These days we often hear the mandate to “disrupt.” Innovators often use the concept of disruption to justify their actions for thinking out of the box. It’s been a successful strategy for those working at Facebook, Uber and Amazon for sure. The rewards are tempting- making risky bets put you ahead of the pack, potentially resulting in a raise or bonus, and maybe even giving you your fifteen minutes of fame.
But more often than not, breaking the rules can lead to disappointing results, shoddy workmanship or– worse still– termination when things don’t go as planned.
Is it okay to break the rules?
Silicon Valley seems to be aggressive in many dimensions: market share, brand awareness and release schedules. It’s no surprise that companies with that ethos seek top-talent with the potential to deliver the next big disruption. Somewhere down the line, the strategy and tone set by each these companies trickles down to their software developers (whether in-house or partners) and ultimately solidifies the technology culture and attitudes. Perhaps we may not all find all technology exciting, but it can be a competitive edge for market share.
When I learned about the recent data breach disclosure by Earnin, the financial payments app backed by the rapper Nas, it hardly registered as newsworthy. But what I found surprising were statements in the press from their developers admitting to taking too many risks. The NY Post reported that, according to two ex-employees, Earnin developers “kept customers’ unencrypted bank account and routing numbers, home and work addresses, phone ID numbers, and users’ GPS coordinates on an internal server” with no protection. One ex-employee further elaborated about developer culture: “It’s something in the water in San Francisco, the whole ‘move fast and break things’ mentality.” The degree of privacy information exposed and total absence of data protection is a staggering example of rule-breaking with very little upside and a lot of risk. Earnin developers were missing clarity and direction because we need rules for breaking rules, or at least some guidelines.
How I learned to break the rules
For me, it’s a lesson I learned in the military. Break the rules - to help others, not yourself.
OK – the military might be the last place you’d expect someone to learn when it’s okay to break the rules, but hear me out:
When I was an active duty soldier in the US Army, my unit was deployed to a training ground to test its combat effectiveness during a wargame exercise. In order to be evaluated the unit required a full combat deployment in the field for a few weeks at a distant military base. I considered myself a very good soldier who followed the rules, and whenever it came down to taking tests, whether testing my skills or physical fitness, I was all-in. I wanted to try my best, and never let my team down.
I was part of the command staff, reporting to an Army captain. I can honestly say he was a good boss who gave me a lot of responsibility for my rank. He and the NCO to whom I reported left me to my own business. They corrected me with fair feedback if I made a mistake and overall I felt they trusted me to always do the right thing. I enjoyed their trust and would never betray it by breaking the rules.
During the exercise, there were several scenarios played out: raids by opposition forces, mass casualties, civilian protests, and enemy artillery fire. Evaluators, a combination of game referees and movie directors, were constantly looking for general violations and making calls as the scenarios were played out. They were officially our hosts and also our judges. Our unit had to be on its best behavior.
When artillery drills began, evaluators would walk around and assign soldiers to be injured or killed. Being killed by artillery was something like being put in a penalty box with additional restrictions and forced with nothing to do for the rest of the day, whether the soldier was at fault or not. We had to “take cover” from simulated fire while evaluators patrolled inside and outside of the tents sweeping up those whom they judged too slow or inadequately shielded to survive the real thing. No one wanted to be on the list of casualties reported to commanding officers.
However, I was given a new perspective during one drill; I was in the supply tent with the captain and a few others when an artillery drill began. The captain ordered me to check on my team, which meant I had to leave the tent against our standard operating procedures- and I dutifully reminded him. The captain, who I had never seen angry until that point, shouted (paraphrased, with significantly less profanity) “get over to that tent, check on them and report back to me!” shocking me to my senses. I did what he ordered me to do and successfully returned without being sent to the penalty box. When I returned, the captain explained to me that he didn’t care about the evaluators- it was more important to him to know how his own troops fared. I replied with a quick apology and a wholehearted acknowledgement that he was right.
We were nearing the end of the exercise, and perhaps sensing that I learned my lesson about breaking protocol, I was instructed to procure supplies our unit lacked, otherwise the unit’s overall performance in the evaluation would be negatively impacted without them. It required creativity – especially since no one in the unit was supposed to leave the camp until the exercise was complete. That night, I hitched a ride back to the barracks with the help of accomplices who hid me in the back of a truck filled with food garbage. I took a decent shower and shaved to fit in with the soldiers on the base and went shopping for the necessary supplies the next day. I procured all of the supplies quickly and slipped back to our field site via an inbound food truck. Mission accomplished- and the closest I ever got to a spy mission. In the end, our unit was rated the highest it had ever scored.
So when is it okay to break the rules?
Here are three important rules of thumb:
- Don’t do it for yourself- do it for others. The first time I broke a rule was to position my captain with actionable information and support his leadership. Later we put the unit’s mission first by breaking several rules of the exercise.
- Have clear boundaries. Don’t put yourself in a moral dilemma or violate your own principles. I could see the upside and downside of each action, and I was willing to accept personal responsibility to protect my unit and its command. I considered the winners and losers of my actions.
- When you break rules, one of the payoffs should be more trust. If you’re not sure how others will perceive your infractions, ask yourself if you’d be considered more or less trustworthy. I believe my actions would have garnered the respect of the unit's evaluators had I been caught. Perhaps even a chuckle too if I had been caught sneaking off the field site on a garbage truck.
How do I think Earnin developers stack up against these rules of thumb? To me, it’s clear they broke them. The developers didn’t put the app users first, and although I’ll give them the benefit of the doubt, their statements make it seem as if there was no general concern for privacy protection either. User trust wasn’t central to the development of the app- just the minimum regulatory requirements. App development is ultimately about catering to needs, and that falls under the umbrella of service. With that in mind, privacy and cybersecurity must be taken more seriously in order to satisfy that need in app development. While I don’t see a problem with trying a maverick approach to solve a problem, it’s too risky and self-serving when privacy, security and ultimately trust aren’t part of the solution.