Lessons For IT From The Early Days of the FBI
I love taking concepts that I found in one area and applying them to distinctly different problem domains. Right now I’m reading “Enemies: A History of the FBI” by Tim Weiner. I read Mr. Weiner’s history of the CIA and thought it was phenomenal and his history of the FBI has far exceeded my expectations. If you’re into the inner workings of intelligence organizations and their impact on world governance, these books are for you.
While reading Enemies I began to realize that as controversial of a personality as J. Edgar Hoover is, there’s some really great innovations he’s responsible for creating and there’s a lot to be learned from the formative period of the FBI about the power of information and how it is gathered. There’s a lot IT executives can take away from this book that is readily useful in their day-to-day management duties (and I’m not talking about using their authority inappropriately).
Here’s a handful of items that I took away from the book that I see as relative to IT management and transformation:
1. Intelligence is key. Hoover, starting with nothing, quickly realized the fastest way to build a realistic picture of how things were working was to infiltrate the target organization. The data retrieved by a small number of agents was instrumental in getting budget for more agents; and when that could no longer scale, those agents became responsible for recruiting civilians inside the target organization to spy for them. Following in this vein, IT needs to infiltrate the user organizations. They need to befriend users and really learn about what they think about the service they are getting and what hurdles they fight to overcome due to IT resources and restrictions. All too often, IT representatives interact with their users far too infrequently. Gathering this intelligence is critical to the IT executive. Without it, they cannot see the potential risks they might face from the business should one of these problems escalate to a more senior executive level.
2. To the President of the US (POTUS), Hoover was a blessing and a curse. The necessities of gathering intelligence during WWII opened the door for Hoover to establish his systems. Once in place, Hoover and his systems (FDR actually created an executive order Hoover later used as justification for questionable behavior) were virtually impossible to remove. Even if a US President didn’t trust Hoover, it was virtually impossible to remove him as FBI Director. Likewise, he was also a tool the President could use to spy on his enemies and detractors. Even Nixon, one of his longer term “friends” kept him at arms’ distance once in the White House.
A Hoover only comes along once in a generation. Given the choice to select a new FBI Director, a US President would have a conundrum to select a Hoover-esque personality or a more mediocre and less dangerous individual. The Hoover-esque individual is going to do what’s necessary to get the job done and get the critical intelligence on threats and risks. However, you can also expect that in doing so, he will uncover and catalogue that information that can possibly be used against the President should the need arise.
As an IT executive in today’s world, there’s a similar conundrum occurring. Cloud computing and ITaaS initiatives are forcing the issue of IT expenditures and efficiency. The CEO and CFO are hearing stories from their counterparts about how recent IT transformation initiatives are saving them millions of dollars. Surviving as an IT executive going forward may hinge on selecting a Hoover-esque individual/team to assess the IT organization and their findings may call into question the decisions of the past. Moreover, a solid IT transformation assessment may result in recommendations that result in considerable change in headcount and funding. Alternatively, going with the mediocre assessment may result in the IT executive being seen by the executive team as ineffective.
3. Monitoring is a strategic effort and should not be used for punitive measures. Hoover never envisioned wiretaps and bugs as a means to build evidence to be used in a court of law. He saw these as tools to feed the intelligence pipe and help build the picture of what was really occurring. Once he had inkling that something was amiss he handed it off to the appropriate authorities to take the necessary steps to build a case.
Users don’t like IT monitoring their use and behavior primarily because they are concerned it will lead to punitive outcomes. “Mr. Soandso, you’ve been spending 4 hours a day on Facebook, please collect your things and follow this security guard.” Hoover had it right. Use monitoring to build the big picture of what is happening and then hand it off to management. Management needs to find appropriate ways to change unwanted behaviors. If US citizens in the 40’s, 50’s and 60’s had an idea for how they were being monitored all hell would have broken out. Because Hoover never allowed the source for his research to be known, he was able to deliver critical information without endangering his sources.
4. A lab is critical to finding answers. Hoover helped found the forensic sciences. He devoted millions of dollars to the formation of a laboratory within the FBI to forensically examine evidence and experiment with emerging technologies for intelligence gathering. IT shops have these same requirements, but have they invested in labs?
5. Influence can save your tail. Hoover’s actions were highly-questionable at times and he often operated without the approval of the Attorney General or the President of the United States. Indeed, certain Presidents were highly-suspect of Hoover and didn’t trust his intelligence. In these cases, Hoover didn’t allow the lack of support to hinder his goals. Instead he built a strong influential network of key personnel surrounding the Attorney General and POTUS to pass along his ideas as their own. The end result for Hoover was the same.
The lesson to be learned here for all of us, not just IT executives, is that achieving our end goals sometimes means we won’t get credit for the idea. Open up lines of communications with the business and share your ideas freely with them. Even if the CEO doesn’t believe keeping email (or some other system) in-house is a good idea, hearing why from the head of sales or human resources can sometimes be more influential than coming from CIO or VP IT, who, and rightfully so, does have a vested interest in that as an outcome.
6. Ben Franklin had it right when he said, “the only way three people can keep a secret is if two of them are dead!” Hoover’s biggest concern was that the public would find out about the FBI’s black-bag operations and he knew that eventually the all secrets are revealed. To the earlier point about cloud computing and ITaaS assessments potentially shining light on questionable choices and decisions, the best approach is to focus on the overall impact to operational efficiency and recommendations for improvement. Being open to criticism and recommendations for change will be perceived well by management and will most likely not call into question past choices as anything more than band-aids and patches.
7. Be open to change. Toward the end of the 60’s Hoover was faced with a possible monumental disaster. A Supreme Court case was raising attention about the FBI’s unconventional, and sometimes illegal, techniques for gathering intelligence. To stem any potential tarnishing of the FBI’s reputation he immediately called a halt to all black-bag operations and illegal wiretaps. Many of the long-term FBI agents pushed back and complained about how this would impact their ability to complete their missions. However, the country was changing. There was an emergence of the New Left and civil rights agenda. Hoover’s commitment to keeping up the façade as the FBI as America’s protector and its squeaky clean image forged over twenty plus years was the priority and doing so meant change.
IT is facing bout after bout of disruptive change. The Internet, Web Services, social media, cloud computing and mobile computing has caused IT to play catch up to support. IT needs Hoover-esque leadership with regard to this point. There will be plenty of IT engineers and administrators that will struggle with changes in policies, reporting, compliance, security, etc. IT leaders need to keep a focus on the larger mission of supporting the business and help usher their supporting staff members struggling with the change (or if needed transition them out if it becomes detrimental to the organization).
IT leaders need to remain open to transitioning support of internally managed systems to Software-as-a-Service (SaaS) providers or managed hosting providers. So-called “server huggers” will suffer under reduced budgets and pressure to move away from continued investments in capital assets.
To be clear, I am no fan of Edgar J. Hoover. I believe he knowingly and with malice disregarded the tenets of the Constitution of the US for his own personal gain and mission. That said, I can respect much of his contribution regarding intelligence gathering and counterintelligence. I also realize that you cannot effectively govern an entity, such as the United States, without such a program as developed by Hoover. Most of all, I believe the above lessons can be readily applied to managing IT organizations in the 21st century.
About the Author
JP Morgenthal is one of the world's foremost experts in IT strategy and cloud computing. He has over twenty-five years of expertise applying technology solutions to complex business problems. JP has strong business acumen complemented by technical depth and breadth. He is a respected author on topics of integration, software development and cloud computing and is a contributor on the forthcoming "Cloud Computing: Assessing the Risks" as well as is the Lead Cloud Computing editor for InfoQ.
Laurie Williams and Catherine Louis Nov 28, 2014
Edmund Jorgensen Nov 27, 2014
Lisa Adkins and Michael Spayd Nov 27, 2014