It's not uncommon to be fighting the clock in a figurative sense -- meeting tight deadlines, juggling multiple projects. Over the past couple of weeks, however, I and other consultants in my firm have been fighting the clock in a very literal sense -- battling with
Microsoft Corp. (Nasdaq: MSFT) Outlook calendars that turned against us.
Due to a glitch we never fully diagnosed, some calendar items sent out via email would mysteriously display themselves in the recipient’s calendar as an hour later than the scheduled time. The organizer’s (his name is Joe) calendar would say "0900 meeting," but the recipient’s calendar (her name is Alyson) would say "1000 meeting."
What made this glitch particularly insidious was that it occurred in a seemingly random manner: Joe would send "0900 meeting" to other people, and they would have the right time. Alyson would get "0800 meeting" from someone else, and it would show up fine. But then Joe might get a "1200 meeting" request from Anuj and find our later that the meeting was actually scheduled at 11:00 -- after an angry call from Anuj.
The glitch may be related to the change in Daylight Saving Time being unevenly applied across computers, and it seems to have resolved itself after we passed the "old" DST on April 5. But the technical explanation of the glitch is less important than the impact that it caused.
Meetings were missed. Confusion spread ("There’s something wrong with Outlook!" "Are you sure? I haven’t had any problems!"). Emergency calls were held. Meetings were confirmed by phone and email, and then reconfirmed. Email was abuzz with proposed solutions, both complex and elegantly simple ("Just put the meeting time in the subject line"). I’m sure the "calendar card" got played as an excuse by a few people "Oops, missed the boring meeting... must have been the calendar thing."
But the greatest impact got summarized in an email I received, which ended with "I'm not sending anymore calendar cards. I don’t trust the calendar." We lost faith in our data.
This fairly minor incident made me think hard about just how important data integrity is in the Web 2.0 world. It also made me think about just how much we take data integrity for granted. When we conduct an online transaction, we’ve come to completely expect and trust that the data received is the data we sent, and that the data we receive is just as accurate.
But this recent calendar debacle made me realize just how easy it can be to undermine trust. While I haven’t been keeping anything resembling an accurate count, I’d estimate the number of actual calendar transactions impacted by the glitch was probably less than 20 percent. The real impact in terms of lost time and dollars was probably pretty negligible. But in a relatively short period of time and with a relatively small number of incidents, our trust in one of our most fundamental IT tools was significantly undermined.
We’re a small company; if this had happened in a much larger scale environment -- say the federal government -- the impact would have been, well, I won’t say catastrophic, but definitely significant. And what if the data impacted had been financial transactions (randomly shifting a decimal point impacting certain accounts, for instance) instead of calendar items?
An attack that undermines trust in our online systems and data, even if conducted on a fairly small scale, could be as -- or more -- catastrophic than a massive denial-of-service attack or wide-scale data theft. Are we thinking enough about data integrity or is this a potential online time bomb?
I would spend more time thinking about it here, but I’ve got several meetings this week and I’ve got to go reconfirm the times -- just to be sure.
— Bryan Pelley is a Principal with Toffler Associates.