[dismantlethesun]

Imagine if computer programming were a regulated profession, and all the regulators were academics from universities who had never actually worked professionally in their lives. Would it feel fair?

This is how it feels to people of any particular regulated industry---that they're being reproached by who may have quality credentials, but honestly don't know anything about the byplay common in the industry day-to-day and whose goals clearly diverge from that of professionals.

[wfo]

It is, and they are. There is a wide variety of governmental standards programmers have to follow in a wide variety of industries (healthcare, education, banking, defense/military, etc) and programmers manage not to bribe their way into total control of the government because being a good citizen is too hard.

Having regulators with interests that diverge from people in industry is exactly the point; the things they are doing are often dangerous, reckless, and careless. It does not matter if it's "standard industry practice" or part of the "byplay common in the industry day-to-day". In fact it's crucial that regulators ignore this; we didn't particularly care that it was commonplace to put asbestos or lead in products when it started killing people, we just stopped it.

I don't care if it's "commonplace in the industry" to hash passwords with MD5 and leave a telnet port on the database server open to the Internet. It should be criminal because of how careless it is with people's personal data and I wish there were more regulators in the IT industry to come down on people who do it.

[maxxxxx]

If industry people feel that way they should be told that their activities can cause a lot of harmful side effects that also need to be taken into account. There is a lot of history that shows that if business can do whatever they want they'll end up destroying the environment quickly and harm people.