Lou Gerstner of IBM addresses the responsibilities of industry and of government in the age of e-business

The networked world demands a self-regulatory framework that is open, market-driven and competitive

Remarks at Finance Conference 2000: The New Economy Boston College March 6, 2000

By Louis V. Gerstner, Chairman and CEO of IBM

The issue of the Internet and its role in future economic expansion is certainly worthy of our time, our best thinking, and our best efforts. So I'm delighted to add my perspective on what it's going to take to build workable public policy for this new economy.

As a representative of the information technology industry, I appreciate the connection Federal Reserve Chairman Alan Greenspan makes between this technology and the ever-lengthening cycle of American economic growth. It's often the case that it takes a good long while before the impact of technical innovation — the combustion engine, electric motor, and even the computer — shows up in economic statistics.

Consider that if we'd come together for this meeting 100 years ago today — at the beginning of the last century — we might have discussed automobiles. But those conversations would have taken place during the breaks, over meals, in the hallways. Not as the centerpiece of a conference about the New Economy, the catalyst for the restructuring of feeder industries like steel and petroleum, or the driver of a near-total transformation of the nation's economic and social fabric. All that was going to happen, but it was hidden just beyond the horizon.

As recently as a year or two ago, I might have suggested that's where we were with the Internet and what we now know as "e-business." Today — no way. As has already been discussed here, we have an exceptionally clear line of sight to a shift that has moved large portions of our economy from a physical to a digital basis, and given rise to the first truly global marketplace of goods, services and ideas.

Before this day is over, you're going to be saturated with eye-popping statistics, analysis, projections and forecasts: hundreds of millions of connected users; trillions of dollars in commerce volumes. All real, and all very compelling. But none of it speaks as loudly to me as the way the Internet has arrived on the strategic agenda of virtually every senior business executive, education leader and government official I talk with. Three years ago, it wasn't on their agenda — and to a certain extent — rightly so. After all, back then most of the buzz was about browser wars, chat, "e-zines," and cool content. We used names like Information Superhighway or wired world. The conversation was about the end-user consumer, and was taking place light years from the offices of most CEOs.

That gave way to e-commerce. Buying a book, booking a flight, paying a bill. Basic business-to-consumer applications. And the Net began to creep up on the CEO agenda. Retail, financial services and travel felt the early heat. But even then, it was becoming pretty clear that the end game wasn't about simply e-commerce — trading a stock at midnight or buying a set of golf clubs from the other side of the world.

IBM coined the term "e-business" to talk about a broader, more powerful set of changes. About a new mandate: The requirement to explore — in every institution in the world — new models, and either validate them, or discard them. All kinds of models: business and financial models, new models for the way ideas move across an enterprise, for marketing and distribution, for the way governments deliver services, schools teach and doctors heal. That's about where we are today. We're early — very early — in a cycle of institutional transformation that will play out over the next quarter century. Nobody sits this one out. Nobody plays a pat hand.

And the next step is already upon us. In exactly the same way the Net overturns existing business models, it is fundamentally changing basic market structures, and is going to force all of us to rethink what markets are and how they operate. The promise here is for entirely new kinds of markets that will dismantle many of the inherent inefficiencies in any physical market — like incomplete information about supply and demand and pricing.

It's happening already: e-marketplaces for the exchange of goods and services, commodities, parts, capital, healthcare services, even skilled labor. Today, a lot of this activity is driven by a new business life form — cyber entities that exist only on the Net and carve out a critical role in bringing buyers and sellers together, qualifying the parties, facilitating transactions. Names like e-steel. FreeMarkets. Healtheon. Monster.com. e-Chemicals, and my new favorite, FishMonger.com.

In financial services, electronic exchanges like Primex and Archipelago are taking aim at the New York, Tokyo and Berlin stock exchanges — with the backing of Wall Street icons that are making a bet on the Net's power to create a more liquid and more efficient capital market.

I've seen estimates that these e-markets will mediate 30 and 40 percent of all industrial e-commerce by the year 2004. Thirty to 40 percent! Now you're talking about getting the attention of CEOs. And guess what? They're wide awake, and the wheels are turning. They understand that the technology has removed virtually any barrier to the creation of improved market structures. And they see that these new markets are going to exist in every industry. There's no question about it. The open issue is: Who's going to gain this powerful, and potentially controlling position?

A lot of the early action is being driven by the pure Internet plays. But before they can actually function as a working marketplace, they have to establish themselves and build their credibility. They have to be taken seriously by all the participants. That's a hill the world's entrenched brands don't have to climb. They're already the center of a complex business solar system of suppliers, distributors and customers — sitting at the nexus of millions of transactions.

So in the relative blink of an eye, this e-market opportunity has shifted the mindset of a lot of CEOs from: "This Internet thing could affect my business" to "Hey, this Internet thing means I can IPO a piece of my business." There's a land rush underway — a hyper-kinetic urge to strike fast and drive market value up. My view: This will burn white hot for a little while longer and then we're going to see this phase — like the others before it — morph into something much more substantial. Because the Internet, yes, is a powerful tool. And as I said, it will drive institutional change. It will enable new models. But it does not free us from the fundamentals of running a business or the laws of economics. The pendulum will swing again — back toward some of the more time-honored management challenges. Boring stuff: Like managing the infrastructure, integration, implementation; like building sustainable competitive advantage; like driving expense out of a supply chain.

For CEOs, this isn't as sexy as trying to get your stock price up through dot.com alchemy — but it is more realistic — and there's something reassuring about all this. Yes, this is a period of discontinuity. Yes, we're forced to examine the fundamentals of our strategy, and our competitive position. But those are all things that fall into our job description. This is what business, education and government leaders are supposed to do: establish strategy, ensure the execution and stand accountable for the results.

The biggest issues here aren't about technology. The biggest issues are issues of leadership. So the decisions, and the resources to address them, remain intensely human. That's why I've been troubled — very troubled — by how many of the leaders in my industry fail to recognize our responsibility to engage on the very serious societal and economic issues raked up by this transformation.

They assert that we can have a working, stable e-business economy whether or not we go through the process of thoughtful, intelligent development of the appropriate public policy framework.

A little over a year ago, the CEO of a fairly well-known Silicon Valley computer company dismissed issues of consumer privacy as a "red herring" and went on to say, "You have zero privacy anyway. Get over it."

Look, modern history shows that when a new technology changes society in fundamental ways, the industry that pioneered it — telecommunications, energy, transportation or broadcasting — is always called on to take responsibility for those changes, for their impact on people and on the planet.

If the industry doesn't step up, government will. And that's no good. Unilateral action imposed on this most dynamic, global, restless, never-closed marketplace isn't the answer. That doesn't mean we shun government involvement or pretend, as some in the information technology industry have, that there is simply no role for government. This isn't time for "Live free or die" bravado. There's too much at stake.

We need government working side by side with business, with educational establishments, with the information technology industry, and with active, concerned citizens. But I must repeat that this work must start with the conviction that market forces and market players should lead — that all policy and regulation must be surgically precise in its scope, and must be enabling — not rigid, heavy and prescriptive. I'd like personally to express my appreciation to FCC Chairman Kennard for what I call his policy of "vigilant forbearance" in overseeing Internet policy issues. It's an approach I think serves as a worthy model.

Before we discuss the individual issues — privacy in a networked world, security, digital trade — I'll offer this observation: We're misleading ourselves — and we will botch this opportunity — if we think we can simply transplant a pre-existing policy framework from the physical world to the e-business world. It won't work. Like everything else that's valid and sustainable in the networked world, the work of policy development has to be done in the context of this search for new models — models that are more global than less, more market-driven than regulated, more open than closed, and more cooperative than confrontational.

I'll start with privacy because it's the issue where the open, global and free attributes of the Net collide with you, and me, and our families, and our customers. Privacy is about all those people's ability to do something fundamentally important — and essential if this e-business economy is going to make it. That is: determine for him or herself how, and to what extent, information about them is collected and communicated to others. The issue isn't whether or not we want to afford people the ability to stroll through the networked world cloaked in complete anonymity. You can't get much done that way in a civilized society.

Privacy is about being able to make a choice about your relationships with others and the value you derive from your engagement with them. And it's about sometimes not having a choice, as when a hacker breaks the law. I think we can agree that it's in all of our interests that society have some ability to find the lawbreaker.

So far, our partners in government have been patient on this one. Government wants industry to lead, to get the protections in place, and prove self-regulation works. The window is open for business — not just the information technology industry, but across the entire private sector — to step up and provide some much needed direction and leadership. But if any of us think that window is going to be open forever, we're just not paying attention.

Last Thursday Commerce Secretary Daley fired a shot across industry's bow, and he was right. Business is not doing enough to build consumer confidence. On Friday, President Clinton followed up with a simple question to every business executive in the United States: "Do you have privacy policies you'd be proud to have reported by the media." The clock is ticking on this one. I'd urge every CEO in this country personally to inspect his or her company's privacy policies, find out where they stand, and get on with it.

Because privacy is above all a question of behavior, not of technology. For those organizations that handle personal information, it's a question of proving to people that their privacy is being respected.

Of course, doing this right gets exponentially more complex in the networked world. Yahoo, for example, collects 400 billion bytes of information every day, the equivalent of a library of 800,000 books. That's one site. The mind-bending scope and range of the Net is, in and of itself, one important message: That no simple, sweeping solution will work.

At IBM, we believe that a new policy framework for privacy — a flexible, protective, and potentially global framework — is urgently required, and we are prepared to work with any interested party to bring it to life. I won't be so presumptuous to assert we have all of the elements of that framework wrapped up in a neat little package. No one company or government does, or should. But I do have a point of view on some of the basic elements that should be part of any privacy framework.

First, this framework must be grounded on the idea that the marketplace, public sector, and individuals have a responsibility to model good privacy behavior and exhort all others to do the same.

Then, quality, market-led self-regulation has to be allowed to play out more fully. A great example of self-regulation at work came just last week. Intuit's Web site may have been disclosing some of its customers' financial information — not intentionally, but because of a design quirk in the way some e-commerce sites communicate with third parties who place Web advertising. When Intuit realized this may have been happening, the company took immediate action. This kind of sensible, market-based reaction is far in a way preferred and the most effective approach. It operates without overlaying a rigid regulatory mandate that could choke off new models before they can be judged by customers and the marketplace itself. This approach will create millions of monitors concerned with privacy, rather than the focus of a single Government agency. That said, I acknowledge that this self-regulatory approach must be accountable for its behavior.

Next, this privacy framework must deal with the "outliers," those that violate the existing laws or self-regulatory code — either outright or indirectly. We need government, privacy advocates and independent watchdogs like the Better Business Bureau Online to remain vigilant and aggressive. And a quick scan of recent media reports indicates they have been.

Finally, where privacy protection isn't working well, we need to explore what other policy approaches need to be put in place. As I said earlier, I don't believe that an all-or-nothing legislative approach is the answer. I cordially invite all of you to join with those of us who are working for effective, market-led policies.

Next, Security. Obviously, security is intimately linked to privacy. We can't have good privacy without good security, but they're not the same thing. While privacy relates to the rights of individuals, security means safeguarding that information in all phases of the flow as well as the pipes and plumbing of the system.

And in this area, the model of open communication and cooperation has begun to pay off. One huge piece of the issue, the strength of encryption standards, is now apparently being resolved cooperatively and globally rather than through unrealistic attempts to regulate country by country.

But security is more than encryption. It includes personal and financial security, national and global security, industrial espionage, theft, and fraud. Many of you are already into this one up to your hips. You know that no brick and mortar company would ever consider opening without locks on the doors, video cameras, alarm systems and a security staff. Yet every day, hundreds of Web enterprises do just that.

The solution starts with a change in awareness and a recognition of the darker side of human nature. My IBM colleagues would be glad to talk to any of you about a security checklist we have developed for our customers: From how to implement a valid security policy to conducting internal security awareness campaigns; firewalls and intrusion detection systems; and having a clear security policy when an employee leaves for any reason.

We're investing heavily in security technologies, and we're also working with governments around the world: with FEMA, the President's Information Technology Advisory Committee, and Secretary Daley's Partnership for Critical Information Protection, among others to identify the problems and develop the solutions to make the Net more secure.

Finally, digital trade policy. Global e-commerce stretches traditional trade agreements negotiated via the World Trade Organization and its predecessor the GATT. Existing trade agreements were primarily built on notions of physical presence and national borders. As this new economy expands, we've got to see trade policy through a new lens. In fact, in this new economy, we must start with the conviction that electronic access to markets and to customers is as important as physical access is today.

We've got to make sure policy decisions aren't a drag on a new marketplace that is already generating significant wealth, efficiency and productivity. What kinds of questions must we resolve?

Questions like: How important is physical presence? The right to establish operations has been a major focus of past trade negotiations. However, in e-commerce, physical presence may range from unimportant to irrelevant.

In a networked world many of you will increasingly deliver your products to the marketplace — in insurance, telecommunications, healthcare, financial services — via the Net. Are your customers then buying a good, or a service? That may seem like an arcane question. But it's life or death in the world of trade. Because depending on which answer you give, you get very different policy in our trade regime.

What are the implications for licensing requirements in regulated fields like law or medicine, when those services can be delivered across state lines? What about the digital cross-border flows of music, movies, broadcast content or any intellectual property? Will content restrictions be sustainable or used as digital non-tariff barriers? We need to make sure they aren't.

I've asked a lot of questions. Many more than I've answered. That's OK. There's time for us to put the right issues on the table, and reach the right conclusions.

In fact, the single worst thing we can do is act before we have enough information to reach informed, thoughtful decisions. Or act because we think we know what has worked in the past. Again, the pre-existing models do not apply. Or we might rush to act because it's expedient, because somebody is screaming "do something" or because action might suit the agenda of some special interest. Trite as it may sound, we're all in this one together.

And it's no overstatement to call it one of the boldest undertakings in history — the creation of nothing less than a new economy, and a safe, secure, global medium of human and institutional interaction.

Only if we work together — with the information technology industry leading on some issues, commercial enterprises on others, with educational and health-care institutions on others, and government on others still can we be confident that this great promise will be realized. That we'll capitalize on the opportunity to allow this new economy to yield the greatest good for the greatest number, build new competitive advantage, generate new growth, create real wealth, and ultimately improve the quality of life on this planet.

That's an agenda worthy of all our best efforts. Working together, we can make it happen. Thank you.