Why Tech Firms Need Geopolitical Risk Consultants

A few months ago, I wrote a post that made a splash: Why Rockstars Need Geopolitical Risk Consultants. Since then, a few notable musicians have failed to heed that advice, including Nicki Minaj, who performed in Angola to fierce backlash, and Enrique Iglesias, whose concert in Colombo provoked the Sri Lankan president to suggest that promoters be whipped. While they get their act together, there’s another sector that should consider seeking out the best geopolitical risk consultants who are still on the market: the tech sector.

Unlike traditional consumers of political risk insight such oil & gas or mining firms, technology firms rarely operate out of restive provinces in rural areas, nor do most of them have long supply chains to protect. Many of them, such as Twitter, for example, which doesn’t produce any hardware, and Facebook, are safely based in California, which might be part of the Old Wild West, but is hardly dangerous now. Others, including IBM and Apple, which produce a variety of hardware, are exposed to a variety of political risks, including volatile currency fluctuations, vulnerable supply chains, dependence on the availability of natural resources, the etc. Yet Apple too is based out of California, and therefore feels far removed from the places we think of when we mention “political risk.” Apple and Google, like all public firms, must file a 10-K form with the SEC, specifying potential risks to its business and investors. I’ve read hundreds of these forms and I can tell you that they reveal a lack of understanding of the intricacies of political risk, including both macro and micro political risks within their home countries, as well as geopolitical (transnational/cross-border) risks.

The tech sector’s belief that it is insulated from most types of political risk is an illusion, and a dangerous one at that. The origin story of the tech industry is a beautiful fairy tale and it’s hard to blame the sector- it’s full of optimistic idealists who are eager to use technology to solve complex problems, transcend national boundaries, and empower individuals. These all sound like great goals, but there are many deeply entrenched power structures that like their problems complicated, their borders well ringed with barbed wire and their populations well-controlled.

By perpetuating its own illusion, the industry makes itself more vulnerable. And we’ve seen the results. The tech industry continues to be repeatedly burned by a variety of political and geopolitical risks. Of course there’s the obvious example- Edward Snowden’s revelations regarding the extent to which US tech firms’ user data was compromised by National Security Agency surveillance. But there are others, such as operating in countries where cyber attacks to steal intellectual property are unrelenting. Then there are issues like the locations where companies decide to build their data centers; those choices have massive ramifications in terms of legal and regulatory compliance issues. Or situations where tech firms are having trouble balancing the desire to protect users’ freedom while contending with censorship demands in countries like Turkey (where Twitter is going to court) or China (which Google chose to leave over censorship concerns). Or how protectionist policies designed to ensure the sustainability of fledgling but primitive domestic firms is keeping tech firms like Uber from capitalizing on underserved markets. And how tech firms seeking to “disrupt” dysfunctional or outdated practices with tech innovations risk disrupting existing balances of power in countries where such actions can result in swift backlash. When I first heard news of Netflix’s major global expansion, my first thought was to wonder how they’ll deal with undependable connectivity in some areas, or censorship demands, and how long it’ll be before there’s a scandal of some sort. Finally, of course, there’s the issue of due diligence, which done poorly can topple a firm. The political risks involved in the movie business are quite well known, yet just like with the rockstars, the same issues pop up regularly due to poor planning.

Following the disclosure of various NSA spying programs, as well as data regarding tech firms’ frequent acquiescence to demands that user data be provided to the NSA, many foreign clients decided to stop using services from firms based in the US. Snowden’s disclosures caused the trifecta of losses: monetary, legal, and reputational damage. IBM lost a considerable amount of business in China, Google is the target of European ministers seeking to punish the firm via new laws and legal challenges, and Microsoftis contending with the ramifications of a PR scandal regarding its particularly close relationship with the NSA, which caused many consumers to seek alternatives to Microsoft services such as Skype. The exposure of NSA surveillance alone is estimated to cost just the cloud computing industry alone between $22 billion and $35 billion in overseas business in the 3 years between 2013 and 2016.

In that case, the tech sector willingly collaborated with the government, providing access to services and sensitive user data, in exchange for what it believed was the government’s ironclad guarantee that the collaboration would remain a secret. The government seemed like a helping hand reaching down into the Valley. As we all know, valleys aren’t a good place to be in battle, and the government doesn’t have the best reputation for protecting secrets. (Yes, I’m talking about you, NSA, CIA and OPM.) But the bottom line here is that there was no perceived cost for the tech sector to cooperate with the government, and therefore no perceived risk. A sure thing is rare in Silicon Valley, and this was the closest you could get to a sure thing. Now, the costs are not only clear, but prevailing. The tech industry lost the trust of its users, its foreign clients, and even some of its own employees with each consecutive expose, and it’s still trying to regain it, through legal challenges to requests for data, enhanced encryption (which makes it impossible for companies like Apple to read or share the contents of Messages sent between Apple devices with the government), and a myriad of PR efforts designed to convince the public that they will protect privacy and resist surveillance efforts. But the damage has been done, and dozens of new competitors, promising to protect user info and encrypt communications are capitalizing on the fall out, creating new competition, and more hurdles for tech firms fighting to retain and increase their market shares.

Given the rocky relationship between tech and the government, it’s surprising that the White House continues to call for Silicon Valley and tech leaders in general to do more to help the government fight transnational threats such as the Islamic State terror group. Sure, it seems logical that the tech sector could help the US prosecute its war against the brutal organization, given heavy IS use of Twitter, YouTube, and other platforms to spread its graphic and horrific propaganda. But while both the White House and tech firms share a desire to defeat the group in theory, the means by which the White House wants tech firms to fight the group are no longer cost or risk-free. In fact, they’re priceless. And while the White House is looking to score political victories, tech firms are looking to score legal victories that in many cases will make it harder for authorities to do their jobs. Tech firms aren’t trying to subvert the war against IS just to be difficult; they realize that winning one battle could mean losing their war to stay alive.

Not a single tech leader is willing to enthusiastically and unequivocally help the government install backdoors, or supports some government officials’ absolutely ludicrous calls to outlaw encryption. Not only is outlawing encryption completely impossible, any efforts to try reveal the governments’ embarrassing inability to understand how technology works. This was on full display recently, when Silicon Valley showed up to fight with the government over a plan to implement 2013 revisions to the Wassenaar Agreement, which would in effect keep tech firms from creating secure software. And the battle will only get harder for the government now that the tech sector is more self-aware. (There’s an artificial intelligence joke somewhere here, but I’ll leave it to you all.)

Tech firms have learned their lesson in the case of Silicon Valley vs. government surveillance, and they won’t risk being burned so easily again. But on other issues, where the tech sector hasn’t been burned nearly as badly, they’re still floundering as political risks build up around them. While it’s great to include the worst-case scenarios on their 10-K disclosures or in all hands meetings, while dismissing them as unlikely, it’s frequently the not-even-close-to-worst case situations that will cause the biggest problems for these firms. We often plan for the really big problems we can think of, and overlook the minor ones that be the one domino that start the chain reaction that could lead to a company’s bankruptcy or collapse. To avoid getting burned again, and from multiple risks, increased investment in political and geopolitical risk insight will be vital. A good political risk consultant isn’t going to predict the future. Their job is to anticipate the turbulent waters ahead, and to ensure that companies safely navigate any obstacles ahead, while also making sure they don’t sabotage themselves by failing to think through the consequences of their actions- especially the ones that seem like sure things. Every system needs an occasional patch to keep functioning, and when it comes to political risk, Silicon Valley needs a critical update.