Connect with us

Latest

World Economic Forum Global Technology Governance Summit – Salesforce’s Marc Benioff on corporate activism, Stakeholder Capitalism and challenging voter suppression

Mish Boyka

Published

on

World Economic Forum Global Technology Governance Summit - Salesforce's Marc Benioff on corporate activism, Stakeholder Capitalism and challenging voter suppression

I believe business is the greatest platform for change. I believe that CEOs really have an opportunity, using their businesses, to improve society. That could be directly, making a commentary to politicians, building great products or making sure that their companies are net zero – I think in all of those cases, businesses are improving the state of the world.

So said Salesforce CEO Marc Benioff in conversation at this week’s World Economic Forum Global Technology Governance Summit, but it’s a sentiment that we’ve heard him express many, many times over the years – he even wrote a book about it! – and it’s a mindset that has won him the label of ‘Activist CEO’. That’s actually a term that he once told me he didn’t much care for, although it’s a mantle about which he appears to have become more accepting over the years, defining it in his own terms, as above.

That said, it’s scarcely difficult to see how that activist branding has become attached both to Benioff personally and to the company he co-founded over two decades ago, a whole other world in societal and political terms. During its growth, there’s been a willingness on the part of Salesforce to engage in highly-public stands on issues that have split America – and as such could be assumed to divide both the existing and putative customer base, a high risk policy for any business .

Most famously, Salesforce took a ‘line in the sand’ position on LGBTQ rights in the likes of Indiana and Georgia where discriminatory laws, mostly hinging on bathrooms as pretext, were being put in place. Salesforce used its economic clout to bring the architects of such legalized bigotry back to the table to modify their plans. As Benioff recalls it:

In the case of Indiana, where there were laws being signed that constrained and started to discriminate against the LGBTQ community, our employees said to me, ‘Hey Marc, you have a responsibility to go out there and use the power of the company that collectively we have and have it changed ‘. We negotiated with the Governor and we had that law changed. We found a mutual resolution. You can see that in lots of places in the world, in the United States, but also in other countries, companies can have a role in shaping policy and expressing their pleasure or displeasure with certain policies.

That’s a far cry from standard corporate thinking and practice when Benioff went to business school back in the 1980s, at a time when politics was up there with sex and religion as topics not topping the corporate agenda. I remember once Oracle’s Larry Ellison, one of Benioff’s acknowledged mentors, jokingly telling me when I asked him a cheeky question on his political GFN that, “I don’t believe in democracy!”, At which point we both chuckled and went back to talking about relational databases, a far more appropriate topic for the time.

But that time has passed and the rise of the ‘Activist CEO’ – sorry, Marc! – has changed the rules on what’s fair game for discussion and questioning. For his part, Benioff’s own political leanings have been increasingly bi-partisan over the years. Originally a Republican, he served as co-Chair of the President’s Information Technology Advisory Committee for George W. Bush, but hosted Barack Obama on the election trail at the Salesforce offices. He made no secret of his backing for Hillary Clinton over Donald Trump, but managed to persuade the eventual victor to support his firm’s global tree-planting climate change initiative.

And whenever asked about whether he has his own political ambitions, Benioff has demurred, while, as of last year, since becoming the owner of Time magazine, he’s stated that he isn’t making any more financial contributions to political candidates for office.

(Too) great expectations

But the activist label remains attached to both him and Salesforce and with that comes great expectations. As diginomica has noted previously taking public stands on controversial issues comes at a price. Critics carp about supposed double-standards – if you’ll object to anti-LGBTQ rights in Indiana, how can you do business around the world in countries with their own appalling track records on the subject? You stick your neck out on a topic, expect it to be chopped off if you’re deemed not to hold everyone, including yourself, to the same standard.

The prime example of such criticism for Salesforce came in 2018 when it signed a contract with US Customs and Border Protection (CBP) at a time when the Trump administration was under fire for images of children locked up in cages in detention centers. The Salesforce contract was stated as being for modernizing CBP’s recruitment processes, but it was a case of ‘guilt by association’, leading to unrest among Salesforce employees as well as protests from activists, including disruption of Benioff’s keynote at the 2019 Dreamforce.

In that instance, the employee unhappiness was particularly notable – and double-edged. On the one hand, it was indicative that Salesforce had fostered a culture where such protests could be confidently aired to the CEO; on the other hand, the message was that the company had let down a tranche of its staffers. That’s got to hurt when in fact, Benioff’s argument is that his own supposed activism is in fact him acting acting as an avatar for his team:

It’s really driven by the employees … it’s not me. I’m just acting on behalf of my employees. They make a case. We’re one team. I’m not making some unilateral decision. I’m trying to take their voices and their energy and channel it as they want me to. I think employees today are really the true activists … You can see it in my industry, where the employees have a voice and a role and are able to say things that have action in ways that maybe previously they could not. That’s really where we are. To that point, CEOs have a responsibility to listen to their employees and then act on their behalf.

Georgia on his mind again

Activist responsibility has come to the fore again this month thanks to events in Georgia, one of the most disputed of swing states in the 2020 US Election, with Joe Biden winning the vote as Black electors turned out in record numbers. Trump launched one of his many failed legal actions to overturn the result, based on false claims of election fraud, even trying personally to persuade Republican Governor Brian Kemp not to certify the electoral results.

While Kemp refused to do this, he has signed a 98-page bill, the Election Integrity Act, into state law, a piece of legislation that opponents say will limit absentee voting and is expected to disproportionately depress voting by communities of color. It limits the number of drop boxes for absentee ballots, requires voters to provide state identification to get absentee ballots and even bans people from passing out food and water within 150 feet of a polling site, including to those standing in line to cast ballots.

Salesforce, which has one of its famous Towers in Atlanta, has been at loggerheads with Georgia’s legislators before, again over LGBTQ discrimination, but as with Indiana, it reached a consensus accommodation. Prior to Kemp signing the new voter law, the firm had voiced its opposition to the proposals in the bill, stating on Twitter that it would threaten “trustworthy, safe & equal access to voting by restricting early voting & eliminating provisional ballots”.

Since the signing by Kemp, corporations have become increasingly vocal in their protests, with executives from 170 companies – and counting – signing a public commitment to protect voter access, not just in Georgia, but other states across the US, such as Arizona and Texas , where similar legislative pushes are underway.

In Georgia itself, the most significant protest action to date has been the decision of Major League Baseball (MLB) to pull its All Star Game out of Atlanta. What happens next remains to be seen in terms of how far other organizations are prepared to go in terms of continued engagement with the state. For now, Benioff says:

Voting is the foundation of our democracy and everyone is entitled to their vote. We should encourage and have everyone legally voting as often as possible in these elections, so that our democracy can continue. I think that’s extremely important and so I’m in favor of the activism. I think it’s important that these companies and these individuals realize that they have a voice and that companies do a role in making a statement. I’m all for what the Major League Baseball did. They made a clear statement that they do not support it, they gave it a thumbs down, and of course Salesforce gave it the same thumbs down before the vote happened.

Taxing questions

It is a sign of how far the notion of Stakeholder Capitalism has come in recent years that it is to corporations that people look for an ethical, moral and increasingly political lead, disillusioned by the real political establishment’s shortcomings. Benioff earlier this year aired his view that CEOs had been among the heroes of the COVID crisis of the past year. But with such status, as noted above, comes increased scrutiny.

Amazon founder and Chief Executive Jeff Bezos just came out in favor of raising US corporate taxes in line with plans by the Biden administration. It’s a bold declaration and one that will again throw a spotlight on the company’s own global tax affairs, for so long the subject of huge criticism for years. It also comes a few days after Salesforce was itself named by a non-partisan think tank, the Institute for Tax and Economic Policy, as one of 55 major publicly-traded US companies to have, perfectly legally, paid no federal income taxes in 2020 .

Salesforce has to date made no official comment on the think tank’s report, but when questioned at the Governance Summit on whether he’d endorse Bezos’ stand on tax reform, Benioff pointed to his firm’s push to pass Proposition C in San Francisco. This aimed to levy an average tax of 0.5% on gross business receipts over $ 50 million per year, with the money raised going directly to tackle homelessness in the city. It was a proposal that was vocally opposed by many tech firms in the Bay Area at the time, but it is an example, he argues, of how to tackle complex issues such as tax regime reform:

Homelessness became a major issue in San Francisco, so we advocated for Proposition C. That passed and that generates about $ 30 million a month in additional services for the homeless in San Francisco. We felt [the homeless problem] was starting to impede our ability to be successful, so we advocated for an additional tax.

I think that [in] the case where businesses believe, like Amazon believes and I think Salesforce also believes this as well, that it’s appropriate to have increased taxes, that they should advocate for those taxes and they should make the case for why that is. I think in the case of the United States, we probably do need revisions and have conversations about what our tax rates should be, but we also have to balance that against the United States’ ability and need to be competitive in the world. So whatever that final tax rate is, needs to be set in a competitive framework.

I’m in favor of looking at it with a beginner’s mind and saying, ‘Let’s look at the tax rates and let’s find the correct number and let’s have a conversation and do it together’. So, mostly, I would say I’m in favor of what Jeff is saying, but at the same time I’m also saying, ‘Let’s also do it in the framework of competitiveness and global competitiveness’.

My take

At diginomica, we’re big fans of Stakeholder Capitalism – but nobody ever said it was going to be easy. As Benioff has noted, this sort of business mindset is still relatively new and there are going to be bumps in the road as decades of commercial practice are revised and transformed. The events in Georgia and elsewhere in relation to blatant voter suppression is the latest battle to be fought, but it certainly won’t be the last. Benioff may not be keen on the Activist CEO title, but it’s an important responsibility to accept. Shaping a revolution in how business acts as a catalyst for positive change is a long game – and a long story to which we will be returning often.

Latest

Vermont Health Connect had 10 data breaches last winter

Avatar

Published

on

By

Vermont Health Connect had 10 data breaches last winter
Vermont Health Connect has set up a special enrollment period in response to the coronavirus outbreak. VHC photo

In mid-December, a Vermont Health Connect user was logging in when the names of two strangers popped up in the newly created account.

The individual, who was trying to sign up for health insurance, deleted the information that had suddenly appeared.

“It was super unsettling to think that someone is filing in my account with my information,” the person, whose name is redacted in records, wrote in a complaint to the Department of Vermont Health Access. “Just seems like the whole thing needs a big overhaul.”

It was one of 10 instances between November and February when Vermont Health Connect users reported logging to find someone else’s information on their account.

The data breaches included names of other applicants and, in some cases, their children’s names, birth dates, citizenship information, annual income, health care plans, and once, the last four digits of a Social Security number, according to nearly 900 pages of public records obtained by VTDigger. On Dec. 22, the department’s staff shut down the site to try to diagnose the problem.

While officials say the glitches have been resolved, it’s the most recent mishap for a system that has historically been plagued by security and technical issues. The breaches could be even more widespread: Administrators of Vermont Health Connect can’t tell if other, similar breaches went unreported.

“We don’t know what we don’t know,” said Jon Rajewski, a managing director at the cybersecurity response company Stroz Friedberg. Regardless of whether there are legal ramifications for the incidents, they should be taken “very seriously,” he said.

“If my data was being stored on a website that was personal, — maybe it contains names or my Social Security number, like my status of insurance… — I would expect that website to secure it and keep it safe,” he said.

“I wouldn’t want someone else to access my personal information.”

Andrea De La Bruere, executive director of the Agency of Human Services, called the data breaches “unfortunate.” But she downplayed the severity of the issues. Between November and December, 75,000 people visited the Vermont Health Connect website for a total of 330,000 page views, she said. The 10 incidents? “It’s a very uncommon thing to have happen,” she said.

De La Bruere said the issue was fixed on Feb. 17, and users had reported no similar problems since. The information that was shared was not protected health information, she added, and the breaches didn’t violate the Health Insurance Portability and Accountability Act, or HIPAA.

“No matter what the law says technically, whether it’s HIPAA-related or just one’s personal information, it’s really concerning,” said Health Care Advocate Mike Fisher.

The timing of the issue is less than ideal, he added. Thousands of Vermonters will be logging into Vermont Health Connect in the coming weeks to take advantage of discounts granted by the American Rescue Plan. “It’s super important that people can access the system, and that it’s safe and secure,” Fisher said.

A ‘major issue

The issues first arose on Nov, 12, when at least two Vermonters logged in and found information about another user, according to records obtained by VTDigger.

Department of Vermont Health Access workers flagged it as a “major issue” for their boss, Kristine Fortier, a business application support specialist for the department.

Similar incidents also occurred on Nov. 17 and 18, and later on multiple days in December.

Department of Vermont Health Access staff members appeared alarmed at the issues, and IT staff escalated the tickets to “URGENT.”

“YIKES,” wrote a staff member Brittney Richardson. While the people affected were notified, the data breaches were never made public.

State workers pressed OptumInsights, a national health care tech company that hosts and manages Vermont Health Connect, for answers. The state has contracted with the company since 2014. It has paid about $11 million a year for the past four years for maintenance and operations, with more added in “discretionary funds.”

Optum appeared unable to figure out the glitch. “It is hard to find root cause of issue,” wrote Yogi Singh, service delivery manager for Optum on Dec. 10. Optum representatives referred comments on the issues to the state.

By Dec. 14, Grant Steffens, IT manager for the department, raised the alarm. “I’m concerned on the growing number of these reports,” he wrote in an email to Optum.

The company halted the creation of new accounts on Dec, 14, and shut down the site entirely on Dec, 22 to install a temporary fix. “It’s a very complex interplay of many many pieces of software on the back end,” said Darin Prail, agency director of digital services. The complexity made it challenging to identify the problem, and to fix it without introducing any new issues, he said.

In spite of the fixes, a caller reported a similar incident on Jan. 13.

On Feb. 8, a mother logged in to find that she could see her daughter’s information. When she logged into her daughter’s account, the insurance information had been replaced by her own.

“Very weird,” the mother wrote in an emailed complaint.

Optum completed a permanent fix on Feb. 17, according to Prail. Vermont Health Connect has not had a problem since, he said.

Prail said the state had reported the issues to the Centers for Medicaid and Medicare Services as required, and had undergone a regular audit in February that had no findings. The state “persistently pressured Optum to determine the root cause and correct the issue expeditiously but at the same time, cautiously, so as to not introduce additional issues/problems,” he wrote in an email to VTDigger.

“We take reported issues like this very seriously,” he said.

A history of glitches

The state’s health exchange has been replete with problems, including significant security issues and privacy violations, since it was built in 2012 at a cost of $200 million.

The state fired its first contractor, CGI Technology Systems, in 2014. A subcontractor, Exeter, went out of business in 2015. Optum took over for CGI, and continued to provide maintenance and tech support for the system.

Don Turner
Don Turner, right, then the House minority leader, speaks in 2016 about the need to fix the state’s glitch-ridden Vermont Health Connect website. With him are Phil Scott, left, then the lieutenant governor, and Sen. Joe Benning. Photo by Erin Mansfield/VTDigger

In 2018, when Vermont Health Connect was less than 6 years old, a report dubbed the exchange outdated and “obsolete.”

Officials reported similar privacy breaches in 2013, when Vermonters saw other people’s information.

An auditor’s report in 2016 found a slew of cybersecurity flaws, and officials raised concerns again during a  2018 email breach.

It wasn’t the first time that Vermont Health Connect users had been able to view other people’s personal information. Three times since October 2019, individuals had logged in to see another individual’s insurance documents. Prail attributed those incidents to human error, not to system glitch; a staff member uploaded documents to the wrong site, he said.

In spite of the issues, Prail said he and other state officials have been happy with Optum. After years of technical challenges with Vermont Health Connect, “Optum has really picked up the ball and improved it and been running it pretty well,” he said.

Glitches are inevitable, he added, and Optum has addressed them quickly. “They took a really difficult-to-manage site and made it work pretty well,” he said. “Optum is generally quite responsive to any issues we have.”

“I find any privacy breach to be concerning,” said Scott Carbee, chief information security officer for the state. He noted that the state uses “hundreds of software systems.” “While the scope of the breaches can be mitigated, true prevention is a difficult task,” he wrote in an email to VTDigger.

Optum spokesperson Gwen Moore Holliday referred comments to the state, but said the company was “honored” to work with Vermont Health Connect “to support the health care needs of Vermont residents.”

Prail said the Agency of Human Services had no plans to halt its contract with the company. “I don’t have a complaint about Optum,” he said. “They took a really difficult-to-manage site and made it work pretty well.”

Don’t miss a thing. Sign up here to get VTDigger’s weekly email on Vermont hospitals, health care trends, insurance and state health care policy.

Help us get halfway to our Spring Drive goal. When we reach 1,5000 members, we will unlock a $10,000 match, plus 1,500 Vermont kids get a new book!

Filed under:

Health Care

Tags: data breaches, Optum, Vermont Health Connect

Katie Jickling

About Katie

Katie Jickling covers health care for VTDigger. She previously reported on Burlington city politics for Seven Days. She has freelanced and interned for half a dozen news organizations, including Vermont Public Radio, the Valley News, Northern Woodlands, Eating Well magazine and the Herald of Randolph. She is a graduate of Hamilton College and a native of Brookfield.