Secrets in a day-lit world
What I know about security could be fit in the firmware of a Linksys home-network router box. But, amidst the important technical jabber about how to make your system impregnable--interesting choice of words, eh?--let's remember to consider the human price of security. Then we can get back to buckling the chastity belt around our precious information systems.
There are some secrets companies need to keep. Biotech companies need to keep their molecules secret. Public companies need to keep significant events secret until they can be made public all at once. Every company needs to handle some personnel issues very discretely. Yet the cult of secrecy embraces much more than these handful of dangerous truths. The default in a company is to keep things private, and much is kept under lock and key that need not be. Why?
Because, while knowledge is power, it's more often used as a weapon. We maintain our company's position by selectively releasing information to our customers, partners and employees. We do this sometimes for good reasons but more often because we view our company in Nietszchean terms as an Ubermensch that exists to exert power. The terms of business are the terms of contention and war. In this battle of all against all, you can subdue your opponents--and this includes your customers as well as your competitors--by only telling them what you want them to know.
Further, we maintain our own place in the corporate hierarchy by having secrets. Your status is judged by how much you're not allowed to say. And the closeness of your relationships with your suppliers and partners is measured by how deep the NDA goes.
In short, we have invidious reasons for keeping secrets. But the Web is changing the equation. From now on, amassing secrets really means isolating yourself from the life of business. It means that you are engaged not in the Will to Power but the Will to Be Ignored.
For example, I was at a conference recently where a an experienced Business Professional who just happened to bear an uncomfortable similarity to George Clooney was asked about security. Be afraid, he replied, for there are 17-year-olds at MIT who can hack into your best-protected system. And, he warned, since a business's main asset is its customer list, your business in peril. Suppose, he said, your customers were to find out what each of them is paying you for the same service? Disaster! Meltdown! Economic Chernobyl!
Well, yes and no. Yes, there probably are 17-year-olds who can hack your system. And having your customer records made public might be a disaster for you. But the real threat isn't from the 17-year-olds. It's from your own customers. It's just about guaranteed that they're already talking with one another on the Web. They're passing around tips, answering technical questions, advising on the strengths and weaknesses of your products, and griping about you at the drop of a phone call. How long do you think it will be before one of them mentions how much she paid for your product or service? How long before everyone else replies?
There's no technology that will stop your customers from hacking your security because there's nothing technical about their technique. They're just getting together and talking. And if this is a disaster for your business, you'd better alter your business. You're doing business in the full light of day from now on. As Scott McNealy might say "Get over it"--except he was talking about consumer privacy, not corporate secrets.
It's only when the reign of secrecy ends that we'll truly appreciate the hidden costs and risks of putting business life behind locked doors. The loss of creativity and productivity caused by managerial smugness has been enormous. The insult to employees who are daily told that they're not trusted to know what their bosses know has alienated generations of workers from the corporations they've built. The keeping of customers in the dark about plans--as if they were children who can't handle information presented to them as a tentative--has set back customers' planning and introduced a power relationship where there should be confidence based on a true mutuality of goals. The institutionalizing of fear and distrust throughout the business world has for generations turned well-meaning people into scared bastards.
Sure there are secrets worth keeping. But they exact a tremendous price. That's one reason the warm daylight of the Web feels so damn good.
David Weinberger is editor of Journal of the Hyperlinked Organization.