Why Bans Don’t Work

Effectively immediately, nothing will be banned.

The Summer of Facebook has brought a new list of social network (sorry Mark, social utility) bans, as well as some fuzzy research on the cost of social networking. Some interesting points:

• Does anyone really believe that Facebook alone costs the Australian economy $5 billion?
• The Sophos study says that 43% of workers surveyed say their employers block Facebook. 7% say access is restricted by job function.
• That same study finds that half of the companies that allow Facebook (25%) see it as a valuable networking tool.

We’ve had some of the same rumblings around Connect. It’s a time-waster, I have a real job, etc. I’m happy to say we’ve stayed relevant to work, and there are no bans on social networks at Oracle.

I understand the concerns. What I don’t understand is the myopia of corporate IT departments. Where’s the trust? And even more importantly, where’s the vision?

I guess the answer in this case is that a ban is easy to maintain and easy to support. Just slap facebook.com on the router ACL, and you’re good to go. But if history is any guide at all, bans don’t last, and they cost money. Some examples:

Oracle used to ban wireless use, of any kind with a company computer, period. Never mind the fact that the new laptops they deployed came with a wireless card, or that a growing percentage of employees worked from home. No wireless, or you are so fired. Why? Wireless has been historically insecure and tough to monitor. I’m not sure what turned the tide, but now, we have wireless in many of the offices, and its use is encouraged because guess what? Wireless lets me work more.

I know a guy whose company banned all types of IM. I always wondered if they preferred paying the phone bill to having a free communication mechanism.

When I started at Oracle 11 years ago, the firewall was closed, i.e. no Interweb for you. To get out of the firewall, you had to have an SNK and approved access. When the firewall opened, we could do research, competitive analysis, etc. All for free.

At the end of the day, all these bans cost more than they were worth, and they didn’t stick because in each case, the ban choked employee productivity.

So, say you save some worker productivity by banning Facebook. Is it enough to equal the amount of employee goodwill lost, i.e. you don’t trust them enough to do the right thing? What about potential sales lost from networking with prospects and customers on Facebook? Or recruits lost because your company has a ban policy? Or employees who left because they didn’t care for your draconian policies?

Sure these are intangibles, but the math is just about as fuzzy as the math offered up by SurfControl.

Having been in IT, I understand paranoia and distrust of technology you cannot control. What I don’t understand is the lack of hindsight and vision from corporate management. IT is supposed to be risk averse, but executives should step in and make the right choices for the company. You know, put the lead in leader.

If not, then the edge needs to rise up and change the policies, or find another job at a ban-free place.

Update: Corrected my own fuzzy math in the original. Computer World has an article citing Britain’s Trades Union Congress (TUC) as recommending permissive policies vs. banning and overreaction.