Terror Doesn’t Matter

(Neither Does I/T)

By

Richard Perrin PMP

The article, “IT Doesn’t Matter”, written by HBR Editor-in-Chief Nicholas G. Carr in the May 2003 issue of the Harvard Business Review raised some eyebrows and invited responses from agreement to outright testiness. Since IT has been treated as somewhat of a sacred cow in recent years – to suggest that it ‘doesn’t matter’ is tantamount to puking on someone’s religion. However the article did make a lot of sense – technologies are invented, grow, become part of the modern landscape and eventually fade away or die. Mr. Carr’s point was that although IT infrastructure is currently needed for competitiveness, IT is no longer of any strategic advantage for a company that wishes to distinguish themselves from their competitors. It’s become part of the landscape – everybody has it. As current technologies are ultimately replaced by newer and more capable technologies, they cease to matter in the same way they had in the past e.g. the horse & buggy, the steam locomotive, the 3380 disk pack and maybe sooner than anyone thinks, the gas powered automobile, big oil, software engineering and MS Windows…

In reviewing the Carr article I began thinking about the federal response to events that occurred on 9/11/2001. To protect us from danger the government instituted the following for reasons of National Security:

• Performed a major security checkpoint inspection upgrades at all major US airports, borders and public buildings hiring thousands of new federal employees to perform the security checks.
• Initiated a “Terror Alert” color coded warning system to warn of heightened security threats.
• Passed the Patriot Act which grants the Federal Government and US Law Enforcement unprecedented powers while eliminating the checks and balances that previously gave courts the opportunity to ensure that such powers were not abused. These sweeping powers include internet taps, roving wiretaps, increased FISA authority to spy on Americans, etc.

While the government response now appears to be more a ‘wag-the-dog’ scenario than a sincere effort to protect the general citizenry, if 911 taught us anything, it reminded us that the world is a dangerous place and that no one is truly ‘safe’ from terrorism. However, instead of a reasoned security response to protect our interests and giving clear thought to what security implementation was needed, we got a knee-jerk ‘instant fix’ which may have actually exacerbated the problem.

Contrast this scattershot approach to public safety to the security infrastructure that has existed in the IT world for years. Most people that work in IT know that we have laws in place to protect our computer security infrastructure and program code. Note the following from the Oracle Technet website. If anyone wants to download software for evaluation purposes the following statements must be checked off before the user is allowed to download the software:

================================================================

ELIGIBILITY EXPORT RESTRICTIONS

• I am not a citizen, national or resident of, and am not under the control of, the government of: Cuba, Iran, Sudan, Iraq, Libya, North Korea, Syria, nor any other country to which the United States has prohibited export.
• I will not download or otherwise export or re-export the Programs, directly or indirectly, to the above mentioned countries nor to citizens, nationals or residents of those countries.
• I am not listed on the United States Department of Treasury lists of Specially Designated Nationals, Specially Designated Terrorists, and Specially Designated Narcotic Traffickers, nor am I listed on the United States Department of Commerce Table of Denial Orders.
• I will not download or otherwise export or re-export the Programs, directly or indirectly, to persons on the above mentioned lists.
• I will not use the Programs for, and will not allow the Programs to be used for, any purposes prohibited by United States law, including, without limitation, for the development, design, manufacture or production of nuclear, chemical or biological weapons of mass destruction.

================================================================

The US Export Administration Regulations (EAR) state that ‘willful violations’ of the EAR can earn an individual a fine of up to $250,000 and a ten year vacation at Club Fed. In other words, there are very strict rules imposed concerning the distribution of commercial software code off-shore.

What’s point of mentioning the EAR and off-shoring together? The comparison should be clear by now: I can’t ship computer software code from the US to any nation on the EAR restricted list, but I can off-shore the processing of my data. Stated a little differently: it’s a federal crime to ship software code to anyone on the EAR restricted list, but my company can send the processing of Social Security numbers, credit card numbers, bank account numbers, IRA numbers offshore for processing to a Third World country like India or a Communist dictatorship like China.

Has anyone read any articles about India’s security-hardened IT infrastructure? Doubtful. How about China’s award-winning hack-proof IT infrastructure? Not a word. While it is obvious that all things being equal a business is crazy not to buy on price when the commodity to be purchased is of equal quality and grade, we are quite far from verified proof that the off-shoring of IT services is safe (See the article on this website “The Great Offshore CMM Hoax”). We are definitely NOT getting like-for-like-for-less.

I have worked with multinational teams of programmers for well over ten years; from India, Ukraine, Israel, Nigeria, Latvia, China, UK, Serbia, Croatia, Philippines and more. All of them were capable professionals. However all of them, and particularly the programmers from India, laughed whenever I questioned them about off-shore data security. If an ‘interested party’ on the EAR restricted list wanted to obtain black market account numbers, credit card numbers or the like, a $10-$20K bribe could probably buy a truckload of that kind of information very easily.

The upshot in this astounding oversight is that the US Federal Government has learned to do what all good magicians are taught from the moment they begin to learn their craft; misdirection conceals your actual intention and hides, in plain sight, the ‘magic’ being performed. Sleight-of-hand gets them every time.

While the steamroller of National Security anti-terror scare tactics has been paraded across the national landscape on television and the press (misdirection), no one is talking about what’s been going out the back door (sleight-of-hand). I haven’t read a single article or news story about how the off-shored customer data is being protected, secured or in any way locked-down to prevent identity theft or misuse. Why? Because it appears it is not in the major US corporate “godfathers” interest to do so - they are too busy stuffing their own pockets with the money they are saving.

Unfortunately, it’s not just the data that is in jeopardy and there is a much darker side to the off-shoring phenomenon - where US businesses don’t offshore, several have worked around the H1-B visa restrictions by employing the L-1 visa ploy: The L-1 visa program was created to allow multinational companies to temporarily transfer employees with specialized skills from their foreign subsidiaries or parent companies to work on projects in the United States. However, a loophole allows IT consultancies with operations overseas to import foreign workers and then contract them out to U.S. companies, which are not required by law to pay L-1 visa holders prevailing U.S. wages. In other words, US businesses can pay an L-1 visa holder working in the US an offshore bill rate, whereas H-1B visa holders must be paid at prevailing US rates. L-1s don’t pay US federal income tax either.

It is interesting to note that Vivek Paul, the CEO of the Indian offshore firm Wipro stated in a recent eWeek interview, “To every one of the millions of unemployed people in the US, that job created in India looks like that was ‘my job’… As a result, there has been an enormous magnification of how much impact outsourcing has had… You will see this issue being politicized because of the perception of ‘that’s my job sitting over there’”. Maybe Mr. Paul needs to be aware of some of the ‘real’ events that have occurred as a result of this ‘perception’:

• A firestorm of protest erupted when IT workers at one company were forced to train their foreign replacements or lose their severance packages. Of course, they were fired upon completion of the training. I wonder where the company executives got the idea to do that… (I seem to remember a certain political party in WWII Germany that forced POW’s to dig their own graves before they were shot and buried en masse.)
• Four former California Gubernatorial candidates recently took part in a labor protest last September 1, 2003 in front of the Bank of America Technology Center in Concord, California.  Evidently a long time B of A employee, Kevin Flanagan, after spending months training his replacement from India, was summarily fired after many years of service to the bank.  Kevin Flanagan committed suicide shortly after his dismissal.

No, Mr. Paul; there is no politicized ‘perception’ that ‘my job’ is sitting over there in India. The company that forced those employees to retrain their Indian replacements has rubbed their faces in it, thank you, and they’re all very clear on the fact that their jobs ARE sitting there over in India.

It seems that the real terror being perpetrated on the working American public is not coming from Iraq, Osama bin Laden or Al Qaeda, but from corporate board rooms across the United States.  Naturally, this is all being done with the full faith and backing of the US Federal Government.

While all this has been going on there has been not one word from the Bush Administration about retraining or re-tracking the millions in the highly educated and technically adept workforce that has been dumped on its ear. After all with an MBA and possibly a PhD in Computer Science, what retraining do you think would be appropriate for an individual with this skillset, Mr. Bush? How about Nurse’s Aide or Court Stenographer?

Since the President thinks that off-shoring is good for American business, maybe he should be the one to set a good example for the rest of us and start by off-shoring the US Presidency to India. I’m sure the Indians can perform G.W.’s job for a lot less money, with much higher quality and also be able to reverse some of the $521 billion in red ink Mr. Bush has chalked up since he was selected by the US Supreme Court for the job.

So while you deplete your savings, pillage your children’s college funds, sell the house you worked 20 years to pay off or are on your way to the bankruptcy lawyer because you can’t find a job or better yet, are forced to work at one third your former salary, and Tom Ridge posts the next terror alert at a “Red” status, warning us all of imminent terrorist attack, just how scared are you going to be?  I’ve already been there Mr. Ridge - terror just doesn’t matter anymore.

[Home] [About Us] [Services] [News] [FAQ] [Articles] [Article] [Article] [White Papers]