Category Archives: English


Last week, I formed moduleQ, Inc.  We’re in stealth mode for the time being, but the company’s goal is to commercialize some of my dissertation research related to the use of IT in repetitive, semi-structured processes.  I’ll post updates as events warrant.

Inaugural issue of DJB Quarterly

In connection with my research on Public Interest Capitalism, I’ve decided to write a monthly newsletter covering global economic trends.  The first issue focuses on US trends including the ongoing economic recovery, the decline of labor unions, state and local government budget deficits and spending cuts, tax avoidance by large corporations, and financial sector profits.  I also discuss Michael Porter’s recent article on creating shared value.  The newsletter is available for download here.  This work is supported by the Abegglen Scholarship Fund.  To subscribe, please email me.

UPDATE: My friends in Japan suggested that I add my perspective on the Tohoku disaster.  Here’s an updated version with a discussion of the disaster from a Public Interest Capitalism perspective.

Blame Susan Swart for the WikiLeaks fiasco

Recent days have seen much commotion about the WikiLeaks affair, in which about 250,000 confidential State Department cables have been leaked and publicly released.  Most of the coverage has focused on the content of the cables or on WikiLeads, the organization that turned the cables over to the media.  A few commentators have questioned the adequacy of information security at the State Department.  No one, as far as I am aware, has put the blame where I believe it belongs, on Susan Swart, Chief Information Officer at the U.S. Department of State.  This is surprising, because the State Department profile of Swart does not mince words about her responsibilities.

Susan H. Swart, a member of the Senior Foreign Service with the rank of Minister Counselor, was appointed as the Chief Information Officer for the Department of State in February 2008. As CIO, she is responsible for the Department’s information resources and technology initiatives and provides core information, knowledge management, and technology (IT) services to the Department of State and its 260 overseas missions. She is directly responsible for the Information Resource Management (IRM) Bureau’s budget of $310 million, and oversees State’s total IT/ knowledge management budget of approximately one billion dollars. [italics mine]

Swart was appointed in February 2008, which, given that the leaked cables are said to extend through February of 2010, is at least one year before the leak.  She cannot fob off responsibility on her predecessors.

So why hasn’t the media put the blame where it belongs?  The answer, I suspect, is a common misconception that computer systems are inherently vulnerable and, consequently, these kinds of breaches are inevitable.  According to this line of thinking, the only recourse would be to close off access to information, hindering the functioning of the department.  Swart cannot be held responsible for flaws inherent in the technology; ergo, we must look elsewhere for the guilty party.  Although this logic is rarely stated explicitly, traces can be found in media coverage of the leaks.  For example:

In a memo circulated Monday by its Office of Management and Budget, the White House said it was ordering a review of safeguards that could shut down some users’ access to classified information.

That would further limit diplomatic communications that have been restricted in response to earlier disclosures by WikiLeaks. The Defense Department has already limited the number of computer systems that can handle classified material and made it harder to save material to removable media, such as flash drives, on classified computers.

Bryan Whitman, a Defense Department spokesman, said Monday that it was inevitable that steps like that would “compromise … efforts to give diplomatic, military, law enforcement and intelligence specialists quicker and easier access to greater amounts of data.” (“U.S. can’t let WikiLeaks limit candor, diplomats say”)

And from no less an authority than the former CIO for the Director of National Intelligence:

Dale Meyerrose, former chief information officer for the U.S. intelligence community, said Monday that it will never be possible to completely stop such breaches.

“This is a personnel security issue, more than it is a technical issue,” said Meyerrose, now a vice president at Harris Corp. “How can you prevent a pilot from flying the airplane into the ground? You can’t. Anybody you give access to can become a disgruntled employee or an ideologue that goes bad.” (“U.S. looks for way to prosecute over leaks”)

To be blunt, this is nonsense.  That anyone, employee or otherwise, can easily gain access to and abscond with over 250,000 confidential documents, apprehended only when turned in by a confidant, is evidence of an extremely serious technical issue.  Anyone holding such views should not be in a position with responsibility for information resources.

The alternative view, which I believe to be correct for reasons that I’ll describe below, is that systems can be engineered for security in ways that maintain usability and access, while rendering breaches like this one effectively impossible.  If so, then Swart, by failing to ensure that the systems were so engineered, is responsible for the failure and should be held accountable.

There is a simple reason why we can be confident that the engineering problem is soluble.  No individual can possibly need to access the full content of 250,000 cables in a short period of time, because, even scanning them at a rate of one document per two seconds, more than a week would be required to review them all (assuming grueling 16 hour days).  Furthermore, since the cables cover a wide variety of topics, it’s unlikely that many employees need access to large numbers of cables covering wide ranges of topics and dates.  To solve the problem, then, we just need to engineer a system that makes it relatively easy to access in ways that conform to common use cases (e.g., small numbers of cables, cables close to a particular date, or cables related to a particular topic), and progressively more difficult to access larger numbers of cables.

So how would we engineer such a system for security?  Let’s consider three relatively simple design rules which could probably have prevented the WikiLeaks debacle.  Systems conforming to these design rules could, I’m reasonably certain, have been implemented by Swart within the year before the leaks occurred, especially since they could be implemented in ways that would be almost entirely transparent to end users.  With regard to all of these techniques, I acknowledge a profound intellectual debt to Jay Dvivedi, the brilliant maverick former CIO of Shinsei Bank.

First, don’t aggregate information.  If you put all your cables from around the world in a single giant repository, you’ve created a single point of failure, which inevitably becomes a giant vulnerability.  There is no need to store all these cables together.  Exactly how to separate the cables is an engineering problem that should be informed by knowledge about usage patterns, but it seems reasonable enough that systems might be divided by classification, geographic area (at the country, subcontinent, or continent level) or by age (less than one month, two to six months, seven to twelve months, etc.).  When information needs to be aggregated–e.g., a search on the entire collection of cables for a particular term or assembling cables for all dates for a particular country-the aggregation should take place temporarily in systems explicitly engineered for the purpose.

Second, create and manage differentiated access controls tuned to the sensitivity of the information being accessed.  This becomes easy when the first design rule is followed, because access controls can be developed separately for different classes of systems.  Access privileges should be granted for specific systems, each of which hold only subsets of the entire cable collection.  Many users may need direct access to only recent cables or cables for certain countries or geographic areas.

Carefully engineered access controls should be present on the systems that aggregate data across multiple systems as well.  The broader the aggregation and the larger the volume of data, the more approvals should be required.  In particular, extracting the entire database should be possible only using a specific, highly secure system designed to access all the subsidiary systems, and approval should be required at the highest level of the organization.

All this need not impede the work of intelligence analysts in the field: a search across all cables might return document excerpts and provide full text for several documents-perhaps only the least sensitive-without additional authorization.  Authorization from a supervisor or competent authority would be required to obtain full text of large numbers of documents, perhaps more than a hundred.

Third, track access to all confidential material and limit access for users that exhibit suspicious activity patterns.  That confidential material can be viewed without leaving behind any record of the activity is an inexcusable system design flaw.  It should be possible to see when any user accessed any confidential document.  To ensure the completeness and integrity of these access records, Jay recommends maintaining redundant records from three different perspectives:

  • Document perspective: who accessed the document, and through which gateway?  Here, I use the term gateway to refer to an access channel and its physical and logical location, e.g., a document viewing application running on a specific desktop computer in a particular room or building.
  • Gateway perspective: which documents were accessed through the gateway, and by whom?
  • User perspective: what documents has this user accessed, and through which gateways?

Following the first design rule, these records should be generated and stored by separate systems.  Other systems should continuously reconcile the records to detect errors or evidence of tampering.  It would be very difficult for a user to conceal unauthorized access, since at least three systems would have to be compromised.

Monitoring systems should use these records to look for suspicious activity, such as rapid successions of searches that hit broad swathes of the database or attempts to extract documents from one system after another.  In such cases, it should suffice to limit access until the behavior can be reviewed by a competent authority.  In addition to precluding breaches, the knowledge that all accesses are logged and analyzed will discourage improper use of the system.

The second and third design rules–granular access controls and monitoring user activity–are already commonly implemented by online services and financial firms.  The first design rule has not been widely adopted, but Jay has demonstrated its effectiveness at Shinsei Bank, and my understanding is that the rule resembles in principle to the service-oriented architectures employed at Amazon and Facebook.

All of which is to say that we should not let Swart off easy.  The State Department’s systems were clearly not designed for security, which is obviously inexcusable for an organization responsible for the nation’s diplomacy.

America's economic tragedy

There’s not much point in my lamenting the state of the US, since commentaries are available from far more able individuals.

Brad DeLong’s recent conference presentation provides a cogent and insightful analysis of our macro-economic circumstances. To summarize: there were plenty of ways to prevent the housing meltdown from taking the entire economy along with it, there were even tools at our disposal to recover from the financial crisis, but Obama blew it (with ample help from obstructionist senators, ineffective advisors, and the Fed).

Why Obama messed things up so badly, allowing economic recovery to slip down, or perhaps entirely off, his policy agenda, mystifies DeLong, and it mystifies me. The good news is… well, actually, there isn’t any. We’ve dug ourselves into a hole from which it will be very difficult to escape.

Nicely complementing Brad’s article is this piece by Andy Grove about jobs. Grove observes that startups won’t solve America’s unemployment problem if “scaling up” happens offshore. He also notes that without government leadership and aggressive policies, such as tariffs on goods produced off shore, it won’t be easy to create jobs in America again on a significant scale.

This reminds me of something else that mystifies me: why has the US sat idly by as China uses massive currency intervention to drain off American jobs, instead of responding in kind with a tariff? Given the failure of the Obama administration to craft effective economic policy described in gory detail by DeLong, I’m not particularly optimistic about the prospects for “job-centric political leadership” advocated by Grove.

Deliberate perturbation at Levi's

Last April, I received an email from Erik Joule, Senior Vice President of Merchandising and Design at Levi’s, asking to speak with my colleagues and me about our paper “Wellsprings of Creation“.  Erik and Levi’s were setting out on a “massive cultural transformation project” to renew the organization’s capacity for innovation and creativity.  After speaking with us about our research, Erik decided to use our theory of deliberate perturbation as his conceptual frame for the transformation project.  Subsequently, Erik and I have met a few times to discuss the project, and he invited me to meet with some people at Levi’s to learn more about what they’ve been up to.  On Thursday, I took him up on the offer and interviewed two people from the strategy group.  Here’s their perspective on how Levi’s has been changing.

Our conversation began with a recently launched new product development initiative.  The new product targets a market segment that has not been a priority for the company, and thus represents a significant, high level perturbation.  As Brad, Mike and I explain in our paper, the hallmark of a perturbation is that it jolts an organization away from a stable, predictable equilibrium trajectory.

The initiative incorporated a variety of lower-level perturbations designed to throw the organization out of balance.  For example, working together with a design firm, Levi’s conducted a series of three “salons”, off-site workshops lasting two or three days.  Each of these salons brought together about twenty people from functions across the organization to develop ideas around the new product theme.  One salon was conducted in Memphis, where the company rented a space and recruited local consumers to interact directly with the Levi’s team.  Levi’s wanted quick feedback about their ideas, so they sewed clothes on the spot, had consumers try them out, and got immediate reactions.  The salons were about “ripping you out of your day to day job” and getting into a different frame of mind–an image that captures the essence of perturbation.

The distribution of exploration within the company has also changed.  Previously, the company separated exploitation (day-to-day business) and exploration (innovation), concentrating the latter in a dedicated innovation group.  As with many other companies that have attempted this approach, the innovation group proved unable to drive exploration throughout the company.  Within the organization, it was seen as a “group of people off on the side”, isolated from the market and customer needs, and not taken very seriously.  Now the group is gone, and “innovation is something you do every day.”

Several concepts and phrases came up repeatedly during the interview: rapid prototyping, direct feedback from customers, the need to pursue “progress over perfection”.  The changes have been disorienting for the organization.  Putting rough prototypes in front of real consumers has been discomforting for an organization accustomed to perfecting their products before letting them see the light of day.  Projects staffed with cross-functional teams have disrupted traditional boundaries, as when members of the strategy team (without any specialized training, just a fifteen-minute orientation) participated in a consumer shop-along project that would previously have been performed exclusively by staff from the consumer insight group.  This disorientation is, of course, a sign that perturbations are occurring–that established processes are being knocked off balance.

From an organizational learning perspective, I’m intrigued by the emphasis on collecting people from across the organization and creating opportunities for them to experience their customers–shop-alongs, field trips, even a mock retail environment in a conference room at headquarters with real consumers invited in to “try it out”.  According to Ikujiro Nonaka’s theory of knowledge creation, such shared experiences enable the development of tacit knowledge.  Employees who participate in shop-alongs or see consumers walking around a mockup of a store acquire knowledge beyond what they can articulate in words.  Shared tacit knowledge provides a common frame of reference and thus facilitates communication.

Our conversation raised at least two provocative questions.

First, although employees involved in these efforts have adopted the mantra “failure is an option, fear is not”, what will happen when a significant failure occurs?  Indeed, a senior manager “jumped all over” this phrase when it was presented to him: we have to succeed!  One of my interlocutors reflected, “I don’t think we tolerate failure well … if something fails, it will be the grumbling around the water cooler” that casts a pall over the initiative.  So how should management handle failures?

Second, Erik’s openness to new ideas creates another challenge: which to pursue?  Before, the default response to a new idea was no; Erik’s default response is yes.  “Erik loves ideas”.  One project came up with a list of one thousand ideas.  The theory of deliberate perturbation posits that too few perturbations lead to stagnation, but if perturbations are too numerous or not complementary, they result in chaos and decreased performance.  So how to manage the flow of ideas and ensure that perturbations are as productive as possible?

The (sad) state of Japanese entrepreneurship

Ever since Edward Feigenbaum and I wrote our book on Japanese entrepreneurship back in 2002, I’ve been interested in the evolution of Japan’s entrepreneurial ecosystem.  My impression, drawn from conversations with many entrepreneurs and investors, has been that startups still face the same problems–risk aversion, lack of risk capital, insufficient access to human resources, and a dearth of early adopters–that we identified in our book.  It seems that the overall situation has not improved, and may even have deteriorated.  Data from Terrie Lloyd‘s recent newsletter suggest matters may be even worse than I had realized.  From the newsletter (delivered by email and not yet posted online at the time of this writing):

whatever the reason, whether it’s the market competition, lack of sources for funding, or a risk averse culture, the number of new start-ups is falling steadily, meaning that the future commercial base of the country is being eroded. According to the Statistics Bureau there were somewhere around 29,000 small and medium-sized companies started up in 2006, down substantially from the 45,000 started in 1999. (General Edition Sunday, October 24, 2010, Issue No. 587)

The IPO market is way off, and comparison with South Korea indicates that the decline cannot be blamed entirely on the financial crisis:

2009 produced a record-low (in recent times) number of IPOs: just 19, and this year will not be much better. In stark contrast, perhaps surprisingly so, the South Korean IPO market is booming and there were 66 IPOs in Seoul last year, with an expected 70 lined up for FY2010.

IPOs were a bright spot when we wrote our book, but apparently not any more.  To make matters worse:

fiscal 2009 venture capital investments fell 40% over those made in 2008, for a total of JPY63.7bn by the nation’s top 20 VC companies. To put things into better perspective, in a recent UK firm’s survey of 100 global institutional investors about the attractiveness to VCs in Asia and Oceania, Japan ranked bottom of the list…

Those interested in more details and analysis may wish to read the complete article; presumably Terrie will post it on his web site soon.

One of my friends is running an algae-to-fuel biotech startup in Japan.  His company is arguably Japan’s premier startup in this very promising space, but he has two orders of magnitude less funding than competing US-based startups: millions of dollars versus hundreds of millions.  Even if his technology is superior (I’m not qualified to offer an opinion), most Japanese entrepreneurs are playing in the minor league–or perhaps the little league.

This does not bode well for Japan’s economic future.


For the last year or so, on the recommendation of a dear friend, I’ve been learning to program in Python.  It’s a beautiful language, much enhanced by Mark Pilgrim’s excellent introductory text Dive Into Python, which contains many insightful observations such as the following:

Some people, when confronted with a problem, think “I know, I’ll use regular expressions.” Now they have two problems.

–Jamie Zawinski, in comp.emacs.xemacs