This post is about Wikileaks, without being about Wikileaks. We know the most recent Wikileaks release was an overwhelmingly large set of data, generated by a fairly low-ranking intelligence analyst, and contains potentially sensitive information. The aspects of the Wikileaks scandal that fascinate me, however, are the human and organizational factors affecting data security.
Why did Bradley Manning do it? He must have known he would be subject to a long prison sentence (at best), and made no efforts to hide his actions. Assuming he was acting rationally, the benefits he imagined from doing so outweighed the prospect of certain punishment. Manning must have evaluated the volume and nature of the data at his disposal – data owned by his organization, effectively the U.S. government – and chose to place his individual motivations above those of the organization to which he belonged.
His own Wikipedia page and various media reports describe Manning’s “disillusionment,” and some opinion pieces paint him as “disgruntled.”
Disgruntled at the age of 23?
This fact points to the causes of the leak: it’s a people problem, more than an information problem. This includes security clearances, i.e., how many eyes need to see the information, but the solution is not about security clearances. Safeguarding organizational data such as that shared in the Wikileaks event is ultimately a management issue, for the following reasons:
A change in employee behavior is a crucial signal to management. It would surprise me if Manning’s behavior changed overnight from unassuming analyst to data thief. A good manager should look for changes in employee behavior that signal a shift in attitude. Furthermore, a manager should ensure he has enough information to act on if restricting or revisiting information flows becomes necessary, particularly in the event that an employee’s risk profile changes.
Digital natives exhibit different workplace values than their older counterparts. At 23, Manning is a digital native. Individuals under the age of 30 have grown up with technology in a world where a sense of possession is poorly defined in digital terms. Digital natives have a different notion of right and wrong in sharing information than previous generations of workers, even when information is proprietary to their organizations. Generation Y is also less loyal to organizations, and expects authority figures to earn their respect, rather than commanding it automatically. (I realize the Army is a very special kind of organization; however, the military cannot claim to be modernizing for warfare in the Information Age and expect to preserve outdated management philosophies, particularly when recruiting overwhelmingly from the digital natives demographic.)
Technology itself distracts from the human issues. Security specialists discuss access protocols and authentication procedures, but focusing on such issues is like staring at the end of someone’s finger when she points to a mountain in the distance. Internal data leaks are a real threat, but they are also perpetrated by people. The Information Age is changing the relationship between people and organizations. Adding to the urgency of the problem, today’s technological capabilities allow people to share and act on information as quickly as they think to do so. When “think it – do it” is the norm, it is important for an organization’s management to communicate expectations about information use and dissemination and to assess and monitor, in an honest way, the risks associated with information flows.
The landscape of information behavior is undergoing a major shift, and technology is merely an enabler of behavior. An individual’s ability to act impulsively, and with powerful tools that can execute enormously impactful actions digitally, should prompt organizations to manage closely the human aspects of internal security threats. It takes one weak link in an organization – unmonitored, disillusioned – to commit a destructive act with sensitive data. Although individuals should be empowered to make ethical, informed decisions when acting on behalf of their organizations, management culture must continue to adapt to the new Information Age, and its digital natives.
One of my fond memories of working in Finance MIS was a short-lived tradition called “Nerd Lunch.” I and another analyst would log in to a net meeting and work through complicated SQL queries every few weeks. We would brainstorm solutions for ongoing information problems facing our department. I ask you: Has there ever been a more appropriate moniker for an event?
The analyst was my guru. With her help, I went from landing a job where I knew next to nothing about the software I would be using to finding solutions for decision makers in our organization.
I’m writing this blog post because it’s great to get excited about a job posting that sounds perfect in terms of industry, position, and advancement opportunities – but then it’s disappointing to worry about qualifying on ‘Preferred’ software experience. Worrying about software experience may even keep a job seeker from pursuing a position. What follows are tips I’ve found helpful to first get through an interview without perfect software experience, and then to get up to speed quickly in software skills once hired.
For an interview: Likely you will be facing a hiring manager when answering questions about software skills. Before the interview, it is possible you may be able to fully investigate the software – say, with a free trial for more common products. Barring that, prior to sitting down with the hiring manager, I suggest Googling the software listed in the job posting to find its specifications, as well as those of competing software products. This is a particularly helpful step with specialized software, such as enterprise management, accounting or asset management software.
Investigate the capabilities of the software to understand the functionality, and then come up with (intelligent!) questions related to the software’s application to itemized job responsibilities in the position listing. After all, once you get the job, that will be your contribution to the organization. It is most important in an interview with a hiring manager to demonstrate understanding of the role and to express critical thinking skills related to a position’s responsibilities.
Once hired, read a book: Find a beginner’s guidebook to the software if you can. Also, read it. (NOTE: No one really thinks you are a dummy when you read those Dummies books.) Rather than buying it new, I suggest checking out bookins.com, half.com, or posting an ad on Freecycle for a used copy. I’ve always found that starting with these books gives a good comfort level for tinkering in the software, at which point you are ready to sandbox.
Sandboxing: This is when you’ll start breaking existing tools in a calculated way. Set up a dev environment for this step, whatever that may be. For tools that use scripts, like VBA, or query language, like SQL, pretty much everyone learns by stealing snippets from existing tools and modifying for new applications. This is the sort of stuff you can do while waiting on a batch of project work or during down times in cyclical reporting periods. Please do not underestimate the “Help” tool in a software package; these tools tend to get more useful as your grasp on the software jargon strengthens (ironically). There’s no shame in using company resources to iterate and build on your technical skills, particularly if you are the type to check Facebook or text during working hours.
Find a guru: A guru is different than a mentor. This is a person whose geek runs deep, but who has enough patience and time to answer your technical questions. A guru will also have excellent problem-solving skills, in that she (or he) can help you find answers to existing problems by walking you through previously applied solutions in the software tool. Surprisingly, perhaps, a real guru won’t do things like grab your mouse and make a quick fix; that person will have a conversation with you, explore the scope of the issue, and explain in plain language what you need to do. You will learn to deepen the relationship with increasingly thoughtful questions about the work at hand, eventually adding value instinctively. In the long run, a guru’s approach will ideally make you a better thinker.
When this person helps you, be sure to recognize her. Buy her coffee. Send a thank-you email to her boss. Write a blog post about her. Someday, if you care to, you’ll be in the position to act as a guru.
I hope this makes learning new software (or becoming an expert in familiar software) more attractive and less painful. The software is just a tool for the tasks at hand. In the end, you are the element adding value in the position, first by applying software and later by sharing your knowledge.
Information management can be described using a couple of different but fairly similar models. The University of Washington’s iSchool depicts a triangle-shaped model of Information, People, and Technology. However, our readers might notice this blog examines the intersection of People, Information, Technology and Organizations (this model is explained in greater detail by Ping Zhang and Robert I. Benjamin in a paper titled “Understanding information related fields: a conceptual framework”).
We’re square rather than triangular, if you will.
Why do we add organizations? Because gathering and acting on information changes fundamentally in an organizational context. And sometimes, information behavior within an organization can be downright bizarre or frustrating.
Here’s an example: I went out to dinner a few weeks ago with friends, and my debit card was declined (happily, the waiter did his best to not treat me like a deadbeat). Since the card was declined for no obvious reason, I had a mystery on my hands. Unfortunately, customer service representatives (CSRs) at the national bank where I have my checking account were stumped as well.
Eventually, two weeks later – after three calls to the 1-800 customer service line, two trips to the local branch, and a dozen fact-finding missions through the online banking portal – my debit card was still not operational and I had been told it might be because the number had been stolen.
Think about all the failures in my interaction with the bank: I had several types of contact with different outlets of the organization, and none of them were satisfactory. At least three CSRs were unable to access my account because I had opened my account in a different state (each of the representatives did sheepishly suggest I could open another account at the branch and then they could help me; I declined those offers).
I can do without naming the bank because this isn’t meant to be a Consumerist-type rant. But I think the episode does bring to light the irrational and haphazard information strategies organizations seem to employ. As a person and a consumer, I scratch my head when representatives of the bank cannot answer my questions or help me understand what is happening with my account access. But the madness of the situation also affects the bank employees: imagine the exasperation of working a front-line CSR job and having one’s hands tied routinely in a significant number of common issues.
But for the organization, this information strategy is working on some level. I imagine – the finance industry being particularly yoked by multiple layers of regulation – this national bank has designed its policies and procedures to serve up a savory dish of compliant operational spaghetti. Somewhere, a satisfied auditor completes an X on a checklist when a CSR in Washington cannot access my account, what with its Massachusetts provenance.
This is operational reality in the modern banking industry, and I mostly understand why my encounter with the bank was so dissatisfactory. However, I think such encounters are at the very least opportunities for learning in organizations. Holistic customer experience (a process of design that includes all touch points in dealing with customers, or even vendors, of organizations) should focus on tasks vital to customers at all service delivery points.
Here at infoscussion, we believe information management model has four facets – and that an organization’s needs can be separate from, but equal to, those of the people involved with the organization.
I used to believe a person could learn more about management from a bad boss than from a good boss: it is easier to articulate what is missing from a working relationship than to notice the efforts of a good manager. Now, I think the truth is that a person always has expectations for a working relationship. The gap between expectation and reality is where learning, through constructive feedback, takes place.
When I left the workplace to attend graduate school full-time, I had a great boss. He was a great boss because he was a master of feedback: timely, thoughtful, economical, progressive feedback. Feedback is a personal information exchange we engage in throughout the working day; because of this, I would argue that maintaining a healthy feedback routine (outlined below) with other individuals is the foundation of a good working relationship.
Good feedback is timely. Work is a series of unending interruptions. It is natural to feel pestered by an employee or team member asking for feedback, but it is also important to support the priorities of the organization. Often, if I procrastinate on giving feedback, it has to do with not managing my own time well, or – this is worse – feeling I do not know the subject matter well enough to give meaningful feedback. In the latter case, my feedback should be: “I’m not the right person for an answer;” a polite “no” can also be appropriate feedback.
Good feedback is thoughtful. If I am the right person to give feedback, then it is my responsibility to really examine the item or issue in front of me. My former boss was good about this: his feedback contained questions that demonstrated he had thought about the item. Alternatively, if he had not set aside sufficient time to look at the item, he would set a time when we could sit down together. Courtesy creates goodwill.
Good feedback is economical. I mean this in two ways. First, feedback needs to be exactly as long as it needs to be. A good feedback routine gives each party a chance to clarify points, if needed, but it is a matter of personal discipline to make sure all points are salient. The second element of economical feedback means that it should be intended to maximize future efforts: it is better to determine at 10% completion that a project adds negligible value than to let sunk costs pile up. Employees and project teams will experience more satisfaction when they know all efforts are regularly analyzed to ensure added value.
Good feedback is progressive. There should be a common thread linking all feedback sessions, particularly between a manager and his employee. If a manager is unable to both criticize shortcomings of a project and praise improvements over time, he is either criticizing too much (which can paralyze an employee’s continued improvement) or leaving out recognition of improvement. As an added benefit, progressive feedback all but guarantees that an employee will know where she stands at regularly-scheduled formal reviews.
No one executes good feedback perfectly all of the time (certainly not me). And everyone experiences an occasional Terrible, Horrible, No Good, Very Bad Day that will derail the best intentions. In the long term, however, simply being mindful about the feedback one gives and receives goes a long way to improve working relationships.
I got in trouble at the library once.
This story is pretty old, since it starts with a card catalogue (and by that, I mean skinny drawers containing actual typewritten cards). I was 10 years old, and looking for Judy Blume novels I hadn’t already read in the “Author” card catalogue. I found a book titled Forever.
When I lugged my stack of books up to the circulation desk, the librarian on duty was the dour one with a tough-on-talking stance. She slapped through the books inserting due-date cards and held up the copy of Forever: “Does your mother know you’re reading this?” she asked.
“No,” I said. And then I thought: Do I need to hide this book under my bed?
It wouldn’t have mattered. The librarian called my mother on the phone later that day. When Mom asked me about the book, I thought I was in trouble, which seemed pretty lame; I had skimmed the novel earlier and found almost no good parts. You know what I mean.
Mom explained that I was not in trouble. “I told the librarian there was no problem,” she said. “If there’s a book available for checkout, and you remembered your library card, then it’s your privilege to read it.”
A lesson imparted to me when I was young (and not just in this instance), was the importance of having unlimited access to everything the library offered. It also gave me the notion that it is impossible, and probably a little dangerous, to judge books or resources or information objects as being inherently “good” or “bad.”
In the digital information age – where 10-year-olds no longer stand on tiptoe to search through card catalogues – we seem to have access to boundless information through simple Google searches. Because of the access we have online, there are situations in which modifying information searches based on people’s needs is reasonable or necessary. For example, Google users can adjust search “safety” settings. In addition, “lifestyle” search engines, such as ImHalal.com, fulfill a specialized user need.
But some information access issues have the potential to affect all users. Last week, a bill called the Combating Online Infringement and Counterfeits Act (COICA) was introduced to the Senate (full text is here). The bill would enable both the courts and the Attorney General to blacklist Internet domain names; the vague wording of the legislation seems to threaten a slippery slope to government censorship. Just as the librarian made a value judgment about what information was good for me, COICA appears to expand the power of government to judge the utility of information for all users in the U.S.
This sort of legislation should inspire us to think about democratization of and access to information, and the role government should take in the information age. While I believe intellectual property should be protected, the scope of this Senate bill makes me uncomfortable. It is not clear to me why a government-mandated domain blacklist is necessary if we have a vibrant digital community capable of policing its own, as well as (mostly) responsible content hosts willing to comply with relevant laws.
I do not intend to make a political statement with this post, but developments like COICA remind me of a recent statement by Google’s CEO, Eric Schmidt: “Washington is an incumbent protection machine,” Schmidt said. “Technology is fundamentally disruptive.” As users in the digital age, we should be aware of the gains to information access privileges we have made, and work to preserve the benefits of better access to information.
Photo by Lasse C. Available under a Creative Commons Attribution-Noncommercial license.
A new development in the way Whole Foods displays its seafood has me thinking about how consumers use information in their decisions. The supermarket chain recently started labeling the seafood in its fresh cases with a color-coded system to indicate the sustainability of fishing practices for each type of fish offered. (For example, fish in danger of being over-harvested, or caught using ecologically damaging practices, are labeled Red or “Avoid.”)
Initially, I thought this was an odd move: why carry “Avoid” fish at all? But if I consider the Whole Foods tactic as an information strategy, there seem to be some advantages to giving consumers more data related to their purchases, rather than simply adjusting prices or changing the variety of products offered. I have tried to identify and outline the important components of the Whole Foods information strategy in my analysis below.
Consumers act in a social setting in a supermarket. A consumer may be less likely to order an “Avoid” species in front of other customers, even if she does not personally worry about collapsing fisheries. The social pressure to responsibly consume could impact on the overall demand for certain species.
Perhaps more importantly, consumers gain lasting information from a single transaction. The next time a consumer purchases fish – even if it is not at Whole Foods – he may likely remember certain species labeled “Avoid.” In this way, the labeling tactic could inspire a shift in demand throughout the marketplace, or at the very least cause consumers to ask more questions about the origin of their seafood.
Prices are point-in-time data, and may inaccurately reflect the sustainability of consumption. We suspect many fisheries may be close to collapse, and the negative impact of fishing practices worldwide will affect all points of the food chain. We are not able to price a salmon fillet to capture the opportunity cost of fisheries collapse (the 1992 collapse of the Northern Cod fishery demonstrates some of the complexities of gauging the health of a fishery). Consumers need more information than price alone to make sustainable choices.
Whole Foods sends a powerful message about its perceived role as a corporate citizen. Corporations are supposed to care about the profits in this period or this year. However, sustainable practices require a longer view than quarterly (or even annual) earnings statements can offer. By giving consumers more information, Whole Foods takes the long view on the seafood market, the importance of ocean ecology, and its place as a food retailer, while continuing to give consumers optimum choice.
We are surrounded by information constantly. Curiously, though, the information available to us as consumers in the grocery store is truncated by federal regulations, and in some cases, state laws. The seafood labeling practice at Whole Foods demonstrates the possibilities of giving consumers clear, salient information to encourage sustainable and healthy choices in the supermarket.
(You don’t have to go to Whole Foods Market to refer to the Seafood Watch guidelines. Downloadable guides are available through the Monterey Bay Aquarium.)
Photo by bensonkua. Available under a Creative Commons Attribution-Noncommercial license.