Sunday, March 23, 2008

Irrellevant information

CNN reports that the chief of the firm involved in that Obama breach is Obama adviser. Clearly this is the 'investigation' of the matter that Rice promised.

But as with the Diebold 'revelation' that the CEO of the firm was a Republican who promised to help Bush get elected, the information is irrelevant to the central question of whether the activities were politically motivated.

The organizations involved here are businesses, not the military, not an organized crime ring, not a communist party cell. The idea that the CEO of a company can essentially order employees to engage in a criminal conspiracy to damage a particular political candidate and expect compliance is pure fantasy.

A CEO can set up internal policies in such a way that employees have incentives to break particular laws that affect the business. For example, giving store managers bonuses for saving money on cleaning costs and not asking if the companies they hire are using illegal workers or failing to pay the minimum wage. But ordering employees to break federal law for political reasons is unlikely to gain compliance and would expose them to blackmail.

Underlying this 'news' is the essentially feudal assumption that the only power hierarchy is the visible one. Employees are vassals who have sworn allegiance to their liege lords (CEO). If this assumption was true and there were no competing loyalties there would be almost no security problems. It is precisely because the employee's loyalties are not necessarily aligned with the organization that security is necessary in the first place. The CEO may be an Obama supporter but its the employee sitting at the terminal who has the ability to access the files and they might support McCain, the Klu Klux Klan or the Communist party.

The real question here is not who gave the workers their pay check but who was responsible for the information system that allowed them unrestricted access to the information. In this case the administration did not need to create the incentive, all they needed to do was to ensure that there was the opportunity.

This does not of course change the fact that these information systems are decades old and this is not the first time there has been a possibly politically motivated breach. The administration has had eight years to fix the security of these systems and they cannot claim 'terrorism' as an excuse for not doing so. This type of information is a terrorist target.

No comments: