I have a friend who earns his living by penetration testing — hacking clients’ systems on clients’ own request and discovering IT security vulnerabilities in the process. He rarely needs a lot of searching, but the extraordinary part is the process itself. That reality show is something to behold. The most entertaining part is that, if the client also asks for a report on the mayhem seen by the pen tester, they simply don’t know what to do with it afterwards — they are overwhelmed. A lot can be done of course, but the client no longer has the energy.
Welcome to the Dark Side — it’s a sobering experience.
Long story short, after the IT was breached, special software was installed on all boxes at the Accounts that could watch everything that everyone was doing. Absolutely everything, in real time. They could have turned on the camera and the mic, but the guys knew where to stop — it’s a slippery slope, you know. And here goes, we have before us the working day of a madly overworked accountant:
10:00 — 12:00 reading the news on the Internet and looking up Sir Elton John
12:00 — 15:00 lunch break, phone chatter with friends
15:00 — 16:30 more news reading and googling around, but for some other
luvvie, can’t remember who that was — say, Celine Dion
16:31 an email received from the boss, requesting an urgent report
and asking that payments be done tomorrow
16:45 — 17:18 frantic work and report compilation
17:19 back to reading articles on the Internet
That’s it. Put that on repeat. Day after day, with insignificant breaks for work and urgent payments (at which points the damsels were getting very upset about being interrupted). And they had half a dozen of those clucks, even though one would have suifficed. OK, they could have recruited another one just in case. The client didn’t have enough resolve to proceed to snooping on the middle management.
Another example, and a remarkable one too: a multinational company, IT security service check. That’s not some slackers from the block, they had it tight — a King James Bible sized volume of corporate standards on the subject. It ended up being the easiest hack of those theoretically possible, the whole operation took 24 hours. It turned out that an admin at one of the departments was spending whole days gaming and didn’t want to get distracted by a file he didn’t recognise. He just ckicked it a few times and went back to his games. That hole was all it took for the guys to get through to the data stored in every office. They got lucky all right, but that kind of luck is not at all uncommon — nobody was looking specifically for that slacker admin, he was there simply because of the law of large numbers.
Well, that’s ground level personnel, you would say. The board is a different matter — mature and responsible people. Sorry to disappoint, here’s a fabulous character, the crown jewel of the exposition: the CEO of a large company was spending 80% of his time wanking behind the locked door of his office. No kidding. He was very worried about being fired for stealing, and was spending his whole days relieving the stress.
Alright, that’s office plankton, a clear case. What about the manual labour, guys on the factory floor? What can I say — at least the office guys are harmless. They procrastinate without causing damage to themselves and others.
While, at factories, the increasing automation of the manufacturing process is displacing the human factor, construction sites feature some primordial beauty — everywhere, without exceptions. Google up some building site video, of a kind where you can see what the workers are doing. That they are procrastinating is clear — the de facto average working day is 3-4 hours. And that’s a good outcome! As for the rest of the time… they might be drinking or they might be fighting, or they might be sinking a Terex truck in an improvised lake, but all of that is rare. What is worse these days is that even the most uncultivated immigrant has a smartphone with a video camera. The natural thirst for creativity has flourished where a lot of evolutionary distance is yet to be covered, and they have started — all over the place — to film. Extreme video, to keep things interesting, with an occasional fatal outcome. A fine case in point is some daredevils who wanted to videotape a demolition. The cameraman got a piece of shrapnel through the head. May he rest in peace.
It is ironic that portable cameras and YouTube should have such an impact on Health & Safety, and at the same time produce a wonderfully well documented case library that, within the present-day progressive humanist legislation in most civilised countries, would put the employer and the proprietor in for a serious bill for the behaviour of their dumbass handymen — for the creativity of an equal opportunities hominid is just beyond the dynamic range of anything that an actual homo sapiens could possibly foresee. In, erm… partially civilised countries, the workplace protection is a good excuse for a hostile takeover. Finger-licking good.
The important thing is that all of this takes place in full view of a camera. CCTV is a given at a factory or a building site, but it is increasingly widespread in offices too. The Chief Executive Wanker had no cameras in his office (except for his laptop), but he did know full well that he was being watched, that's why he was nervous. Generally, all employees have long gotten used to being snooped at, and aren't embarrassed any more than the folks on a glass wall reality show would be. It doesn't disturb them because in 90 % of the cases that information is neither processed nor analysed in any way, and there are usually no consequences. Something can happen of course, but bumping into your boss on a bad day is just as likely. It's a paradox: the principle of selective punishment has completely displaced the principle of inescapable punishment precisely because of IT technologies. Controlling everything and controlling nothing is the same thing.
The conclusion is that all those cameras and checks aren't useful for anything other than spending the budget. The final proof was given by my university friend who got employed by a bank in which CCTV and total control were omnipresent. She studied the surveillance system and made a pact with her colleagues, which allowed her to have a day off from time to time — she was spending those at the town beach (there was a warm sea close by). To my taste, that's as good as it gets.
Being exposed to the dark side of the functioning of your own company can be compared to reading the patient history form of your girlfriend. A bit of a shock. Client's first reaction is to shoot all women and rape all men. The rage quickly turns into sullen helplessness because everybody else is exactly the same. In very rare cases it gets as far as processing the data and reacting to it in a timely manner, even though it's not actually all that hard to do.
Recent progress in computer technology makes it possible to not only count bricks, immigrants or activity hours at a workstation — automatically — but also to reprimand the offenders in a well-documented way. Theoretically, it's possible to issue spot fines (although I doubt that any present-day employer would ever consider proposing a contract like that). I am not even talking about analytics — it's technically feasible to process virtually unlimited volumes of information. But fixing the identified problems in an automatic way is not possible. As one of my friends put it: "no way to run a house with a soft dick". And increasing management potency is a different therapeutic story.
Another friend of mine, having introduced the most primitive control automation solutions at a building site, has achieved a four-fold increase in productivity in the first month with a team of three people. But that lasted exactly as long as the enthusiasm and energy of the proprietor, who was the only person capable of influencing anything. He was simply getting text messages about the most outrageous violations. The site foreman was crying crocodile tears about having a dick up his ass in the morning instead of a cup of coffee. All of that went on for two months, and then the client got tired. He wasn't no king Solomon to satisfy 700 wives and 300 concubines on his own, and he was not prepared to relinquish his personal control of the company. That may have been the right decision, for one cannot trust technology any more than one can trust a human…
text, illustration © The Dark Side of Business