Interhack Founder Matt Curtin at 10th Annual Ohio Conference on Employment Law in the Age of E-Mail & the Internet
This conference, held at the Radisson Airport Hotel in Columbus, Ohio on May 9, 2001, covered all areas of employment law, law enforcement, and the roles of policy and technology in liability and risk management.
The following is a statement of position on the topic. The 30-minute talk can basically be summed up thus:
- Remember that employees are human beings.
- Humans can be demoralized by an environment that is invasive of their basic rights as humans.
- Technology is no silver bullet: the greatest products and the most invasive technology won't be able to stop dedicated attackers; it's an arms race. Smart People will win.
- Employers should want Smart People to work for them, not refusing their job offers because of unacceptable working conditions or fighting with them after their date of hire.
- Policy is the statement of the organization's goals and means to implement those goals. Technology can help to enforce that policy. If employee behavior is significantly disconnected from the organization's goals, the result is vulnerability and a false sense of security by management.
The question of how to manage risks online is not fundamentally different from the question of how to manage risks offline. At the most fundamental level, organizations must trust their employees to some degree. Particularly in an information economy, the value that workers provide their companies is not in how quickly they can pull a lever on an assembly line, but in how well they can use their minds to identify and to address the challenges faced by their organizations.
Management models based on the idea that The Company knows all and requires its workers only to follow The Plan are completely unworkable. Employers who use technology to keep a constant, watchful eye over their employees' proverbial shoulders send an implicit but clear message to their employees: ``you are not to be trusted''. This is detrimental to morale, reduces the quality of work, and makes it difficult or impossible to hire top talent.
Our most successful organizations today are agile and dynamic, where people can and do make a difference at all levels of the organization.
People naturally look after their own interests. Organizations that tie their employees' success to their own and give their employees a sense of ownership motivate their employees to act in the employers' best interests.
Management needs to understand that although it might be ``in charge'', it is by no means ``in control'' of the organization. Control of the organization lies in the hands of the individuals with access to information---the keys to the kingdom in our economy.
Rather than spend precious time and working capital monitoring people in an effort to ensure that employees behave themselves, organizations need to spend their resources managing their systems, ensuring that they articulate their systems' functional and operational requirements, audit their systems for compliance, and ensure that the set of risks that they're managing on a day-to-day basis is the set of risks they've agreed to manage.