Let’s Prosecute Unlicensed Engineering in IT

Have you been watching this whole dustup with the Equifax CISO, and how people are saying that she is unqualified because, instead of a Computer Science degree, she had an MFA in music composition? Not surprisingly, there’s a massive backlash from the IT community, much of which doesn’t have a computer science degree, either. That’s part of the appeal of technology for many — on the Internet nobody knows you’re a dog. I’m a mutt, too. I’ve always found computer science programs intentionally inaccessible, with the faculty actively eschewing any form of practical curricula because they’re not a technical college. Snobbish? Yeah. Not my style.

What I find very interesting in all of this is the ignorance of some of the folks throwing rocks in this debate (surprising, I know). I’m particularly interested in a word that many have in their titles: engineer.

I live in the United States, in the state of Wisconsin, and as with many other states we actually have law that sets a legal definition of engineering:

WI 443.01 (6) “Practice of professional engineering” includes any professional service requiring the application of engineering principles and data, in which the public welfare or the safeguarding of life, health or property is concerned and involved, such as consultation, investigation, evaluation, planning, design, or responsible supervision of construction, alteration, or operation, in connection with any public or private utilities, structures, projects, bridges, plants and buildings, machines, equipment, processes and works. A person offers to practice professional engineering if the person by verbal claim, sign, advertisement, letterhead, card or in any other way represents himself or herself to be a professional engineer; or who through the use of some other title implies that he or she is a professional engineer; or who holds himself or herself out as able to practice professional engineering.

Does the work of an information technology professionals affect the public welfare? I think the Equifax case is example enough: yes. Do IT professionals safeguard life, health, or property? Absolutely. In fact, information technology touches most of what is defined in this statute.

It gets more interesting in 443.02 (02):

WI 443.02 (02) No person may practice architecture, landscape architecture, or professional engineering in this state unless the person has been duly registered.

443.04 and 443.09 cover how you become registered. In short, you need an engineering degree from a school accredited in such topics, and you need to pass a written or written & oral examination.

So what happens if you don’t do this, and call yourself a professional engineer anyhow?

443.18 Penalties; law enforcement.
(1) Unauthorized practice; penalty.
(a) Any person who practices or offers to practice architecture, landscape architecture, or professional engineering in this state, or who uses the term “architect,” “landscape architect,” or “professional engineer” as part of the person’s business name or title… may be fined not less than $100 nor more than $500 or imprisoned for not more than 3 months or both.

A man in Oregon was recently fined $500 for doing just this: claiming to be an engineer in a public forum despite not being licensed to practice in Oregon. Specious? In that case, maybe. But if we’re going to throw rocks over CS degrees let’s get serious and enforce the actual laws around engineering, too. Especially if you are designing, building, and/or operating systems that affect others. If one type of engineer isn’t allowed to build an unsafe bridge, skyscraper, or canal, has a mandatory code of ethics, and has to go to hell and back to be licensed why do others with none of this training or effort get to use the title while they build & operate unsafe and unethical systems?

Frankly, it’d be easy to find offending folks. Start by dredging job boards and looking for postings that have names like “Site Reliability Engineer” or “Network Engineer” or “Systems Engineer” or “Software Engineer.” I bet even Equifax has some “engineers.” From there, it’s a subpoena or two and a $500-a-pop form letter. Maybe even some injunctions against organizations, too, for their use and tolerance of unlicensed engineers.

A small price to pay to ensure unqualified people aren’t endangering the public welfare. Right?

8 thoughts on “Let’s Prosecute Unlicensed Engineering in IT”

  1. 1. The $500 fine against the man in Oregon, and their ability to have this fine is subject to a legal challenge, and there’s a pending civil rights suit on first amendment grounds.

    2. The people in IT with Software Engineer or Site Reliability Engineer in their title do not profess to be “Professional Engineer”.

    They use the term engineering to refer to the creation of software solutions. A subject which no engineering school focuses on, they are not doing engineering or physics calculations, and they are not responsible for jobs requiring the application of engineering principles and data — for example, they are not involved in specifying material requirements for buildings and mechanical structures, utilities, electrical systems, or other physical structures.

    These Information system subjects “Engineers” are Virtual engineers, because the work they do is related to software programming, configuring, and assembling of pre-engineered hardware systems only according to manufacturers’ directions or API (The computer hardware systems are not engineered by SREs or Software Engineers), and actions regarding public welfare, and the safeguarding of life, health, or property is not listed among these peoples’ job responsibilities.

    3. The majority of Network/Software/Site Reliability Engineers work environments where the public welfare is not directly related to the performance of their duties.

    For the most part, there are no government standards treating INFORMATION as something companies must safeguard for the public welfare, and there is no potential concern regarding public health or safety of life or property. “Designed to resist malicious attack” by humans is a completely different subject, and even public works don’t meet that criteria. Interesting exceptions might be the design of medical devices and records management systems required to comply with HIPAA rules; the maintenance of legally-required privacy may be seen to be in the public welfare, and computer software in medical devices is perhaps more likely to be validated through process specified by true Professional Engineers.

    • 1. His lawsuit should be a slam-dunk, what Oregon did is prior restraint.

      2. There is no legal basis for a “virtual” engineer. You either claim to be an engineer and are licensed to practice it, or are not. Definition of “professional” is “engaged in a specified activity as one’s main paid occupation rather than as a pastime.” Seems straightforward.

      3. I disagree wholeheartedly. Take, for example, a breach where data is exfiltrated. We often think in terms of data that contains personally identifying information, credit card data, SSNs, and so on, where there is a clear problem with that data being public. However, other data like financial statements, email, and other seemingly mundane documents can contribute greatly to a dip in a publicly-traded company’s stock price, which has negative effects on investors, and possibly negative effects on people’s well-being (think pension funds, etc.). Also, all companies have HR data, which contains sensitive data. I would say that the majority of IT professionals work in environments where the performance of their duties can directly affect the welfare of others.

  2. So does my Bachelor’s degree from the Milwaukee School of Engineering in Management Systems qualify me or does my Microsoft Certifications qualify me more for my engineering title? Both have a certain level of expertise involved to obtain credentials but I think my 16 years working in the industry makes both of them relevant, neither by themselves would hold a lot of water

    • I never get to the fact that I think there ought to be a path for people like yourself to be called “engineer” officially. Especially in this age of distance learning and non-traditional post secondary education.

Comments are closed.