International Journal of Advanced Science and Technology

Vol. 20, July, 2010

Extra-Organisational Systems: A Challenge to the Software

Engineering Paradigm

Dr.D.S.RAO
Dr.dsrao@yahoo.in
HCL Info systems sdn bhd. Malyasia.
Co-Authors
Disha.Handa ,Gaurav Bagga , Ajay Kumar Rangra
Nandini Nayar ,Karan Bajaj ,Shweta Rajput
K.V.Praveen, Vanita.Jaitely

Abstract
Vulnerability is discussed in the context of data processing and information management
applications. It is argued that a new class of information technology applications must now
be recognised, in which one or more organisations cooperate with small enterprises and
private individuals. The term 'extra-organisational systems' is coined for such applications.
Using illustrations arising from studies in the field of consumer EFTS, it is shown that the
public is generally regarded as 'usees', beyond the system and affected by it, rather than as
part of the system. It is argued that conventional systems life-cycle notions and techniques are
inappropriate to extra-organisational systems. Rather than the software engineering,
artefact-oriented philosophy inherent in existing techniques, such systems demand an
alternative organically-based paradigm.

1. Introduction

It is conventional to define vulnerability as "the possibility of loss, injury or denial of

equal rights to a significant segment of the population, the weakening of social
stability, or risks to national sovereignty due to dependency on computer-based
information-technology" (TDR 1981). A variety of sources of risk arising from
information technology (IT) have been classified, and a variety of dimensions
identified, including individual, organisational, economic, social and national
sovereignty (SÅRK 1978, 1979; Hoffman 1986; Holvast 1989; Berleur 1992).

Parallel with the literature on vulnerability, a number of related areas have developed,
especially safety-critical systems and system- and software-safety (e.g. Neumann
1979-, 1986, 1989; Malasky 1982; Perrow 1984; Leveson 1984, 1986, 1990, 1991;
Parnas 1985; Smith 1985; Borning 1987). Systems engineering defines safety
management as the measures taken to reduce the risk of accidents and of hazards,
where the term 'hazard' means a set of conditions that can lead to an accident
(Leveson 1991). Other relevant areas include software quality assurance (AS3563
1991), trusted systems (DoD 1987), risk management (Shain & Anderson 1989),

25
International Journal of Advanced Science and Technology
Vol. 20, July, 2010

information systems failures (Lyytinen & Hirschheim 1987), disaster recovery

planning (Toigo 1989) and service continuity planning (Brunnstein 1991).

Vulnerability is usually discussed in the context of artefacts which manipulate the

environment, such as process control, transportation control and weapons guidance
systems. Vulnerabilities also arise, however, in respect of quite banal IT applications.
Employees' interests are threatened by inadequacies in a payroll system, and by
insensitively designed features of a personnel or human resource management system.
Affluent people rely on the convenience and consistent availability of banking
systems. Social welfare clients are highly dependent on the systems used by
government welfare agencies, and in countries in which welfare payments are now
made into clients' accounts with financial institutions rather than by cash or cheque,
welfare beneficiaries too are heavily dependent on banking systems.

This paper focusses on human vulnerabilities in such more conventional, unromantic

and seemingly harmless data processing and information management applications.
Its thesis is that:

• an increasing number of systems have a character quite different from the

stereotyped administrative data processing system;
• this character embodies very important and easily overlooked vulnerabilities,
at least of an individual and social nature; and
• conventional methods and techniques, and the philosophy underlying them,
are inappropriate to such systems.

The paper commences by reviewing classes of systems previously identified in the

literature, and the vulnerabilities associated with them. It identifies the need for a new
class of system, for which the term 'extra-organisational' is coined. Subsequent
sections identify weaknesses in conventional approaches to the conception,
development and operation of extra-organisational systems, and suggest how the
social vulnerability inherent in such systems can be significantly reduced.

2. Intra-Organisational Systems

Early applications of computers within organisations were oriented toward the

automation of hitherto human tasks. It was soon found that a degree of rationalisation
could be undertaken - the computer offered an opportunity to re-define the functions
being performed. As the capacity of computing equipment grew, systems increased in
scope, and integrated what had previously been separate business functions. The
boldness and the capabilities of the new breed of programmers increased, and the
seeds were sown for the technological self-confidence of contemporary systems
designers.

26
 International Journal of Advanced Science and Technology
Vol. 20, July, 2010

During this period, which we can retrospectively dub the 'intra-organisational

systems' era, it was claimed that computers were a productivity tool, and that the
natural corollary was job-displacement. In practice, it appears that the early decades
of intra-organisational computer applications may have resulted in more and better
quality work being performed, but by comparable numbers of employees: evidence of
actual increases in the gross productivity of labour has been hard to find (Franke
1987). By the end of the 1980s, however, the sophistication of IT had reached a point
at which the long-promised reductions in staffing were beginning to be measurable,
particularly in the information industries such as banking, and particularly in middle-
managerial ranks.

Apart from the job-displacement issues, which are briefly discussed later in this
paper, other vulnerabilities were created, but were seldom considered in a cohesive
and systematic fashion. For example:

• organisations were heavily dependent on the 'priestly caste' of computing

specialists, and new forms of crime arose, in which data processing managers
sub-let excess computing capacity, and pocketed the resulting fee;
• clerical staff were relieved of the tedium of their previous mechanical tasks,
and had it replaced with the boredom of capturing data into machine-readable
form, and bursting, decollating, folding, enveloping and delivering copious
quantities of computer output (Iacono and Kling 1984);
• automated monitoring of worker performance became increasingly feasible
(Marx and Sherizen 1986, OTA 1987), and has been increasingly applied
(Rule and Brantley 1991); and
• to the existing repertoire of bureaucratic obstructions and excuses was added a
new and potent one: 'the computer' could now be blamed for errors, and be
invested with authority. The 'social distance' of people from the institutions
which dealt with them was thereby exacerbated.

An area in which considerable maturation in systems life-cycle thinking has been

apparent is the gradual appreciation that systems cannot be viewed only from the
perspective of the system owner. The interests of 'users' have been increasingly
recognised, not for altruistic reasons, but because lack of 'user involvement' has been
shown to undermine systems' acceptance, and hence payback on the investment. To
date, however, the interests of people affected by the system but external to the
organisation, referred to within the IFIP TC9 community since the mid-1980s as
'usees', are seldom reflected.

An important development, traceable to the 1960s, has been the marriage of

computing and telecommunications. This made the power of the computer available
to organisational units remote from the central site, through such innovations as
remote job entry (RJE) and terminals. Some applications of the emergent 'information
technology' were more revolutionary. In passing beyond the organisation's
boundaries, they ushered in new forms of information systems.

27
International Journal of Advanced Science and Technology
Vol. 20, July, 2010

3. Inter- and Multi-Organisational Systems

The early inter-organisational systems involved the installation of terminals on the

sites of an organisation's primary business partners. More sophisticated arrangements
involve direct links between mainframes and/or front-end processors, and more
recently inter-networking via third-party communications facilities. By definition, a
degree of trust already existed between business partners, and hence security features
had time to mature.

Inter-organisational applications continue to emerge, and to increase in power and

complexity. In recent years they have been much-touted, and to some extent used, as a
basis for implementing organisational strategies, and for realising competitive
advantage through corporate collaboration and alliances (Kaufman 1966, Malone,
Yates and Benjamin 1987, Wiseman 1988, Johnson and Vitale 1988, Rockart and
Short 1989, Konsynski and McFarlan 1990, Brousseau 1990, Oesterle 1991).

Inter-organisational systems are essentially pairings of business partners. Each

organisation may develop links with more than one important partner, but each link is
largely independent of the others. Over time, however, economies of scale have
become important, and organisations have tended to develop a technical infrastructure
which serves the needs of each of the links. Third parties have grasped the
opportunity of making a business of offering services to multiple user-organisations.

The natural result of this increase in sophistication has been the emergence of 'multi-
organisational' systems. These can be distinguished from inter-organisational
applications in that they are designed to support multiple linkages with many
organisations, and, in principle, with any other organisation with which there is a need
to communicate. Particular forms include:

• electronic mail (e-mail);

• electronic funds transfer systems (EFTS);
• electronic data interchange (EDI); and
• on-line trading.

In each case, standards and interfaces have been established, and appropriate controls
and security features imposed.

Many different flavours of multi-organisational system have emerged. Some of them

essentially automate existing relationships and flows, while others represent
wholesale revolution. Some have been used as instruments of competitive aggression,
and some to protect the existing industry configuration. Some are organised along
industry-sectoral lines, whereas others cut across industry boundaries (Clarke 1991).

28
 International Journal of Advanced Science and Technology
Vol. 20, July, 2010

The creation of multiple, linked intra-organisational systems had created

inefficiencies, because data captured into machine-readable form in one organisation
was being printed, sent by physical means to another organisation, and then re-
captured. This was not only inefficient in terms of unnecessary data capture steps, but
also because it involved significant error-levels, expensive consequences, and
detection, investigation and re-work. Most such errors are in principle avoidable, and
well-designed inter- and multi-organisational systems are in the process of removing
these inefficiencies. This is part of what Wiener (1949), Forrester (1961) and Beer
(1975) had in mind when they proposed the application of cybernetics to industrial
organisation.

The removal of inefficiencies is, of course, a cause for rejoicing, because it means that
society can produce more goods and services for the same amount of labour input.
There is, however, an inevitable negative impact on those employees who are
displaced, and on their dependants, at the very least during an interim period while the
person finds a new job.

To the extent that displaced people prove unable or unwilling to re-train and/or re-
locate, the impact can be severe. Under some conditions, moreover, the impact may
be long-term, when, for example:

• the economy is unable to generate new employment opportunities for those

displaced. This seems particularly likely to arise if the limits of the society's
consumptive capacity are being approached; and/or
• there are fixities in the working environment, such as legal barriers to
accepting low wages, or migration hurdles.

Where long-term unemployment results, the consequences for the people affected can
be very severe, particularly if there is an inadequate 'safety net'. Given that the main
avenue for distributing national income to people is on the basis of their employment,
social vulnerability appears to be now arising from the more advanced forms of
applications of IT in commerce, industry and government.

Apart from the work-and-income issue, other vulnerabilities have emerged in greater
number, and of greater severity, during this era. For example:

• data has flowed across corporate boundaries, generally without the data
subject's knowledge or consent, and with reckless disregard for the
misunderstandings inevitable from its loss of context. Legislative activity
throughout the world has imposed fair information practices on some of these
flows, but has in the process legitimised the flows themselves; and
• the scope for bureaucratic procrastination and obstructionism has become even
greater, because the inadequacies of not only the organisation's own
computer(s), but also those of the computers of other organisations can be
blamed, or their authority invoked.

29
International Journal of Advanced Science and Technology
Vol. 20, July, 2010

Inter- and especially multi-organisational systems appear certain to develop further

during the coming years, and vulnerability issues will clearly require a great deal of
attention.

The following section distinguishes a related class of IT application which has not to
date received attention in the literature.

4. Extra-Organisational Systems

Implicit in the notions of inter- and multi-organisational systems are the assumptions
that each of the nodes of the network is professionally managed, and that the facilities
are used in an organisational context, with all of the discipline and cultural constraints
that entails. These assumptions are important, because business partners depend on
one another's professionalism in relation to such matters as:

• security and control (e.g. physical access constraints, password management

and backup);
• data quality;
• the reliability and responsiveness of decision and action; and
• preparedness to take legal and moral responsibility for their decisions and
actions.

There is an increasingly large number of systems which transcend the boundaries of

an individual organisation, but for which these assumptions do not hold, such as:

• Automated Teller Machine (ATM) services;

• Electronic Funds Transfer at Point of Sale (EFT/POS) services;
• electronic home and office banking services;
• public database access, such as electronic yellow pages and digital telephone
call routing systems;
• public transaction services, including:
• tele-shopping;
• public entertainment and travel reservation services; and
• the sale of information-based services such as insurance; and
• electronic lodgement services for official submissions (such as taxation
returns, statistical summaries and registration forms).

In these cases, many of the organisation's 'business partners' are small, single-site (and
in many cases single-person) enterprises, such as retail outlets and service agents, or
are members of the public. These partners do not have professional IT managers with
an understanding of such arcane arts and technologies as systems analysis and
communications protocols. Despite this, some of them will reliably and consistently
perform the intended functions, and interpret their interaction with the facility in the

30
 International Journal of Advanced Science and Technology
Vol. 20, July, 2010

way the designer intended. It would be a highly idealistic designer, however, who
relied upon all, or even a large percentage of these partners to do so.

In passing, it is noted that a complete taxonomy of IT applications must also include

person-to-person or public systems, such as electronic bulletin boards and 'CB'
services. Vulnerabilities arising in the context of such systems are identified and
discussed in Dunlop and Kling (1991).

The following section draws on prior research relating to one particular form of extra-
organisational system, to identify some specific instances of vulnerabilities, and trace
the origins of those weaknesses to the philosophy and methods of contemporary
systems life-cycle thinking.

5. The Case of Consumer EFTS

A variety of studies of electronic funds transfer systems have been undertaken (see, in
particular, Kling 1983). This section draws heavily on studies of consumer EFTS in
Australia (Walters 1989, Clarke and Walters 1989, Clarke 1990a and 1990b, Clarke
and Greenleaf 1990, APSC 1990); and in Switzerland (Clarke 1992).

Consumer EFTS may be defined narrowly, to include only ATM services and point of
sale systems in merchants' premises (EFT/POS), in which value is transferred
between accounts on the basis of data captured from a card inserted in a remote
terminal and an associated keyboard. A broader definition includes all transactions in
which the magnetic-stripe on a credit- or debit-card is used to effect payment, whether
with or without use of a personal identification number (PIN). Used in this less
restrictive manner, the term also covers remote banking services from home or office,
and card-facilitated tele-shopping, phone-calls, bill payments and reservations.

Automated Teller Machines were adopted very quickly when they were introduced in
Australia in the late 1970s and early 1980s. Consumers have enjoyed the benefits of
greater convenience, but unfortunately for the financial institutions, the anticipated
large net savings in transaction-handling costs were not realised. This was because the
average size of transactions is now much smaller than was the case before the
introduction of ATMs, and the number of transactions is much greater.

Australia has been among the world leaders in the rate of adoption of consumer
EFTS, but most forms, and especially EFT/POS, have achieved much slower growth
rates than was the case with ATMs. A number of factors were involved, some
peculiar to Australia, but many similar to those which have retarded growth in many
other countries. They included:

• early attempts by several of the major financial institutions to establish a

dominant, proprietary system, followed by an attempt by the cartel of major

31
International Journal of Advanced Science and Technology
Vol. 20, July, 2010

banks to establish a system which kept the non-bank financial institutions

marginalised;
• the long period during which some of the financial institutions refused to
accept that the window of opportunity for competitive advantage through
EFT/POS had passed, and that an industry-wide collaborative scheme was
appropriate and necessary;
• the deliberateness with which the two largest retail chains (responsible for
over 50% of all retail sales) went about their pilot schemes; and
• the unwillingness of the major players to recognise that a large-scale
collaborative system is unlikely to be successful unless all parties stand to gain
from it.

On the basis of successful EFT/POS implementations, it appears that there are several
important features of system architecture:

• 'business openness' (i.e. all terminals need to accept all cards);

• 'architectural openness' (either a common infrastructure, or interoperability
between networks); and
• 'technical openness' (i.e. commitment to international telecommunication
standards), to underpin the first two.

Once these corporate difficulties had been overcome, there remained the question as
to whether consumers would actually use the resulting system. Too little attention was
paid to the interests of the consumer, indicating a failure to appreciate the extra-
organisational dimension of consumer EFTS. In particular:

• consumer education was overlooked;

• the confusion arising from the initial multiple, unlinked systems was
underestimated;
• where terminals were installed on a pilot basis, there were too few of them, or
they were inconveniently located;
• establishment of fair conditions of card use was tardy;
• the reporting of transactions on bank statements lacked detail which many
consumers valued;
• the importance to the customer of being able to check the balance available
prior to committing to the purchase was not understood;
• the importance of the 'cash-out' facility was not appreciated; and
• there was a lack of direct incentives (such as short-term, promotional rebates,
bonuses or lottery-prizes for EFT/POS terminal usage), and of imaginative,
EFT/POS-linked schemes (such as volume-discounts and frequent-buyer plans
for customers who make use of EFT/POS terminals).

It is apparent that successful EFT/POS systems depend on a strong affinity between

the designers and the point-of-sale environment and consumers.

32
 International Journal of Advanced Science and Technology
Vol. 20, July, 2010

Debates about the security aspects of Australian consumer EFTS provide further
evidence of the extent to which the consumer was long regarded as being outside the
EFT/POS system, rather than an integral part of it. The Australian finance industry
has been a world leader in the establishment of security standards, and the level of
security is very high (AS2805 1988, Weber 1989). The banks have had, however, an
internally focussed and technically oriented view of security. Some of the deficiencies
during the late 1980s are documented in Appendix I.

No discussion of vulnerabilities arising from consumer EFTS would be complete

without reference to the enormous potential for privacy invasions, both by private
sector organisations (variously for marketing and debt collection reasons), and the
public sector (for person-tracing and location). In most countries, including Australia
and Switzerland, there is virtually no legal protection whatsoever against abuses. This
is an area in which the public may in due course have its say, perhaps by orthodox
lobbying for regulation, perhaps through the boycotting of consumer EFTS, and
perhaps through civil disobedience in the form of habitual provision of false or
misleading identity and other personal information.

During the period 1987-90, steps were taken by a variety of Australian Federal and
State Government agencies to ensure that the financial institutions addressed at least
the most pressing of consumers' concerns (although at no stage to date have privacy
considerations been addressed). One remarkable aspect of the procedure was that the
development and successive reviews of the EFTS Code of Conduct were undertaken
without the formal participation of consumer representatives or advocates.

Despite the litany of inadequacies, the adaptability of both the technology and the
major players has proven to be of a high order, and the confusion and mistrust which
reigned in Australia from 1984 until 1989 is now being overcome, and steady growth
is being experienced. Similarly, the openness and consumer-orientation of consumer
EFTS in Switzerland appears to be resulting in brisker growth rates in transaction
volumes.

The conclusions drawn from these studies of consumer EFTS are that the major
players made costly mistakes as a result of conceiving of the consumer and his actions
as being outside the system boundaries. They treated the system as (at best) a multi-
organisational system, when it was really an extra-organisational application. It was
only when external pressure was brought to bear that the financial institutions were
forced to reflect consumers' interests in their system designs.

Organisations have a clear motivation to reduce their costs by transferring tasks to

other organisations, and to their clients. For relatively high one-time capital costs and
relatively very low recurrent costs, organisations can arrange for their clients to
themselves perform data capture, acquire the organisation's services, and/or access
stored data. For such arrangements to be effective, however, a number of
requirements from the perspectives of all parties must be satisfied. These

33
International Journal of Advanced Science and Technology
Vol. 20, July, 2010

requirements are not readily analysable, because they are subject to interpretation by a
wide variety of players, and are subject to ongoing change. The following section
proposes a shift in the framework within which extra-organisational systems are
developed, which will enable vulnerabilities to be reduced.

6. Towards an 'Organic' Paradigm

The prevalent approach to information systems conception, development and

operation can be depicted as reflecting the attitude of the engineer, confident in his
ability to harness the forces of nature to build bridges across yawning chasms. The
primary concern is with the artefact, comprising hardware, network, electronic traffic
and systems and application software.

This paper is not concerned with the efficacy of that approach to intra-, inter- and
multi-organisational systems. It argues that the software engineering paradigm is
inapplicable to extra-organisational systems, and that an alternative, more open and
'organic paradigm' is needed, based on a less deterministic interpretation of general
systems theory and cybernetics than has been common in recent decades.

The basis upon which the argument rests is that:

• it is pointless defining extra-organisational systems to be bounded by the

human-machine interface, because the system's purposes and performance can
only be measured in terms of its service to its clientele;
• extra-organisational systems are highly complex, not only because of the large
number of participants, but also because of the heterogeneity of the people
involved, and the lack of a common organisational culture to imbue in them a
common ethos and attitudes;
• the dimensions along which the heterogeneity exists are many and subtle,
including educational background, religious/moral persuasion, political
attitudes, cultural traditions, linguistic heritage, etc.;
• the individuals involved in the system make significantly different
interpretations of the system's meaning, both initially and over time; and
• the marketing imperative is operational: if the people don't use it, it won't
achieve its objectives, and thereby repay the large investments involved.

As far as I am aware, the term 'organic paradigm' is original. The concept, however, is
well-established. Presursors include 'sociotechnical systems' (Emery & Trist 1960,
Mumford 1983), Beer (1972, 1975), Miller's 'living systems' (1978), Checkland's 'soft
systems methodology' (Checkland 1981, Checkland & Scholes 1990), the Multiview
approach (Wood-Harper et al 1985), and the stream of thought emerging at the less
mechanistic end of the cognitive science community (Winograd & Flores 1986).

34
 International Journal of Advanced Science and Technology
Vol. 20, July, 2010

Winograd and Flores argue:

• for the "rejection of cognition as the manipulation of knowledge of an

objective world";
• for recognition of "the impossibility of completely articulating background
assumptions"; and
• for recognition of "the primacy of action and its central role in language"
(1986, p.11).

With them, I am arguing not for the rejection of rationalism and science in favour of
holism, vitalism or some other ascientific framework, but rather for the re-direction of
the rationalistic tradition.

There are increasing echoes of these kinds of thinking in the management and
management information systems literatures. For example, Ciborra's at first sight
revolutionary arguments about 'designing-in-action' and 'bricolage' (which holds that
systems are not products designed by a master-architect, but rather the result of
tinkering by the many people involved - Ciborra and Lanzara 1989, Ciborra 1991) is
not meeting rejection, but rather being absorbed and rationalised back into the
mainstream of information systems thinking.

7. Conclusions

Vulnerability has been discussed in the context of data processing and information
management applications. A great deal of attention has been paid in the literature to
inter-organisational and multi-organisational systems, and the opportunities, impacts
and management of such systems have become clearly distinguishable from those of
the long-standing class of intra-organisational applications. It has been argued that a
new class of system must now be recognised, which is referred to in this paper as
'extra-organisational'. By this is meant systems in which one or more organisations
cooperate with other entities which are not organisations, but rather are small
enterprises and private individuals. Reports from studies in the field of consumer
EFTS have illustrated ways in which the public is still generally regarded as 'usees',
beyond the system and affected by it, rather than part of the system. It has been
argued that conventional systems life-cycle notions and techniques are inappropriate.

Extra-organisational systems are different and important. Conventional approaches

will not work, and their inadequacies are deep-rooted. The artefact-orientation of
contemporary methods must be mediated by a fuller appreciation of the environment
of application - rather than 'technology', the focus must be on 'technology-in-use'. And
the dominant engineering credo must be replaced by a paradigm which owes more to
organic conceptions of information systems.

35
International Journal of Advanced Science and Technology
Vol. 20, July, 2010

Appendix I: Deficiencies in Consumer EFTS Security From the

perspective of the Consumer Australia, late 1980s

• personal identification numbers (PINs):

o were generally imposed rather than being customer-selectable (and
therefore more readily remembered);
o generally comprised digits rather than letter-combinations (which are
more readily remembered);
o were assigned per account rather than per person (forcing a person
with multiple cards to remember multiple PINs);
• new cards and their associated PINs were generally sent by insecure mail, to
the same insecure letterbox, only a few days apart;
• PIN entry was generally highly insecure, because any person standing close to
the customer could watch the keys as they were struck, unless the person
adopted an unnatural position in order to obscure their finger movements;
• since most receipts carried the account number, many customers discarded
their receipts in the vicinity of the terminal, and many cards carried no hidden
identifier on the magnetic strip, it was not difficult for a thief to create a
serviceable card;
• institutions had no guidelines regarding the security aspects of ATM siting and
hours of operation;
• many ATMs would capture the card after a small number of unsuccessful
attempts to key the PIN;
• for the above reasons most people needed to record their PIN somewhere. But
if they admitted to storing it in the same secure location as the card itself (i.e.
in the only wallet or purse that they carried), then the card-issuer was able to
avoid liability for any losses arising from the theft of the card;
• there was an inbuilt deterrent against reporting a lost card: a card reported
missing was cancelled, and (in most institutions) the account closed. Time-
consuming and inconvenient card-reissue and account-reopening were
necessary. In general a consumer could not request a short suspension to allow
time for a search;
• in general, transactions at EFT/POS terminals were committed once the
confirmation was despatched from the processor. Any subsequent failure of
transmission, display or printing resulted in the customer paying the merchant
twice, once directly to the teller, and once via the (seemingly failed) EFT/POS
transaction;
• financial institutions insisted on adopting a stance (not only in public, but even
in meetings with regulatory agencies) that it was impossible for 'unauthorised
transactions' (i.e. which the customer claimed he or she had not conducted) to
be their fault. This was despite their refusal to disclose details of the security
measures providing the claimed impregnability (which was a tacit admission
that the measures were compromisable), and despite their claims that they

36
 International Journal of Advanced Science and Technology
Vol. 20, July, 2010

were steadily upgrading security features, e.g. by moving from session to

transaction keys (which was a tacit admission that their systems could be more
secure than they were);
• the results of security audits of consumer EFTS were not available to
shareholders, let alone customers; yet sustomers were expected to accept the
unreviewed assurances of banks that their security arrangements were in order.

References

APSC (1990) 'Report on EFT Security Survey' Australian Payments System Council,
Reserve Bank of Australia, Sydney (Novermber 1990)

AS2805 (1988) 'PIN Management and Security' Standards Australia, Sydney (1988)

AS3563 (1991) 'Software Quality Management' Standards Australia, Sydney (Sep

1991)

Beer S. (1972) 'Brain of the Firm' Allen Lane, London, 1972

______ (1975) 'Platform for Change' Wiley, New York, 1975

Berleur J. (1992) 'Assessment of Risks and Vulnerability in an Information and

Artificial Society' Working Paper on behalf of IFIP WG9.2, available from the author,
Facultés Univ. Notre Dame de la Paix, Namur, Belgium, January 1992

Borning A. (1987) 'Computer Systems Reliability and Nuclear War' Commun. ACM
30,2 (February 1987) Republished in Dunlop C. and Kling R. (Eds.) 'Computerization
and Controversy' Academic Press, 1991 560-592

Brousseau E. (1990) 'Information Technologies and Inter-Firm Relationships: The

Spread of Interorganisational Telematic Systems and Its Impacts on Economic
Structures' Proc. 8th Int'l Telecommunications Conf., Venice (March 1990)

Brunnstein K. (1991) 'Service Continuity Planning' in Clarke R. and Cameron J.

(Eds.) 'Managing Information Technology's Organisational Impact II' Elsevier / North
Holland, 1992 pp. 271-286

Checkland P. (1981) 'Systems Thinking, Systems Practice' Wiley, Chichester, 1981

Checkland P. and Scholes J. (1990) 'Soft Systems Methodology in Action' Wiley,

Chichester, 1990

37
International Journal of Advanced Science and Technology
Vol. 20, July, 2010

Ciborra C.U. (1991) 'From Thinking to Tinkering: The Grassroots of Strategic

Information Systems' in DeGross J.I. et al, Proc. 12th Int'l Conf. Inf. Sys., New York,
December 1991 pp.283-291

Ciborra C.U. and Lanzara G.F. (1989) 'Designing Networks in Action: Formative
Contexts and Post-Modern Systems Development' in Clarke R. and Cameron J. (Eds.)
'Managing Information Technology's Organisational Impact' Elsevier / North Holland,
1991 pp. 265-279

Clarke R.A. (1990a) 'Consumer EFTS in Australia - Part II - Security Issues' Comp.
L. & Sec. Reporter (1989-90) 5 CLSR (Jan/Feb 1990)

______ (1990b) 'Consumer EFTS in Australia - Testing Times for Guided Self-
Regulation' Comp. L. & Sec. Reporter (1989-90) 6 CLSR (Mar/Apr 1990)

______ (1991) 'Towards a Framework for the Analysis of EDI's Impact on Industry
Sectors' Proc. 4th Int'l EDI Conf., Bled, Slovenia, Uni. of Maribor, June 1991

______ (1992) 'Case Study Cardomat/Migros: An Open EFT/POS System'

Austral. Comp. J. 24,1 (February 1992)

Clarke R.A. and Greenleaf G.W. (1990) 'Consumer EFTS in Australia - Privacy
Implications' Comp. L. & Sec. Reporter (1990-91) 1 CLSR (May/Jun 1990)

Clarke R.A. and Walters M. (1989) 'An Introduction to Consumer EFTS With
Particular Reference to Australia' Comp. L. & Sec. Reporter (1989-90) 4 CLSR
(Nov/Dec 1989)

DoD (1987) 'Trusted Computer System Evaluation Criteria', National Computer

Security Center, National Security Agency, U.S. Department of Defence, DoD
5200.28.STD, 1987 (the "Orange Book")

Dunlop C. and Kling R. (1991) 'Social Relationships in Electronic Communities' in

Dunlop C. and Kling R. (Eds.) 'Computerization and Controversy' Academic Press,
1991 322-378

Emery F.E. and Trist E.L. (1960) 'Socio-technical systems' in Churchman C.W. and
Verhulst M. (Eds.) 'Management Science Models and Techniques Vol. 2' Pergamon,
Oxford, 1960

Forrester J. (1961) 'Industrial Dynamics' MIT Press, Cambridge Mass, 1961

38
 International Journal of Advanced Science and Technology
Vol. 20, July, 2010

Franke R.H. (1987) 'Technological Revolution and Productivity Decline: The Case of
U.S. Banks' Techno. Forecasting and Social Change 31 (1987) 143-154 Republished
in Forester T. (Ed.) 'Computers in the Human Context' Basil Blackwell, Oxford, 1989

Hoffman L.J. and Moran L.M. (1986) 'Social Vulnerability to Computer System
Failure' Computers & Security 5 (1986) 211-217

Holvast J. (1989) 'Vulnerability of Information Society: The Conflicting Demands of

Security and Privacy' in Clarke R. and Cameron J. (Eds.) 'Managing Information
Technology's Organisational Impact' Elesevier/North-Holland, 1991 pp.411-424

Iacono S. and Kling R. (1984) 'Computerization, Office Routines and Changes in

Clerical Work' IEEE Spectrum (June 1984) 73-76 Republished in Dunlop C. and
Kling R. (Eds.) 'Computerization and Controversy' Academic Press, 1991 213-220

Johnson H.R. and Vitale M.R. (1988) 'Creating Competitive Advantage with
Interorganisational Systems' MIS Qtly 12,2 (June 1988) 153-165

Kaufman F. (1966) 'Data Systems That Cross Company Boundaries' Harv. Bus. Rev.
(Jan/Feb 1966)

Kling R. (1983) 'Value Conflicts in the Design and Organisation of EFT Systems'
Telecommunications Policy (March 1983) 12-34 Republished in Dunlop C. and Kling
R. (Eds.) 'Computerization and Controversy' Academic Press, 1991 421-435

Konsynski B.R. and McFarlan F.W. (1990) 'Information Partnership - Shared Data,
Shared Scale' Harv. Bus. Rev. (Sep/Oct 1990) 114-120

Leveson N.G. (1984) 'Software Safety in Computer-Controlled Systems' IEEE

Computer (Feb 1984) 48-55

______ (1986) 'Software Safety: Why, What and How' Comput. Surv. 18,2 (June
1986) 25-69

______ (1990) 'Software Safety' Addison-Wesley, 1990

______ (1991) 'Software Safety in Embedded Computer Systems' Commun. ACM

34,2 (February 1991) 34-46

Lyytinen K. and Hirschheim R. (1987) 'Information Systems Failures - A Survey and

Classification of the Empirical Literature' Oxford Surv. in Info. Technology 4 (1987)
257-309

Malasky S.W. (1982) 'System Safety Technology and Application' Garland STPM
Press, New York, 1982

39
International Journal of Advanced Science and Technology
Vol. 20, July, 2010

Malone T.W. and Yates J. and Benjamin R.I.(1987) 'Electronic Markets, Electronic
Hierarchies' Commun. ACM 30,6 (June 1987) 484-497

Marx G.T. and Sherizen S. (1986) 'Monitoring on the Job' Technology Rev. (Nov-Dec
1986) Republished in Forester T. (Ed.) 'Computers in the Human Context' Basil
Blackwell, Oxford, 1989

Miller J.G. (1978) 'Living Systems' McGraw-Hill, New York, 1978

Mumford E. (1983) 'Designing Human Systems', Manchester Bus. Sch., 1983

Neumann P.G. (1979-) 'Risks to the Public' in Software Engineering Notes,

particularly since 4,2 (April 1979)

_____ (1986) 'On Hierarchical Design of Computer Systems for Critical Applications'
IEEE Trans. on Software Eng. SE-12, 9 (September 1986) 905-920

_____ (1989) 'Risks: Cumulative Index of Software Engineering Notes' Software

Engineering Notes 14,1 (January 1989)

Oesterle H. (1991) 'Generating Business Ideas Based on Information Technology' in

Clarke R. and Cameron J. (Eds.) 'Managing Information Technology's Organisational
Impact II' Elsevier / North Holland, 1992 pp. 117-129

OTA (1987) 'The Electronic Supervisor: New Technology, New Tensions' Office of
Technology Assessment, Washington DC, 1987

Parnas D.L. (1985) 'Software Aspects of Strategic Defense Systems' Commun. ACM
28,12 (December 1985) 1326-1335 Republished in Dunlop C. and Kling R. (Eds.)
'Computerization and Controversy' Academic Press, 1991 593-611

Perrole J.A. (1986) 'Intellectual Assembly Lines: The Rationalization of Managerial,

Professional and Technical Work' Computers and the Social Sciences 2,3 (July-Sept
1986) 111-122

Perrow C. (1984) 'Normal Accidents: Living With High-Risk Technologies' New

York, Basic Books, 1984 Republished in Dunlop C. and Kling R. (Eds.)
'Computerization and Controversy' Academic Press, 1991 221-235

Rockart J.F. and Short J.F. (1989) 'IT in the 1990s: Managing Organisational
Interdependence' Sloan Mngt Rev. (Winter 1989)

Rule J. and Brantley P. (1991) 'Workplace Surveillance' in Clarke R. and Cameron J.

(Eds.) 'Managing Information Technology's Organisational Impact II' Elsevier / North
Holland, 1992 pp.287-297

40
 International Journal of Advanced Science and Technology
Vol. 20, July, 2010

SÅRK (1978) 'The Vulnerability of Computerised Society: Preliminary Report'

Ministry of Defence, Sweden, 1978

______ (1979) 'The Vulnerability of Computerised Society: Considerations and

Proposals' Liberförlag, Stockholm, 1979

Shain M. and Anderson A. (1989) 'Computer Security Risk Analysis and

Management' in Caellie W., Longley D. and Shain M. 'Information Security for
Managers' Macmillan, 1989, pp. 81-117

Smith B.C. (1985) 'The Limits of Correctness' Computers & Society 14,4 (Winter
1985)

Toigo J.W. (1989) 'Disaster Recovery Planning - Managing Risk and Catastrophe in
Information Systems' Yourdon / Prentice-Hall, New York, 1989

TDR (1981) 'OECD Workshop Stresses Dependency on Computers' Transnational

Data Report 4, 5 (May 1981) 3-4

Walters M. (1989) 'EFTPOS - National Asset or White Elephant?' in Clarke R. and

Cameron J. (Eds.) 'Managing Information Technology's Organisational Impact'
Elsevier / North Holland, 1991 29-58

Weber R. (1989) 'Controls in Electronic Funds Transfer Systems: A Survey and

Synthesis' Comp. & Security 8,2 (1989) 123-137

Wiener N. (1949) 'The Human Use of Human Beings' Avon Books, New York, 1949,
1974

Winograd T. and Flores F. (1986) 'Understanding Computers and Cognition: A New

Foundation for Design' Ablex, Norwood NJ, 1986

Wiseman C. (1988) 'Strategic Information Systems' Irwin, 1988

Wood-Harper A.T., Antill L and Avison D.E. (1985) 'Information Systems

Definition: The Multiview Approach' Blackwell, Oxford, 1985

41
International Journal of Advanced Science and Technology
Vol. 20, July, 2010

42