Home > Law and Public Policy > Secrecy: Good for Business or Government?

Secrecy: Good for Business or Government?

08-Apr-09 10:01 pm EST Leave a comment Go to comments

A

s mentioned here earlier, I’ve left (more nudged, really) my last job working for Microsoft (and Cactus Commerce) and am now employed by a very stable, successful Gatineau-based consulting firm and will be working for the Government of Canada for the foreseeable future.  Notwithstanding any other previous mention specifically indicating the nature of my current work, I’ve decided to not discuss specific projects I’m working on in my blog any more.  This is because I’m bound by a couple of agreements, both of which I take extremely seriously: the standard non-disclosure agreement (NDA) I signed for the consulting firm, and an oath I signed back in 2002, which resulted in my being assigned clearances under the Government of Canada Security Policy.  The primary purpose of these agreements is to ensure the privacy of individuals and corporate entities, to safeguard trade secrets and technologies and business processes which have commercial value, and to protect Canada’s security interests.  These are, of course, reasonable measures and it’s perfectly fair and necessary to have secrecy agreements for employees and government contractors.  But my change in employment made me reflect on my experiences with NDAs and other secrecy agreements in both government and private industry.  And there seems to be an almost obfuscated secondary effect: secrecy can breed inefficiency or cover up poor quality.

So the question needs to be asked, are such blanket agreements the way to go or would a different scheme serve the public better?  While NDAs are very effective at protecting corporations, there is often a term which extends well beyond the last day of employment that prevents the former employee form disclosing the designs of technologies developed by him/her to a new employer, or from starting and/or engaging in commercial activity in the same industry for the duration of the agreement.  Since a contracting programmer’s livelihood depends on leveraging relevant experience, preventing him/her form essentially re-using a block of code on a similar software project for, say a competitor might make it difficult for that programmer to find a job – were the prevailing practice to throw away any knowledge gained on one project in favour of innovating a different approach to achieve the same functionality.  Imagine how much more expensive software would be if cut-and-pasting code from the Internet were suddenly impractical!

“Secrecy can breed inefficiency or cover up poor quality.”

Luckily, the nature of NDAs and contract law generally means that programmers pretty much always get away with re-using old code since the process of compilation obfuscates code, making it virtually impossible for a covetous former employer to prove an NDA has been violated.  That’s not to say NDAs are completely useless; the NDA I signed with Cactus would give either Cactus or Microsoft legal recourse if I were to take the knowledge I acquired helping to write Commerce Server 2009 and applied to create my own very similar retail web e-commerce server application.  So NDAs do help prevent such technology “poaching”. But is that fair to the programmer – particularly when the practical impediments are in themselves plenty disincentive for such a venture being pursued.

But what about national security and individual privacy?  Surely, we all have a right to expect our Government will do all it can to protect our rights – isn’t a blanket secrecy oath or agreement the minimum measure needed to protect the public?  It might be, yes.  But usually, contractors don’t work in areas of public policy where any experience or any type of information disclosure would be harmful.  If a contractor or government employee, for example, works on data including the Social Insurance Number, date of birth, address or other vitals – clearly the point of main risk is disclosure of that information beyond the work environment.  But the terms of that employee’s security clearance may prevent disclosures of another nature – including being a whistle-blower: about bureaucratic inefficiencies that cost people money or loopholes that might give one group an unfair advantage at the expense of another.  Normally, a government employee might be able to call a journalist anonymously to report about such things – but not if the terms under which their security clearance was issued specifically make such disclosure a criminal act; perhaps classifying such behaviour as treason.

“…at the root of the practice of “blanket secrecy” in both commercial and government organizations is risk mitigation.”

Yet, ironically, the intention of the individual could be completely altruistic.  Of course, there might be nothing that can practically be done concerning such activity effectively ending that person’s job with the Government (nobody wants to work with a whistleblower).  But turning it into a criminal affair, as in the example with the NDA, might be taking things too far.

What could be at the root of the practice of “blanket secrecy” in both commercial and government organizations is risk mitigation.  Good lawyers, like any good programmer or project manager, will make every effort to mitigate risk for their clients.  Microsoft, Cactus, the Government of Canada all have lawyers and H/R budgets to help craft secrecy agreements that ensure no employee – disgruntled or otherwise can get out of respecting professional disclosure.  And few programmers are prepared to spend time and money, not to mention jeapordizing a potential new job, negotiating more favourable terms on a matter like disclosure.  (Particularly, when one can’t know beforehand what isn’t being disclosed.)  Employers need to recognize they aren’t risking anything tailoring NDAs and other secrecy agreements to address the particular points of risk associated with a position.  And the government may need to impose some requirements on employers (including itself) to get the ball rolling, making sure to add new measures to protect whistle-blowers extends to agreements related to security clearances held by government employees.

In particular, such agreements should be improved so that they never protect poor performance within the government, as they now likely do in some cases.  As such, refining rules around disclosure can only help build a better, more efficient and well-run nation.

A Post-Script: Should Whistle-Blowers Be Protected?

I said above “nobody wants to work with a whistle-blower”.  That may be presumptuous – and it’s really just a guess on my part.  But you’d have to think it would be tough to work in a government office alongside colleagues whose own performance evaluations could be negatively impacted by an embarrasing public revelation.  At the very least, colleagues might legitimately question whether you might not ‘snitch’ if you saw them doing something you deemed improper.  Consequently, whistle-blowers are vulnerable to being not well-regarded.

In my view, offering official protections for whistle-blowers probably won’t stop such a person from being completely hamstrung since a critical level of trust would be irrevocably compromised.  The exception to this rule might be a particular kind of whistle-blower who’s acted in counsel with his/her colleagues, perhaps as a last resort in the absence of other options – or where the stakes for the public are high and remedial internal efforts have simply failed.  We’d like to think every workplace in the Government of Canada is ideal and such circumstances never arise, but if they ever do it might be important in such rare cases to at least remove the threat of a criminal record.

Unfortunately, like anything, whistle-blowing protections could be abused by disgrunteled employees or by those seized with other kinds of sociiopathic behaviour.  I’m firmly of the view that all other internal remedies should be pursued before turning to public disclosures having the potential to result in political scandal.  And even then, the public interest would have to be of sufficiently high stakes to make taking an action likely to impact the lives and careers of a portentially large group of people justified.

So if being a whistle-blower is so rarely justified (one would home!), why is it worth having?  It doesn’t seem that vehicles for employee feedback are very accessible in government structures.  This has to do with the division between the bureaucracy and elected officials – a line that doesn’t really have a parallel in the corporate structure.  However, were the risk of whistle-blowers drawing attention to deficiencies in the government present, bringing public officials and the bureaucracy closer together might be the outcome; with better service to the public being the inevitable by-product of both measures.

Advertisements
Categories: Law and Public Policy
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Terry Glavin

CHRONICLES

Techno Manor

Geek's Corner

VM.Blog.

an IT blog.. and an occasional rant

Yammer Site Status

Is Yammer down? Offline? Broken? Undergoing scheduled maintenance? When will it be back? Find out here.

jalalaj

A journey full of wonderful experiences

Azure and beyond

My thoughts on Microsoft Azure and cloud technologies

TechCrunch

Startup and Technology News

Ottawa Citizen

Ottawa Latest News, Breaking Headlines & Sports

National Post

Canadian News, World News and Breaking Headlines

Targeted individuals's

One Government to rule them all.

Joey Li's IT Zone

Everything about IT

jenyamatya

Unravelling the magik of code...

The Bike Escape

Because Cycling is Life

The Ross Report

Now you know where you need to know more...

Lights in the Dark

A journal of space exploration

Strength Rehabilitation Institute

Bridging the gap between physiotherapy and exercise.

The Ross Report

Now you know where you need to know more...

Little Girl's Mostly Linux Blog

Nothing to see here. Move along...

David Eedle

Geek, tech, programmer, business owner. Serial starter of things. Occasional finisher. Oh, and please don't call me Dave.

%d bloggers like this: