To survive the next 10 years, get serious about digital risk management
If you’ve been around the digital world long enough, you’ll know how often people fail to take it seriously. Go far enough back and you’ll find people comparing the internet to fads of the 80s like CB - citizens’ band radio - and assuming it would pass as fast. The early days of social media were mocked as people talking about what they had for lunch, and blogging was all about people with no life writing things in their bedrooms.
When you don’t take something seriously, you both underestimate the potential — and the risks. That needs to stop - now.
The very idea that connecting the planet digitally wouldn’t be a powerful force is ludicrous. Every major communications invention from writing via the printing press to broadcast has had a major societal impact. How would networking the entire world for instant communication fail to do so?
But that incredible power comes with a price. To quote the Amazing Spider-Man:
With great power comes great responsibility
There are various points where digital has very clearly gone wrong over the last decade or two, but many — but not all — come down to a simple piece of neglect of that responsibility.
Let’s look at a very particular example: Twitter.
The privilege of the Twitter founders
Twitter was born in the hothouse of Odeo, a podcasting startup funded largely out of Ev William’s money from selling Blogger to Google. Williams had good reason to look at connectivity as a good thing: Blogger had built his fame and fortune, through the process of connecting people via writing. The emerging blogosphere seems almost painfully idealistic by today’s standards: a bunch of young, enthusiastic geeky people starting to connect with each other, and building communities stretching across the world.
What could be better than to make that easier? When Odeo was failing and they needed a new focus, Jack Dorsey’s side project - then called twttr - seemed like an obvious choice. Connecting the entire world, quickly and easily.
A decade later, and it’s a tool for harassment and propaganda.
The question they never asked - that perhaps it never occurred to them to ask - is: what happens if you connect the vulnerable to those who would abuse them? What happens when you connect the bigoted to those they are biased against?
Using connectivity to isolate yourself
Here’s another question: What happens when you allow people to isolate themselves from dissenting opinions?
Google’s personalisation and Facebook’s algorithm shows us ever increasing things that are to our taste - at the cost of narrowing our worldview. This is the infamous filter bubble, a term popularised by Eli Parser in his 2011 book of the same name. The fact that the book is seven years old is an indication of the lack of consideration that many of the digital behemoths have given the risks of digital.
The filter benefit benefits them – a narrow worldview is more comfortable and makes you more like to use Facebook. You’ll keep coming back to Google if it shows you sites you like and trust. But the consequences in terms of polarisation and divisiveness are profound. Could we have avoided the problems of the last two years if we’d taken Parser more seriously back them?
Building in risk management
There are signs, thankfully, that people are getting wiser to this. For example, if you look at the booming drone market, many manufacturers have built-in geofencing to their products that mean that the drones will simply refuse to fly in certain places that are actively dangerous: near airports for example.
Here’s DJi’s post outlining the addition back in 2015:
The drone will by default not fly into or take off in, locations that raise safety or security concerns. However, in order to accommodate the vast variety of authorized applications, the new system will also allow users who have verified DJI accounts to temporarily unlock or self-authorize flights in some of those locations. The unlock function will not be available for sensitive national-security locations such as Washington, D.C. or other prohibited areas.
They’re designed to prevent accidental or ignorant intrusion into dangerous places, without overly-restricting legitimate uses. This is a great example of risk being taken into account in the development stage of a technology’s life, before it becomes a necessity - or something tragic happens.
Compare this to Twitter’s desperate attempts to build a security infrastructure into their own network, one that was designed to be open and equal from the start. The earlier you plan for risk, the easier it is to mitigate.
Multi-level risk management
Much of conventional risk management only looks to risks to to the business, its employees and – to varying degrees – its users from the product. That’s no longer enough.
We need to think more stridently about the risks to the users - how could a thing damage their lives, their relationships and their view of the world. Can we war-game how people might abuse and misuse our product, and then build in structures that protect it. Think, if you like, of this as a social version of ethical hacking - destruction testing what you built, so you can build it in a better, stronger and more socially sustainable form.
Most of us would love to have a business half as successful as Facebook - if we could avoid the trouble and legislative scrutiny its coming under now. You plan for worldwide digital risk from the start, and you have a much better chance of winning that lottery.