This is my first public blog entry. I intend to come back to it and add some links, but I don't have the patience to do that this evening.
As a general counsel, I daily hear from people who want to advise me about Sarbanes Oxley compliance, or to sell me some product that will make SarbOx compliance easier. Very few of them have much that is interesting to say, let alone listen to, especially when your company is private. Without addressing the merits of the legislation, I think that it can be dull to talk or write about (and compliance can, indeed, be expensive).
My friend (and outside counsel) Dan, who wasn't pitching me anything, had some interesting comments about how some SarbOx provisions may actually promote success in the fight against terrorism. This is the sort of thing that might be true, or might bear no relationship to reality, but I think it's interesting to think about.
Although the provisions are not as well known as those regarding certification of financial statements and evaluations of controls, SarbOx protects whistleblowers from retaliation when they reveal corporate wrongdoing. The Federal Sentencing Guidelines, and the DoJ's guidance about them, also promote the culture of compliance, and would encourage companies to protect the anonymity of employees who raise concerns about corporate practices.
The law protects whistleblowers to uncover secret frauds before they are perpetrated, or before the go too far, to make it more difficult to plan them, or to deter wrongdoing in the first place.
Like corporate fraudsters, terrorists try to keep their preparations secret, but some people close to the planners probably know something about what's going on. Someone besides McVeigh and Nichols may have known that they were up to something strange or bad; same for the DC area snipers of 2002 and the London bombers of this past summer. Someone knew or suspected something, but, for whatever reason, did not report it.
If people fear for their careers before reporting fraudsters, they must really worry about reporting suspected terrorists. Anonymity may be essential to allow people who know of terror preparations to report their concerns without fear of reprisal, especially if they're close enough to the terrorists to be exposed to solid information.
SarbOx and the FSG, among other developments, may make it culturally more acceptable to be an anonymous whistleblower, and may increase the acceptance of anonymous complaints, which may be a more credible tool than in the past. Maybe this sort of reverses a "market for lemons" of anonymous tips -- If we assume that some people didn't make anonymous tips because they feared retaliation or because there was something socially unacceptable or cowardly about anonymity, then perhaps high-quality tipsters, those without personal agendas, would be less likely to give tips. If that were true, then tips would more likely to be self-interested or from people who didn't really know that much, and thus had less fear of being exposed and retaliated against, so they were less likely to be valuable and respected by the authorities, which may have reinforced people's reluctance to make anonymous reports. At this point I should note that I don't know what I'm talking about and am just making things up. If you change the social acceptability of anonymous tipping, and you convince people that they can avoid retaliation, then maybe you encourage better people to come forward with better information.
I think you could argue that people in the US (for a bunch of reasons not related to Sarbanes Oxley) are more willing to come forward with information about potential terrorist events than they were five years ago. It also seems likely that people are more willing to blow the whistle on corporate crime than they were before the corporate scandals like Enron and MCI. Are there lessons that we can draw in encouraging people in places like Jordan, Iraq, Bali, Madrid, London, and New York to to make anonymous disclosures (via the Internet, let's say, from an innocuous Internet cafe, or the public library) about what look like suspicious terror preparations? Today, you would think that any flight school trainer who has a student who doesn't care about learning to land planes would be willing to report that concern; the neighbor in Seattle who heard John Muhammad's rifle target practice might well report that today.
Are mechanisms in place to allow citizens to make such disclosures anonymously and confidently? Certainly local police and media have "tip lines" and the FBI has used the Internet Fraud Complaint Center to get reports of crimes besides Internet frauds, but I don't know whether they've really resonated in the public mind. If we haven't done so already, we probably could implement some Internet-based anonymous reporting systems that could make it easier for people to come forward with information without really coming forward. This may not help very much in countries with limited Internet access, but the underlying principles should be relevant.
The flip side of all this is that we wouldn't necessarily enjoy a world in which neighbors spent a lot of their time filing anonymous complaints about each other. The DoJ's proposed "TIPS" program, was particularly unpopular. Interestingly, that concern has parallels in the corporate world, too. France (and I think Germany) has balked at permitting French operations of US companies from establishing anonymous tip lines out of concern for the rights of those who would be informed against.
Good night. Comments are open, if you're interested.