Slide 1

Michael Mainelli and Ian Harris, The Z/Yen Group

[A version of this article originally appeared as "Why Decision Makers Need to Understand the Technology", Strategy, The Strategic Planning Society (July 2000) page 12.

"www…PGP…e-commerce…encryption…internet…TCP/IP…browser…RSA".  "Hey, let's not get toooo technical." "Now that we've come up with our internet strategy, I'll leave the technical bits to the IT folks." "Our technical bods assure me we have no security risks." "And whatever we do, just tell them to make it scalable."

Technology has always been key to competitiveness and business advancement.  Technology has always been key to strategy.  Why do strategic planners allow senior managers to get away with separating technology from the business? Particularly with phrases that imply the business is more important when history indicates the opposite?

The problem may be more acute in Britain.  We tend to love the notion of the gifted amateur, but deplore the zealous enthusiast.  Today's middle managers were often sharply divided among arts, social sciences and hard sciences streams, with little intermingling - not a great way to promote inter-disciplinary advances such as combining computers with finite cell calculation (spreadsheets), networks with fine arts auctions or books with telecommunications.  We rarely encourage people to continue genuine education after joining our firms.  We have permitted the development of board cultures where people in senior IT positions are proud of how little time they spend keeping up to date with technology and how much they spend "making IT understand the business".  Z/Yen frequently faces the problem of helping a senior, non-technical team make big decisions about technology they all to frequently do not understand.  In the past two years, with the in-your-face, hard-to-miss internet, we face this problem constantly.

The need for speedy decisions in today's environment favours organisations which can rapidly assess and deal with technologies' risks and rewards.  The structure and implementation of technologies as simple as the web browser (yes, it is rather simple) can have far-reaching ramifications in many sectors.  For instance, the use of bookmarks or favorites may have made a number one position on the net, such as Amazon in books, more difficult to displace than traditional number one retail spots.  Customers are "geographically vulnerable" on their way to a traditional book store.  "I was on my way to a Waterstones, when I smelled the free coffee (good trick that) of Puget Sound Coffee Bookstores - so I bought the book there instead." On the net, it can be difficult to dislodge someone's favorite.  Despite the fact you recommend buying a book at Euphrates.com, I have to make an active effort, remember it, type it, find the book, trust it, enter my details, and whinge about any aspect of service which is not up to my expectations versus use a previous bookmark/favorite.  The "natural" distribution of market share, e.g.  35% for number one, 17% for number two, 10% for number three, is not evolving on the net where early leaders can gain 80% market share or more, "net invulnerability" - there is no smell of free coffee on your way to placing your order with your favorite (sic) net supplier.  This leads to our "Highlander" prospect - there can be only number one and, more frequently in e-commerce than in pre-commerce, number one is the first major mover.

Assessing technical risks and rewards is everyone's problem.  As everyone has started shifting billions of assets daily into cyber-space, we have to find ways to make them aware of the possible dangers.  One way of helping people to handle technical risk is through the use of scenarios.  Scenario planning such as the following retrospective from the year 2014:

It happened 10 Years ago today - we look back on the E-COMMERCE MELTDOWN day of 4 July 2004

"Few technical people took the announcement of the TWINKLE chip seriously in 1999.  The Weizmann Institute Key Locating Engine (TWINKLE) sounded like a lightweight, nerdy bit of fun, of little relevance to senior managers.  What could an opto-electronic specification in Israel mean to their businesses.  If those senior managers had understood that their much-touted e-commerce technology depended completely on public key encryption they might have heard a loud warning siren.

Back in 1999, the entire internet, in fact all networks, relied on basic security measures such as passwords or firewalls.  The one, open technology was encryption and the main application was public key encryption.  Although there had been some minor furore with the US government and further minor skirmishes with European government legislation, encryption based on public key technology was widespread.  The technology ranged from the proprietary RSA to the publicly available PGP (Pretty Good Privacy).  The technology was appreciated, just look at the valuation of Baltimore Technologies back then.  Unfortunately, encryption was rather basic.  Despite a tremendous amount of arcane literature, it relied at heart on the difficulty of factoring large numbers, an area of mathematics easily understood by someone with a basic understanding of algebra.  The second-string technology, elliptical algorithms, turned out to be vulnerable to the same attacks.

Meanwhile, the financial world was alight with tremendous investment in B2C and B2B e-commerce.  E-commerce relied totally on encryption.  Managers of the day, particularly outside the US, assumed that all this messy technology was dealt with through outsourcing.  The internet/www (virtually synonymous by then) had many applications ranging from electronic Yellow Pages to virtual application service provision.  However, financial applications relied upon confidentiality and the secure flow of funds.  E-commerce needed encryption.  Numerous consumer and business surveys showed that the take-up of e-commerce relied totally on the confidence of users in security, reliability, service and price.  Security was always the number one or number two buyer criterion.

Encryption had three main vulnerabilities - a bright mathematician (the problems were not proven to be intractable), a dedicated decryption chip and the ever-looming (since 1984) quantum computer.  The irony was that three low probability events all occurred simultaneously in 2004.  First the bright mathematician.  In a village near Bangalore an extremely bright 11 year old girl produced a linear solution to factoring large numbers.  The security communities, corporate and governmental, over-reacted.  By trying to suppress the knowledge, rather ineffectually, they raised concerns among hundreds of millions of web-users.

Second, rival Russian and Sicilian-funded computing teams, captivated by the exponentially increasing sums transacted across the then internet, managed to turn $1M investments in some bright mathematical minds and some relatively inexpensive computing into the biggest scam ever.  Building on the dedicated decryption chip described by TWINKLE, their first efforts resulted in several billion pounds per month of results - principally through penny and pence skimming off credit card transactions and later through massive credit card multi-charging, hundreds of small transactions on millions of pirated credit cards.  Unusually.  such greed did not uncover the culprits - they were never caught - but their greed did kill their golden goose as all e-commerce transactions ground to a halt over three days.  4 July 2004 became known as E-COMMERCE MELTDOWN day.  The use of all upper case seemed to cock a snook at the weird mixed case business names that pervaded the pre-meltdown era.  The irony of the 4 July date did not escape cynical commentators, especially those in Russia.

Thirdly, within a few months of E-COMMERCE MELTDOWN, scientists announced the first successful quantum computer.  The 2004 quantum computer ran the first algorithm (Shor from the mid-90's), written long before a quantum computer had ever been built, which factored large numbers.  In 1999, less than a handful of qubits had been made to work together for the briefest of periods.  By 2000, seven qubits were working and by 2004, just over a hundred.  Shor's algorithm was cracking all practical key encryption applications in seconds.  As quantum computing was inherently inexpensive, a few hundred thousand dollars for a laboratory, a few pence for a device containing a few atoms, quantum decryption spread at will.  Attempts to rebuild public confidence in network security were comprehensively thwarted.

The further irony here was the quantum cryptography (also called entangled communication) was proof against all three vulnerabilities of key encryption, quantum computing included, and had been well-proven as early as 1998.  The difficulty was that quantum cryptography relied upon a heavy investment in fibre optics which was poorly understood by dot.com frenzied businessman at the turn of the millennium.  After the day of E-MELTDOWN in 2004, and despite billions and billions invested in fibre optic networks and quantum cryptography since, consumers have not yet reached the same e-commerce penetration today, in 2014, as they had at the end of 2000.

In any case, we all know the tale.  The net of 2014 is largely a glorified telephone directory.  Only a few try to send confidential data, let alone financial transactions across the open networks.  No credit card company, never mind a bank, will permit any open network transactions.  No-one would trust a life-dependent application.  The net works a lot faster, but the value is a miniscule fraction of what it was ten years ago, before E-COMMERCE MELTDOWN day.  Sic transit gloria mundi-toto-rete."

At Z/Yen we use chance, risk and reward, to enhance organisations' performance - to enchance organisations.  Scenarios can help organisations deal with the uncertainty of the future by helping to measure the unmeasurable.  Perhaps we should use the Twinkle of Doom to help managers realise the risks and rewards of cyberspace.  You can't make money out of technology in the long-term, if you don't really understand the technology.


Michael Mainelli and Ian Harris are both Directors of Z/Yen Limited.  Z/Yen is a risk/reward management firm which uses risk analysis and reward enhancement techniques to improve organisational performance.  Z/Yen advises organisations on strategic planning and decision-making