On Friday there was a plea from Canadian Blood Services (CBS) for donations. I had deferred/cancelled in the spring because I had a cold, and I didn’t reschedule, so I called and made an appointment today for 8:35am.
After they pic my finger, and have me wait ten minutes so that I can have an interview room so that I can answer 58 questions (yet again), I get into the room. I noticed my printout did not have the questions on the back, and I was given a touch screen to answer on. Interesting.
First thing I notice is that there is a Start menu on the lower right, and some icons in the lower right. Huh? The nurse tells me that I can not answer the question (Yes/No/Back/Skip/Replay are the buttons) until it finishes talking. There is a printer in the corner, and the PC is bolted to the bottom of the table, in a nice position so that I can get to all the wires in the back. There is a blue network cable connecting the PC into the wall.
I had my laptop, my N800, and I think I had my DamnSmallLinux USB boot key in my bag too. This is just what I carry on my regular way to work. I also had a projector in a bag, which I was returning to my office. I have to carry it all, since I’m on transit. Sometimes I have a USB powered 5-port hub with me too.
After 7 questions, I poke the Start menu, and see “Run” and poke that. It flashes, but it doesn’t come up. (I learn later that there is some “security” system. But, the program did start. Lotus Notes was even installed on the system!)
The questions continue to be read to me, and I continue to be able to answer Yes/No, but the screen does not display the question to me. Once I finish the questions, I read the little plasticized note table about their “eQuestionnaire”, I’m told it is going to print the result out, and I’m going to sign them.
The top of the display had my name, birthdate on it. The nurse scan used a bar code reader to scan my admission paper in to bring that data up, I guess. Either it pulled it up out of their database, or the bar code has that information encoded in it. I hope it was all self-contained, and that the computer did not in fact have database/network access.
I go to open the door to let them know that I’m ready.
I explain that the system display froze. It continued to read me questions, and it accepted my answers and it continued on.
The nurse is surprised and annoyed at the computer, and I explain that I do not feel that this system is secure. She asks me to write a suggestion. She says that someone else had commented on this too. Said it was “mickey-mouse” She goes to get another person, and I explain again. She brings me a paper, and I write a message about this.
She is gone for awhile, and I look at my watch. 9:25am, and they haven’t even poked my arm yet. This is ridiculous, shouldn’t the computer someone speed things up, or make them cheaper, or… ?
Why does it take 45+ minutes just to start giving blood? What is the gain of having the computer ask me questions, possibly violate my privacy, possibly expose the entire CBS database? The eQuestionnaire card says that my answers will be filled in a warehouse in Ottawa. The paper copy!
Let’s forget about the security aspect: why are they using XP? (is it even cost effective?) Why do they have explorer.exe running at ALL? Why is the cabling accessible to me, while I sit privately in a room, likely on the inside of their “firewall”?
Let’s just focus on what this project is supposed to do? How does adding a computer save any money here? Seriously. What is the opportunity? What is the savings? My guess is that the opportunity is not very large, thus they do not really have much incentive to spend very much to do this correctly. Ironically, they aren’t even doing this “cheaply”
I got up, collected by donation card, left the suggestion note and left without leaving any of my blood.
CBS, I think this is scandalous. I think you should keep the manager that approved this — people need to take chances and try things.
Make sure that we all know who this manager is, because they will be contacting everyone that filled in this touch screen form and explaining that it was their poor judgement that possibly disclosed peoples very private answers.
I think you should fire the “IT” people that were involved. Publically. This should affect their reputation. I don’t care if they wrote you a memo that said that you shouldn’t do this: they should have refused to do this work.