Monday, May 24, 2010

Jack Booted Thugs

A jackboot, as defined by Wikipedia, is a combat boot rising to at least mid-calf, with no laces, and typically leather soled. The term probably originates from association with the word jack or jerkin, as a common garment worn by the peasantry. Although jackboots date since before the Napoleon Bonaparte era and are still worn by many American police officers on motorcycles, 20th century jackboots, or the word at least, has been associated with totalitarian motifs.

When I hear the term, I think of Nazi Germany, with their Gestapo and the Secret Police. Those Nazi Jack Booted thugs brought terror to Germany's enemy and citizenry alike. If one was encountered on the street, the natural tendency was to quietly pass without attracting attention. I am sure you have seen movie depictions of the Secret Police questioning a suspected Jew for papers, or a citizen who was suspected of harboring an enemy. If they didn't like the answer, torture or death followed.

There is a new Jack Booted thug in America. Anyone who works for a large company will agree that Corporate Security employees operate much like the Nazi Secret Police. If you are in charge of a project, the last thing you want to happen is for a Corporate Security person to become interested in it. If that happens, you will be pulled in for intense questioning. If you satisfy their security concerns, it is only temporary. Soon, another Corporate Security person will notice the project and restart the questioning. Eventually, your project will be deemed a threat to corporate or customer protected information and is either neutered or shut down. This is because the Corporate Security mission is to render all project useless.

Corporate Security has absolute power in a company. If they determine there is a modicum of risk, they demand the project halt until all risk is mitigated. Refusal only leads to forced execution of the project by cutting off all feeds and interfaces to IT systems and databases. Corporate Security owns the IT world. IT serves as Corporate Security's Wehrmacht, the army of Nazi Germany.

You can never win an argument with Corporate Security. They don't operate logically and balance is never considered. Here is an example of how every conversation goes with them.

Corporate Security: Does your application contain information about the customer?
Me: Yes, we need to know the customer's name, their telephone number and any network information that describes problems they may have had on the network.
Corporate Security: Why do you need to know who the customer is?
Me: So that we can fix the problem they may be having.
Corporate Security: So they have asked you to fix a problem?
Me: No, we are trying to fix their problem before they even know about it.
Corporate Security: Why would we do that?
Me: Because it is becoming the standard for good customer service. It makes the customer very satisfied with the product.
Corporate Security: But they didn't ask you to look at their network information?
Me: No, they did not.
Corporate Security: Then you can only look at the network information anonymously. You cannot associate the customer's name or phone number to the network information.
Me: But without the customer's information, we would not know what to go fix.
Corporate Security: You will need to figure that out some other way.
Me: So why can't we know the customer's phone number or name?
Corporate Security: There is a risk it could fall into the wrong hands.
Me: Like another employee?
Corporate Security: Like an unauthorized employee.
Me: You mean an unauthorized employee who signed a pledge to never disclose customer information or risk losing their job?
Corporate Security: Exactly
Me: So my application is responsible for protecting the customer, and every employee who uses it?
Corporate Security: Exactly
Me: Then why were they required to sign the pledge?
Corporate Security: To protect the customer's privacy.
Me: Gaaaaaaaaaaaaaaahhhhhh!

I have had this same conversation with a Jack Booted Thug several times over the years. There really is little doubt why this company has lost literally millions of customers over the past 5 years.

2 comments:

  1. ugh that kind of stuff drives me bonkers!

    ReplyDelete
  2. At my company that department is called Information Security. It used to be named Data Protection, but had to change the name when all the employees were calling them "Data Prevention" due to the tactics that you covered. Obviously, that's a culture they are taught all too well in the Corporate Security arena.

    ReplyDelete