I spent 2+ years as "vendor scum" (to use my friend Bob's term) at IBM. In some senses, it was better that way in that I earned overtime for the pre-release marathons--so I'm not complaining about that particular "caste system." Besides, employees and vendor scum were equals when it came to the nonsense of "security theater."
For instance, my team lead came in for a important-ish meeting during her parental leave...and was required to obtain a security pass for the newborn that she had been carting around hands-free just a few weeks before. (Apparently, it's the emergency C-section and month-premature birth that makes them potential security leaks.) Similarly, using a cellphone for a personal call inside the building was verboten for all, never mind my next team lead's single best source of inside information came from outside the building during her cigarette breaks. Yep: Welcome to Security Theatre. (Absurdist? Deconstructionist? You have to decide for yourself. Because if we told you, we'd have to make you disappear.)
So you can safely say that I was not at all amused to be greeted this morning by the headline IBM veteran exec on leave after inside arrest. You can also safely say that the lawsuits that are coming Big Blue's way will make the protracted wrangling with SCO look like appealing a parking ticket. Oops. Betcha'll have a little more to obsess about than who enters an "unauthorized" building to pick her friend up for lunch, won'tcha?
But--that being said--this is one bit of security theatre that I'll enjoy watching. Part of the problem--quite apart from the quasi-incestuous relationship between regulator and regulatee--is the fact that the SEC cannot bring criminal charges. They can only refer a case to the FBI for that. At best, the SEC has the power to fine a company. But guess who really pays that bill? Of course, the FBI has had its own credibility problems during the past several years--and those on top of playing its own part in the post-9/11 security theatre. And the private sector watchdogs? A leading player in the fiction, as a it turns out. Even the venerable Warren Buffett had his bacon burned--which, IMO, speaks library shelves of volumes about the culture.
The upshot is: Never trust security measures that don't go all the way to the penthouse level of an organization. For that matter, don't trust any organization that doesn't enforce rules bottom to top. Particularly as the gap between bottom and top grows. Even the most overstuffed pockets might not cushion you against that landing.
