I really don’t understand why the IT industry is not regulated. As it stands in most countries you don’t need any kind of certification or experience to work in IT or run an IT business. Most other fields where you need to rely on the people to fix things or do specific work are regulated. Lawyers have to be admitted to the bar, electricians and mechanics generally have to be licenses, engineers need a degree before they can call themselves as such, even plumbers tend to need a certification before they can practice. Given just how often PC’s are critical in everyday life, why are IT workers not held to the same standard? –
At the moment, anyone can simply open a PC repair shop with only a cursory knowledge and start charging money to fix peoples computers, without knowing what they are doing. They could have various malware and the PC repair guy might charge $80 just to run an AV scan, not finding or fixing anything, faulty memory could lead to an unnecessary new CPU and so on. All too often these shops are run by people who know more than most, but simply do it as a hobby and don’t have anywhere near the prerequisite knowledge that they should have, when people are paying for a service and trusting them to provide that service competently and reliably. Here is an interesting article with some of the horror stories of people getting ripped of and displays of incompetence.
There are far too many 40+ guys who don’t know enough to be doing this work as they don’t keep up with changes in the field, and often refuse to admit they are wrong, simply relying on their 30 years of experience as evidence of qualification. Then there are enthusiastic people in their 20′s that may or may not be in college and again while they know more than most, they too often don’t know enough and make the wrong decision. There are so many “professional” shops or consultants at the moment that just screw people over. Either by illegally selling software at OEM prices, recommending shitty AV software (AVG anyone?), charging money for useless registry cleaning tools or whatever.
When they can’t solve a problem they tend to reinstall Windows for an absurd price, acting as though it were a favor. The problem with all of this is that there are no consequences for any of this. There may be the odd lawsuit but if this is the equivalent of a small claims court you can only get the money you lost back. Got fired from your job because the unlicensed under-qualified PC repairmen fucked you over? Tough luck. I find it frustrating to work in an industry where there is almost no barrier to entry, so the field is full of people who have no idea what they are talking about yet convinced that they do. It takes away from those of us who do know what we’re talking about and worked hard to gain such knowledge and experience.
Just look on any pc tech forum and look at the people disagreeing among themselves over solutions. Each of these people or someone like them works in or run a shop, yet clearly they cannot all be right. Such a thing should not be allowed. Then look at the HBGary hack. Selling themselves as security experts they were devastated by bad passwords, unpatched servers, SQL injection and more. Thing that non-experts can avoid, so experts should certainly be able to. Yet people were paying these guys as professionals and relying on them for security, often in critical situations.
So, why does it make sense to allow this to continue? What argument can be made to keep things the way they are? What about the economy? It’s true that this may put a lot of people out of work or be an additional cost for small businesses, but this isn’t a problem to me. The people that can’t demonstrate knowledge shouldn’t be working in this field in the first place and legitimate businesses and consultants can recoup costs from the decrease in competition.
Another important reason I think some sort of mandatory regulation or certification should be required is for privacy reasons. At the moment the law is somewhat of a grey area on what rights you have to privacy when you hand your computer over to repair to someone else. An interesting example is this case, where a guy handed in his PC for repair and the technicians found child porn and promptly reported him to the police. It’s great helping to stop child porn production, but what were they doing looking through his files in the first place? Maybe they saw thumbnails, but why were they ever in his pictures or photos folder? You should be able to trust that your privacy is intact when getting a PC repaired and you should be able to collect substantial damages if it is compromised.
The whole situation at the moment is a problem and it needs a solution. As far as problems go it isn’t so major, but considering the sheer amount of people getting ripped off and/or getting poor service every day, it should be addressed. The problem is just how to address it. A once off certification isn’t useful as the industry changes too fast. Vendor specific certifications are not useful due to their very nature. One possible solution might be a multi-tiered license that has to be renewed on a set basis. You could be licensed at the first tier which would just be simple hardware and software, with the tiers increasing in complexity as they go up.
The problem is that this has to be mandatory, if it’s voluntary it loses any value and the situation would not be any different than it is now. If it is mandatory only people who can demonstrate knowledge and are licensed to practice would do so, which would fix things a lot. No more bullshit repairs or faulty advice, substantially decreased privacy risks, accountability and trust of IT workers and businesses and fair pricing. Is there any reason not to head in this direction? If not, how long will it take governments to catch up?