Look, The New York Times and similar news organizations are a sure bet to continue publishing stories about the National Security Agency or other government spies who are vacuuming up as much data as possible from as many sources as possible in their hunt for terrorists. And, yes, we'll learn that a good deal of the data includes private information about innocent folks like you and me. (Well, me, anyway.) I don't think any of us working in the IT industry are shocked by such revelations. Oh, a few politicians and corporate spokesmen have acted about as "shocked" as Casablanca's Captain Renaud said he was when he discovered that gambling was going on in Rick's Cafe Americain. But no one I've talked with in IT has been surprised.
After all, we expect our intelligence agencies to be, well, smart. Marrying the vast computational resources at the NSA's disposal with the petabytes of information held by corporate IT in order to sift through the data to detect terrorist behavioral patterns just makes sense. Did anyone think it wasn't happening? Does anyone think it's not happening now? Do you think it will ever stop? (If you answered yes to all three questions, drop me a line. Have I got a bridge for you.) As Scott McNealy pointed out years ago, we need to get over our quaint frontier notion that information privacy is possible in the Google era. Still, that does not mean we should willy-nilly hand over information to every geek with a James Bond complex.
So, how does a CIO respond when Uncle Sam comes knocking and asks for live data to feed the government's decision-support systems? Maybe you should prepare for a little tap-tap on your door, particularly if your business gathers vast amounts of structured data on consumer behavior.
Data aggregators, telecom firms and financial services companies are obvious treasure-troves of information that intelligence analysts can use with their (very) advanced BI tools. And companies in these markets have been in the news for giving customer data to the feds. Busy Web sites, such as those of major retailers, publishers, search engines, software-as-a-service providers, social networks and other large-scale data repositories, either already have been or may soon be asked to cooperate with the government and hand over their customer data.
If they show up, what's your plan? Certainly, if law enforcement officials arrive with a warrant or subpoena trying to obtain evidence to prosecute a past crime or find a specific suspect or group, cooperation is required. And there's loads of legal precedent to make such help on your part natural. It's not quite the same thing when data analysts from an intelligence agency show up wanting all or much of your data to test an algorithm about predicting a terrorist's future behavior in order to locate and exploit, catch or kill him.
Although CIOs won't get fired for helping their country during a national security crisis, they may get their companies in hot water with customers, who may object, protest and boycott those businesses because they feel that their privacy has been violated. Type "boycott AT&T" into your browser to see the thousands of sites and blogs already dedicated to hurting the telecom giant because it has given confidential customer information to the government. Then there are the lawsuits under way to punish AT&T for allegedly violating its own customer privacy agreement, a policy it has since revised, to the ire of many.
Civil libertarians will argue forcefully that by handing over private data, AT&T is helping herd this country further down an Orwellian path so that organizations like the Ministry of Truth will displace The New York Times. Officials charged with defending the nation counter with equally forceful arguments that protecting citizens against terrorist attacks such as the ones that happened in New York, Washington, Madrid and London means using every tool at hand, especially information analytics.
Where you stand in this national debate is not at issue. Whether your company is ready to become part of the public discussion is. If you're secretly helping the government in its information analysis work, it's safe to assume that it won't be a secret forever. This can be particularly problematic if you currently post a privacy policy that guarantees consumers that you will protect their data and not give it to anyone outside your company -- as most privacy policies I've read state clearly.
I suggest that you collar your CEO and corporate counsel and have a discussion about what stance your company should take, whether you're involved in the war on terrorism or not. Protect privacy. Protect the nation. But don't forget to protect your company.
Mark Hall is a Computerworld editor at large. Contact him at mark_hall@computerworld.com.