The Crime-Business Balance

Is it responsible to ignore crime if you think you have a just reason?  

The Cost

http://www.standard.co.uk/

Business operators look at risks and decide how much of it to tolerate. Part of tolerating a certain amount of risk can also mean revealing a willingness to take losses for the sake of generating sales and absorbing market share. This balance is famously summed up as "the cost of doing business." This cost is typically measured in dollars but to gain those dollars, you have to give something up.  What that something is may not be quantifiable but it is real.  Such is the nature of risk taking.

Fight or Flee

A trade-off lumped into "the cost of doing business" is tolerating a certain amount of crime.  We commonly hear of employee theft or shrinkage.  We hear of malingering and filing false worker's compensation claims.  Not every loss due to crime can be stopped but for the most part, they are confronted and mitigated everyday by professionals who work hard to protect their business from this financial erosion.  These issues exist as a result of criminal behaviors of individuals and to ignore these issues, would be ruinous. Anything less than a total concerted effort stop this behavior is not the norm. Unless, however, that effort to stop the behavior impacts market share. Take for example, the interesting decision by Microsoft to cease internal investigations related to theft for the sake of market share.

Investigation Compromised Business

Not long ago, Microsoft uncovered the theft of a source code for one of their products.  They were able to track down the source of the leak through an internal investigation.  The Microsoft investigators "cracked" the case by legally accessing a Hotmail account of someone involved in the scheme.  An ex-Microsoft employee was subsequently charged in Federal court for this theft of a trade secret.  Despite the investigative success, the case revealed Microsoft's access to and review of their customer's Hotmail account.  Despite this practice being the legal right of Microsoft, the appearance of backlash over the perceived privacy violation resulted in a policy change at Microsoft. So, instead of conducting their own internal investigations involving stolen property (intellectual or physical) the company "will refer the matter to Law Enforcement if further action is required."

Law Enforcement to the Rescue

By passing investigations along to law enforcement, Microsoft is banking the invasion of their customer's Hotmail accounts via search warrant will deflect any ill will toward the company as they would have to be compliant with the law.  This makes it sound better to the privacy concerned customer and Microsoft sees itself as being on the moral high ground of the privacy issue.  It really reveals how much Microsoft perceives privacy to be a critical market share driver.  This is where the trade-off for this policy change gets dangerous. Regardless of their motivation for the change Microsoft is also gambling that the public servants in Law Enforcement can adequately protect their intellectual secrets.  This is a tremendous vote of confidence for local law enforcement and hopefully, for Microsoft's sake, they have the talent and resources to do the job.

One Risk for Others

Even if law enforcement is up to the task, this shift in policy still leaves gaps. For one, Microsoft is potentially giving up critical time by passing this along. Law enforcement, no matter how much access they have, will still not be as quick to respond as company investigators.  Another issue would be this knowledge is now known to criminals. They know where the weakness lies and have gained valuable time to move information out of the company. Finally, and most importantly, what if a criminal act impacts the stability of a platform?  Microsoft may have the ability to stop this issue but because of an internal policy, they pass it to an outside source.  In the mean time, a critical event occurs and a system is compromised.  Hopefully, Microsoft built protections into their policies and procedures to prevent this from happening.

Win - Win?

In the end, "the cost of doing business" is a slippery slope especially when it comes to finding a balance between market share and tolerated losses.  It is revealing how privacy issues in the marketplace have altered this equation. What may be lost are the voices of those customers who would rather lose a certain level of privacy to ensure a stable service from a company that does not yield to criminals for the sake of market share.