Index: Journal, Summer 2004
THE SEARCH FOR INTERNATIONAL ORDER - AND SECOND
CARL BILDT, FORMER PRIME MINISTER OF SWEDEN
JIHADIST TERRORISM AND GLOBAL ECONOMIC RISK
PETER BERGEN, AUTHOR AND EXPERT ON TERRORISM
RISK, REGULATION AND AFFLUENCE
CHRISTOPHER HASKINS, FORMER HEAD OF BETTER REGULATION TASK FORCE
THE NEW PANDORA'S BOX: TECHNOLOGY AND DATA TERROR
PHILIPPE BEREND, TECHNOLOGY WRITER AND CONSULTANT
REPUTATION AND BRAND: THE NEW DANGER ZONE?
STEVE HILTON, FOUNDING PARTNER OF GOOD BUSINESS
"He either fears his fate too much, or his deserts are small,
that puts it not unto the touch, to win or lose it all."
James Graham, First Marquis of Montrose (1612-1650)
THE SEARCH FOR INTERNATIONAL ORDER - AND SECOND GUESSING SECURITYCARL BILDT
I was born and brought up in the shadow of the evil Empire. The westernmost position of Soviet forces on the southern shores of the Baltic Sea was well to the West of all of my country. We were neighbours to a nervous, decaying but enormously over armed empire basing its geo-strategic policies on the outright occupation of other nations. History taught us that empires seldom disappear in a gentle way. In one way or another, every previous empire that we have as a comparison has come down in flames.
In this case, however, we suddenly lived through a historical miracle. Never before in human history has such a powerful empire collapsed with so little loss of human life and so little conflict. It was certainly dangerous at times. An explosion of violence was often just below the surface. But statesmanship in key capitals made it possible to manoeuvre the peaceful collapse of the decaying giant - first and foremost in Washington with President Bush and in Bonn with Helmut Kohl. Moscow is a somewhat different story.
That statesmanship is an important part of the explanation for the historical miracle in Europe in the years immediately after 1989. The sudden peaceful collapse of the evil empire had hardly been predicted by intelligence agencies. Neither could it be derived from the historical lessons that otherwise are often so useful. Nor was it a product of a conscious policy pursued by anyone. But if you went to the private markets in the outskirts of Moscow, the discotheques of Prague, the bars of Gdansk or the Bierstuben in Dresden you might still have had a feeling that something was on its way.
These were indeed miraculous years. The peaceful reunification of Germany - grudgingly accepted in Moscow, London and Paris; the withdrawal of huge military arsenals from the outer empire. And - perhaps particularly close to me - the reestablishment of the three Baltic nations and the withdrawal of Russian power from them, in spite of the presence of very substantial Russian populations. But soon there were new surprises. Hardly had we celebrated a new peace in Europe than we saw the new evil of aggressive nationalism throwing the Balkans into war. Much like the first decade of the 20th century in Europe, the last decade was dominated by a series of wars in the ethnic, religious and cultural mosaic of this part of the post-Ottoman world.
I personally went from Prime Minister of Sweden - having brought my own country into the European Union as well as having tried to assist in all the complex issues of the transition in the Baltic region - to working for the first European Union, then for the vaguely defined international community and then for the Secretary General of the United Nations in this delicate region, over a number of years. They were demanding times. I lived for more than two years next to a small mosque and its graveyard in Sarajevo. Sometimes, I sat down and tried to discuss why we didn't know, why we did not prevent and why we did not understand. Yugoslavia was not an unknown place. Belgrade had swarmed with diplomats, spies and businessmen for decades.
But as the politics of ideology had gradually been replaced by the politics of identity, our old mental models of looking at the world did not apply. Yes, people had wanted freedom from oppression by ideology. But people also wanted freedom for their identity. And as the political uncertainties mounted, they increasingly tended to define their identities in contrast to each other. Soon, history took us on a conveyor-belt to war, massive ethnic cleansing and mass murder.
Again, we had failed to listen to the gossip at the bar down by the river in Visegrad, to read the obscure emigre publications in Stockholm or follow the details of the seemingly irrelevant political trials during the waning years of the Tito regime. We might have read their history books - but we had not listened to how history was told by mother to daughter and father to son. And in the end, that's what really counts.
We had come to believe that history had come to an end - when in fact it was about to make a ferocious comeback. And we struggled to deal with the consequences. We still do. But this is not only the age of the politics of identity: it is also the age of the revolution of science and technology. And I went directly from working for the United Nations in the Balkans to trying to help with the issues of the governance of the global Internet within a body called the Internet Corporation for Assigned Names and Numbers (ICANN).
It was certainly a leap from standing at the open mass graves of Srebrenica - to dealing with the security and governance of the thirteen root servers that make the global Internet function. Disconnect them, and it is the end of more things than we can even imagine: a world of both ancient hatreds and modern technology. And a world in which the greatest of dangers - as we saw on September 11 - lies in the marriage of the two.
There is no doubt that we are living in a period in which the international system is going through massive change. Increasingly, we talk about the end of the Westphalian system of an international order of orderly states that has been more or less dominant during recent centuries. The stability of the half-century of the Cold War was not always that stable - but it certainly was in relation to the world of today. In that world, the Atlantic Alliance was the cornerstone of deterrence and stability. We were united by the common threat.
But in this new world, that threat is gone, and the dominating agendas on the different sides of the Atlantic differ. In Europe, the dominating agenda for a long time to come will remain the one set in 1989. Step by step, we are trying to secure the peace and increase the prosperity of a larger and larger part of our continent through the sharing of sovereignty in an evolving federation of nation states. It is by no means an easy or straightforward process. We build not by conquering and coercing, but by convincing and co-opting. We build on proud nations with proud histories. The politics of integration has to go hand in hand with the politics of identity.
There is no alternative. During the last century, Europe gave the world two totalitarian ideologies and two wars that swept across the globe. Can we prevent that for the future, and in addition perhaps give an inspiration to other efforts to bridge the gaps of identity with the structures of integration, thus promoting both peace and prosperity? It might not be that insignificant an achievement and - although it probably will not be reported on Fox News - I am confident it will be recorded in the history books.
On the opposite side of the Atlantic in the United States, it's only natural that the dominating agenda is and will remain the one that was set by the attacks in 2001. Where we seek to build peace by the sharing of sovereignty, America seeks to create security by asserting its sovereign rights, also on a global scale. I genuinely believe that there is a basic understanding of this American agenda not only in Europe but also in many other parts of the world - but on the critically important condition that it is not perceived as aimed at undermining the agendas that could be important for other regions, other peoples and other cultures.
And here, obviously, there is room for improvement. The task of statesmanship is to bring together the different dominating agendas of the different regions, peoples and cultures of the world: to recognise that they are different, but to make them supportive of each other, rather than pitting them against each other in destructive contradiction. It is obvious that, in one way or another, the European agenda of 1989 and the US agenda of 2001 will have to come together in the area I prefer to refer to as the post-Ottoman region - between Bihac in Bosnia in the northwest and Basra by the Gulf in the southeast. Others like to call this the Greater Middle East; Zbigniew Brzezinski has called it Grand Balkans.
The United States agenda is to fight immediate terrorist threats and control the spread of technologies of mass destruction. Our agenda in Europe is one of structures of good governance and representative institutions that can bridge the different identities that otherwise are almost certain to tear everything apart. What happens in the area my schoolbook used to call the Fertile Crescent will dictate much of the future.
In Palestine and Iraq, we have committed ourselves to two state-building projects of immense complexity and importance. And they go together. The liberation of Iraq from its past will not succeed without the liberation of Palestine from its present. If we do not succeed with both, a tactical victory in Mesopotamia will soon be transformed into a strategic defeat throughout the Muslim world. The signs so far are not altogether encouraging. There is an increasing air of desperation in the discussions on the future of coalition efforts in Iraq, much of which is understandable. Prewar dreams of easily setting up a representative regime in Iraq have turned out to be little more than dreams. This should not come as a surprise. All experience shows that regime reconstruction after regime destruction is a long, complicated process. And now we have a situation where, at the same time as the United Nations is struggling to put a credible political process for regime construction in place in Iraq, desperation in other quarters is driving a debate about an alternative strategy: letting Iraq be divided into three independent or semi-independent states. Iraq would be even more difficult to break up in an orderly way than was Yugoslavia - and that process involved an extremely brutal, decade-long conflict.
If there is one lesson above all to be learnt from the past year in Iraq, it is the necessity of building as broad a coalition - and establishing as fruitful a co-operation - as is possible. Each day that passes, that lesson becomes more obvious. A coalition to build a peace always needs to be much broader than a coalition to win a war. It is imperative that we do not let despair over the difficulties today drive us into what would be a disaster tomorrow. The voices of the United States and Israel raising the idea of a Balkanisation are truly playing with fire. There is no underestimating the difficulties that lie ahead in Iraq and I know well all the deficiencies of the machinery of the United Nations - although I blame these far more on the member states than on the dedicated individuals to be found within its ranks. But the United Nations commands one asset that might be more powerful in the years ahead than many others. We have seen a succession of so called Bremer plans for political transition in Iraq, ultimately resting on the powers of the United States.
Power alone is very seldom enough. Power needs to be combined with legitimacy. And building bridges of friendship and trust and common goals across the divides of geography, cultures and political affiliations can only create legitimacy. The United Nations is not the only way, but so far it is one of the best we have invented. It was, after all, a product of primarily US diplomacy.
But it is not only because of legitimacy that coalitions for peace always need to be much broader than coalitions for war. I have seen in the small patches of land in the Balkans how efforts at true state-building need resources in the form of both men and money that require the pooling of resources. And it is obvious that if men and money are not forthcoming, and the patience to stay the course is not there, then we are not building functioning states, but instead rather fragile ones that are almost bound to fail the second we choose to leave. One need only look at Kosovo to see that that danger must not be ignored.
As we look across the globe, we see the creative destruction of economic globalisation becoming stronger and stronger, the marriage of ancient hatreds and modern technology becoming more dangerous, the rise of the politics of identity also inside our own societies becoming more challenging and the rapid growth of the urban jungles with their unemployed and despairing millions becoming more and more prominent. And this, of course, goes hand in hand with the enormous advance of science and technology. It is not a world that invites easy predictions about the future. Linear development there will certainly be, but the tremors we feel under our feet point more to the need to watch out for the unexpected, to widen the scope of our observations and to develop the structures of cooperation that can cope with the unexpected.
We did not see the peaceful collapse of the Soviet Union coming, and we did not anticipate the ferocity of the Balkan wars - just to mention two examples close to me. And it does not seem likely that we will be sensationally more successful in the years to come. Will we see the small fissures in the financial system and emerging strains in the political structures of China before there is a financial meltdown, a political fragmentation and a social upheaval of truly massive proportions - or are we certain that this will not happen?
Are we better at predicting the evolution of the tension between reform and reaction within Islam in the decades to come than we were half a millennium ago in predicting the devastating effects of the successive waves of the religious reformation on the political structures and the peace of Europe? Do we think we can predict the strategic patience of our own democratic electorates when it comes to sustaining not over months, not even years, but more likely decades and sometimes generations the also international efforts that are needed to make state building truly succeed? And can we predict the consequences if that patience is not there?
Can we predict the destructive powers of the creative young teenager who sits in a cellar in Nanjing, Novosibirsk or Nablus and unleashes a new Trojan Horse that sweeps not only the computers, but also phones and embedded chips in our increasingly inter-connected on-line world into its arch of destruction - or are we certain this will never happen? The answer to all these questions is most probably no. No eavesdropping satellites will ever be able to give us more than fragments of facts, the evolving fractals of which will, in a way difficult to predict, make up history in the years to come. We can see the tensions rising, the logic of the linear developments, the demands that are likely to come, but seldom very much more than that.
Once upon a time, the politics of intelligence was a much simpler affair. In my country, we had clearly defined intelligence objectives, firmly geared to the threat that at the time was the only one, and clear structures also for international cooperation so that we got what we needed but could not get ourselves in exchange for what we could get but no one else really could. It was all very secret. It was often useful in giving us a degree of reassurance we otherwise would not have had. Whether it would have stood the ultimate test we will never know. But now, the challenges we face are to a very large extent very different. In Bosnia and the Balkans, it was certainly of importance to keep track of the tanks. But ethnic murder can just as well be done with an axe, houses can be blown up with old mines and families can be forced to flee just by having the media installing fear in them.
As we grapple with the challenges of fragile, failing or failed states - the Yugoslavia and Afghanistan of yesterday, the Haiti of today, perhaps the Bolivia, Pakistan or Indonesia tomorrow - intelligence is far more about what is open than about what is secret. To have a view of whether a state is about to descend into chaos and anarchy, or whether extremism and fundamentalism is also brewing in the student dormitories of our own countries, is not primarily a question of prying hard secrets, but about trying to analyse numerous soft developments.
The bars of Gdansk; the gossip by the bridge in Visegrad; the emigre publications; the chat rooms on the Internet; subtle shifts in the financial markets; graffiti on the walls; sometimes even songs that are sung in the bars - these are the overt signs that need to be detected. And this requires collaboration beyond boundaries that many intelligence agencies have been reluctant to cross in the past. Increasingly, the world of intelligence must be the world of truly intelligent analysis of the information that is there in our increasingly open and diverse world.
And to be that, it must reach out to society as a whole far more than has been the tradition in most countries in the past, engage with all the networks that make up our increasingly interconnected world, understand that the evolution of culture and the disputes of religions can be just as important as military doctrine and tactics and be seen as a friend of both academia and NGO's. Only then can it provide policymakers with the analysis of options, trends, dangers and possibilities that will lead them to the shaping of the policies of global cooperation that will decrease the dangers of the bad and threatening scenarios, and hopefully increase the possibilities for the good and benevolent ones.
Carl Bildt is a former Prime Minister of Sweden who went on to be European Representative in the Balkans and High Representative in Bosnia. He now holds a number of senior corporate positions, and is the only European on the Board of Trustees of the Rand Corporation.
JIHADIST TERRORISM AND GLOBAL ECONOMIC RISKPETER BERGEN
Since the September 11, 2001 strikes on Washington and New York, al Qaeda and its affiliated groups have increasingly attacked economic and business targets, a trend that has accelerated in the past year or so. The shift in tactics is in part response to the fact that the traditional pre-9/11 targets such as American embassies, war ships and military bases, are now better defended, while so-called 'soft' economic targets are both ubiquitous and easier to hit. The suicide attacks in Istanbul in December 2003 directed at a British consulate and the local headquarters of the HSBC bank are indicative of this trend. The plotters initially planned to attack Incirlik Air Base, a facility in western Turkey used by American troops, but concluded that the tight security at the base made the assault too difficult and so transferred their efforts to the bank and consulate because they were relatively undefended targets in central Istanbul.
At the same time, however, al Qaeda also learned an important lesson from 9/11: that disrupting Western economies, and by extension the global economy, is very useful for their wider jihad. After the 9/11 attacks Osama bin Laden gloated that the attack had cost the US economy some trillion dollars. There has been well-founded speculation that bin Laden and his acolytes 'shorted' their interest in the markets shortly before the planes struck and made substantial sums as a result. Ramzi Binalshibh, one of the key planners of 9/11, wrote that following the attacks "the dollar lost a lot of its value. Airline companies have been affected; they have had to fire 68,000 employees." Around the first anniversary of the 9/11 attacks, bin Laden and his cerebral deputy Ayman al-Zawahiri released audiotapes announcing a new policy aimed at disrupting the global economy. And in October 2002 bombs went off in a disco catering to Western tourists on Bali killing two hundred, while a suicide attack was mounted on a French oil tanker steaming off the coast of Yemen. Oil and tourism are obviously critical to the world's economy.
Al Qaeda and like-minded terrorist groups are increasingly targeting companies that have distinctive Western brand names. Last year saw a suicide attack on a JW Marriott hotel in Jakarta and an attack on a Marriott in Baghdad, on each occasion producing a substantial death count. In Karachi, Pakistan in 2003 a string of small explosions at eighteen Shell stations, wounded four, while in 2002 a group of a dozen French defense contractors were killed as they left a Sheraton hotel, which was heavily damaged. McDonald's restaurants have long been the target of leftist terrorists, but in the past year they have also been bombed by Islamist militants in Turkey, Lebanon and Saudi Arabia.
A further component in al Qaeda's assault on economic targets is its continued efforts to attack the aviation industry. According to a senior US counterterrorism official, al Qaeda retains an intense interest in downing commercial aircraft. This trend is easily traced from the so-called shoe bomber, Richard Reid, to the attempted bombing of an Israeli charter jet in Kenya with a rocket propelled grenade. Last Christmas a dozen or so British Airways and Air France flights on the London to Washington route and between Paris and Los Angeles were cancelled as a result of potential targeting by terrorists. "We were not sure if it was a bomb being assembled in mid air, or the transportation of terrorists. It was definitely something," my counterterrorism source told me. Al Qaeda gave a more succinct view in a posting on a related website in June. "Western and American airlines will be a direct target for our coming operations in the near future," it read. This is clearly a warning that should be taken at face value.
Flights in and out of Saudi Arabia are particularly at risk. Since May 2003 al Qaeda has taken its war to Saudi Arabia in an attempt both to eject Westerners from the country and to bring down the House of Saud. The series of attacks launched on residential compounds and the most recent killings of further Westerners has provoked a substantial 'fear premium' on the cost of oil, raising the price by ten dollars a barrel between March and June, a 25% jump to its present price of $42 a barrel. In very simple terms, this is reflected in the United States in prices of up to 35 cents a gallon more at the pump. The terrorists are clear in their intention to disrupt an oil industry in Saudi Arabia that floats on the largest reserves in the world. There is little doubt that the fear premium will continue for the foreseeable future, creating a potentially major drag on the global economy. And this has been compounded by the fact that Iraq - which sits on the world's second largest oil reserves - has also seen attacks against its oil industry. In April suicide bombers blew up explosives-laden boats in Iraq's main oil tanker terminal in the port of Basra. Attacks on pipelines leading to Turkey are by now commonplace.
In addition to the straightforward economic equation of oil prices, Iraq has become a recruiting device for potential al Qaeda followers. A recent poll by the Pew Global Attitudes Project found that bin Laden is now viewed favorably by large percentages in Pakistan (65%), Jordan (55%) and Morocco (45%) - all, it should be noted, key allies in the war on terrorism. Previous polling by the same organisation a year earlier showed by large pluralities that Indonesians, Jordanians, Turks and Moroccans all expressed more confidence in bin Laden than in President Bush. Similarly polls taken by the Zogby company found a drastic decline in favorable views of the US between April 2002 and the beginning of the war in Iraq. In Jordan these had been reduced from 36% to 11%, in Morocco from 38% to 9% and in Saudi Arabia from 12% to 3%. A poll in June found that about half the Saudi population expressed admiration for bin Laden's political ideas. As the potential number of al Qaeda recruits expands so too does the potential for attacks on 'soft' targets.
An indication of the kind of attacks that al Qaeda remains preoccupied with are the series of plots that have been disrupted in the past couple of years. According to a well-placed US intelligence official 'three major air plots' have been averted. Chillingly, the official also said that since 9/11 al Qaeda's 'special weapons program' has been working on a program to 'weaponise' anthrax. The terrorist leadership has long expressed a strong interest in carrying out some kind of weapons of mass destruction (WMD) attack. In countries such as the United Kingdom, Italy and Spain there have been a number of arrests over the past two years of Islamist militants who were planning to carry out some kind of small-bore chemical weapons attack. The most recent such arrest came in June when an Egyptian, believed to have been behind the March train bombings in Madrid, was arrested in Milan. Intercepts of his phone calls referred to a woman that he knew who was ready to carry out a chemical attack in the United States.
In June a report in the New Scientist magazine, based on records from the UN's International Atomic Energy Agency, indicated that the risk of a radiological "dirty bomb" attack is growing. In 1996 there were eight incidents of smuggling of radioactive materials suitable for such a device, while last year there were 51 such cases. The dramatic rise in smuggling has coincided with efforts by al Qaeda to acquire radioactive materials and the arrest in Chicago of Jose Padilla, one of the group's associates, who was allegedly planning some kind of radiological bomb attack inside the US. Such an attack would probably kill relatively few people, but would cause enormous panic and have a requisite impact on investor confidence.
If al Qaeda can successfully launch a terrorist attack within the United States, even a comparatively small one such as that planned by Padilla, the psychological effect on American investors is obvious. In June the US Justice Department announced that a Somali immigrant had been charged with planning to bomb a shopping mall in Columbus, Ohio. Such an attack on a mall in a typical American city would have a devastating impact on the consumer sector, and a ripple effect throughout the US economy. American counterterrorism officials are particularly concerned about the possibility of a terror attack during the November election, modeled on the Madrid bombings in March that killed 191 people and effectively changed the outcome of the Spanish election. Intelligence sources told me recently that al Qaeda's desire to disrupt the US election is based both on 'hard information and analysis', while the threat level in New York City is 'very high now' particularly in the run up to the Republican convention to be held in Manhattan at the end of August.
These potential attacks are not merely political in nature: they are also deliberately designed to undermine investor confidence. In addition, the US intelligence services, all too aware of Greece's lax record in countering terrorist groups, are showing growing concern about the possibility of an attack at the Athens Olympics in August. Aside from the obvious horror such an attack would engender around the world, the economic effects would be manifest. What sponsoring company, with its brand name emblazoned around the various stadiums, would want to be involved in an Olympics remembered not for its athletic feats but for acts of devastation? In Washington the intelligence community believes that al Qaeda is certain to target American interests wherever they are at their most vulnerable.
This is the conclusion of a senior US official who tracks al Qaeda: "When it comes to attacking the United States they are going to send the A team. They are going to be as 'clean' as possible. They won't have documents showing time spent in Afghanistan," the official said. "We are very concerned about simultaneous attacks that would rival 9/11, and possible WMD attacks by the A team." The question then is not if, but when there will be another catastrophic terrorist attack on the world's economic superpower - and by proxy the global economy as a whole.
Peter Bergen, a fellow at the New America Foundation in Washington and an adjunct professor at the School of Advanced International Studies at Johns Hopkins University, is the author of Holy War, Inc.: Inside the Secret World of Osama bin Laden.
RISK, REGULATION AND AFFLUENCECHRISTOPHER HASKINS
Affluent societies are much more heavily regulated than poorer ones, which suggests that a regulated society is also a successful one. Regulations have been needed to make markets fair and competitive, to promote public health and safety, and to protect citizens from abuse and exploitation. Regulation has also been the most effective way of protecting the environment.
So far, so good. But regulations can also be criticised for being too bureaucratic, inflexible, disproportionate and inconsistent in their application. Although regulation has contributed to making our lives much safer than before, people don't appear to feel any safer. Indeed they have become more risk averse and ask for more protection: both of which are unrealistic because of cost, effectiveness and appropriateness. The expense of fool-proof rail systems may push fares up so high as to drive people back to the roads, an effect that would be much more dangerous and environmentally damaging. Regulation will not be effective in dealing with the diet crisis. And it is wrong to seek to guarantee patients protection from risks taken on their behalf by doctors.
The obsession with risk-aversion has encouraged ministers, mistakenly, to introduce ineffective and inappropriate regulation. A Dangerous Dogs Act, hastily passed in the light of a small number of unpleasant incidents, had to be repealed because it was inoperable. An attempt to outlaw the sale of beef on the bone was abandoned because the public ridiculed it. (The poll tax was abandoned for the same reason). A drowning tragedy affecting children in Torbay, which culminated in the person in charge being convicted, nevertheless led to restrictive regulation which substantially reduced the scale of character forming "Outward Bound" adventure activities for young people. And in response to some serious corporate misbehaviour, accountants established a range of bureaucratic, disproportionate risk assessment procedures, named after their creator, Nigel Turnbull. The great corporate villains would have little difficulty in satisfying the demands of Turnbull, but the culture of risk-aversion is particularly dangerous in business where risk taking is fundamental to success and progress.
The Daily Mail, one of Britain's most successful if notorious newspapers, has exploited middle class paranoia and risk-aversion to great effect. Its readers appear to have an inferiority complex about foreigners and Europeans in particular, so the Daily Mail feeds them far fetched suggestions of threats from Brussels and the migrants needed to maintain economic growth. Paradoxically, Mail readers are said to be threatened by too much regulation from the EU, whilst at the same time demanding much greater protection from the grossly exaggerated menace of migration.
Failures in policy, health and social services are followed by hysterical demands from the tabloids for scapegoats and tighter regulation, when in fact evidence most likely suggests that such failures are rarer and fewer than they were before. As a consequence doctors and social workers, who must take risks if they are to perform effectively, are afraid to do so for fear of retribution. Life saving, but risky operations are less likely to be carried out, and children in disturbed homes may be taken into care by local authorities, in case of an incident, when it may be much less risky to leave the children with their families.
American and now British lawyers have been quick to exploit consumer anxiety and desire for retribution, by encouraging them to seek compensation through the courts for real or imagined failures in public service delivery.
According to the National Audit Office as of the end of March 2003, for example, the total amount in compensation that the NHS was expecting to pay out over a number of years to settle currently known or anticipated claims for clinical negligence stood at £5.89 billion, amounting to more than 12% of total health expenditure for that year. The radio programme, Classic FM, whose audience is predominantly the well-to-do middle class, runs advertisements from lawyers offering the listeners "no win, no fee" services if they feel they have a complaint against anyone. The middle classes do their children no favours by driving them to school rather than allowing them to walk or cycle, for fear of traffic and paedophiles. The melee of school run traffic is much more dangerous and children must be exposed to risk if they are to cope with life.
Single interest pressure groups also play an active and not necessarily constructive part in influencing people about risk. Serious failures in the past - such as BSE - have rightly raised public concerns about the safety of their food. And yet, despite the scandals, our food has never been safer. Many pressure groups, with justified concern about the environmental implication of GM crops, were quite happy to exploit the Daily Mail's completely baseless charge about "frankenstein foods", suggesting that the real threat was food safety, rather than the environmental charge. Unfortunately Mail readers seem disinterested in the substantial risks arising from greenhouse emissions and climate change, because it is their own lifestyle which is the source of the problem. It is much easier to blame someone else if there is a risk in food, even though the main source of food illness is self inflicted by people being careless in the way they prepare, store and cook in their own homes.
One crucial aspect to our attitude towards risk is that when we feel in control of events we accept much higher levels of risk than when we are not. We seem to be much more sanguine about the substantial risk involved when driving our cars than when we are sitting in a far more secure railway carriage. We assess what might be a health factor related to mobile phones but continue to employ them because they are so useful. By contrast, we avoid GM foods because the insignificant risk involved does not offer us any apparent benefit. And we tolerate massive self-inflicted damage to ourselves from smoking and eating too much, but expect risk-free successful treatment from the NHS.
Nonetheless, although there are serious economic and psychological consequences of over regulation driven by risk-aversion, those who press for deregulation are also at fault. They fail to recognise that without regulation the environment would be in even greater difficulties than it is, employees would be severely exploited by unscrupulous employers and shoppers similarly disadvantaged by rapacious marketeers. Drink-drive and safety belt regulations have saved many lives.
And I am not convinced of the argument that over-regulation severely undermines British competitiveness. The Organisation for Economic Co-operation and Development (OECD) has pointed out that Britain is its least regulated member, yet remains down the productivity and competitive league. Surprisingly, the United States, which is considered very competitive, is a much more enthusiastic regulator of financial and consumer markets. When the Confederation of British Industry (CBI) suggests that regulations undermine our competitiveness, it should be reminded that the main reason for Britain's relatively poor productivity is that its own members have failed to invest sufficiently in science, technology and people over a long period.
The Better Regulation Task Force applies the following five principles as a basis for good regulation: transparency; proportionality; accountability; consistency; and targeting. Transparency is in order to provide people with information and evidence which may enable them to manage problems without recourse to regulation, and to trust the people to be able to resolve most risk issues for themselves: they are more sensible than politicians and editors assume and if regulation is necessary it will only be effective if those being regulated understand and accept the need for action. Proportionality is necessary as a regulation must always be proportionate. That may include, for example, having to make tough economic assessments of the risks and benefits of proposals to make our trains safer. Regulation should never be introduced as a knee-jerk reaction to events.
Accountability is essential in ensuring effective regulation. Most regulation failures arise because accountability is complex, blurred and confusing. Consistency is fundamental if regulation is to be implemented effectively across Britain and the European Union. Targeting vulnerable groups most at risk - the poor, the young and the old - is crucial to protect those most in need rather than the majority of citizens well able to look after themselves.
Despite some justified concerns about shortcomings in self regulation related to doctors and accountants, I believe that self regulation can be much more effective than state regulation. The advantages of self regulation are that the protection of professional integrity and competence is a great motivator, the expertise is there, and self regulation can respond more speedily and more flexibly to events than the state. I would like to see farmers and communities apply self regulation in order to protect their reputation and strengthen social solidarity. Branded companies feel obliged to self regulate, because the economic consequences of failing to do so can be catastrophic - the Nestle and Coca Cola fiascos in the bottled water market are just one such example.
Small businesses argue with some justification that they lose out to larger competitors because of regulation. The latter create internal regulatory bureaucracies which the smaller companies could not afford. It is, therefore, essential that when regulation is being proposed the opinion of smaller rather than larger companies should be sought. I have seen many situations where large businesses call for regulation in order to give them advantage over their smaller competitors.
But unfortunately people are much more likely to be put at risk because of regulatory failure in small rather than large businesses. Most food safety problems arise in smaller businesses that often lack the expertise, knowledge and investment to meet the necessary standards of hygiene. Because of this regulators tend to focus their attention on smaller businesses.
Regulation can also be applied more intelligently. Most businesses and citizens want to comply with the law, but often fail to do so because they do not understand their obligations. Much more emphasis must be put on helping people to understand their obligations and to comply with them rather than punishing them for failing to comply after the event. The Food Standard Agency which offers independent and frank advice on risks in the food chain has been remarkably successful in reducing risk without necessarily resorting to regulation, by giving people the evidence and encouraging them to manage the situation for themselves.
Source: GlobeSpan Incorporated
However, although I believe that much can be done to regulate more sensibly and more effectively, I remain convinced that the more affluent we become the more regulation we demand. There is another long term reason for this. Until the middle of the nineteenth century families had to manage for themselves most of the risks of life, supported by the communities in which they lived. Since then, as Martin Woolf, the Financial Times columnist, has pointed out, the family has been progressively "nationalised". Much of this process has been laudable and effective. The state has provided families with safe water, health, education and other public services on an increasing scale. Most people would accept that the state, rather than the family, should be responsible for eliminating poverty and unnecessary risk.
But maybe this process has gone too far, as the state also has to intervene extensively because of the alarming increase in family breakdowns. Given this responsibility the state resorts to regulation as its most effective instrument. Stable families, like responsible businesses can ignore much state regulation because they are already achieving the outcomes pursued by the regulations. But as family failures escalate, so it seems must state regulation as an inadequate alternative to family self regulation and risk management.
And finally different groups in society and different countries have contradictory perceptions of regulation and risk. The middle-classes who have never been healthier or safer, want more and more regulation and assurance. The poor, disillusioned, without expectation, and living much more dangerously, have little time for regulation. The British are naturally averse to regulation: the Germans rely on regulation to get them through the day.
In whatever context, regulation is a fact of life. We should manage it and recognise that perception and effectiveness vary. Above all we should be wary of pursuing the elimination of risk when responsible risk-taking is the basis of economic, scientific and social achievement.
Lord Haskins of Skidby chaired the Better Regulation Task Force, and is a former Chairman of Northern Foods. He is now the British Government's Rural Recovery Co-ordinator.
THE NEW PANDORA'S BOX: TECHNOLOGY AND DATA TERRORPHILIPPE BEREND
Terrorism can be best summed up in the words of La Fontaine: "tous ne mouraient pas, mais tous etaient frappes" (all did not die, but all were struck). This is what terrorism seeks to achieve: to hurt the (relatively) few in a way that impacts and terrorises the many. Our world is so dependent on the integrity, the flow and the processing of data that this offers a whole new field of opportunities to terrorist groups, whether for financial, political or religious aims.
We need only imagine the catastrophic effects of such events as terrorist groups
The list of major data targets mentioned above includes many massive, centralised systems. These all too often suffer from multiple fundamental flaws when viewed from an anti-terrorist aspect. First, they were primarily designed as computerised versions of previous non-computer systems. Second, their basic architecture dates back, almost without exception, to the pre-network days, and communications through networks have been added on at a later stage rather than incorporated as basic parameters that involved structural security aspects. Third, international terrorism and specifically data terrorism was not then the threat that it is - or should be recognised as - now.
The result is that the defence of such systems is based on the simple principle of "keeping the bad guys out". That, sadly, was the principle behind the Maginot Line. In the everlasting race between cops and robbers, the leading edge of technology-based robbery is today in the hands of a very large population of predominantly young people, of just about every nationality, religion and political creed in existence. Hence it is just a matter of time until a very talented group of nerds and hackers espouses the goals and aims of conventional terrorist organisations. Keeping tabs on the nuclear elite of the former Soviet Union involves "only" thousands of people, all of whom have documented histories. By contrast cutting-edge would-be hackers number in their millions, a number of whom are still in college or university. The creator of the Sasser computer virus, for example, was an 18-year old German taking computer-science as a part-time study. Yet Sasser penetrated millions of computers and did an estimated US$4 billion of damage. Had its creator designed it to erase data, rather than just to stop and restart infected computers, a simple task for a designer of his ability, the damage costs would have been five times higher.
Other examples of attacks against single, massive data targets are the so-called DDOS, or Distributed Denial Of Service, which are the result of hundreds of computers targeting the same (and single) point of entry into a data network, Internet or other. Such is the number of requested connections, that the onset of saturation prevents any service. This can "shut out" any network-based system and is (relatively speaking) quite simple to achieve. And as all information systems today are in one form or other interconnected, they all have entry points.
Yet there are ways of avoiding such attacks, or preventing them from doing catastrophic damage. Just as al Qaeda mutated from a single visible and vulnerable organisation into a network of connected but separate entities and just as companies working in the huge office space of the Twin Towers are now spread over many buildings spanning three states, distributing data over multiple systems would make it much more difficult for an attacker to crash the system. A good example of how to protect a data system against a crash is the flight control system of Airbus planes. The plane's flight is controlled by a computer that prevents it from executing manoeuvres that are deemed abnormal and/or dangerous. To ensure that this computer's eventual failure does not crash the system, there is another computer, designed by another manufacturer and running other software that executes the same computations at all times. If the two independent systems do not produce the same results, it is a sign that one of them is faulty and a third independent computer takes over. Airbus have decided that they cannot make a failure-proof system; so they have "merely" made it failure tolerant.
So, while networks and their myriad connections by unknown hackers can be seen as the ultimate enemy of data security, they are also where the solution comes from, in making systems not impregnable, but unstoppable. The United States has chosen to make its own country the largest example of the impregnable "keep the bad guys out" policy, by excluding suspected foreigners and employing massive all-encompassing databases, rather than implementing a "we shall survive" approach. The effective answer to the challenge they face should be not in attempting to make a data-terrorist-proof system, but to make it data-terrorist-tolerant.
The second major obstacle to serious data security is concern over people's privacy. Tracking data flows is one of the best ways of tracking terrorists who initiate them, such as locating people via their cell phones, websites and e-mails. But the missing link for effective anti-terrorist action is a link between the machine and its data flow on the one hand, and the person using it on the other. Privacy and civil rights advocates are sure to object strongly against the concept of a secure, world-wide ID as a requirement to accessing cell-phones and connected computers. What they don't realise is how much of what they would object to in principle already exists, such as a secure world "phone book" of mobile phone users. That is how you can be reached in Hong Kong via a Berlin-based phone number. Similarly, a world registry of Internet addresses already exists: which is how e-mail reaches its destination. Both vital databases, by the way, are distributed over vast networks, making them eminently survivable in case of terrorist attacks. What is the reason for this? They are recently created, are not replicas of previous pre-computer models, and are not in the hands of the public sector. Also cell phone technology already "gives away" people's location if the users have subscriptions rather than prepaid cards. Just as fixed IP Internet connections can be traced back to their users. So generalising ID requirements actually breaks no new ground in terms of privacy. Far worse surely is the fact that large numbers of private companies collate data which they collect from people's daily lives - from what they buy, whom they call and where they surf on the Net to where they live and their preferred hobbies. Why let them do this and refuse to apply the same techniques to collective security?
What is the technology to achieve this vital link between man and machine? The obvious answer has to be the smart card. Cell phones already use them in the form of SIM cards to recognise and authorise users. Modern computers offer smart cards as the intelligent option to protect passwords and authorise use of the machine. The cards can also encrypt data if added security is needed. Smart cards have reduced credit card fraud by over 95% compared to previous systems. So why cannot users employ a national ID smart card to connect to cell phones and computers? How can we justify individuals' rights to enter, modify and tamper with data that belongs to others while preserving their anonymity?
The obvious objection to such a system, from a technical point of view, has to be that it would be simple to forge fake cards. They already exist for many fake pay-TV decoders. Similarly, the encryption algorithms that are used to protect DVD copyrights or credit card transactions have been published on the Internet. This objection illustrates once more the Maginot line mentality. It is not in making foolproof cards or unbreakable data encryption that we can prevent terrorism. It is in multiplying the data that constitutes an identity. If a person has an ID smart card which he uses as a cell phone card, a forger needs to create not only a 'believable' name, and address, but also an 'acceptable' phone number. If the card incorporates biometric data (a picture, fingerprints, eye prints), yet more fake data must be created. If that card, in addition, is also a key to an IP address, one more 'suitable' address needs to be forged. And every layer of functionality added to such a card - a driver's licence, payment card, or a Social Security card - interconnects it to yet more systems, each and every one of which becomes a key component of overall security even as its practicality and user benefits increase.
History teaches us that we all too often prepare for the last war rather than the next one. Our world today is profoundly underpinned by data. Even DNA and the code modifications of GM foods are data. And while we recognise terrorism as the great threat of our time, very little is done to prevent data terrorism, be it a global attack on a symbolic target or a racketeering operation by Mafia-type groups. How many companies have introduced biometrics to restrict access to their computers, or even take their passwords seriously? How many of them have distributed and interlocked their data in a way that make even a successful central attack non destructive? A clear sign of the terrorist potential of data attacks is that most which succeed against banks and insurance companies go unreported even to the police, as public knowledge of them would undermine trust in the institution. Terrorists today understand the benefits of distribution and interconnection far better than the forces chasing them. It is time to reverse this.
Philippe Berend is a Paris-based technology writer and consultant
REPUTATION AND BRAND: THE NEW DANGER ZONE?STEVE HILTON
Ronald Reagan's recent death threw the television archivists into overdrive: this was a man who had lived out most of his life on a camera of one sort or another. There he was with Mikhail Gorbachev; in the golf cart with Margaret Thatcher; in the arms of a chimpanzee (or was it the other way round?). And then: up popped a bear. In the woods.
The "bear in the woods," one of the most famous political ads of all time, interrupted the images of Reagan in action to remind us how brilliantly the former President persuaded the American people of the need to boost military spending to counter the Soviet threat. As a piece of political propaganda, it's hard to beat. And as an allegory for business, it holds some useful lessons too.
For there's a bear in the woods for corporations today. Like Reagan's bear, "some say it's dangerous; others say it's not." But, in the words of that memorable campaign commercial, "doesn't it make sense to protect ourselves? Just in case?"
So here's the headline for the boss: the bear is your company's impact on society. Of course, it's possible that the bear isn't dangerous. Maybe the way you make your profits is beyond reproach. Maybe there's nothing negative about the social or environmental effects of your products or services. Maybe there aren't any unexploded bombs lying hidden in your company's wiring. Maybe the bear isn't dangerous. But it would be a Chief Executive of quite considerable courage who decided to ignore the bear, because the reality of commercial life today is that an increasingly significant component of business risk is social, ethical or environmental in nature. And experience shows us the costs of failing to manage those risks: reputational damage, brand value impairment, regulatory interference, and litigation. Chief Executives could do without such distractions in an ever-more competitive world.
Source: GlobeSpan Incorporated
Where Reagan turned to military spending to bolster his defences, business leaders in search of security today are turning to the much-misunderstood discipline of corporate responsibility. Jeff Randall, the BBC's Business Editor, recently explained (in connection with the shareholder-inspired sacking of a British national newspaper editor) that the hot new thing in the City of London is "corporate and social responsibility" (sic), and that given the world of "political correctness" in which business now operates, we'd better get used to it. You might quibble with him over the idea that corporate responsibility is a "new" thing, and you might resent the contention that it's about political correctness - but fundamentally, Randall is right. We had better get used to the idea that non-financial issues and performance will play an ever-greater role in business, as citizens' and consumers' social awareness and concern increases.
Too much of the debate surrounding corporate responsibility suggests that it's a specific, discrete component of a company's activities, requiring separate communication - much as a company would communicate its annual results or the launch of a new product. But a communications-led approach to corporate responsibility that doesn't tackle underlying issues of social, ethical and environmental performance can create a dangerous gap between external rhetoric and internal reality.
Companies that see corporate responsibility as essentially a communications exercise rather than a core management and operational issue are actually compounding their risks, not managing them. The way to create a positive reputation is to be a responsible company, and this requires real, painstaking and frequently challenging action. There are two distinct types: action which minimises social, ethical and environmental risks, and action which maximises social, ethical and environmental opportunities. The difference between them is crucial: it's the difference between what to communicate and what not to.
Minimising social, ethical and environmental risk is the foundation of a good reputation. In plain English, it means trying to stop doing things that are likely to attract criticism. What precisely these 'things' are, of course, is a constantly-evolving set of issues, with the benchmark of acceptable standards being raised all the time by a disparate group of inquisitive and troublesome journalists, irritating activists and campaigners, nit-picking socially responsible investment ratings agencies, and meddlesome bureaucrats and legislators; or, if you prefer, 'stakeholders.'
Companies that are serious about corporate responsibility tend, rightly, to adopt a collective approach to managing their social, ethical and environmental risks. After all, risk minimisation is another way of saying 'compliance with society's expectations,' and these expectations apply in equal measure to all companies in all sectors. The best approximation of what society's expectations are is provided by the burgeoning panoply of corporate responsibility standards and codes of practice (our own database of these contains nearly 2,000 indicators that are in common use internationally). There's no substitute for a rigorous, forensic examination of company performance against these collective benchmarks, and then making any necessary changes internally - changing policies, changing management systems and changing operating processes. Emerging issues include potential conflicts between companies' public policies and their private lobbying activity (either directly or through trade associations), and an increased focus on the social impacts of core business activities and the way products and services are used by customers (not just business processes).
The mistake that many companies make is to believe that it's worth communicating what they're doing to minimise their risks, as if they expect their reputation to be improved by proudly declaiming: "we do what you expect us to do." To gain credit for corporate responsibility, and to build a positive reputation that can insure against unpredictable threats, companies need to build on the foundations established by minimising their risks, and start maximising their opportunities, through real social leadership.
Social leadership means exceeding today's expectations, finding ways to harness company resources to make a distinct and positive social contribution. Here, a competitive approach is required. There's no code of practice or corporate responsibility manual to consult: it's a simple question of creativity. Two key areas are emerging as offering the greatest potential.
First, the use of the innovation process to turn social needs into business opportunities. Unilever has created products and distribution systems specifically designed to improve the lives of the poorest people in developing countries; Vodafone is doing the same in South Africa; O2 has created a product which uses mobile technology to help treat asthma.
Secondly, the use of consumer brands' cultural power as an engine of social change. With governments increasingly accepting their inability to influence the attitudes and behaviour of their citizens, there's a powerful new role companies could play, as MTV has been doing for years with its youth campaigns on AIDS awareness, the environment and human rights.
The very fact that these examples of social leadership are delivered through the core business, rather than as add-on extras, removes the need for unconvincing corporate responsibility chest-beating, and consequently tells a more credible and inspiring story.
Richard Lambert, former editor of the Financial Times, has said that corporate responsibility will have succeeded when there are no internal departments, board members or employees dealing with it - when social, ethical and environmental thinking is embedded in the decision making of every department, board member and employee. He's right - and difficult though it may be, it's worth it.
After all, there's a bear in the woods.
Steve Hilton is a founding partner of the consultancy Good Business and a former campaign co-ordinator for the Conservative Party's 1992 election campaign.
|© All essays copyright of Montrose Associates.|