Wednesday, September 20, 2006

September 2006 Early Indications: Thinking about Transparency

Starting in the mid-1990s, a growing number of investors, academics,
and analysts have been calling for greater transparency in business
and government. Transparency was somehow different from
accountability and visibility, implying that various constituencies
could see the inner workings of an organization. The scandals at
Adelphia, Enron, Worldcom, and elsewhere intensified the clamor, which
found one prominent expression of its logic in Don Tapscott's book The
Naked Corporation.

Making achievements and shortcomings more visible, in timely fashion
sounds like an obviously Good Thing. But it's a long way from
conceptual aspiration to working out the many details of who should
and can see what, who should and can act on what, and when can which
people see what, all of which involves multiple layers of costs and
benefits. Instead of merely asking "is transparency desirable?" there
seems to be movement toward more sophisticated understandings of
transparency's many contexts.

1) Transparency costs money

As Sarbanes-Oxley has demonstrated, regulatory requirements impose
externalities (costs not accounted for by the market) and unexpected
consequences. Someone compared the burden of reporting, particularly
for small and medium enterprises, to spending $1000 on a safe to
protect $100 of jewelry; it also costs taxpayers money to enforce
regulations that may or may not be improving the efficiency of
markets. Establishing transparency thus becomes a question of how to
require useful information to be made available in accessible form
rather than merely increasing the amount of reporting in complex,
redundant, and often arcane processes: less truly can be more.

2) Transparency can impose competitive disadvantage

Some of the most revealing knowledge about a firm comes from what Stan
Davis once called "information exhaust." Business-to-business
exchanges, RFID-based tracking networks, credit card records, and the
like all can reveal fundamental knowledge about a supplier or
customer's economic situation. As Scott McNealy of Sun said of some
B2B exchange proposals back while he was still CEO, "We don't want
demand for our products to be known and understood. Why would you
outsource your purchasing department? Isn't your purchasing strategic?
People are going to find it is a really dumb idea to outsource to a
competitor so they can see your demand curve."

3) Transparency can be deliberate or inadvertent

Note that the transparency of demand curves as revealed in the course
of doing business is inadvertent: no investor safety or regulatory
assurance is gained or sought in such a situation. Yet by letting
patterns be discerned from large bodies of transactional data, a firm
puts itself at risk of unfair pricing, strategic shortages, and other
disruptions. (A classic example is large mutual funds, which hold
such substantial positions that they can signal buying or selling
intention to the wider market in their everyday movement of large
orders.) Help-wanted ads, real estate purchases, travel programs, and
other everyday interactions can tip off analysts or competitors as to
new initiatives, acquisitions and divestitures, and the like.
Accordingly, the use of third parties, shell corporations, and other
devices is common: executive search delivers obvious benefits as it
reduces transparency.

4) The world has grown less transparent in the past five years

As we observe the fifth anniversary of the September 11 terrorist
attacks, the transparency debate is being reframed. Much could be
gained by the sharing of avian flu preparedness plans, for example,
but I have seen little willingness to do so: because such plans are
near neighbors to disaster preparedness documents, it is often
irresponsible to circulate either type of document widely.
E-government is another area in transition: just as localities,
states, and many national agencies were rushing to make documents and
processes available on line, security considerations led to the
rethinking of such services as maps, agency directories, and the like.
Just the other day I was using Google Earth to view Pennsylvania GIS
data pertaining to a trout stream. At one point I zoomed too close or
otherwise triggered something, at which time a huge red "X" covered
the screen without further explanation - it truly felt as though the
system had discovered me as an intruder a la "Mission Impossible" even
though there are no obviously secure locations for miles from the
creek in question.

5) Transparency is part of risk: something to be managed

The overall scope of what has come to be called "enterprise risk
management" is truly staggering. At the same time that regulators
require both numbers and the processes for generating those numbers to
be certified, clever people must be scouring the business and its
interactions with the wider world to see where useful information is
being unwittingly compromised. It's an apparently trivial example,
but how many URLs have you seen which display the logo of the web
server vendor as a favicon, indicating that at least one default has
not been overridden during setup? (Here's a gallery of proper icons:

Technology frequently both solves and creates problems in this domain.
Databases are an excellent example: sometimes it's the details that
are sensitive, while elsewhere the rollups need to be locked down.
Health care records containing identifiable patient data are supposed
to be safeguarded while aggregate statistics for public health and
similar purposes can be circulated. In the military supply chain,
meanwhile, low-level personnel or contractors can see line items in
order to load trucks or ships, but the aggregate list of what's going
on the ship, and its destination, are classified.

The latter example gets more complicated in a coalition scenario: for
a hypothetical exercise let's say the US Navy runs SAP as its
enterprise backbone while a partner navy from Canada or the U.K. runs
Oracle. At the same time that coalition partners manage classified
data vertically within their own force, they must also manage data
flows both horizontally across forces and then vertically, up and down
a different culture and organizational model. The elements of a
ship's inventory, for example, might consist of rollups that are
masked even within the ship: those same Xs over the first twelve
digits of your credit card number on a receipt have other uses. At
the same time, commanders at an appropriate level need to see
aggregate numbers derived from all participating forces, which means
that close agreement on translation of definitions, rank, and job
descriptions must precede any technical granting of access. As
difficult as it is from a technical perspective, getting SAP to
interoperate with Oracle in a truly mission-critical situation is
secondary to getting the relationships of the various parties
clarified, codified, and enforced outside of software.

This necessity in turn raises a related question. Even as web
services and XML rely on multi-party standards for information and
application sharing, 1:1 mapping still looks like it will be with us
for a long time. RFID provides another example: the current
specification for a multiparty Object Naming Service (ONS) will not be
sufficient to handle the sheer number of potential any-to-any data
relationships, so trading partners will need to conduct some degree of
A-to-B clarification. For cost, competitive, and complexity reasons,
supply chain players will not make their reader and status information
routinely or widely available. If a particular application at a
particular trading partner makes sense from two or more parties'
perspective, then systems will be connected to enable that. Once
again, enabling transparency becomes a matter of managing
externalities, unintentional risk exposure, costs, and benefits, and
negotiating these types of conditions is problematic for groups larger
than two or three parties.

While the future belongs to networks, the reality of transparency
highlights the importance of trust, which is far more easily
negotiated and enforced in two-way relationships than in n-way
situations. The mixed success of HIPAA, Sarbanes-Oxley, and other
efforts to legislate trustworthiness testifies to the inherent
difficulties in managing networks of interested parties, each of which
collects and moves information for its own reasons from the inside