Marina Gorbis's Blog, page 1599

In Greek mythology, Hydra, an ancient water-serpent had many heads. If one head was cut off, two rapidly grew in its place before another head could be cut off — an energy-sapping disappointment for any opponent trying to overcome it. Regenerative speed made the Hydra formidable. Even Hercules, the legendary Greco-Roman hero, needed his nephew's assistance to win. To sustain a competitive edge, your company's new business development engines must similarly fire on all cylinders at supersonic speed.

As a CEO or a leader of a business, how do you build this competency? Measure, motivate and model.

Measure: Measure your company's "heart rate" and optimize for speed

Every team, business unit and/or company as a whole, has an underlying execution rhythm. At the most basic level this may be an individual's task completion rate (TCR). Setting a TCR of 2 weeks would mean any task you give to another or take from another needs to be done in 2 weeks. Imagine every employee, putting a red sticky on a company-wide virtual whiteboard, when an assigned task isn't completed in the allotted two weeks. With an explosion of stickies, you know that either the task allocator (a project manager) is not breaking down the task into a meaningful two-week chunk, or the doer (a low rung employee or a high rung decision maker etc) is not able to complete the task, or perhaps there are other dependencies, etc. While this is a crude example, it illustrates the importance of tracking, doer-allocator transparency and an implicit service level agreement across team members, which encourages "good enough" instead of perfect, thus optimizing for speed.

Just as agile product development methods, such as Scrum, use process and tracking tools to set and track execution rhythm, so must the organization's leader measure and monitor to ensure useful output. After all, you can't improve what you can't measure.

Motivate: Instill the sense of urgency

The best way is to expose employees to "the jungle." Too often, front-line sales people, but not necessarily the engineer or financial analyst deep in the organization, can "feel" the competition. Simple steps such as sending them to a conference dominated by a competitor, or having them listen to a tough sales/customer service call can get their emotional investment. Some may be motivated by threats, others by solutions and the impact they can have on the world. In case of the latter, define competition as the worsening of a current problem statement. Regardless, one needs to "feel the jungle" to adopt a sense of urgency.

Model: Lead the way

You must role model to lead the way. First, don't be the bottleneck. Empower and delegate decisions so people aren't waiting for your decisions or resource allocation requests, any longer than the desired TCR. When the stakes are high and you need to decide, lead, even when in doubt. Innovation by nature is uncertain and your job is to realize what is knowable, what is not, and how to move forward to eliminate critical unknowns. So, stop looking for data that doesn't add to your decision and stop using the lack of data to procrastinate on hard decisions. Speed must be a factor in your consideration.

Finally, as this I Love Lucy video illustrates very aptly, you can't speed up the belt forever. When moving faster would result in over-utilization or amplifying skill gaps, find new ways. Can you buy instead of build? Form partnerships and alliances for mutual benefit? Fail-fast to enter a white space with a higher probability of success?

Ultimately, every organization — whether a nimble start-up or a large, established firm — needs to find ways to speed up or be left behind. These three simple rules can help you move faster.

Your customers are in the midst of a mind shift. First they get a smartphone. Then they learn that they can ask for any information and get an instant result. What's the weather forecast? Is this dishwasher highly rated, and is it available more cheaply elsewhere? What's the song playing on the radio in the deli? Mobile answers all these requests and reinforces, in a Pavolovian way, the concept that we call the mobile mind shift: the expectation that any desired information or service is available, on any appropriate device, in context, at a person's moment of need.

Based on an analysis of data from over 4,000 online American consumers, we estimate that 22% of consumers have made this shift already. They are among your best customers: typically younger and more affluent than other Americans. And they are demanding mobile utility. Your job is reduce the distance between what they want and what they get. Meet their demands and they'll be loyal to you. Fail, and they'll switch to a competitor, or a digital disruptor like Uber or Mint or Google News.

When attempting to deliver on mobile, we've recognized that company strategies vary based on where they fall on two dimensions: quality of experiences and frequency of experiences.

The vertical axis reflects the quality of experiences, as measured by tools like Net Promoter or the Customer Experience Index. The horizontal axis reflects the frequency of experiences — companies whose customers interact with them weekly or more frequently are on the right, those with less frequent interactions on the left. What strategy should you use for mobile? That depends on what quadrant you fall into.

Companies in the upper right deliver frequent, high-quality experiences. Their customers will expect those frequent experiences to include mobile elements. A good example: Tesco stores in Korea. They put graphics up on the walls of subway tunnels that look similar to store displays. Customers can use their smartphones to photograph the items they want, and have them delivered as soon as their subway gets them home. Result — demanding customers get what they want, and remain loyal to Tesco.

Companies in the upper left deliver great experiences, but infrequently — they need to use mobile to increase the frequency. Think of brands like Nike, with which a customer might interact only two or three times a year, when they buy running shoes. Nike realized that on mobile, people were interacting with mobile brands more often, so they created a whole line of free mobile apps, like the Nike Plus Running app that runners interact with every day. Now the Nike customer thinks of Nike in a favorable light far more often.

Those in the lower right deliver frequent experiences, but often disappoint customers. Most telecom operators and banks fall in this quadrant. Fixing customer experience problems is slow and expensive. In the meantime, companies in this quadrant can add good mobile experiences to help counteract the poor ones. Take Verizon, whose tablet app delivers access to 75 channels of TV when viewers are connected to their home networks. This gives customers reasons to think favorably of Verizon many times a day. This app was popular enough to get a three-and-a-half star rating.

If you're in the lower left, mobile probably won't solve your customer problems. But you can use mobile utility to remind customers that you're on their side, perhaps by partnering with a digital disruptor in your space. Many health insurers are in this spot, since they typically rate at the bottom of scores like the Forrester Customer Experience Index. One of those insurers, Cigna, helped its subscribers by providing free access to an app that helps with meditation, an app that would otherwise cost subscribers money.

As more and more customers make the mobile mind shift, companies need to make mobile strategy decisions that match their customers' experience. Failing to deliver mobile utility could drive these customers away. But choosing the wrong strategy could be costly. Choose based on the quadrant your company lands in, and you're more likely to create mobile experiences that match your customers' expectations.

Innovations in Digital and Mobile Marketing
An HBR Insight Center





Being Digital Demands You Be More Human
CMO's: Build Digital Relationships or Die
Measurement in a Constantly Connected World
Brick and Mortars (Still) Can't Beat the Web on Price

Just 9.8% of chief executives can be categorized as risk-averse, compared with 64% of the (similarly aged) general population, according to a survey of about 1,000 top leaders in the U.S. by John R. Graham, Campbell R. Harvey, and Manju Puri of Duke University. Moreover, 80% of CEOs are very optimistic, well above the mean. CEOs are also much more optimistic than CFOs; only 65% of CFOs can be classified as very optimistic.

We pay for things with the swipe of a finger. We ask Siri how to get to a restaurant. Our friends can track exactly when we'll show up. We can monitor our heart rates and calories burned — and compare our results with friends and strangers. We're in the early days of a digital, mobile transformation. The benefits can seem limitless. And as a society, we are already becoming accustomed to the convenience, the connectivity, and the new insights that surface.

This democratization of technology impacts all races, incomes, cultures, and geographies. For example, the Supplemental Nutrition Assistance Program in the U.S. now distributes all its benefits — what used to be called food stamps — electronically via Electronic Benefit Transfer debit cards. These can be used like any other debit card for food purchases at grocery stores, local farmers markets, and some restaurants. Benefit recipients do not need to have a bank or deposit account. The cost savings are huge, with the federal government spending $200 million less on paperwork and administration. It's also more convenient for beneficiaries than carrying around a stack of actual food stamps.

We also see savings and other benefits as tollbooths go away and electronic payments take charge. Just recently, San Francisco's Golden Gate Bridge got rid of all its toll collectors. In Texas, the six toll roads around Austin have also stopped taking cash. Drivers using the TxTag can whiz through the 52 toll points and 45 ramp toll plazas, and the state will save an estimated $8.5 million each year.

The slow trade of privacy for convenience

The benefits of this digitization for consumers, companies, and governments are obvious and exciting: Instant gratification, seamless experiences, cost savings, greater insight. However, the digital exhaust we leave behind while using these convenient and often free services reveals much about us. Social networks, mobile apps, self-quantification, and sensor networks are creating a massive and very public mesh network of data to be mined.

Repeated check-ins can reveal your home location. Personal information shared in public social networks is being used by hackers to crack passwords. Marketers now have rich profiles that can predict when you are more likely to order sushi during the week or whether you prefer wine over beer. The electronic toll way system and the cellular towers know where you are. Your smartphone's location-based services mean you can never disappear.

Even worse, a global push to digital transactions means that we no longer have anonymity when we make a purchase. The rapid adoption of electronic payments may render cash obsolete in our lifetimes. The new payment methods might be more convenient, yet every transaction will be tied back to us.

Our longing for convenience means we've created a matrix that can and will be used against us. Most of us just don't know it yet — although last week's revelations about the large-scale surveillance programs the U.S. National Security Agency has been conducting in cooperation with telephone and Internet companies has raised the awareness level a bit. This digital trail isn't protected by Fourth Amendment protections against unlawful search and seizure — law enforcement in the U.S. doesn't need a warrant for many digital searches; a simple subpoena will do. This applies to cell-phone location data, information you store in the cloud, you name it.

The battle for digital identity

Meanwhile, social networking sites, financial service companies, smartphone manufacturers, governments, insurance companies, and telecom carriers all want customers to trust them with their identities. With that trust, they hope to secure revenue streams from identity to orchestrate payments, manage access, validate reputation, and ensure security.

This is the paradox. The companies contending to win our trust to manage our digital identities all seem to have complementary (or competing) business models that breach that trust by selling our data.

Customers must take back control of their data

Something has to give. My belief is that we won't be able to build sustainable digital business models until we agree on some limits to how customer data can be used. A compact must be reached on the balance between privacy and convenience.

What exactly that compact will look like is anybody's guess. But here are seven basic protections that consumers ought to demand:

Make "opt-in" the default. Basic profile information should require an affirmative permission to share information, use for offer creation, or even suggest next best action. Opt-ins should also apply to user-generated information such as messages, photos, audio, and video.
Be transparent in how personal information is used. Organizations should detail what information will be shared. Users should know if their information will be sold and if so to whom.
Give advance notice of privacy changes. Organizations should provide adequate warning when new features impact a user's privacy preferences.
Require "opt-in" for privacy changes. The default option should be to keep privacy preferences the same. The recent Electronic Privacy Information Center FTC complaint and settlement with Facebook reinforces this principal.
Prevent access to user's data upon account deletion. Information about a user should be locked down when an account is deleted. It should not be used in aggregate statistics or data.
Allow users to export their data. Customers should own their data and be able to take it with them as needed. Doc Searls and the Project VRM community have been advocating Personal Data Stores for quite some time. This may be the necessary requirement for social business to make it to the next level.
Give users a "hard delete" option. Users should be able to request and receive a permanent deletion of their data, with all information removed from all files.

Many would like us to believe that privacy is dead. Yet, privacy is a societal choice — it is only dead if we allow it to be. We should insist that businesses and government agencies offer choices to engage in both offline and online models. This may result in a rebalance of how much privacy we are willing to trade for convenience and lower cost. For example, we may decide that some inconveniences — such as a mandatory option to be able to conduct business in cash — are worth it. We should not resign ourselves to thinking that we cannot defend our individual freedoms. We must have an open dialog about where we will draw the line. Let's get started before it's too late.

Data Under Siege
An HBR Insight Center





Welcome to the "Data Under Siege" Insight Center
Four Things the Private Sector Must Demand on Cyber Security
Does Your CEO Really Get Data Security?
The Companies and Countries Losing Their Data

The digital marketer who effectively runs Qantas Airlines' highly regarded — and very successful — loyalty program has an unusual iPad problem. Flight attendants on Australia's flagship carrier can now get up-to-the-minute data on the airline's most elite and valued frequent flyers displayed on their onboard tablets. The information is useful, helpful and the app was a digital innovation actually sought by Qantas staff.

The unhappy catch? Too many flight attendants sounded like they were reading from a script when using this information with these valued customers. They couldn't smoothly incorporate the customized data to authentically connect with their frequent flyers. Instead of making their best customers feel special, the data-driven app too often creeped them out.

"We learned that staff needs training to take full advantage of the data we can provide them," said Rob Colwell, Qantas Loyalty's Chief Commercial Officer at a recent analytics workshop hosted by Ernst & Young in Sydney. Colwell observed that the rate of analytics innovation consistently outpaces interpersonal skills. Creating better customer experiences from hard data required a softer touch.

I've personally and professionally experienced similar pathologies experiencing "customer support" from credit card companies, financial services firms, airlines and telecoms operators. One can practically hear their all-too-human staff struggle to utilize the bespoke information they're (presumably) reading off their screens to mollify, humor and/or resolve my issues in ways reflecting how much they "know" what a great customer I am. The variances in customer experience quality are enormous. Like those Qantas frequent flyers, I occasionally feel more creepy than comfortable with these "interactions." Not good for those net promoter scores.

So should technology-empowered "customer touch" personnel attend improvisational acting workshops? Or teleprompter training? After all, as the joke goes, the key to success in acting is "sincerity" because if you can fake sincerity, you've got it made.

The better question, however, doesn't revolve around performance art skills; it asks whether organizations really want to build data-based relationships around their people. After all, Amazon doesn't have these problems. Neither does Google nor Twitter. (Intriguingly, Apple — even with its high-touch Genius Bars — appears to know, and care, far more about their machine(s) than their owners.) For many if not most organizations, an increasingly digitized self-service/DIY sensibility seems to make the most economic, organizational and cultural sense.

But if you're a Qantas or Singapore Air — or a luxury brand like a Zegna or Lord &Taylor — technology forces you to revisit and rewrite the relationships narratives you want your customers to experience. Should ever-more data and individualized insight be an essential ingredient or simply alluring spice in keeping the relationship going? Should ever-greater service intimacy become an integral expectation of top-tier customers and clients? Does your organization have serious situational awareness around when useful knowledge acquires the stench of "creepiness?"

Sitting on that Sydney panel with Qantas' Colwell made it crystal clear that even the most sophisticated and successful data-driven customer-care organizations have only begun grappling with these kinds of questions. (The Qantas executive recited, with nary a hint of schadenfreude, to help identify elite flyers waiting in airport queues).

Before the decade's end, even minimum wage customer service personnel will have real-time access to remarkable amounts of personal data of customers walking into Starbucks, McDonalds, Walmarts and/or Walgreens. Should customer experience be better defined by employees who enjoy greater familiarity or a studied distance? Who owns the answer to that vital human capital and customer care concern?

The more customer data an enterprise has, the more that kind of accountability matters.

Innovations in Digital and Mobile Marketing
An HBR Insight Center





Being Digital Demands You Be More Human
CMO's: Build Digital Relationships or Die
Measurement in a Constantly Connected World
Brick and Mortars (Still) Can't Beat the Web on Price

Rang, Recorded, Delivered, I'm Yours


When the news broke about the U.S. government's PRISM program, which collects data from phone companies like Verizon and online sites like Facebook, the reactions and reporting mostly focused on the NSA's broad ability to know exactly what many Americans (as well as foreigners) are doing, one keystroke or call at a time. For telecom companies like Verizon, Sprint, and AT&T, complying with government requests for information isn't uncommon: In 2011, Verizon received about 260,000 requests for customer data; AT&T got 49,700 (965 of which it rejected). Essentially, "complying with requests for such data has been part of doing business for much of the past decade," though Verizon in particular notes that it takes pains to ensure customers' privacy. And Denny Strigl, Verizon's former president, says that the company is "between a rock and a hard place here. If people are going to make an issue of this, the issue is with the government — not with the corporate citizen who complies with the law." Tech companies, meanwhile, are denying any knowledge of PRISM. While public anger does seem to be aimed mainly at the government right now, that can change on a dime, and companies may well suffer from customers’ wrath. On a lighter note, something else any good businessperson should know: Never, ever use the type of graphics the U.S. government did in a slideshow about the program.

"This Isn't Harvard Grad Stuff"

Costco CEO Craig Jelinek Leads the Cheapest, Happiest Company in the World Bloomberg Businessweek

Circuit City fell first. Best Buy and JCPenney are struggling. Then there's Costco, the membership warehouse that's doing incredibly well and paying its employees a living wage (not to mention providing health care and retirement benefits). In this in-depth profile featuring the company's new CEO, Craig Jelinek, Brad Stone explores the history of Costco's way of doing business and the challenges the company faces going forward (let's hope Amazon can't figure out how to deliver groceries in bulk over the internet). Two things stand out about Costco’s corporate culture: First, people stay at for decades, and the company doesn't hire business school grads into its upper echelons. This means senior executives frequently talk about succession planning, something that's often lacking at other companies. The other? There's no PR department, an omission that echoes the company's insistence on simplicity. "This isn't Harvard grad stuff," Jelinek explains. "We sell quality stuff at the best possible price. If you treat consumers with respect and treat employees with respect, good things are going to happen to you." Touché? Or naïve?

Who's That Crossing My Bridge?

Trying to Stem the Rising Tide of Patent Lawsuits Planet Money

So who are these patent trolls anyway? The U.S. government says it's cracking down on purveyors of patent-infringement lawsuits that are only about squeezing money out of companies. In a close look at the problem, NPR follows the case of a technology innovator who took out patents on his and others’ ideas in the 1990s — ideas that never turned into products or companies but that have become a source of revenue through patent suits. Lots of companies that are targeted by this kind of lawsuit end up settling, because defending a patent case requires explaining technology to a jury. Just try that sometime. The patent-suit business can be very lucrative, at the targets' expense — one company was so severely hurt by a settlement that it had to lay off employees. —Andy O'Connell

Good Business Sense

Three Reasons Why I'm Voting for Gay Marriage Financial Times

Former BP chief executive John Browne resigned from his position in 2007 after he lied to a judge about a former boyfriend. Now he would like you to know why he's supporting an upcoming gay marriage vote in the UK. One: History shows that marriage is an evolving institution, so it’s not true that gay marriage represents a disruption of something eternal. Two: It makes business sense: "People are happier and more productive and make more money for their company when they feel they are included and can be themselves." Three: If Browne had seen other gay men in stable, legally recognized relationships when he was growing up, it would have been easier for him to come out. According to Quartz, his piece is "the first such forceful defense of gay rights by a major figure in the global oil industry, in which a homophobic environment persists."

Grin and Actually Mean It

Maximizing Happy Kellogg Insight

"How happy were you today?" This is one of the questions Kellogg School of Management professor Kelly Goldsmith asked in a series of studies that measured whether happiness is actually attainable – and, she found, this might very well be the wrong question to pose. While people who monitored themselves using this question as a baseline reported small increases in happiness, it was another question – "Did you do your best to be happy today?" — that helped people make real progress in feeling happier. Why? The latter question reminds us that we want to be happy, and because it implies we have the power to increase the feeling, it can lead to actual changes in behavior.

BONUS BITS:

Once You Start Me Up I'll Sometimes Stop

The Selling of Instagram (Vanity Fair)
The Misevaluation of Farmville (New Yorker)
The Echo Chamber of Silicon Valley (New York Times)

From denial of service attacks to server crashes to day-long disruptions of Google Drive, almost all organizations are familiar with threats to their information security. Given that digital information is more central than ever, it's worrisome that the history of data security is littered with failure. Organizations seeking to be better prepared for and more resilient in response to information threats may want to draw on a far larger and older source of lessons on information security — the 3.5 billion year history of life. Tapping into biology's security database — which was developed by millions of species in response to extremely complex natural security problems — gives us first a wakeup call, then some practical guidance on how to keep our information secure.

The wakeup call concerns our assumptions about the borders, barriers, and firewalls we construct in a valiant attempt to protect our data. In nature, barriers — between organic and inorganic chemicals, between land and sea, between species, between everything — have been built, tested, overcome, rebuilt, and overcome again with almost endless repetition. Barriers — be they cell walls, border walls, or firewalls — are at best a temporary imposition to an invader. In the same way that tightly controlled unicellular life eventually evolved into more open and distributed multicellular life, the rapid evolution of cyber threats has outpaced the evolution of defensive barriers.

The lesson is simply that modern organizations should work under the basic assumption that almost anything electronic is now open source. My colleagues in climate science learned this the hard way when politically motivated hackers stole and released thousands of emails sent among scientists. Not only did sensitive data and preliminary analyses methods leak out, but the petty interpersonal spats and behind-the-back sniping that probably appear in all email chains were revealed in all their unappealing light.

So how do we operate in an effectively open-source world without barriers? Here biology offers some get-off-your-ergonomic-chair-and-do-something advice.

The biological world is also open source in the sense that threats are always present, largely unpredictable, and always changing. Because of this, defensive measures that are perfectly designed for a particular threat leave you vulnerable to other ones. Imagine if our immune system were designed to deal only with a single strain of flu. In fact, our immune system works because it looks for the full spectrum of invaders — low-level viral infections, bacterial parasites, or virulent strains of a pandemic disease. Too often, we create security measures — such as the Department of Homeland Security's BioWatch program — that spend too many resources to deal specifically with a very narrow range of threats on the risk spectrum.

Advocates of full-spectrum approaches for biological and chemical weapons argue that weaponized agents are really a very small part of the risk and that we are better off developing strategies — like better public-health-response systems — that can deal with everything from natural mutations of viruses to lab accidents to acts of terrorism. Likewise, cyber crime is likely a small part of your digital-security risk spectrum.

A full-spectrum approach favors generalized health over specialized defenses, and redundancy over efficiency. Organisms in nature, despite being constrained by resources, have evolved multiply redundant layers of security. DNA has multiple ways to code for the same proteins so that viral parasites can't easily hack it and disrupt its structure. Multiple data-backup systems are a simple method that most sensible organizations employ, but you can get more clever than that. For example, redundancy in nature sometimes takes the form of leaving certain parts unsecure to ensure that essential parts can survive attack. Lizards easily shed their tails to predators to allow the rest of the body (with the critical reproductive machinery) to escape. There may be sacrificial systems or information you can offer up as a decoy for a cyber-predator, in which case an attack becomes an advantage, allowing your organization to see the nature of the attacker and giving you time to add further security in the critical part of your information infrastructure.

In the end, we are only vulnerable to digital information threats because we are so dependent on digital information. We have, by choice and not, become enmeshed in an escalation toward ever more technological reliance. Yet sometimes technology that starts as an adaptation becomes maladaptive. Retroviruses, such as HIV, use the technology of our immune system against us. The BBC made a modern recreation of the Domesday Book in the 1980s, smartly storing it on high-tech (for the 1980s) laser discs, which are now less accessible than the original book from 1086, which was written on parchment.

Faced with continued technological escalation, the best strategy can simply be to step aside. Many successful organisms have split off from their species' escalatory pathways, so that the planet now has flightless birds, stingless bees, and rattle-less rattlesnakes. There are models in our past of how to work without information technology. News reporters, in the wake of the recent Justice Department blanket raid of AP phone records, are watching All the President's Men again and realizing the best way to talk with a source is not by email or text, but in a shadowy parking garage. I recall pulling out a notebook to jot some ideas during a meeting I had at the venerable Cosmos Club in Washington, DC. I was quickly and discretely chastised by my host, who informed me that one does not take notes in the Cosmos Club. No one would say this rule has hampered the many expeditions supported, deals created, and confidences shared in the Club's 135-year history, but it has preserved their integrity in a perpetually leaky city. Yahoo's decision to put a stop to employee telecommuting was made for many reasons (which vary depending on who you ask), but one of the underappreciated benefits is that it adds to the company's security by requiring fewer online conversations about new technologies and acquisitions. Not to mention petty spats between employees; now those are presumably carried out the old-fashioned way, in whispered hushes at the water cooler.

There are organisms that avoid security problems altogether. Certain deep-sea animals are so far removed from any competition that they live quite easily in their isolation. Unfortunately, they don't evolve and change, they don't transform resources or innovate — in fact, they don't do much of anything. Provided you want your organization to grow and innovate, you can't reject technology altogether and you can't wall yourself off from all threats. The best bet is to do what the most successful organisms on Earth do — accept the risk and adapt to the changes.

Data Under Siege
An HBR Insight Center





Welcome to the "Data Under Siege" Insight Center
Does Your CEO Really Get Data Security?
The Companies and Countries Losing Their Data
Hack-Proof Your Company's Social Media

The findings are sobering: almost half of CEOs view their CIOs as out of step with the business and about the same percentage think IT should be a commodity service, purchased as needed. We tackled this thorny issue in a webinar sponsored by the Harvard Business Review, Dell, and CIO.com called "Change the Conversation, Change the Game." It was an enlightening conversation with business strategy guru Gary Hamel, Newport News Shipbuilding's CIO Leni Kaufman, and Walgreens' CIO Tim Theriault, with HBR editor Angelia Herrin moderating. The entire webinar is worth watching for its many golden nuggets, but here are a few key takeaways on what CIOs need to be doing differently to meet this brave new world in which IT can no longer afford to be just a service provider.

Don't talk IT. Talk business. As Leni Kaufman noted: "I think often people come into a conference room, they come into a meeting, and then they talk IT. Well, don't talk IT. Talk business. Talk about the goals of the company, the growth plan, the projection it's on, how you're going to improve profitability, talk about what the government is funding, what's happening with sequestration. Be part of that conversation, and then you become part of what is on the CEO's mind. You have to do the job that you're there to do, but really make it much bigger, much broader than that."

Talent management is critically important. "You need to make sure that your people, in your next line of the reporting structure, are absolutely top talent that can carry the agenda forward," said Tim Theriault. "I want to spend more of my time on continuous improvement and innovation. So the good news is it represents more opportunity for others — people who want to be CIOs someday. I get to focus on the things that really align to the CEO, but at the same time I have to make sure IT agenda is being carried out exceptionally well. You absolutely are still responsible. So your reliance on talent management is critically important."

Be a compassionate contrarian. "What does it mean to be a leader in this kind of environment today?," asked Gary Hamel. "Beyond all the technical skills and so on, for me there are three things that are really critical. One is, you have to be a contrarian in your heart. You have to be able to look at what everybody else takes for granted and say, is there another way of doing this? Number two, you have to have a lot of courage today. You have to be able to look beyond what everybody else takes as best practice. And I think the third and most important thing is, if you really want to be a change leader, is you have to have compassion. People have to believe that you are not fighting your corner. This is not about IT; it's not even just about the business. It's about working from the customer backwards. And when people understand that that's who I'm here for, and that's my ultimate reference point, and how do I improve the quality of life, people will give you enormous amount of runway to try things, to take risks, to experiment. I think that that contrarian heart and that compassionate spirit, that courage, those are huge multipliers for anybody today who's trying to be a leader in this chaotic world we're in.

My view is that the CIO facing three dilemmas. One, I need to help the CEO figure out how to reorganize the company — not that he's going to specifically ask you that, but what are the technology capabilities and potentialities that can be used to create management innovation? Sometimes when you think innovation, you think products and services, but the reality is management innovation. The other piece of it is, how am I going to use technology to create the true value proposition, because we have been so good at the efficiency gain that drew all of us into commoditization. Everything is a commodity now. Because we have been so good at this, at efficiency, now we have to move efficacy. How are we going to do that? How are we going to integrate information into our products and services? And for the entire time by the way we do have to keep the lights on. How can the CIO do all of these things at once? The answer is you can't. You've got to start prioritizing. The CIO needs to step up and become the mentor to the organization, because you should understand how the business operates. You also understand the potentials and threat of the technologies, and you can act as the mentor in the C-suite on the change that's coming at us. Because it's coming, and it's whether you're going to change catastrophically, or whether you're going to transform. It's really the choice you're facing.

I was 10 years old when the Berlin Wall came down — old enough to grasp that something important was happening, but not really old enough to understand exactly what was happening. Like a lot of kids born around that age, the specter of communism has never seemed like that much of a threat. We would hear stories about how horrific life was living under conditions such as these; but only in the context of something that had already failed. It's only through history and books or films that my generation has a grasp of what life must have been like.

Just recently, I had the chance to watch the German film, The Lives of Others, which won the 2007 Oscar for Best Foreign Language Film. Not only is it a remarkable story, but it gave me the best glimpse I've had yet of what day-to-day life must have been like in a state like East Germany. The infamous East German secret police, the Stasi, managed to infiltrate every pay of German life, from factories, to schools, to apartment blocks — the Stasi had eyes and ears everywhere. When East Germany collapsed in 1989, it was reported to have over 90,000 employees and over 170,000 informants. Including the part-time informants, that made for about one in every 63 East Germans collaborating to collect intelligence on their fellow citizens. You can imagine what that must have meant: people had to live with the fact that every time they said something, there was a very real chance that it was being listened to by someone other than for whom they intended. No secret police force in history has ever spied on its own people on a scale like the Stasi did in East Germany. In large part because of that, those two words — "East Germany" — are indelibly imprinted on the psyche of the West as an example of how important the principles of liberal democracy are in protecting us from such things happening again. And indeed, the idea that it would happen seems anathema to most people in the western world today — almost unthinkable.

And yet, here we are. In terms of the capability to listen to, watch and keep tabs on what its citizens are doing, the East German government could not possibly have dreamed of achieving what the United States government has managed to put in place today.

The execution of these systems is, as you'd expect, very different. The Germans relied upon people, which, even if not entirely effective, must have been absolutely terrifying: if for no other reason than you weren't sure who you could and could not trust. There was always that chance someone was reporting back on you. It might have been a colleague. A neighbor. A shop keeper. A school teacher. Not knowing whether someone you couldn't see was listening to what you had to say, or whether those that you could see might be passing it back to the authorities — that must have taken an incredibly heavy toll on people.

But as any internet entrepreneur will tell you, relying entirely on people makes scaling difficult. Technology, on the other hand, makes it much easier. And that means that in many respects, what has emerged today is almost more pernicious; because that same technology has effectively turned not just some, but every single person you communicate with using technology — your acquaintances, your colleagues, your family and your friends — into those equivalent informants.

Think about the proportion of our lives that are undertaken online and digitally. Every tweet, every interaction on Facebook, every photo on Instagram. You search for directions with a myriad of online mapping options. You check in your location on Foursquare. You review restaurants you've visited on Yelp. You speak to people all over the world using Skype. Every time you have a question, you type it into Google, or perhaps ask it on Quora. An increasing amount of your purchases are conducted on eBay or Amazon. You back up your laptop to the cloud. Almost everything you listen to or read is there too, or in iTunes. And while you might scoff at these as something that only early adopters use, even late adopters of digital technologies leave behind an incredibly detailed trail of their lives. Every minute you spend on the phone; in fact, every minute you carry it around in your pocket; every email you write; every instant message you send. Every transaction that passes through your credit card is recorded.

For an average person, with access to just one of these, you could piece together quite an interesting picture of a person's life. Interviewed recently on the Charlie Rose Show, Biz Stone, co-founder of Twitter, observed that for a lot of people, "email is the most intimate witness to our lives in some capacity. [It] knows a lot about our lives." But that's absolutely nothing compared to the portrait you could paint of somebody with access to a full range of all these services.

Which, we found out yesterday, is exactly what the NSA has.

But the technology alone isn't the problem. There has been a dramatic shift in mentality, and it doesn't take much to work out the date on which this happened: September 11, 2001.

Much has been said about what happened in the aftermath of that tragic event. The extent to which there was an extreme political response is understandable, if not entirely forgivable. What is more shocking, however, is that ten years on — with the risk of death being higher from a lightning strike than from a terrorist attack, and with the election of a President that had railed against "a false choice between the liberties we cherish and the security we provide" — the problem hasn't got better at all.

In fact, it's the opposite. It's got worse. Way worse.

Well before the revelations of the last two days, there had been serious hints that things were going astray. Like the data center off in the desert of Utah, apparently part of a network capable of storing yottabytes of data (I don't know about you, but I'd never even heard the term "yottabyte" before). A former employee of the NSA described the basic premise of the center as just to capture everything: "financial transactions or travel or anything... [and] the ability to eavesdrop on phone calls directly and in real time." Similarly, the Verizon revelations shouldn't come as that big a surprise; according to a former AT&T worker cooperating in an Electronic Frontier Foundation lawsuit, AT&T had provided the NSA "with full access to its customers' phone calls, and shunted its customers' internet traffic to data-mining equipment installed in a secret room in its San Francisco switching center" as far back as 2006.

And you could even see symptoms of the problem overseas. Europe — yes, the former home of East Germany — bravely proposed a series of changes to its laws that would enshrine the privacy of its citizens. These proposals would strike most people as reasonable: a right to get information out of a provider in a form that could be taken to a rival provider, and a right to be forgotten by a provider. Who was opposed to this? Not China or Iran, concerned that its citizens might benefit from rules that would allow them to cover their footprints or that companies would have a much stronger incentive to protect users' privacy. Instead, it was an all-American alliance: US technology firms, concerned that privacy might undercut their business models, and the US government, worried that their ability to surveil without issue might be disturbed. The scale of the lobbying effort to defeat these privacy regulations was so unprecedented that it caused EU Commissioner Viviane Reding to say that "I have not seen such a heavy lobbying operation."

The government will undoubtedly argue that the way in which this surveillance is all being conducted is very different to how it would be used in a non-democratic state; that is in fact exactly the line taken in an exit interview by Alec J. Ross, the State Department's outgoing senior adviser on innovation: "the truth of the matter is that there are laws and due process in the United States that protect our liberties to a degree that simply do not exist in 99% of the rest of the world." The evidence points to the contrary, however. For example, over the past ten years, the Supreme Court has prevented any challenge to the warrantless wiretapping of American citizens, relying on logic that could have been lifted straight out of Catch-22: to "properly challenge secret Government programs requires the very information the Government refuses to disclose" — in other words, nobody actually has the standing to challenge the policy. And even in the presence of evidence — for example, let's say the Government erroneously had sent you documentation of the fact that you're being warrantlessly wiretapped — then it will simply fall back on argument of sovereign immunity to have the case dismissed.

There's not a thing that can be done about it.

Now, if this was an ideological principle — a deep and profound belief in transparency, and the disinfecting power of sunlight — then, again, at least it would be understandable. But it's not that, either. Simultaneously, while doing everything it can to watch you, the government is taking another page out of the East German playbook — doing everything it can to stop you from watching it.

The Washington Post ran a special back in 2010 entitled "Top Secret America" that detailed the extent to which this was taking place. "The top-secret world the government created in response to the terrorist attacks of Sept. 11, 2001, has become so large, so unwieldy and so secretive that no one knows how much money it costs, how many people it employs, how many programs exist within it or exactly how many agencies do the same work." There is an entire industry that is simply out of the view of the public. Information about what Government is doing — essential for people to be able to make an informed choice in a representative democracy — is simply buried within it. Over-classifying has been turned into an art form. Embarrassing information is increasingly being classified, so it never sees the light of day. In fact, just last year, US Government transparency has hit an all-time low: the government cited national security "to withhold information at least 5,223 times — a jump over 4,243 such cases in 2011 and 3,805 cases in Obama's first year in office. The secretive CIA last year became even more secretive: Nearly 60 percent of 3,586 requests for files were withheld or censored for that reason last year, compared with 49 percent a year earlier."

The difficulty with which it is possible to pry open this world, and the consequences for doing so, are escalating rapidly, too. Whistleblowers are being strung up: say you leak information about government financial waste and mismanagement, well, you could find yourself being charged under the Espionage Act — the same statute used to convict Aldrich Ames, the C.I.A. officer who, in the eighties and nineties, sold U.S. intelligence to the K.G.B. In fact, this administration has launched more prosecutions of whistleblowers using this law than every previous administration combined. It has sought rules to allow federal agencies to fire employees without appeal if their work has some tie to national security. FBI investigations into leaks just so happen to be conducted in a way to ensure a chilling of the relationship between government officials and journalists. Then theere's the cases of Bradley Manning and John Kiriakou.

And while whistleblowers are being strung up, journalists are being hunted down, too. The DoJ secretly obtained two months of telephone records of AP journalists. Similarly, Fox News reporter James Rosen went from being a journalist to an "an aider and abettor and/or co-conspirator" in order to get a subpoena for his private email account. As the New Yorker pointed out, it was "unprecedented for the government, in an official court document, to accuse a reporter of breaking the law for conducting the routine business of reporting on government secrets."

And we haven't even touched on the topic of Wikileaks. Despite it taking on the role of a publisher, using the power of the internet to avoid the requirement of a legacy print business, it wasn't long after it started peeling back all these layers of secrecy that it was denounced by some as a terrorist organization. One might wonder how the East Germans would have reacted to such an organization? Perhaps Lenin, who had a 19-meter statue erected of him in the East German city of Leninplatz, might offer us some clues to as the way they would have thought about it: "Why should freedom of speech and freedom of the press be allowed? Why should a government which is doing what it believes to be right allow itself to be criticized? It would not allow opposition by lethal weapons. Ideas are much more fatal things than guns. Why should any man be allowed to buy a printing press and disseminate pernicious opinions calculated to embarrass the government?"

It's a line of reasoning that befits a failed surveillance state. And yet today, is remains all too familiar.

Yesterday, when news of the PRISM program leaked into the public domain, two items struck me. The first, from the New York Times: "The defense of this practice offered by Senator Dianne Feinstein of California, who as chairman of the Senate Intelligence Committee is supposed to be preventing this sort of overreaching... said that the authorities need this information in case someone might become a terrorist in the future." And then, there was this, from the Washington Post: "They quite literally can watch your ideas form as you type."

Watching peoples' ideas form as they type, in order to protect against someone who might become a terrorist in the future. George Orwell, eat your heart out.

The thing about that wall that cleft Berlin in half is that it didn't just represent a means of keeping people from freely moving. It represented something much more — it was about ideas and principles. About the balance between security and freedom. About whether you were there to serve the state, or the state was there to serve you. What I can't seem to shake is the feeling that somehow, the country most responsible for tearing that wall down has somehow managed to rebuild one in its own back yard.

Data Under Siege
An HBR Insight Center





Welcome to the "Data Under Siege" Insight Center
Does Your CEO Really Get Data Security?
The Companies and Countries Losing Their Data
Hack-Proof Your Company's Social Media

I was 10 years old when the Berlin Wall came down — old enough to grasp that something important was happening, but not really old enough to understand exactly what was happening. Like a lot of kids born around that age, the specter of communism has never seemed like that much of a threat. We would hear stories about how horrific life was living under conditions such as these; but only in the context of something that had already failed. It's only through history and books or films that my generation has a grasp of what life must have been like.

Just recently, I had the chance to watch the German film, The Lives of Others, which won the 2007 Oscar for Best Foreign Language Film. Not only is it a remarkable story, but it gave me the best glimpse I've had yet of what day-to-day life must have been like in a state like East Germany. The infamous East German secret police, the Stasi, managed to infiltrate every pay of German life, from factories, to schools, to apartment blocks — the Stasi had eyes and ears everywhere. When East Germany collapsed in 1989, it was reported to have over 90,000 employees and over 170,000 informants. Including the part-time informants, that made for about one in every 63 East Germans collaborating to collect intelligence on their fellow citizens. You can imagine what that must have meant: people had to live with the fact that every time they said something, there was a very real chance that it was being listened to by someone other than for whom they intended. No secret police force in history has ever spied on its own people on a scale like the Stasi did in East Germany. In large part because of that, those two words — "East Germany" — are indelibly imprinted on the psyche of the West as an example of how important the principles of liberal democracy are in protecting us from such things happening again. And indeed, the idea that it would happen seems anathema to most people in the western world today — almost unthinkable.

And yet, here we are. In terms of the capability to listen to, watch and keep tabs on what its citizens are doing, the East German government could not possibly have dreamed of achieving what the United States government has managed to put in place today.

The execution of these systems is, as you'd expect, very different. The Germans relied upon people, which, even if not entirely effective, must have been absolutely terrifying: if for no other reason than you weren't sure who you could and could not trust. There was always that chance someone was reporting back on you. It might have been a colleague. A neighbor. A shop keeper. A school teacher. Not knowing whether someone you couldn't see was listening to what you had to say, or whether those that you could see might be passing it back to the authorities — that must have taken an incredibly heavy toll on people.

But as any internet entrepreneur will tell you, relying entirely on people makes scaling difficult. Technology, on the other hand, makes it much easier. And that means that in many respects, what has emerged today is almost more pernicious; because that same technology has effectively turned not just some, but every single person you communicate with using technology — your acquaintances, your colleagues, your family and your friends — into those equivalent informants.

Think about the proportion of our lives that are undertaken online and digitally. Every tweet, every interaction on Facebook, every photo on Instagram. You search for directions with a myriad of online mapping options. You check in your location on Foursquare. You review restaurants you've visited on Yelp. You speak to people all over the world using Skype. Every time you have a question, you type it into Google, or perhaps ask it on Quora. An increasing amount of your purchases are conducted on eBay or Amazon. You back up your laptop to the cloud. Almost everything you listen to or read is there too, or in iTunes. And while you might scoff at these as something that only early adopters use, even late adopters of digital technologies leave behind an incredibly detailed trail of their lives. Every minute you spend on the phone; in fact, every minute you carry it around in your pocket; every email you write; every instant message you send. Every transaction that passes through your credit card is recorded.

For an average person, with access to just one of these, you could piece together quite an interesting picture of a person's life. Interviewed recently on the Charlie Rose Show, Biz Stone, co-founder of Twitter, observed that for a lot of people, "email is the most intimate witness to our lives in some capacity. [It] knows a lot about our lives." But that's absolutely nothing compared to the portrait you could paint of somebody with access to a full range of all these services.

Which, we found out yesterday, is exactly what the NSA has.

But the technology alone isn't the problem. There has been a dramatic shift in mentality, and it doesn't take much to work out the date on which this happened: September 11, 2001.

Much has been said about what happened in the aftermath of that tragic event. The extent to which there was an extreme political response is understandable, if not entirely forgivable. What is more shocking, however, is that ten years on — with the risk of death being higher from a lightning strike than from a terrorist attack, and with the election of a President that had railed against "a false choice between the liberties we cherish and the security we provide" — the problem hasn't got better at all.

In fact, it's the opposite. It's got worse. Way worse.

Well before the revelations of the last two days, there had been serious hints that things were going astray. Like the data center off in the desert of Utah, apparently part of a network capable of storing yottabytes of data (I don't know about you, but I'd never even heard the term "yottabyte" before). A former employee of the NSA described the basic premise of the center as just to capture everything: "financial transactions or travel or anything... [and] the ability to eavesdrop on phone calls directly and in real time." Similarly, the Verizon revelations shouldn't come as that big a surprise; according to a former AT&T worker cooperating in an Electronic Frontier Foundation lawsuit, AT&T had provided the NSA "with full access to its customers' phone calls, and shunted its customers' internet traffic to data-mining equipment installed in a secret room in its San Francisco switching center" as far back as 2006.

And you could even see symptoms of the problem overseas. Europe — yes, the former home of East Germany — bravely proposed a series of changes to its laws that would enshrine the privacy of its citizens. These proposals would strike most people as reasonable: a right to get information out of a provider in a form that could be taken to a rival provider, and a right to be forgotten by a provider. Who was opposed to this? Not China or Iran, concerned that its citizens might benefit from rules that would allow them to cover their footprints or that companies would have a much stronger incentive to protect users' privacy. Instead, it was an all-American alliance: US technology firms, concerned that privacy might undercut their business models, and the US government, worried that their ability to surveil without issue might be disturbed. The scale of the lobbying effort to defeat these privacy regulations was so unprecedented that it caused EU Commissioner Viviane Reding to say that "I have not seen such a heavy lobbying operation."

The government will undoubtedly argue that the way in which this surveillance is all being conducted is very different to how it would be used in a non-democratic state; that is in fact exactly the line taken in an exit interview by Alec J. Ross, the State Department's outgoing senior adviser on innovation: "the truth of the matter is that there are laws and due process in the United States that protect our liberties to a degree that simply do not exist in 99% of the rest of the world." The evidence points to the contrary, however. For example, over the past ten years, the Supreme Court has prevented any challenge to the warrantless wiretapping of American citizens, relying on logic that could have been lifted straight out of Catch-22: to "properly challenge secret Government programs requires the very information the Government refuses to disclose" — in other words, nobody actually has the standing to challenge the policy. And even in the presence of evidence — for example, let's say the Government erroneously had sent you documentation of the fact that you're being warrantlessly wiretapped — then it will simply fall back on argument of sovereign immunity to have the case dismissed.

There's not a thing that can be done about it.

Now, if this was an ideological principle — a deep and profound belief in transparency, and the disinfecting power of sunlight — then, again, at least it would be understandable. But it's not that, either. Simultaneously, while doing everything it can to watch you, the government is taking another page out of the East German playbook — doing everything it can to stop you from watching it.

The Washington Post ran a special back in 2010 entitled "Top Secret America" that detailed the extent to which this was taking place. "The top-secret world the government created in response to the terrorist attacks of Sept. 11, 2001, has become so large, so unwieldy and so secretive that no one knows how much money it costs, how many people it employs, how many programs exist within it or exactly how many agencies do the same work." There is an entire industry that is simply out of the view of the public. Information about what Government is doing — essential for people to be able to make an informed choice in a representative democracy — is simply buried within it. Over-classifying has been turned into an art form. Embarrassing information is increasingly being classified, so it never sees the light of day. In fact, just last year, US Government transparency has hit an all-time low: the government cited national security "to withhold information at least 5,223 times — a jump over 4,243 such cases in 2011 and 3,805 cases in Obama's first year in office. The secretive CIA last year became even more secretive: Nearly 60 percent of 3,586 requests for files were withheld or censored for that reason last year, compared with 49 percent a year earlier."

The difficulty with which it is possible to pry open this world, and the consequences for doing so, are escalating rapidly, too. Whistleblowers are being strung up: say you leak information about government financial waste and mismanagement, well, you could find yourself being charged under the Espionage Act — the same statute used to convict Aldrich Ames, the C.I.A. officer who, in the eighties and nineties, sold U.S. intelligence to the K.G.B. In fact, this administration has launched more prosecutions of whistleblowers using this law than every previous administration combined. It has sought rules to allow federal agencies to fire employees without appeal if their work has some tie to national security. FBI investigations into leaks just so happen to be conducted in a way to ensure a chilling of the relationship between government officials and journalists. Then theere's the cases of Bradley Manning and John Kiriakou.

And while whistleblowers are being strung up, journalists are being hunted down, too. The DoJ secretly obtained two months of telephone records of AP journalists. Similarly, Fox News reporter James Rosen went from being a journalist to an "an aider and abettor and/or co-conspirator" in order to get a subpoena for his private email account. As the New Yorker pointed out, it was "unprecedented for the government, in an official court document, to accuse a reporter of breaking the law for conducting the routine business of reporting on government secrets."

And we haven't even touched on the topic of Wikileaks. Despite it taking on the role of a publisher, using the power of the internet to avoid the requirement of a legacy print business, it wasn't long after it started peeling back all these layers of secrecy that it was denounced by some as a terrorist organization. One might wonder how the East Germans would have reacted to such an organization? Perhaps Lenin, who had a 19-meter statue erected of him in the East German city of Leninplatz, might offer us some clues to as the way they would have thought about it: "Why should freedom of speech and freedom of the press be allowed? Why should a government which is doing what it believes to be right allow itself to be criticized? It would not allow opposition by lethal weapons. Ideas are much more fatal things than guns. Why should any man be allowed to buy a printing press and disseminate pernicious opinions calculated to embarrass the government?"

It's a line of reasoning that befits a failed surveillance state. And yet today, is remains all too familiar.

Yesterday, when news of the PRISM program leaked into the public domain, two items struck me. The first, from the New York Times: "The defense of this practice offered by Senator Dianne Feinstein of California, who as chairman of the Senate Intelligence Committee is supposed to be preventing this sort of overreaching... said that the authorities need this information in case someone might become a terrorist in the future." And then, there was this, from the Washington Post: "They quite literally can watch your ideas form as you type."

Watching peoples' ideas form as they type, in order to protect against someone who might become a terrorist in the future. George Orwell, eat your heart out.

The thing about that wall that cleft Berlin in half is that it didn't just represent a means of keeping people from freely moving. It represented something much more — it was about ideas and principles. About the balance between security and freedom. About whether you were there to serve the state, or the state was there to serve you. What I can't seem to shake is the feeling that somehow, the country most responsible for tearing that wall down has somehow managed to rebuild one in its own back yard.

Data Under Siege
An HBR Insight Center





Welcome to the "Data Under Siege" Insight Center
Does Your CEO Really Get Data Security?
The Companies and Countries Losing Their Data
Hack-Proof Your Company's Social Media