Paul Murphy calls foul on the practices conducted by some Wikipedia editors, claiming that in respect of certain topic areas:

What’s going on in both cases is that sub-groups of the general community have captured these niches and are now using Wikipedia as a marketing tool for their viewpoints - and while that’s expected and reasonable for agenda sites like groklaw or dailykos, it’s fundamentally inappropriate in a site nominally dedicated to the provision of objective information.

As many readers will know, if you do a Google search on a particular topic, the chances are high that a Wikipedia entry will be close to or at the top of the list. If by clicking on a Wikipedia link, you are directed to fundamentally distorted information, then Paul’s assertion has reasonable foundation. Hardly the wisdom of crowds that Wikipedia promises. Mark ‘Rizzn’ Hopkins thinks Murphy’s argument - or rather its extension to suggest the collapse of democracy via social media is disingenuous:

Modern democracy, at least in the form practiced commonly on websites like Wikipedia tend to include what can basically be likened to ’super-delegates.’ There’s editors in charge that will often over-rule the concensus opinion as well as roving mobs will look for articles created by large communities with little influence within the ecosystem of Wikipedia who will exert their sway to remove documentation (the entire tree of RantMedia and Sean Kennedy related articles were subject to this effect a year or two ago). This social structure Peter-MacIntosh-Geisha-Expert is more akin to something slightly more organized than anarchy (tribalism, perhaps). In any event, this isn’t pandemic to all social media and democraticly crowd-sourced websites.

I don’t think Mark’s argument stands up to scrutiny. As mentor in SAP’s community and as one of the early (and most vocal) members of the Irregulars, I know for myself how small groups and individuals can wield power out of all proportion to their number. Sometimes their thoughts and actions are plain wrong. I also know that individual blog entries can have consequences far beyond their original intent.

The truly worrying thing is that we seem to be substituting objective thinking for whatever we find on the Internet. I’m pretty sure that’s true for the current generation of teenagers who’ve known little else except Google and who, through no fault of their own, will be drawn naturally to Wikipedia. That is because of the ranking weight Google’s algorithms apply to Wikipedia entries. To me, it is a commercial form of mutual masturbation driven by AdWords and an obsession with page views. It is ironic for instance that when typing in ‘wisdom of crowds’ into the Firefox 3 address bar that the Wikipedia entry was served up to me.

As Andrew Keen has consistently warned, we will be left with truthiness and not truth. I am one of the few bloggers I know who believes there is a great deal to be considered in what Andrew says. His latest article, which pokes fun at Tim O’Reilly, the person who foisted Web 2.0 on the rest of us makes the point that:

And if you really want to read about O’Reilly, then read his novels. There’s an appropriately long entry on Web 2.0 — O’Reilly’s latest and greatest work of fiction.

Keen is of course speaking ironically and in his own words, he remains a professional (if incredibly articulate) troublemaker. But people believe what they read on the Internet, often without fact checking for themselves. (sic) Today, it is all about opinion with little attention to the detailed underpinnings of fact that are necessary to make sense of what is being read.

Is it any wonder then that in a world where the rules have failed us, that in the US at least, there is a call to reconsider the implications of applying value judgment under FAS157 for compliance purposes? Putting aside the collective squeals emanating from Wall Street that forms the basis for this particular siren call, we simply don’t have the people sufficiently grounded in understanding the technologies that deliver information. And it is only likely to get worse before it gets better.

Much has been made of the tie up between Google and Salesforce.com. At first blush the deal has much merit, especially given that Salesforce.com has done a credible job of providing solid integration with Google Apps, and specifically with Gmail, GTalk, GoogleDocs and Spreadsheets. I wonder about the compliance angle.

During yesterday’s dog and pony show in San Francisco, executives from Google were keen to talk up the work Postini has done as providing a solid, secure, data solution for large scale business. Salesforce.com is already seen as a trusted provider for business applications running in the cloud. Where’s the problem?

My analyst colleague Josh Greenbaum has questioned the extent to which Google owns your content, noting that the Terms of Service (ToS) say:

“… you grant Google a worldwide, non-exclusive, royalty-free license to reproduce, adapt, modify, publish and distribute such Content on Google services for the purpose of displaying, distributing and promoting Google services…”

IDC’s Frank Gens thinks this argument has been shot down by the Writely founders, now part of Google offering that:

Google cannot legally, and doesn’t want to, make public your private data. [Upon looking at the Google Terms, it also appears to me that Google has revised its terms to more clearly point this out.]

Like Josh, I am no lawyer but what I do know is that there is an ongoing inconsistency with Google Apps ToS which make it very difficult for the ordinary person to figure out the extent to which Google is protecting the privacy of business data and who owns what.

Right now, I defy anyone to explain to me how Google is offering to protect business data when, in its ToS it says in regard to Google Docs:

“You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Service. By submitting, posting or displaying the Content you give Google a worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through the Service for the sole purpose of enabling Google to provide you with the Service in accordance with its Privacy Policy.”

The link for this was lifted directly from Frank’s post and I can find no difference between what it says now and what Josh was referring to.

Google’s business model depends on being able to aggregate data it collects through its cloud computing platform. That provides it with the basis upon which it can display targeted advertising. No-one I know is concerned about this element of the implicit deal you do when you use Google’s free apps. It is the: “non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content” that causes concern. That is because these additional ‘terms’ appear to override Google’s otherwise transparent approach to general privacy. These general terms were last updated in October, 2005.

Elsewhere, Mike Arrington of TechCrunch notes that Google is trying to distance itself from its ‘Do No Evil’ moniker. I’m sure it is. As commercial businesses grow it is very difficult to live up to ideals of this kind. But if Google, which otherwise generally tries hard to be a good partner, is incapable of revisiting its ToS, then you have to ask: Will your data be compliant if it is in the Google cloud? At least one questioner at yesterday’s show put exactly that point to Google exec Dave Girouard, asking if Google will be (for example) HiPAA compliant. There was no clear answer.

My sense is that Google hasn’t thought this through, or if it has, then its lawyers are incapable of figuring out a wording that doesn’t destroy the business model of ‘free for ads.’ This is an issue that won’t go away any time soon. If you’re a smaller business then you may not be so concerned. But if you’re part of a supply chain where data is exchanged that might include emails and IM chats with larger third parties that are subject to compliance standards, then you need to think about this.

If it wasn’t so serious, it would be comical. Yesterday, Pakistan’s government decided that YouTube was no longer welcome in its citizens’ browsers and demanded that ISP’s block it. Unfortunately this lead to what amounts to a DOS for the whole of YouTube. Despite it being said that YouTube was unreachable for 40 minutes, I couldn’t access the site for several hours.  The BBC was the first to report it noting that:

BBC News has learned that the nearly two-hour long blackout was almost certainly connected to Pakistan Telecom and internet service provider PCCW.

The country ordered ISPs to block the video-sharing website because of content deemed offensive to Islam.

The BBC News website’s technology editor, Darren Waters, says that to block Pakistan’s citizens from accessing YouTube it is believed Pakistan Telecom “hijacked” the web server address of the popular video site.

There will definitely be some fallout from this Darren Waters Read more on Darren’s blog

Those details were then passed on to the country’s internet service providers so that anyone in Pakistan attempting to go to YouTube was instead re-directed to a different address.

But the details of the “hijack” were leaked out into the wider internet from PCCW and as a result YouTube was mistakenly blocked by internet service providers around the world.

The block on the servers was lifted once PCCW had been told of the issue by engineers at YouTube.

As might be expected, the world and his dog is having a piece of this, variously ridiculing PCCW and noting the seriousness of the event. Richard Stiennon captured the mood of many when he says:

A religious state, Pakistan, identifies a content provider, YouTube, as the source of blasphemous, seditious content and orders, King Canute style, that the Internet tides be stopped. A zealous ISP ignorantly decides the best way to comply with the decree is to re-route all of YouTube’s IP addresses to whatever site they thought was more appropriate.

Regardless of the reasons for the intial ban - and some at least think it is more political than religious - the fact the action taken by a single provider can disrupt an entire service should be of concern to anyone running internet based services. The impact was wider because with all the YouTube traffic going into Pakistan, it lead to the country being an internet black hole for a time. While the consensus view is that the incident occurred as a result of an accident, according to Ars Technica:

This vulnerability has been known for a long time, and smaller scale accidents of this nature happen at regular intervals. But so far, efforts within the IETF to make the Border Gateway Protocol, which governs Internet routing, more robust against this type of accident (or attack) haven’t produced any results yet.

The potential for malicious persons to invoke similar actions is enormous and I suspect that appropriate action will now be taken to ensure that this cannot be repeated.

The last few days I’ve been engaged in a fire storm with NetSuite. I asserted that its customer numbers don’t add up, or at the very least don’t make sense. Almost immediately I incurred the wrath of the corporate PR department. Instead of answering the questions raised, they chose to go in the offensive, making the classic knee jerk reaction mistake of not reading my disclosure page as carefully as they could have and ascribing affiliations to me that do not exist. It was a fiery few hours to say the least. In the cold light of day however it’s interesting to dissect what’s happening.

NetSuite has provided customer figures over the years. 6,000 in 2003, 5,300 in its pre-IPO S1 statement quoting figures at March 2007, 5,400 at a presentation in December, 2007 and 5,600 in its most recent earnings statement. During the most recent analyst call, CEO Zach Nelson said they had added 432 customers in the last quarter and expected to continue adding at a rate of 300-500 per quarter in successive quarters. The impression created therefore is that customer additions are proceeding at a consistent and steady clip. But even a cursory examination suggests the numbers are not quite as suggested. To its credit, NetSuite’s PR pointed out that the most recently quoted numbers are ‘active customers.’ But then I have heard from one NetSuite implementer that it takes 30-60 days to get a customer up and running.

During one call, Craig Sullivan, VP International said to me there was bound to be a certain level of dropout from 2003 because at that time the company was serving a different type of customer, one that might not need everything the company offers. He also conceded that prices had increased. By implication, that might deter some customers from renewing their contracts. Net-net, I still can’t make sense of the figures and as I said elsewhere, at the time of writing, the company has not furnished an explanation of what I see as a disconnect between fiscal growth and the absolute number of customers it is serving.

What does this have to do with transparency? Netsuite is not obliged to give out customer numbers but has chosen to do so. That’s very much to its credit. But, it opens the door to further questions when apparent inconsistencies arise. That’s even more germaine for this company because the CEO likes to take public pops at the competition, implying that competitors are losing business to its offering. Anyone familiar with the software industry knows this is par for the course and such remarks are often rendered in jocular tones. Nevertheless, they are an integral part of the overall ‘character’ of a company as perceived by outsiders.

James Farrar, who runs CSR for SAP recently wrote about the value of transparency. Quoting Frank Buytendijk of Oracle (and previously Hyperion), he said:

Transparency is a competitive weapon to differentiate from the competition in attracting capital, informing customers about the value proposition (not only price) and in cost efficiencies by driving down the transaction costs in the value chain.

James then goes on to point out concerns about this kind of behavior, noting Nick Carr’s lament that:

You have to wonder whether, as what was once opaque is made transparent, the bolder among us will lose the incentive to strike out for undiscovered territory. What’s the point when every secret becomes, in a real-time instant, common knowledge?

I disagree because I was brought up to believe that honesty and openness are the best policies. But given the current position with NetSuite, one has to wonder whether Nick has a valid point. In this case, NetSuite appears to be in something of a hole. It is difficult to see how it can satisfactorily explain the apparent modest growth in customer numbers in the context of Mr Nelson’s assertions about future growth without admitting to a significant rate of customer attrition. Whatever it does, the company has a stark choice. Clam up or put its cards in the table. The natural response among IT companies is to find a way of obfuscating the position through elaborately worded PR statements. But in a world that increasingly demands transparency, it is hard to see how that is possible. This from fellow Irregular Maggie Fox:

Transparency means simply that if you have a lousy product or lousy customer service, you can no longer hide it. It is not voluntary. Just by using the Google, I can find a thousand different opinions about your products and services, and I weigh those collective voices (some more than others) when deciding where to spend my money.

Maggie is talking in the context of playing the social media game, something that is mostly seen as optional by corporations and often applied to consumer goods companies. In this particular case I’m thinking about an interpretation of facts. That can equally be seen as a question of opinion forming because whatever is said is bound to colour the judgment of potential future buyers.

Regardless of the outcome, it is apparent that we are far removed from having perfect insight into the realities behind the numbers that corporations choose to present. Nevertheless, the demand for transparency will not go away because that particular Pandora’s Box is already open. It will be interesting to see what emerges over the coming days.

I recently listened to Lisa Nolan talk about doing business in China. Lisa runs Lizal Inc, a US based full service merchandise manufacturer for brands like Coach and Wal-Mart. The company has manufacturing offices in Guandong and Taiwan. The business employees between 4,000 to 8,000 people depending on the season. Lizal can take anything from a napkin drawing to a fully specified drawing and turn it into goods that span everything from event promotional items to high end retail goods.

China’s economy is booming, helped in part by $27 billion worth of exports to Wal-Mart stores. But doing business in China is not simply a matter of setting up shop, hiring cheap labour and supplying goods. According to Lisa, there are many compliance issues that American companies have to overcome: “US companies take compliance very seriously. If a light over an exit sign at your factory isn’t working you can get written up as being in breach of compliance requirements. A lot of times it is the little things that catch you out.”

The compliance rules of some companies are so strict that making it over the barriers is not only onerous but costly: “In some cases, compliance can eat up 30 per cent of your first year’s revenue. That’s tough but the long term rewards are worthwhile - if you’re prepared to do what customers require.” Asked why companies are so stringent, Lisa says that in recent years, brands have become aware of the potential reputational risk to which they expose themselves. Last June, the New York Times asserted that:

Over all, the number of products made in China that are being recalled in the United States by the federal Consumer Product Safety Commission has doubled in the last five years, driving the total number of recalls in the country to 467 last year, an annual record.

These are emotive issues that capture the public’s attention so for Lisa, staying in line is one of her most important agenda items.

During our conversation, Lisa said that her business is subject to third party audits as a way of ensuring her facilities are in line with what is agreed. “Sometimes these involve outside accountants who check our payroll records to ensure we’re paying a proper wage to our staff.” This led me to speculate whether auditors might be getting two dips at the same pot. I asked Lisa if she knows whether the information gathered for customer audit was available to financial auditors for her own company accounts. She thought they were separate issues - which they are - but it strikes me that auditors could save their clients money if those kinds of record were passed across as part of the annual financial audit review process.

The biggest problem faced by manufacturers is that each brand has its own compliance rule book. This means there is a separate set of procedures to overcome for each company supplying brands which drives up compliance cost. Some companies are looking towards SA8000 as a way of providing a single international compliance standard for social accountability. Of her own company, Lisa says “We’re still researching to see if that certification is something that would benefit us.”

Given the hurdles, is it all worth it? “Our customers are very protective of their supplier facilities. Many companies take one look and say they won’t bother. We on the other hand have benefited greatly from doing as we’re asked. It’s all about the rewards that go with a good reputation for doing the right thing.”

Governance, risk and compliance which conveniently contracts down to a Gartner compliant TLA - GRC - is one of the hottest topics in the enterprise world today. If the Enron, Tyco and other financial scandals were not enough, the popularity of all things ‘green’ has put GRC close to the top of agenda in many CXO offices. But as always with a new acronym, people want to know what it means. Read more