Tuesday, October 28, 2008

"What Was Privacy?" Indeed!

Compare these two quotes:

I have a date there with Samer Takriti, a Syrian-born mathematician. He heads up a team that's piecing together mathematical models of 50,000 of IBM's tech consultants. The idea is to pile up inventories of all of their skills and then to calculate, mathematically, how best to deploy them....

Takriti, a slim 40-year-old with wide, languid eyes, opens the door of his small office. He wears a rugby shirt tucked tightly into blue jeans. I tell him that being modeled doesn't sound like much fun. I picture an all-knowing boss anticipating my every move, perhaps sending me an e-mail with the simple message, "No!" before I even get up my nerve to ask for a raise. But Takriti focuses on the positive. Imagine that your boss finally recognizes your strengths, he says—maybe ones that are hidden even to you. Then he "puts you into situations where you will thrive."

Still, Takriti confesses that he's nervous.... With time, he and his team hope to build detailed models for each worker, each one complete with a person's quirks, daily commute, and allies, perhaps even enemies. These models might one day include whether the workers eat beef or pork, how seriously they take the Sabbath, whether a bee sting or a peanut sauce could lay them low.
(from "The Numerati," by Stephen Baker, excerpted in Business Week, 28 Aug 2008)
-and this-
Harriet Pearson is IBM’s chief privacy officer, a role she assumed in 2000, when Lou Gerstner was CEO. Gerstner was “convinced that as the Web emerged as a business platform, companies—particularly one such as IBM—had to lead on privacy,” Pearson says. “We were at an inflection point with respect to the pervasiveness of technology in business processes, and he correctly judged that IBM needed to use its leadership on that issue to support our initiatives on e-commerce.”... In 2005, under Chairman and CEO Sam Palmisano’s leadership, IBM adopted a forward-looking global policy that forswore the use of employees’ genetic profiles in making decisions about hiring or access to health insurance and other benefits. Pearson credits IBM’s own “DNA” in issues of employee privacy and nondiscrimination for the logic behind its policy on genetic profiling. “There’s a direct line that I can draw back to our history in the 1950s and 1960s that is consistent with who we are as a company,” she says. (In May 2008 George Bush signed into law the Genetic Information Nondiscrimination Act. IBM’s early support facilitated its passage.) IBM’s manifold adventures in new technology—including systems for accelerating genomic research and pharmacological innovation—enable it to foresee developments that have implications for privacy. Pearson says it’s part of her job to scan company and industry horizons for potentially gnarly situations: “My business needs make me as likely, in one day, to be looking at genetics and RFID, and what they mean for privacy issues, as at data privacy and security issues associated with global business processes and the emergence of what’s being called ‘cloud computing.’” (from "What Was Privacy?" by Lew McCreary, Harvard Business Review, October 2008)

Both quotes concern IBM. And so, are you as confused as I am?

A company that characterizes itself as a privacy pioneer is mathematically modeling its consultants? This is what happens when cognitive bias embeds itself in a bureaucracy. IBM's people consider themselves privacy pioneers, yet at the same time they install procedures that to an outside observer are clear invasions of their employees' privacy.

Let me relate a little privacy story. A few years ago, I was involved in a dispute with my employer over an employment contract. While this dispute was ongoing, I still worked at the company. One day, I looked at my laptop, and thought of the servers and networks that carried my emails, web searches, etc., to the internet. The company could have been capturing all this information, scrutinizing it, and twisting it into evidence to support their case.

I felt a chill. What had I searched for? What emails had I sent? What personal information would they have access to? At that moment, I didn't have trust in the company's good will. Quite the opposite.

God forbid they would have had a "mathematical model" of me.

It's clear that people ascribe good motives to their own actions, while in others those same actions would seem questionable or downright wrong (see "I'm OK, You're Biased" by Dan Gilbert). The question is, who can blow the whistle at a large corporation? Who, at IBM, could say, "This is just wrong. We shouldn't be doing it," and be listened to?

UPDATE: Please read Harriet Pearson's comment below. She points to this blog post as an elaboration of IBM's views.

(Thanks to Cognitive Edge for the pointer to the Business Week excerpt.)

(Photo from bretwalda via stock.xchng)

, ,


Harriet Pearson said...


Since you mentioned IBM and me specifically in your post, I hope you are open to a direct response and correction of a misperception that might arise from reading the Businessweek book excerpt you quoted.

Mr. Baker the book’s author described IBM's work to keep better track of our thousands of skilled and experienced employees, so we can better match IBMers to client needs (we provide specialized IT and consulting services, as you probably know, so it’s important that the right people get assigned to clients that need them). So far, so good: I know a number of folks at IBM (including me) who've participated in filling out skills profiles that get included on our internal intranet and other expertise locator tools. But unfortunately then the author went from fact to speculation when he tried to describe IBM research in the use of Web 2.0 or social computing in the enterprise: he inaccurately implied that among other things IBM is covertly monitoring employee emails.

In reality, IBM takes privacy very seriously.

Any impression that IBM creates behavioral profiles through monitoring of employee communications or schedules is way off base. Where our researchers have worked on introducing Web 2.0 applications within our company (we have, for example, a Facebook-like application inside our firewall, and a pilot that helps map online social networks), our employees must explicity opt-in to participation, and even then we carefully limit the use of information gathered via these pilots.

Simply put, the excerpt you referenced appears to confuse what might be technically possible, with what is really happening at IBM. We stand by our record and leadership in privacy, and as a longtime employee I also stand by our record as an employer and global corporate citizen.

Thanks for the chance to comment,

Harriet Pearson
VP Regulatory Policy & Chief Privacy Officer, IBM

P.S. My colleague Luis Suarez blogged about this issue recently as well, here:

John Caddell said...

Harriet, thank you for your comment. You assert that Baker has confused what is happening with what is technically possible--perhaps to make a more interesting book. Maybe so, but this ethical issue persists. It's my opinion that "what is technically possible" has outpaced all our thinking about the ethics of the subject.

Here are some questions I see: what anonymity and privacy do IBM employees (or anyone's employees) deserve in their electronic communications? In the companies I've worked in, the legal answer is: none at all.

What control will employees have over the use of their electronic paper trail? What anonymity will be provided? What feedback will they receive if and when their information is used? How can the information be protected so it can't be used to retaliate against an employee?

This is a subject worth a lot more discussion. Would you like to do a podcast about it?