Friday, July 31, 2009

Bureaucracies are just weird.

Shifter here.

First, just have to comment that bureaucracy is one of the hardest damn words on the plant to spell. I mean it sucks. I try and try, and I can't even get it close enough to have a spell checker know what I am getting at. I keep trying beauracracy, which is way, way off, but doesn't look that much worse than bureaucracy.

It's only fitting that we should give it an odd spelling, though, because the damn things are just as odd. I have to admit that bureaucracy is a brilliant invention. I know that sounds weird, but how on earth is someone supposed to coordinate huge groups of people doing disparate things with massive amounts of input and output, resources and products, all in some vaguely common direction? Bureaucracy lets you do that. That doesn't mean it doesn't suck, but it lets you do that. So I admit that. Given.

But, at the same time, it does suck. Here are just a few tiny examples. A few years ago someone in my organization, on the national level, screwed up and took home a laptop with vast amounts of private information about a few million customers. Not bright, granted. Then he lost the lap top. It was stolen, and it was unencrypted, and it was a mess. The bureaucracy had to act. First, it implemented a series of mandatory trainings in which the tens of thousands of employees, across the country, had to listen to how it was a bad idea to take home private information about customers on unencrypted lap tops. Never mind that the rank and file boobs, like myself, who had to take these trainings don't even have access to millions of customer accounts at a time and so could never even take home that information if, for some godforsaken reason, we'd want to. It would be stupid for us to have that kind of access. And we don't. The kinds of people who do have that access probably didn't have to take the freaking training. Too high up, if you see what I mean. Second, it implemented a series of progressively more and more draconian bans on any means of moving data off of the facilities. You weren't allowed to take laptops home unless they were superencrypted. You weren't allowed to email anything that might contain private data. There were rumors of removing all writable disk drives from all pcs (like CD-R's or DVD-R's) so no data could be transmitted that way. You could not take ANY information off site, even if that information had NO private data involved whatsoever. If it was a bunch of random zeros and ones, with no ties to any single person, you weren't supposed to take it off site. And you could not, under any circumstances, use a thumb drive. The guards had orders to shoot thumb drives on site.

Now this last provision had a lot of us, those of us who do research, mostly, up in arms. You see, I could care less about emailing private information. I don't own an organization laptop because of the kind of draconian crap I'm talking about here. And who needs to burn DVDs on a routine basis. But thumb drives? Well, those matter. Thumb drives were INCREDIBLY useful. With a thumb drive, this cheap little bit of plastic, metal, and silicon, you could have entire file structures full of your projects available at work, at home, or on the road. If you de-identified any of your data (which is a good practice anyway) there was zero risk for loss of privacy to customers. Without thumb drives, working from home, or on the road, became vastly more difficult and time consuming. But rather than saying "don't put identifiable information on thumb drives" they simply said "don't use them."

So we all had a fit. I mean it was close to anarchy. If you want to laugh, watch a bunch of eggheads in a crowded staff meeting getting mad at all the facility heads because they can't have their thumbdrives. Marx would have loved it. So the local bureaucracy came up with an alternative. Encrypted thumb drives! Yes, these puppies would encrypt the information stored on them so that if you lost the thumb drive, no harm done! Brilliant!

Except! Except that 1) you had to have software installed on a pc before it could access the drive, 2) our pc's were set up so that we couldn't install the software, we had to have IRM do it, 3) if you installed the software on your home pc it tended to conflict with other software, and 4) 2 weeks after getting the damn thing it got some bug that wiped the data off of it. This went over well. I gave up, utterly, on it for about 2 years. I started emailing files back and forth from my work to my office every night to get work done. Sometimes I couldn't get stuff done because the right files were in the wrong place. I got so frustrated with this that 4 months ago I finally called IRM and asked them to reset my damn encrypted thumb drive so I could try it again. They informed me that those drives were no longer supported by the organization and I should turn it in, and that I was out of luck. My head exploded, just a bit, and I soldiered on.

So here's the weird part though. Two days ago I called someone to ask if I could use an effective, logical, and extremely efficient procedure to move large amounts of data off their server in an encrypted fashion. Isn't a terrabyte external hard drive a better medium than 450 damn DVDs? I was told no, of course not. The exact words were "that would be nice, wouldn't it." But it was not approved by the ISO, would never be approved by the ISO, and so could not happen. Period. But then, off handedly, they mentioned that there are these new thumb drives that are approved. I had never heard of them. Almost afraid, I asked if I could get one. They said only if I had one of the old ones. I said I did. Two days later I had a brand spanking new Ironkey thumbdrive. And the freaking thing works. It is, I kid you not, waterproof, tamperproof, approved for use in military operations, and encased in metal. It costs 2-3x what a normal thumb drive does, but it's got onboard hardware encryption so it can run even on our freaking pcs. I loves it.

So, 2 years of pain, yelling, misery, until I'm beat into the ground, hopeless, and then a reprieve! A new thumb drive. Still have to waste about 60 man-hours of my staffs labor on an archaic data encryption and transport project, but I've got a thumb drive. And the bureaucracy churns on.

No comments: