Dateline: The North Carolina Piedmont
This summer, Washington, DC, was really hot and muggy. I know, I know—that’s not news. Many of our national monuments, federal buildings and government offices are built on land reclaimed from the malarial swamp along the Potomac River. President Millard Fillmore was known to grouse annually about the benighted, mosquito-infested bottom land that ran from the back door of the White House all the way down to the shore of the river. King George III’s Royal Navy even classified Washington as a tropical port.
From the days of the Revolution until now, residents of Washington with the means have looked for ways to leave the sweltering city during the summer months. And when Congress leaves town for its summer vacation, I look to join the flight to more pleasing surroundings as well. In late July and early August this year, I found respite at our vacation house in central North Carolina. It wasn’t any cooler there, but the forested grounds, abundant flowers and swimming pool made the heat far less onerous.
One of the late summer rituals my wife and I enjoyed while there was the annual tax-free shopping weekend enacted by the North Carolina state legislature to help parents buy back-to-school supplies. Our mailbox had been stuffed with advertisements and flyers from stores and shopping centers reminding us to visit them for this tax holiday the first weekend in August. On the appointed day, we dutifully set off to get some needed items.
Our first stop was a clothing store where I found a nice all-silk, summer-weight sport coat on sale. There was one in my size (not a common occurrence), and since the sales price was less than $100, I was able to get it tax free. My wife found some shoes on clearance, and we also picked up a couple of Christmas gifts, all without paying state sales tax.
Our next stop was the large bookstore. I looked in the bargain bin and found inexpensive hardcover copies of Herman Hesse’s Siddhartha, Benjamin Thomas’ 1952 biography of Abraham Lincoln, and a couple of books by HonorA© de Balzac. My wife picked up a history of the Celtic civilization and a new textbook on the indigenous peoples of the Americas before Columbus. We took our selections to the checkout counter, only to find that none of these qualified as no-tax purchases.
I asked the clerk why these books were not considered back-to-school materials. I could understand had we bought murder mystery novels or cookbooks, but these selections were all clearly educational. The clerk shook her head and told us only a small selection of specific texts—including all the CliffsNotes books—qualified. She had obviously seen incredulity like ours before, so she added with a sardonic grin that every item under $100 at Victoria’s Secret was tax free this weekend.
Apparently, the things children really need for their studies are trendy t-shirts, hip-hugging blue jeans and fashion watches. So much for a politician’s understanding of back-to-school supplies.
Dr. Thomas Sowell, in his book Applied Economics, refers to this as Stage One thinking. In a nutshell, Stage One thinking is the inability to see and understand the complex interaction of economic policy and its impact on human behavior.
One of my favorite examples of Stage One thinking in politics is a piece of short-sighted legislation enacted just over a decade ago when I was a boat owner. At the time, Congress thought it might be a palatable idea to raise taxes on the wealthy. Who could be against that, aside from those few impacted?
They hit upon a clever plan: Just tack a punitive tax onto boats and yachts that sold for $100,000 and above. Great idea, right? This law wouldn’t affect sport fishermen in bass boats or those day sailors at the lake. It would directly target those big-ticket floating palaces purchased by wealthy Americans.
Just more than a year later, in 1993, the same politicians who had pushed the yacht tax through Congress had to quickly and quietly campaign to repeal it. Sales of U.S.-built yachts had plummeted. The wealthy had gone overseas, bought their expensive yachts in other countries, and simply sailed them back to the United States. These rich taxpayers were only marginally inconvenienced.
The impact on the boat building business, however, was staggering. Expensive boats are most often built to order. Within weeks of the law’s enactment, thousands of blue-collar boat builders, fitters and ship chandlers lost their jobs. In Rhode Island, an entire industry was wiped out in less than a year.
Not only did the government fail to realize any financial windfall from the tax; the individual states experienced skyrocketing demand for welfare and unemployment benefits from these dispossessed workers, placing even more of a burden on government coffers. The luxury tax had almost the exact opposite effect on the government’s financial situation as the bill’s proponents expected. They failed to think beyond Stage One and experienced the law of unintended consequences.
Similarly, we have been witnessing a spate of federal legislation with significant impact on both public-sector and private security professionals.
New laws such as the Public Company Accounting Reform and Investor Protection Act of 2002, known as the Sarbanes-Oxley Act; The Financial Services Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLB); and the Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA) have targeted security requirements buried within their voluminous binders. That has given rise to the demand for compliance security solutions, and innumerable vendors, integrators, and consultants are stepping up to provide them. A quick Google™ search disclosed more than 26 million hits.
Compliance solutions allow government organizational leaders and corporate executives to verify they meet the requirements of a specific set of regulations or laws. They can comprise technology products, specific processes and training. Some solutions are for just one legislative mandate, while some claim to provide one-stop shopping for numerous federal regulations. The problem arises when these products and services are touted as either minimum or even adequate security solutions.
As we have evolved away from selling and implementing security using fear as a tool, the industry has embraced industry best practices as a possible baseline for assessing adequate assurances of protection. Compliance products and services vendors have been more than happy to step in to leverage these legislative requirements that drive demand for their products and services. It is critical for security professionals to understand the differences between legislative compliance and an adequate security baseline.
Probably the best way to keep the difference in mind is to remember how legislation can have unintended consequences. Laws such as the back-to-school tax holiday and yacht tax can ultimately have impacts far different from the best intentions of those who write and enact them. When you are responsible for security, you need to take proactive risk management as your yardstick. Relying on a Washington, DC-based politician to understand your security requirements could have disastrous consequences.
John McCumber is a security and risk professional. He is the author of Assessing and Managing Security Risk in IT Systems: A Structured Methodology from Auerbach Publications. Mr. McCumber can be reached at [email protected].
