The Washington Post reports today that Unisys Corporation is under investigation for its failures to detect intrusions into government networks. I’m not surprised.
Prior to my stint in the Senate, I worked for Unisys. While there were lots of good people at Unisys, it isn’t that well run. In every way — and I say this without apology — the federal government just works better than Unisys. (I knew things were bad when every internal business plan I saw sighted Unisys’s own culture as a major risk to the venture in question.)
But I’ve argued in the past that we are often better off seeing how the private sector can handle security–often it will be better than the government. Clearly, Unisys fell down in this case. How can I reconcile these beliefs?
Pretty simple: It’s absolutely true that the government will never do things as well as the best-run private companies. I firmly believe that. It correlates, however, that the worst private companies will be worse than the average performance of the government. By virtue of its taxation power, the government can hire well qualified people. By virtue of its accountability to the electorate (which, sorry anarchists, isn’t a myth) a strong incentive exists to make it at least semi-competent.
The worst possible scenario exists when backward-looking profit making firms comes to rely entirely on government contracts and develop the connections and expertise to make it difficult for the government to get rid of that company. The result, really, is that the company becomes part of the government, but, instead of a commitment to the electorate, the company has little besides a commitment to its own management. (I say management because, in a market economy, a backward-looking company will not serve the interests of its stockholders.)
It does not shrink government when the government lays off its own employees and hires private contractors that are sometimes even harder to fire than government workers. In fact, I think it’s far better to have government provide a service directly than to have the service provided in a way that just serves to guarantee a profit to a private firm. When a private firm takes on a contract, it seems to me that the firm should also assume a major portion of the risk involved in that contract. Privatization, properly understood, isn’t about letting someone make a profit off of the provision of a public service: It’s about handing over the risk for providing that service. Iain Murray and I, in fact, have a paper coming out soon that makes just that argument.