Third in a series of interviews by Rafael Moscatel on his blog with leaders in the fields of Risk, Compliance and Information Governance across the globe. He has discussed with Ulrich Kampffmeyer the GDPR, artificial intelligence and social issues emerging from the dense, digital fog we all find ourselves in.
Interview with Dr. Ulrich Kampffmeyer, Managing Director of PROJECT CONSULT Unternehmensberatung GmbH, Hamburg, Germany and a renowned expert on digital transformations, business intelligence and enterprise content management. Curriculum Vitae on Wikipedia https://de.wikipedia.org/wiki/Ulrich_Kampffmeyer; company website www.PROJECT-CONSULT.de. email: Ulrich.Kampffmeyer@PROJECT-CONSULT.com
Ulrich, you write and teach extensively about the cultural and social changes in work environments that are a direct result of the emergence of digital systems. Now that data is at the fingertips of everyone, what changes, positive or negative, should society expect to face that the business world may have already experienced?
<Kff> The business world is just at the start of the digital transformation; the information society is just a dense fog. The pace of digital transformation is accelerating day-by-day. In particular, the cloud, artificial intelligence, IoT and other current developments are driving so fast that there is a danger that they can get out of control. The more capable AI gets, the greater the danger that it becomes uncontrollable. Remember Shoshana Zuboff’s laws from 1988, that whatever software can be used to control, to manipulate, will be used for this purpose. And our society is currently not prepared for this change. Just look at the GDPR discussions. Data protection as a general necessity, data safety as the requirement for continuity, data privacy by default, information governance to keep control, maintain value, keep information accessible – These are basic requirements that should not be ignored like in the past. Future historians will call our era the dark age of the early information society. </Kff>
You spent quite a bit of time at the Fraunhofer Institute developing imaging systems and processes to support archaeological studies. Given that images provide so much of the fuel for artificial intelligence, do you envision some of our older legacy systems and indexes ever providing value to future AI efforts?
<Kff>In the mid 80s I worked on pattern recognition, image processing, database systems and expert systems for archaeologists and prehistorians. Too early. Today taking a computer, drones and sensor systems to an excavation is standard. In those days …. But in regard to recognition, automated classification, expert systems and artificial intelligence the approach was similar to what is happening now 30 years later. The capabilities of software, hardware and self-learning algorithms are many times more sophisticated than in those days. But let’s take a look at so-called old-fashioned methods of organizing information. You mentioned “legacy” and “indexes.” Metadata are not legacy. It is a question of quality, control and governance. Controlled metadata, vocabularies and taxonomies are of special value to bigdata analytics, artificial intelligence and machine learning. The controlled datasets act as guides to train new technologies with high quality information and structures. This is important for automated indexing when capturing information, sharpening enterprise search for qualified results, and managing repositories in regard to compliance requirements. Especially when it comes to compliance, straightforwardly organized high-quality information is an asset. But AI will change the game here as well in the near future. Currently classification schemes and file plans are developed manually by academic rules. In the future software will analyze all information and organize itself by protection guidelines, user models, processes, value, retention etc. Digital transformation without information management does not work. Only those who know their information, manage it in a systematic way, systematically open it up, protect it consistently and use it efficiently can venture into digital transformation. </Kff>
This series of interviews with global leaders in information management, risk and compliance seeks to find common values and themes in these disciplines across disparate cultures. I know that you are major advocate of standardization. Are there one or two common threads that run between all of the projects and people you’ve worked with that you also believe should be universally acknowledged?
<Kff> Standardization is a necessity. Everywhere. We do it with language, words, and grammar to enable understanding. We do it with hardware so that it supports interfaces and operating systems. We do it with software so that it can interact with other software and systems. We do this with the retention rules for documents in our records management systems. Standardization is everywhere – that is not the question. The real question is, what has to be standardized for which purpose? And is standardization something that inhibits innovation? And is standardization in streamlining and control in opposition to the culture of a group of people or an organization? The larger and more distributed an organization is, the harder it is to implement change and change culture. Old behaviour, language barriers, time zones, cultural differences etc. make common values hard to define. Processes to maintain values and make businesses run smoothly also need a kind of standardization. In my opinion, the cultural and organizational challenges of digital transformation are more important than technology and functionality. A common thread could be our old rule for information management projects: “strategy first, people, organization and processes second, technology last.” The risk of failure in this change process is not about new technology but about its adoption. Technology is still a facilitator for businesse, although this might change in the future with artificial intelligence. Less work for humans also means that human-driven use models and respect for human work will decline. This is a major challenge, because people often define their status by their work. So, this is a common thread in all projects, redefining processes while keeping workers involved, trying to overcome their fears of losing their jobs, and implanting a new mindset for a new type of work environment. With AI looming ahead, we even have to define what work is. Man is no longer the scale, the ruler, the canon. </Kff>
Historically, Germany has led the way in record-keeping, from the Gutenberg printing press onward. What role, if any, do you think Enterprise Content Management has played in the present day, to drive business intelligence insights and knowledge management?
<Kff> Yes, Germans were supposedly always good at organization and keeping order – but in fact that’s a myth. In Germany the term Records Management is not known to many people. It is common only in regulated industries that use English terminology. German academics talk about the management of folders or documents (“Schriftgutverwaltung,” “Aktenverwaltung,” “revisionssichere Archivierung” … to name some typical German terms). Too few people are familiar with the correct term “record” as used by and the concepts behind “records management.” So, in fact, Germany is not very good at the records management seen in Anglo/American compliance culture. We use different terminology and different strategies in managing information. For example, there is no eDiscovery established in German GRC. The term ECM, Enterprise Content Management, was picked up late in Germany, in 2006. It is still not a common term, especially not with SMEs. We still use terms like “Dokumentenmanagement,” which is used differently from “document management” in the rest of the world. While internationally new terms like intelligent information management, content services or enterprise information management are coming into use, the German software industry still sticks to ECM and German terms (by the way, it might be a good idea to use the acronym ECM now for Enterprise CHANGE Management, because this is the important challenge for Digital Transformation). What we see in Germany is a revival of the term “knowledge management,” as supported by ISO 9001:2015 requiring “Wissensmanagement.” Information management software like an ECMS plays a major role in getting control of information and processes. Classic business intelligence is more and more being absorbed by bigdata analytics and artificial intelligence. A new generation of analytic tools encompassing BI methodology is on the way. ECM has played only a minor role, because knowledge management and BI have never been mainstream components in standard ECMS but only additions to the ECM portfolio from other software industries. The adaptation process, where ECM had to adapt to the cloud, mobile, analytics, social, automation, AI and so forth, led to the current crisis in the industry where new terms and visions are coming into use like IIM Intelligent Information management and content services platforms. In Germany the ECM software industry is stumbling, unsure which direction to go and no longer with a homogenous appearance in the marketplace. </Kff>
Being at the forefront of Enterprise Content Management and systems design, you must have learned many lessons about development. And we live in a far more regulated environment then existed 30 years ago. Our challenges today intersect with privacy and security. What are the types of risks and concerns you believe developers of content management systems should be thinking about when building the next Documentum, SharePoint, Alfresco or Relativity?
<Kff> There is no future for the old dinosaur architectures of the big enterprise solutions like documentum. That’s why vendors and analysts have started discussing this content services thing. By the way, they forget that services have always been a basic concept of ECM – since the year 2000. The requirements of regulated industries and processes keep the traditional concepts of records management and archiving alive. But a general change is that there is no longer a difference between structured and unstructured information. A lot of ECM vendors unfortunately focused on this old paradigm and cared only about documents and unstructured content. Modern software – whatever you want to call it – has to cater to every type and technical format of information. The basic strategy for products is automation. Not only to eliminate human work and speed things up, but also to improve quality and establish new areas of business. Integration is still a major issue. We are no longer talking about traditional records management systems for records managers but about the integration of ECM functionality into other software. Interfacing is crucial. And like in the world of mobile apps, we will see services come up which automatically configure and integrate into other environments. Complex systems will be only manageable by AI-based administration software. So not just end-user relevant processes will be transformed, but also the configuration, administration and management of these solutions. And the services concept will make sure that ECM functionality is available in the same way as SaaS, PaaS, and on-premise. Another major change will be that end-users no longer see an ECM client because the functionality is integrated into the standard desktop environment. ECM will lose visibility on the desktop and becomes a standard infrastructure. All these developments will change the paradigm of the traditional ECM software architecture and functionality and require new development tools, listening to the user, faster testing and rollout, easier configuration, pre-configured business solutions, and easy to use end-user interfaces. A big challenge for all companies developing ECM software. </Kff>
There’s been a lot of noise around GDRP, specifically the “right to be forgotten” and strict privacy and data retention safeguards, but we haven’t seen much intellectual discussion around the greater social benefits the law is intended to support. How do you see this “return to privacy” improving society when it seems that a lot of the younger generation not only dismiss the concept of privacy, but as Simon Sinek has noted, see themselves through the lens of the over-sharing Social Media community?
<Kff> GDPR has been in place for 2 years and is now only being enforced. May 25th saw a lot of panic reactions, although we learned “Don’t Panic” (May 25th is also Towel Day in memory of Douglas Adams … and GDPR is not 42!). It is not a return to privacy. Privacy requirements and regulations always have been here. But nobody really cared. We were careless with information and information sharing. And now we are complaining that the big internet giants use our data. The new quality of GDPR is twofold: For one thing, it is for all of Europe, and organizations dealing with European personal data and doing business in Europe also have to address it. So GDPR is becoming a de-facto worldwide standard. For another, it imposes severe fines for infringement of GDPR. This is a tool for enforcement we lacked in the past and that’s why everybody – late in the day – started to care about GDPR. But there is another side of the coin – small businesses, associations, photographers, and others also come under threat from GDPR. Where big companies hire more lawyers and establish a data protection regiment, small business are overwhelmed by bureaucracy. Information management software is a necessary tool for larger companies to manage all data as defined by GDPR. They need a map of what information of which quality, value and legal character is stored and processed where. Smaller business struggle with these requirements due to their size, larger business due to the complexity and the sheer amount of data involved. The social communities have a different view of GDPR requirements. On the one hand they have to pay more attention privacy, they must be able to deliver reports on where they store data and what they do with it. On the other hand, GDPR strengthens the big guys because small forums, blogs, communities, groups and business give up and move their communities to Facebook, Google+, LinkedIn, XING or somewhere else. Communities like Facebook even used the necessary declaration of agreement to implement new technology like face recognition which interferes directly with privacy. Privacy by design, privacy by default will be major concepts of the future information society. But in reality, people choose the lazy options and don’t invest serious effort into the future information society. We leave this to science fiction authors and films, the CEOs of internet companies, and to populistic politicians. Privacy is not just about rights but also about obligations. These obligations don’t just entangle companies and public administrations. They apply to all of us, you and me. Everybody needs to take care of their own data and to respect the data privacy of all others. We cannot claim any right to be forgotten when we actively upload our directory of addresses to a social platform. In my opinion, data privacy and privacy rights are primarily a matter of education, which needs to start even before school. It is a task for developing a mindset about the value and the risks of information. Data privacy has to start in our heads. </Kff>
Predictive coding was introduced almost two decades ago, and while the technology has advanced greatly, cost and complexity are still barriers to adoption. Will advances in artificial intelligence and machine learning help make these tools more affordable and accessible to smaller firms?
<Kff> First of all – we recently crossed a magic threshold in artificial intelligence. AI is now not only self-learning and self-optimizing, but like in evolution, it is self-replicating and self-expanding. An example is the Quine neural network. AI software is programming AI software and AI software is managing AI environments controlled by AI administration tools – machine learning will be a standard in this new virtual world. This AI is different from our perception of “intelligent.” It goes its own ways, inventing different methods, becoming more and more opaque to human perception and intellect. It is there, waiting around the corner. We are seeing a big war fought by Amazon, Apple, Microsoft, Google, IBM and many others for leadership in artificial intelligence. Today artificial intelligence is even free for end-users or comes with consumer products like all the SiriCoLexas. The longer it learns the more sophisticated it will become. And artificial intelligence will become part of every piece of software. The future of IOT with billions of devices will be only manageable by AI. So it is a matter of course that AI will become part of information management software, it will be part of every cloud offering, and it will reach smaller firms as well. The only delaying factor is legacy software, legacy management, legacy behaviour, legacy business models. Everybody will have to deploy AI, analytics, etc. to remain competitive. The overlapping, entailing, feedback-looping, accelerating innovation processes will encompass everybody. This is why I mentioned earlier that our old ideas of the information society with well-informed citizens having control of information and machines will be overturned by dystopian models of the science fiction world. Predictive analytics with artificial intelligence will play a major role in our fight to keep control, because software and systems will anticipate what we do, better and better. Entire industries will change. First those dealing with information only, like banks or insurance. Then manufacturing and farming will follow. Crafts might be able to resist the attack of the 3D printer. Thousands of other examples are discussed on the internet, in congresses and publications. Everybody talks about the digital transformation, how far we have come with it. I believe we need to talk now about what happens when everything is digitized. </Kff>
Based on your many years of experience as a practitioner, lecturer and consultant, what sage advice can you offer to a young person just entering the field of information management and information technology?
<Kff> Well, education on information management is lagging behind the technology and information revolution. Learn to think for yourself, learn languages, learn how to communicate. Learn methodologies, learn philosophy, learn to adapt to change, learn to not stop learning throughout your life, learn to find meaning in a life with no meaningful work for humans. Education and training in universities is good but it is academic and follows old paradigms. Vendors mostly educate new staff on their own, which leads to their staff thinking only in terms of their product. End-user organizations train with a focus on their business model, so that new ideas have to fight for some time for acceptance. Don’t become a librarian – that job will be taken by AI. Don’t become a programmer – that job will be taken by AI. Go for information architecture, information communication, or probably the best advice is to study something which is of real interest to you, what you really love, which gives you intellectual satisfaction – and then move into information management as a job. I studied archaeology, prehistory, art history, Near Eastern studies, information science, and soil science. This combination gives me a good feeling about the value of information, long-term preservation and access to information, organizing, ordering and classification of information, detective work from information fragments to create the whole image, the importance of culture, scientific methodology, strategic thinking and other things you need to be an information management consultant. </Kff>
Dr. Ulrich Kampffmeyer
Hamburg, 27 May 2018