To describe how pragmatic problem solving works, Donner recounted three "shaggy dog stories," which he defined as stories that take a long time to get to the point.
In his first story, Donner demonstrated the importance of fully understanding a problem before attempting to fix it.
"Security is often a matter of identifying the actual problem and solving it, rather than using huge amounts of technology," he said.
Donner recounted the recurring appearance of graffiti on New York subway trains in the 1970s and 1980s. The city spent more than 10 years attempting to solve the problem, trying various expensive measures, including a ban on selling paint to minors and adding coat of paint-deflecting material to subway cars. None of these measures worked, however, and through further investigation, officials deduced that the graffiti must have been painted while the trains were stationary. They concluded that the trains were targeted when in the train yard. After they put up security at the yards, the problem quickly disappeared.
Donner then showed that the most important and difficult part of solving a problem is creating a consensus on how to solve it, not actually implementing the solution. He demonstrated this point through an anecdote from his experience working for the investment bank Morgan Stanley.
When Donner began work in 1992, the computer support was so competent that traders could leave their desktops on for nine months to a year without any problems, he said. For this reason, no one bothered to turn off their machines, no one knew their passwords, and everyone had access to the unattended computers.
The obvious security risk revealed itself when a trader utilized an unattended computer to attempt a quick trade with a Japanese firm. The trader tried to sell a single security share at 61,000 yen, but instead sold 61,000 shares at 1 yen each, losing the firm more than $300 million.
Determined to prevent similar security breaches from occurring at the firm, Donner tried to figure out a way to make the traders want to keep their machines secure.
Donner arranged to meet with a senior manager once a week to talk over the problem. Though it took six months of discussion, they eventually agreed to use a new program that would lock traders' screens every ten minutes in order to protect unattended computers and to force traders to learn and use their passwords. The actual program took only six weeks to design, test and implement.
"Twenty percent of the effort was implementation," Donner said. "Eighty percent was getting an agreement."
Donner's final story, which was highly technical, concerned his experience developing a new computer system to help audit Morgan Stanley's old mainframe. While telling the story, he engaged in a spirited discussion with the audience about computer science, noting that, despite his job as a computer scientist, much of his problem solving included a human element.
"Mathematics is a human endeavor," he said, "But the things we do as human beings are not mathematics."
Donner's speech was part of the College Institute of Security, Technology and Society's fall lecture series. His visit also included meetings with ISTS members, students, faculty and staff prior to delivering his speech.
Donner decided to come to Dartmouth after receiving an invitation from computer science professor Sean Smith and Thayer School of Engineering professor George Cybenko.
Smith invited Donner to speak "because he has an academic research background but also some tremendously interesting life stories," Smith said.
ISTS is an interdisciplinary program that focuses on cyber-security, trust, privacy and other technology-related issues, according to ISTS Associate Director Tom Candon. Donner is the third speaker to come to Dartmouth as part of ISTS's speaker series.
