I want to propose some questions in this month’s article. As faithful readers already know I have believed that existing contract and property laws (including intellectual property such as copyright, trademark and patents) will cover new technology fairly well. In special cases new laws may be needed and sometimes, laws from one nation just won’t matter because of the global reach of the Internet.

Something has been bothering me since my sister-in-law called and asked for help fixing a problem with her home computer. She had been on the phone with the technical support desk for a major computer company and was having trouble understanding the instructions she was given. It wasn’t the computer jargon that bothered her. The problem was the thick foreign accent of the person providing the help. She was actually talking to someone in another country. In this case the support function had been outsourced to a company in India.

Bear with me; I’m not to the main problem yet. The fact that the manufacturer could make use of highly skilled foreign workers to keep the cost of support under control is a good thing. That means the computers (and software) we buy is less expensive.

It wasn’t until I saw a report that the state of Indiana had canceled an outsourcing program at the same time I was reading a Tom Clancy book that I figured out what had been bothering me. Let’s define a term before we go further. Outsourcing is one of the buzz words of modern corporate lingo. I’m using it to mean hiring some other person or company to perform some work that would normally be done by employees of the original company. It is a particular type of sub-contract.

The Clancy book reminded me of my Army security clearance rules. Some information is classified and some isn’t. Even if we are working with a friendly foreign nation and the allied soldier has the appropriate security clearance, some information can not be passed along. It may be classified or even unclassified information and still carry the NOFORN restriction. That is, ‘not for release to foreign nationals.’

Here are my questions. Are we worried that our sensitive information is being transferred overseas? If so, should there be a federal law that sets standards for what can be outsourced to a foreign workforce and who is responsible for any breach of security? I’m worried about the ramifications of sub-contracting certain processes to foreign lands that involve information containing private financial and governmental records as well as security information.

The scenario is not too far-fetched. We worry a lot these days about homeland security. But how much of our critical information is shipped overseas? Some of it goes to a very sensitive area of the world where two countries with nuclear weapons have been hostile to each other for years. What havoc would befall a US citizen or a US company if the terrorists targeted that outsourced information or the design of a system that is re-imported into the US? Who should bear the cost for ensuring the safety of that information (and thus the US company or citizen?)

Two recent government contracts illustrate the point. I’m aware of a municipal  contract to digitize aerial photomaps that contained a  no-foreign work provision for security purposes. It was felt by the contracting entity that the information, though unclassified, just was better handled inside the US.

In another case, the state of Indiana recently canceled an off-shore outsourcing contract for a different reason. It, like a growing number of other entities, was worried about the loss of jobs. A report by News.com cited a prediction that up to two million white-collar jobs will be outsourced to China, India and other countries by the year 2014. (More and more tech jobs head overseas, Dec. 24, 2002) In any event, there is a huge cost saving on the one end. The Indiana contract was to revamp the state’s computer system that handles unemployment services.  The original contract was awarded to Tata American and the work was to be performed in India.

I haven’t found anything that questioned the security of the information that was to be handled by the new system. Every article I’ve read on the Indiana case dealt with the loss of jobs versus the $8 million  savings the state expected to receive. I think the bigger loss would be the devastation that could result from the loss of control of critical information.  Granted one hacker can steal my credit card number and run up a huge bill but the loss to our country would be small compared to what could happen if someone maliciously “hijacked” the employment system of a state or the welfare checks in another.

It is also true that a US employee could do the same thing. There is one big difference in the consequences. Our legal system would at least have a chance of tracking him down and seeking justice. I’m not sure that we would be as successful an employee in India, Pakistan, China or any other foreign country.

The loss of American jobs to overseas workers is very bad. The destruction of the credit of thousands more US citizens because medical, financial or security information is compromised could be an event of tragic proportion.

Yes we have to trust somebody and there are very good reasons for participating in a global economy. If we don’t take advantage of the economic savings it is likely that our competitors will do so and undercut our pricing. With that said, should the law force the parties to also balance the cost of a breach in figuring the savings realized by transferring the work offshore. Should there be a law?