure" for any type of cancer would only be on one laptop is absurd. It may work in a movie plot, but in real life, no way.
At best it would have info on how to possibly, vaguely minimise the suffering in some situations. Cancer is not something that one brilliant researcher can "cure" alone.
Reading between the lines and with a healthy dose of cynicism and probability, what is "really" on this laptop is enough irreplaceable data that if not recovered, it will significantly impact and possibly even ruin this researcher's career. Odds are good there's at least one grant with now-unattainable expectations/deadlines. There is a small but finite chance that losing it might actually set a cure of one sort or another back, but, sadly, a much larger chance that it won't help a cure and never would have. Most cancer research doesn't advance the cure dramatically at one stroke, or it would be cured, after all.
(I'm not saying research is worthless. I'm saying that, on the whole, plink a random study and all the research behind done for it and the world won't be very different on the whole. The whole matters more than the parts.)
Still worth $1000 to get it back, for both the data and the career.
Family pictures, unpublished novel and a gigabyte of emails? Fine. But research data that only exists on one consumer-level machine? Work that was financed by her employer and various other organizations? Holy shit.
I work for a University and I laugh so hard every time I hear this.
For the people that say this should be an IT policy issue let me explain to you how academic people work.
Professors and researchers are KINGS and QUEENS. You CANNOT tell them what to do, nor can you force ANYTHING on them.
The only exception are the engineering professors for obvious reasons they have their shit together. Other faculty are just plain morons and think they can do everything on their own.
Professors and researchers get to buy and chose their own laptops, and they can do whatever they want. Unless they fall under the administration side, IT cannot tell them what to put on or do with the laptop.
Just to get off my chess I'll tell you one of many stories. A faculty member brought in his school paid laptop, and he obviously used it for personal reasons. This is his main work laptop with all his data (again we can't force them to follow our policy since they are not administration), so he has no backups or any antivirus scans.
His laptop had over 5000 viruses when I ran a virus scan. This is no joke, I have the screen shot somewhere. I refuse to clean and told him I will rebuild it. Which I did and put all this files back. I explain to him exactly what I did in an email, what he would lose (software etc) and he was okay with it, remember I have this in email. Only when he agreed did I go ahead with the rebuild.
He comes back and writes an email to the department chair that I had broke his laptop and had to rebuild it. Then I lost his software which he paid for and wants the school to pay for it back.
I almost kicked him in he face even if it got me fired. Luckily my boss stepped in and took care of it.
(2) the hardware could have failed just as easy as the laptop got stolen who would get the blame then?
(3) I don't buy the premise that there is 'cancer cure data' on this laptop to begin with until after it has been recovered they come out with a cure for cancer within measurable time.
(4) If the data is on the laptop it got on to the laptop somehow, either by doing experiments and recording the data or by copying it from some other medium, data does not exist in a vacuum as it's 'only copy'.
(5) $1,000 reward? really? that must be some crappy cure.
(6) What if the researcher 'lost' their laptop on purpose? That's a stretch, but with a claim this big I'd really like them to get to work on re-creating their miraculous results rather than cry over spilled milk, after all, recreating the results can't be nearly as much work as it was to do it all the first time. Assuming the experiments were real there should be a whole pile of knowledge that only needs to be verified rather than created from scratch so this is just a matter of time.
(7) I had a laptop with the design for a small and safe nuclear fusion reactor, unfortunately it got stolen...
What sickens me most about this whole thing is that the 'cure for cancer' gets trotted out again giving a whole pile of people hope that there is such a thing.
People need to learn the basics of working with a computer. I can't imagine working for years on an important project without any backup system whatsoever. Getting your computer stolen is only one of the tens of the possible scenarios of things that could happen.
> I can't imagine working for years on an important project without any backup system whatsoever.
I've "worked with computers" since I was a teenager, but for a long time I didn't make backups even though I knew it was something I should have been doing. It wasn't until I actually had a hard drive crash on me that I got backup religion.
When you are up against human nature, no amount of learning can help you.
Of course, she knew about backing up, but who has the time to do it? After all, who wants to figure it out, install stuff, port stuff or even choose a service! Who has the time...
Such things really aren't a result of ignorance, but laziness. Yet again are we any different?
If she ends up losing the data permanently, that will severely hamper her ability to apply for future grants (which usually require preliminary data), and lose funding. This offense is definitely self-punishing.
I'm a student at OUHSC, and her husband, Dr. Janknecht, is one of my professors. Although failing to make a backup is obviously stupid, he is an extremely competent researcher (I don't know her). Clearly, calling the data "a cure" is a bit of hype, but that exaggeration might help in convincing the thief to bring the laptop back.
About computer knowledge in biological research, though -- the state of things is generally abysmal. The average biology Ph.D. can use Excel to find means, SDs, and do t-tests, and that's about it. Even my boss, who specializes in bioinformatics, still uses VB6+MSAccess shudder. Most probably don't know that hard drives CAN fail.
Yet, researchers are fiercely independent and would definitely resist any heavy-handed mandates from campus IT forcing specific OSes or regular backups.
Not really, but kind of... the person doing Cancer Research (or other work that is socially/culturally critical to the world) who did not back up their data should be held criminally responsible.
Not so interested in the punishment as the (possibly non-existant) deterrent effect such laws/prosecution would have. It's fucking ridiculous that in 2011 people are still not backing up their data.
No idea why the parent got downvoted twice (i upvoted to counter one of them). If (and I sincerely doubt it to be the actual case, but the story suggests it is) the researcher is doing paid research and not backing it up at all, those involved in process design (or the researcher themself if there was adequate and clear process guidelines) should be held responsible for some kind of recklessness bordering on fraud. After all, they cannot prove that they have actually done any research right now and someone could similarly take millions and just "lose a laptop". It is comparable to not keeping proper financial records which is typically criminal.
Spideroak.com works too. It automatically backups your data to the cloud (securely encrypted!). It synchronizes your data across multiple machines (and multiple OS) and you can access all past versions of your files. It's free if you don't need more than one or two GB. It's the ideal backup tool for researchers that don't generate tons of data and want a simple backup solution.
This kind of thing makes me wonder... how long until backups are mandatory. I mean, in Windows 10 or OS 11 (aka: IOS 5), will it just come with 10 or 20gb of online storage that's automatically backed up, without the user's input (and is difficult to disable)?
We already have crazy easy backup solutions like mozy, carbonite, backblaze etc but the majority of people don't use them. What happens when the OS makers force you to back up?
And yes... it is totally the IT people's fault for not forcing backups on their users. Sorry but as an IT guy (I am one) it's your responsibility to make sure your users don't get into this kind of a situation!
I wouldn't be surprised if the owner _deliberately_ didn't create backups.
I used to work in academia. Some of the academics I knew were extremely paranoid about anybody (including SysAdmins) accessing their research. They would go to great lengths to to keep their work away from the "prying eyes of the university" (a phrase someone used once). This meant not allowing any access to their personal desktops, laptops, etc. Admins worked around the personal desktop issue by refusing to help them with the inevitable problems unless they got access. But laptops were a different story.
It was a Mac, which most likely came with Time Machine - all she had to do was connect a USB drive (as far as I remember, OS X even asks if you want to use the drive for backups) and she would have had automatic versioned backups.
To be honest, I think most people need backing data up scared into them (e.g., I nearly lost a college project due a HD failure, and now I have multiple redundant backups).
[+] [-] edw519|15 years ago|reply
We're blaming the user for our mistake. That's like blaming the cow for leaving the pasture because one of us forgot to lock the gate.
The simple fact is that this user should have never been able to be in a position for this to happen.
Where were the IT security policies and procedures? Why was mission critical data on someone's c: drive? When (if ever) was the last audit?
We curse enterprise IT departments because they are so slow at getting things done, but they are really, really good at putting in place the things that would never allow this to happen. I have customers with strict policies regarding the protection of mission critical data, and I bet that none of it is as important as what was routinely put onto this laptop and paraded around town.
Public companies are responsible to their shareholders and the SEC. Private companies are responsible to their investors and creditors. Why weren't the same protections put in place to the trustees and taxpayers in this case?
Every nanosecond this researcher has to worry about performing routine IT overhead is a nanosecond not spent on critical research. The technological solutions to problems like this have been around for years. Why weren't they in place?
It's about time for IT to stop blaming the user and fix the problem.
[+] [-] sophacles|15 years ago|reply
PCs have been almost ubiquitous for 20 years now. For my entire freaking life I have been hearing about how "you need to back up your data". We have consistently made better and better backup tools, like mozy, or backblaze. Yet somehow it is our fault some idiot decided "It won't happen to me!". At some point, we just have to have the users be a tiny little baby step of a bit responsible for their stuff too. Just like accounting makes people responsible for their inventory and expense reports. Just like HR makes people responsible for their own insurance stuff. Sure they help, but crap - people need to be a little grown up in their lives and actions.
Just because this person did not bother to find out about backups from her IT does not make it ITs problem. Hell, you don't even know if there was or wasn't the ability for backups in place. Most university IT shops have lots and lots of capacity and backup options in place -- and they are documented, they just don't force users to do it. You know why? Sanctimonious asshats come from the other direction then, complaining not about how IT must mother the employees, but instead must back off the draconian rules to make users feel more welcome.
tl; dr -- Users should be held to some standard of responsibility and IT is damned when they do and when they don't.
[+] [-] randomwalker|15 years ago|reply
Academics react extremely badly to being told to follow procedures as part of their daily workflow, especially ones they don't understand the importance of. In fact, a big part of the reason that they're in academia in the first place is that they're not able to handle the mundane requirements that are usually in place in the "real world."
For example, someone I work with complains incessantly about the fact that department IT forced him to upgrade from pine — pine, in 2010 — because it is no longer supported. If the IT folks tried to institute rigorous procedures, they would be instantly vilified (and ignored). Unlike in a company where there's a hierarchy, professors don't have anyone above giving them orders, and aren't used to the concept.
Of course, scientific protocols themselves often require lots of procedures, but this is very different because it comes from within and is well-motivated from the point of view of the scientist.
Let me clarify: I do think it is very important that what happened here doesn't happen again, but ensuring that is much harder than someone not familiar with the system might assume. It probably needs to be a mixture of carrots and sticks; I'd say a lot more carrots than sticks.
[+] [-] doron|15 years ago|reply
I got some fire and ire, restricting users software choices and tools, as it was a zoo before. It is too bad, I dont want to restrict anybody, but to maintain the integrity of the organization information, offer reliability and keep cost low, choices and policy have to be enforced.
Every desktop folder and user folder is synced to a server, restrictions on personal data stores are monitored, and enforced. critical data is copied to an onsite and offsite datastore. I am met with some dissatisfaction by more advanced users at times, but when their desktop/laptop gets fucked (3 year avg for laptop harddrive it seems) login on to a spare and having your desktop just the way you left it, is a huge relief for users.
and we are just a museum, we are not solving the worlds most dire problems.
[+] [-] dholowiski|15 years ago|reply
[+] [-] unknown|15 years ago|reply
[deleted]
[+] [-] lkrubner|15 years ago|reply
I've several friends who have pursued biology in universities. They could claim that their laptops have data offering possible cures for diabetes, high blood pressure and AIDS. This is the kind of thing they will talk about when we meet for lunch. I realize, of course, that they are not on the verge of a genuine cure. But occasionally their research offers an important new insight. I sense that these researchers, in the story, had info at that level.
Otherwise, the reward would be more than $1,000.
I do think the university should do more to help researchers manage their data.
[+] [-] stevoski|15 years ago|reply
At best it would have info on how to possibly, vaguely minimise the suffering in some situations. Cancer is not something that one brilliant researcher can "cure" alone.
[+] [-] jerf|15 years ago|reply
(I'm not saying research is worthless. I'm saying that, on the whole, plink a random study and all the research behind done for it and the world won't be very different on the whole. The whole matters more than the parts.)
Still worth $1000 to get it back, for both the data and the career.
[+] [-] apl|15 years ago|reply
Family pictures, unpublished novel and a gigabyte of emails? Fine. But research data that only exists on one consumer-level machine? Work that was financed by her employer and various other organizations? Holy shit.
[+] [-] dabeeeenster|15 years ago|reply
[+] [-] radioactive21|15 years ago|reply
For the people that say this should be an IT policy issue let me explain to you how academic people work.
Professors and researchers are KINGS and QUEENS. You CANNOT tell them what to do, nor can you force ANYTHING on them.
The only exception are the engineering professors for obvious reasons they have their shit together. Other faculty are just plain morons and think they can do everything on their own.
Professors and researchers get to buy and chose their own laptops, and they can do whatever they want. Unless they fall under the administration side, IT cannot tell them what to put on or do with the laptop.
Just to get off my chess I'll tell you one of many stories. A faculty member brought in his school paid laptop, and he obviously used it for personal reasons. This is his main work laptop with all his data (again we can't force them to follow our policy since they are not administration), so he has no backups or any antivirus scans.
His laptop had over 5000 viruses when I ran a virus scan. This is no joke, I have the screen shot somewhere. I refuse to clean and told him I will rebuild it. Which I did and put all this files back. I explain to him exactly what I did in an email, what he would lose (software etc) and he was okay with it, remember I have this in email. Only when he agreed did I go ahead with the rebuild.
He comes back and writes an email to the department chair that I had broke his laptop and had to rebuild it. Then I lost his software which he paid for and wants the school to pay for it back.
I almost kicked him in he face even if it got me fired. Luckily my boss stepped in and took care of it.
[+] [-] nkassis|15 years ago|reply
[+] [-] jacquesm|15 years ago|reply
(2) the hardware could have failed just as easy as the laptop got stolen who would get the blame then?
(3) I don't buy the premise that there is 'cancer cure data' on this laptop to begin with until after it has been recovered they come out with a cure for cancer within measurable time.
(4) If the data is on the laptop it got on to the laptop somehow, either by doing experiments and recording the data or by copying it from some other medium, data does not exist in a vacuum as it's 'only copy'.
(5) $1,000 reward? really? that must be some crappy cure.
(6) What if the researcher 'lost' their laptop on purpose? That's a stretch, but with a claim this big I'd really like them to get to work on re-creating their miraculous results rather than cry over spilled milk, after all, recreating the results can't be nearly as much work as it was to do it all the first time. Assuming the experiments were real there should be a whole pile of knowledge that only needs to be verified rather than created from scratch so this is just a matter of time.
(7) I had a laptop with the design for a small and safe nuclear fusion reactor, unfortunately it got stolen...
What sickens me most about this whole thing is that the 'cure for cancer' gets trotted out again giving a whole pile of people hope that there is such a thing.
[+] [-] oscardelben|15 years ago|reply
[+] [-] lylejohnson|15 years ago|reply
I've "worked with computers" since I was a teenager, but for a long time I didn't make backups even though I knew it was something I should have been doing. It wasn't until I actually had a hard drive crash on me that I got backup religion.
[+] [-] todayiamme|15 years ago|reply
Of course, she knew about backing up, but who has the time to do it? After all, who wants to figure it out, install stuff, port stuff or even choose a service! Who has the time...
Such things really aren't a result of ignorance, but laziness. Yet again are we any different?
[+] [-] ggordan|15 years ago|reply
[+] [-] lylejohnson|15 years ago|reply
[+] [-] michael_dorfman|15 years ago|reply
[+] [-] gilesc|15 years ago|reply
[+] [-] maukdaddy|15 years ago|reply
[+] [-] gilesc|15 years ago|reply
About computer knowledge in biological research, though -- the state of things is generally abysmal. The average biology Ph.D. can use Excel to find means, SDs, and do t-tests, and that's about it. Even my boss, who specializes in bioinformatics, still uses VB6+MSAccess shudder. Most probably don't know that hard drives CAN fail.
Yet, researchers are fiercely independent and would definitely resist any heavy-handed mandates from campus IT forcing specific OSes or regular backups.
[+] [-] tmcw|15 years ago|reply
[+] [-] njharman|15 years ago|reply
Not so interested in the punishment as the (possibly non-existant) deterrent effect such laws/prosecution would have. It's fucking ridiculous that in 2011 people are still not backing up their data.
[+] [-] nopassrecover|15 years ago|reply
[+] [-] siglesias|15 years ago|reply
[+] [-] rarrrrrr|15 years ago|reply
[+] [-] _stephan|15 years ago|reply
[+] [-] gvb|15 years ago|reply
[+] [-] dholowiski|15 years ago|reply
We already have crazy easy backup solutions like mozy, carbonite, backblaze etc but the majority of people don't use them. What happens when the OS makers force you to back up?
And yes... it is totally the IT people's fault for not forcing backups on their users. Sorry but as an IT guy (I am one) it's your responsibility to make sure your users don't get into this kind of a situation!
[+] [-] ajays|15 years ago|reply
I used to work in academia. Some of the academics I knew were extremely paranoid about anybody (including SysAdmins) accessing their research. They would go to great lengths to to keep their work away from the "prying eyes of the university" (a phrase someone used once). This meant not allowing any access to their personal desktops, laptops, etc. Admins worked around the personal desktop issue by refusing to help them with the inevitable problems unless they got access. But laptops were a different story.
[+] [-] tpinto|15 years ago|reply
[+] [-] arethuza|15 years ago|reply
[+] [-] mikerhoads|15 years ago|reply
[+] [-] moondowner|15 years ago|reply
[+] [-] harrybr|15 years ago|reply
If you buy a computer, safety of your data is seen as a luxury add-on, like leather seats.
It's crazy when you think about it.
[+] [-] redacted|15 years ago|reply
To be honest, I think most people need backing data up scared into them (e.g., I nearly lost a college project due a HD failure, and now I have multiple redundant backups).
[+] [-] rogeriopvl|15 years ago|reply
[+] [-] smallblacksun|15 years ago|reply
[+] [-] frank06|15 years ago|reply
[+] [-] calebgilbert|15 years ago|reply