One difference here is that the Google case was handled by the FTC, which has become the de-facto consumer information technology industry regulator. At the time of the Microsoft case, there was no regulatory regime for the IT industry, and in fact Microsoft was just establishing its Washington based government affairs office. Today both Microsoft and Google have large government affairs organizations, and they are involved heavily with several IT trade associations and other Washington (and Brussels) based lobbying and industry groups.
In 1999 when I joined Gartner the idea that the IT industry would be heavily involved in and impacted by public policy was radical. Yet, I got the support of many of my colleagues to form the Technology and Public Policy research community. That community produced a lot of early Gartner research on public policy, the last of which was a special report when President Obama first took office. The community was also the foundation for the Risk Management and Compliance research community which took off like a rocket after Sarbanes-Oxley and continues this day as a vibrant thought leadership community in Gartner.
Today, the idea that CIOs and enterprise architects should consider public policy and the regulatory environment in the development of their strategies and execution of major IT initiatives is common place. Planning and budgeting professionals often incorporate the idea without even having to explicitly think about it anymore. The same is true of Gartner research — in 1999, the terms compliance, regulatory and risk management were rarely found in Gartner research — now they are commonplace even among analysts who are not regular participants in the Risk Management and Compliance research community — which by the way has expanded to the point that it is now many RCs — Risk Management, Compliance and Legal, IT Audit, Privacy and BCM. None of those existed in 1999.
But what triggered this post is how quickly the Google case was settled. Partly it was due to the FTC handling the case instead of the DoJ — so there is acknowledgement in Washington that the FTC has purview over the consumer facing IT industry. This acknowledgement goes a long way in establishing the long term regulatory regime for IT, but it is by far not conclusive. Two major issues for IT regulation in the U.S. remain outstanding — cybersecurity, particularly as related to critical infrastructure protection, and consumer privacy. These two issues butt up against another area of IT regulation that has also been conclusively established — that is national security, the government’s right to snoop.
Category: Uncategorized Tags: