Strategic Management of Information Technology Under Legal Turbulence –

The Genesis of Regulatory Opportunism

Introduction

The Chinese proverb “May you live in interesting times!” may sound much like a wish of

luck and good fortune; yet, it is a curse. This metaphor seems particularly befitting Information

Technology’s “interesting times”. The Information Systems (IS) function has undergone such a

rapid transition from its traditionally relegated role of a service function (to the presumably more

value-generating marketing, finance, and operations functions of the firm as a productive asset)

to its distinct position of front-row strategic enabler, facilitator, and advantage generator in the

new digital organization that many of the notions, concepts, constructs, and paradigms are

shifting and changing so very rapidly, that, at times, we struggle conceptualizing, internalizing,

absorbing, and adapting to the changes, let alone model them in a forward-looking and predictive

capacity for purposes of strategic behavior.

The information technology-intensive organization is now faced with yet another

particularly thorny challenge: the legal infrastructure of the fading industrial economic model is

increasingly incapable of capturing and resolving the novel issues of the digital economy. We

found this issue underscored in the IS literature, and an affirmative, activist stance

underrepresented in the legal literature.

Even if regulation perpetually lagged with respect to technological progress, it still

seemed adequately flexible and responsive to frame industrial transaction and transformation-

oriented technologies with stability, linearity, and continuity (Drucker 1980). This presumed

capability and purpose of the law is, however, entirely in question with respect to the digital

economy.

The original motivation for a regulatory environment evolved from a neo-Smithsonian

perspective of imperfect markets: with the increasing integration of social, organizational, and

political structures the, original assumption of markets, in principle, as natural and spontaneous

social orders, trading only rivalrous and excludable goods, became untenable. The discovery of

the socially undesirable behaviors of underproduction and overconsumption of public goods

along with the access and equitability problems of use of impure public goods, as well as the

non-regenerable depletion of commonpool resources, led to the recognition that markets are

social constructions and, to function properly, need rules and governance in the first place.

Without them, transacting in markets with information asymmetries, moral hazard and adverse

selection problems, externalities, bounded rationality, opportunism, and asset specificity became

too costly (Williamson 1975, 1985, cited in van Warden 2001).

But the scope of the law was merely emulating the focus of strategy of the time. In the

tradition of Adam Smith, Henry Watt, and Henry Ford, strategy was introverted, production-

dominated, and concerned with transformation at operational level and integration at

organizational level. Manufacturing and marketing products “cheaper, faster, better” was

paramount. This transaction cost-sensitive environment relied heavily on solutions to

structured problems. One important purpose and realm of the law was to establish such

structure-providing mechanisms by reducing risks, uncertainty, turbulence, and chaos - and thus

transaction costs, and by creating a regulated, reliable, and safe environment for transactions at

the lowest possible cost.

Some if the heritage of the ‘invisible hand’, however, was preserved: modern

implementations of regulated markets are compromises between the two extremes, striking a

balance between ‘freedom from’ and ‘freedom to’. The American model, specifically, realized

its maximum-incentives-through-minimum-intervention objectives with a composite approach

between a minmalist legal structure properly speaking, and a positivist-affirmative ethical

superimposition, commonly referred to a social corporate responsibility. This resulted in a

rather fragmented, sometimes uncohesive, and somewhat uncoordinated body of exception-based

rules respective of most of what is economically plausible, and limited to correcting the blatantly

socially undesirable activities and outcomes.

The transition to a post-industrial – or sometimes labeled post-capitalist (Drucker 1993)

economic model – with its new symmetries and a pronounced demand-side character is rapidly

liquefying previous paradigms, including the law. Based on services and knowledge-products,

the extroverted service economy of digital markets, digital and digitizeable goods, and intensely

networked and connected participants, is not merely characterized by a difference in degree of

intensity or pace of change. It is different in nature and by orders of magnitude. It is not merely

variable, but volatile, not merely unstable, but discontinuous. It is quickly disaggregating so

carefully crafted aggregated structures, quickly dismantling the realm of previous forms of

intermediation, and re-intermediating, and re-aggregating ever faster and truly thriving on

Schumpeter’s “creative destruction”.

The legal environment has not kept up with this revolutionary transition, however. The

law itself has become a source of uncertainty and risk, thus amplifying the already risk and

uncertainty fraught information technology innovation process. The legal and ethical guidelines

have lost their directive and governance authority in an environment of global monopolies,

questionable copyright motives, and proprietary standards.

The legal community has been addressing this problem virulently with a positivist

perspective. On the one hand, the extend of the current legal environment’s capacity to adapt (in

the areas of antitrust, copyright, and patent law), on the other, the exposures arising from the

existing and active body of law are being examined, especially in the context of e-commerce, the

Internet, and the open source movement. Attempts to enrich the inherently private and

contractual nature of business law with public extensions, such as criminal law (Freedman 1999),

or unconventional ones, such as custom (Polanski, Johnston 2002), are being proposed. These

tendencies have begun spilling over into the information technology and systems discipline that

has begun to investigate the problem more tentatively, tangentially, and peripherally (van

Waarden 2001; Martin 2002). To date we found addressing little research directly and

systematically addressing these issues. An article by Sutton and Dobbin (1996) entitled “The

Two Faces of Governance: Responses to Legal Uncertainty in U.S. Firms, 1995 to 1985” was

limited to investigating the (and, as we believe, ungeneralizeable) impact of grievance

procedures and employment-at-will clauses and a test of efficiency of labor-control theories.

The present paper will depart from this current trend, however, with an innovative

approach. We argue that the issues are not completely elucidated with the current perspective of

legal parochialism. The law itself is being greatly impacted by the revolutionary advances in

information technology. The question arises if and to what extent the information technology

community affects the law.

Research Question

This paper poses the question of how strategic and associated structural decisions for

information technology and systems, their innovation, design, and execution, are conducted and

coalesce under legal turbulence. In order to not predicate our findings we initially choose the

more ambivalent - yet also more comprehensive - label “turbulence” rather than “risk” or

“uncertainty”; the latter are distinguishable concepts on the dimension of probability.

Probability, and thus cost, can be calculated under conditions of partial knowledge, i.e. risk, but

cannot be established but intuitively for conditions of uncertainty, i.e. absence of knowledge.

Since, however, either could be an antecedent in our research, we will initially use the terms,

including turbulence, interchangeably.

A secondary purpose of the paper is to define and measure the extent to which companies

either embrace legal turbulence or defend itself against it by proposing a new construct –

regulatory opportunism. This is in extension of previous work by Srinivasan, Lilien,

Rngaswamy (2002) and analogous to their proprietary construct of technological opportunism.

The attempt will be made to establish how cognizant of the potential and practice of regulatory

opportunism, and the ramifications of an activist strategy with respect to formulation and

articulation of new law, information technology-involved executives really are.

Our object of investigation is the “information technology-intensive” organization. Such

organizations can be stand-alone or part of larger entities. They can be entities for which IT is

an input or a tool for systems design and implementation, or a commodity-product in its own

right. They needn’t be intimately associated with the IT-industry. What imports is the

criticality and intensity of legal and regulatory implications for their information technology

strategy formulation, articulation, and implementation. Such complications are best observable

in the highly interactive, high-velocity, and high-stakes e-commerce environment. We are

therefore including companies of all industries, as long as their IT strategy is not exclusively

operational, but ultimately provides for competitive advantage at the level of the strategic apex.

Literature Review

The literature on the new strategic role of IT and the Information Systems function is still

evolving. Notably, recent research by Gottshalk [1999] is demonstrativ of the trend to focus on

the strategic role of information technology. In his study, he identifies (and evaluates by aid of a

matrix and the criterion of expired time horizon with respect to the strategy implementation) ten

content characteristics of formal information technology strategy from the research literature as

potential implementation predictors. These descriptions included (1) resources needed for the

implementation, (2) user involvement during the implementation, (3) analyses of the

organization, (4) anticipated changes in the environment, (5) solutions to potential resistance

during the implementation, (6) information technology to be implemented, (7) projects’

relevance to the business plan, (8) responsibility for the implementation, (9) management support

for the implementation, and (10) clarity of the documentation. Part of our contribution will be

to explode the above criterion that references change-anticipatory posture with respect to the

environment. We will differentiate ourselves from this comprehensive strategic IT management

perspective in two ways: (a) by isolating the regulatory and legal changes as such necessarily

anticipated ones; and (b) by zooming in on strategy, i.e. creation of competitive advantage in

order to generate above average returns, exclusively deriving from this environment.

To frame our research objective, we are bringing together three distinct areas of

literature: (a) Literature that gravitates around the question to what extent it is necessary to

address the new imperatives for information technology with a specific body of law. There is

rapidly intensifying inquiry from both the legal community and the business community into the

reality. Necessity, and existence of a new body of law termed labeled Cyberlaw; since it is new,

incomplete, and in transition, we consider this in support for our argument that strategic

decisionmaking would have to take into account the uncertainty and risk associated with the

genesis and mechanics of such a regime or system. (b) Secondly, we want to use the insights of

the literature that has researched the existence and effects of uncertainty with respect to

innovation in general. We consider the conclusions of this research transferable and extendable

to information systems and technology innovation today, in particular in the e-commerce

environment where IT itself has become a product with its own market(s) where technology is

externalized. (c) lastly, we will close in on the recent strategic theories that have recognized

turbulence, uncertainty, risk, and chaos as major determinants of the economic environment for

the firm and have begun introducing the new sciences into decisionmaking (i.e. game theory,

chaos theory, and the resulting “co-opetion” paradigm). Ancillary, we will name several other

attempts to reconcile the current legal environment with economic realities.

We will conclude this section with the proposed new construct of regulatory opportunism

that reconciles the two contexts of strategy and legal turbulence.

Innovation and Turbulence

Decisionmaking and Turbulence

The IT-intensive organization

Law and Turbulence

Figure 1: The Field Defined

Cyberlaw and the New Imperatives for IT-intensive Firms

There is a novel virulent debate ongoing in the legal community and, more recently, has

begun spilling over into the information technology community. At the center of the

controversy is the notion of Cyberlaw, and its existence as a distinct body of “law pertaining to

the Internet”. The mere existence of such a debate lends support to our argument for a turbulent

legal environment. Two views on how e-commerce and traditional commerce are converging

into a powerful and dominating new form of brick-and-click commerce for the future seem to be

emerging: the traditional lawyers’ perspective is a moderate and evolutionary one, in which

traditional fields of law will incrementally absorb the issues posed by cyberspace. Proponents of

Cyberlaw, also labeled “cyber-revolutionaries”, however, promote regulatory forbearance from

the existing law in favor of an entirely and fundamentally new legal field - or even discipline - in

its own right, designed to specifically address the threats posed by computer code. In their eyes,

computer code is more powerful than legal code and poses particularly grave threats to online

civil liberties and other acquired central values of American society left without explicit legal

protection by the framers of the Constitution (Lessig, 1999). What seems a rather explosive

engagement of scholars has been prompted by the advent of the Internet especially with its

commercial, global, and ubiquitous character. Thus circumscribed, it is cyberspace now that is

impacting the law considerably and in various areas.

Minda (2001), building on Lessig’s (1999) arguments, proposes an integrative approach

to these new categories that he labels “soft law” (code and regulation) and “hard law” (of nation-

states) in the context of international anti-trust regulability. “As Lessig’s groundbreaking

analysis of the internet has revealed, software technology is a form of regulation that is now

performing many of the functions heretofore performed by hard law. One could thus think of

the code running personal computers and other information technology as the “soft law

mechanisms” for regulating economic activity in cyberspace. “Soft” law and regulation, unlike

the hard law of nation-states, is plastic and hence malleable because there are infinite ways in

which instructions can be arranged. Hard law is relatively nonplastic and nonmalleable.

Judicial change is limited by judicial norms and doctrines like stare decisis, and the democratic

process is limited by inertia of legislation. Hard law mechanisms of international, regional and

domestic organizations also operate through governmental process that is also limited by the

sovereign reach of the government. On the international level, hard law is limited by entrenched

issues of comity, disharmony and nontransparency.” (Minda 2001). “The new networks of e-

commerce, linked globally by software programs, have constructed a new global economy based

on a new software technology that operates on a global scale to structure a totally new form of

soft regulation.” (Minda 2001)

Minda (2001) labels this new dominance of soft law “capitalism with the gloves off” or

“high-tech capitalism”. This evolution was promoted by the original commitment to

technological and competitive neutrality of the network architecture. This impartiality of a rather

straightforward mechanics of packet-switching promoted maximum intelligence outside of the

network and deliberately shifted innovative energy to private sector actors for ever evolving new

solutions, applications, and platforms to connect to the shared environment. In so favoring free

and unrestrained global information technology activity, it created the possibility for private

interests to contend for regulatory-like positions. Through an near infinite number of possible

arrangements of instructions with this highly malleable and plastic code private interests are now

in the position to (a) engage in regulatory arbitrage, by catering to the regulatory preferences of

the users, (b) to influence and shape the contours of the soft, making it “[…] gravitate to the

dominant private interests […]” (Minda 2001), and (c) promoting a “race to the bottom” (Minda

2001) of maximum possible deregulation by pitting regulation against regulation.

But nation-states are inherently partial. And our New Deal regulatory state especially

makes policy choices with respect to economic conduct and activity. A particularly manifest

example of such policy choices is the protective framework for intellectual property. Ironically,

it is this framework that enabled the genesis of the global network in the first place. But with its

monopoly-conducive character, it has also created a special problem with respect to antitrust

regulability, a social concern – in the words of Richard Hofstadter – based on “an enduring

American suspicion of concentrated power”. As nation-law, it is ultimately territorial. But the

impact of soft law is global and able to entirely escape individual national antitrust regulation.

This is so because “[n]etwork effects in turn allow the function of ownership of the design of the

network to entrench that [IP provided] monopoly power far beyond what would be justified b y

what is necessary to protect incentives to innovate.” (Minda 2001) This makes for locally

constrained regulation to become impotent in the face of a global phenomenon, the new

information technology monopolies. In the words of Minda (2001), this is the “iron law” of

globalization: monopoly power is global, antitrust is not.

Minda reconciles the dilemma in that what seems a manifest “un-regulability” of

Cyberspace is rather an inadequacy of the hard-law approach, but maybe an opportunity for the

soft-law approach. H e proposes to link the right to IP protection to the basic competitive norms

applicable to the markets where firms are found via voluntary commitment to minimum

standards enforced internationally, much in analogy to Van Wenzel Stones’s idea for global

labor markets. He also invoques the concept of “competitive operability”, “antitrust combines

with a global fair competition policy that recognized that freedom form monopoly power

limitations are necessary for market operability of IP products and markets.” (Minda 2001) Such

“[a]n integrative approach would permit a party to challenge a firm’s antitlement to IP protection

on the basis of monopolistic practices that have arisen as a result of the copyright misuse of IP

protection on the basis of competitive inoperability. An antimonopoly exception to IP protection

could be devised as a defense to infringement actions.” (Minda 2001) A less regulatory and more

private perspective, but nonetheless democratically and politically controversial, is to “build

within the soft of law of code a software technology that guards against anticompetitive

behavior.” (Minda 2001). This is in analogy to the automated rights management of software

with shrinkwrap, click-wrap, and expiration practices.

A second very powerful argument for a distinct legal framework is grounded in the new

imperatives of an information technology and Internet-centered organization. They can be

arranged in three categories: new business models based on monopolistic behavior, control of

information, and the propagation of private standards. These imperatives are in direct

contradiction to the underlying values of the traditional industrial economic model.

First, digital markets for digital goods have created a situation where competition seems

no longer a viable model. In the zero-variable-cost world of digital products and markets, e-

commerce II (Laudon 2002) business models cannot use the previous incremental growth model.

Reverse engineering and replication of digital products and processes makes for very quickly

eroding windows of opportunity. Due to zero variable cost, prices depress quickly between

competitors to unsustainable levels in the medium and long run. This requires that firms quickly

dominate the market by acquiring and securing large traffic and transaction volumes. The size

and convoluted structure of the Internet makes this increasingly costlier and results in extended

periods of up-front fixed cost. A competitive model would make recouping this accumulated

negative cashflow unpredictable. This, in turn would eliminate incentives for capital investment

and innovation. Only if a firm can immediately capture critical marketshare will it be in the

position to predictably recoup the initial investment.

It seems that the legal system in its current articulation cannot adequately capture this

atypical requirement. It continues to cater to an atomistic market with monopolistic competition

characteristics. But the successful examples of the new quasi-monopolies of e-Bay, Amazon,

Microsoft, and AOL, contrasted with the failures of WorldCom, Global Crossing, and Williams

Companies (in the absence of monopoly power), to name but a few, seem to suggest that we

should expect firms to actively pressure the system to include a model analogous to the

regulation of natural monopolies, be it based on the notion of return on capital investment, price

ceilings, or other.

Secondly, information is a dramatically appreciating asset. Organizations are now faced

with the following quandary: originally, the value of information increased through sharing. But

this was more true for intra-firm information. Inter-firm information, in contrast, has two

components: One that allows for the value creating effects of integration and networking

economics through openness, the other that is providing competitive advantage. This

competitive advantage derives, however, less from resource specificity or internal capability, but

from proposing a particular business process on a first mover basis. It thus needs to be

immediately secured and controlled. In parallel to the pharmaceutical industry, patents are used

to secure intellectual property rights and allow for a limited time monopolistic exploitation of

those rights. But the property rights were originally conceived for tangible products. Their

recent extension to business process and models with the State Street Bank decision in 1998

provided unprecedented momentum for monopoly structures. This in turn is gravely

inconsistent with the objectives of antitrust regulation. It furthermore makes increasingly

difficult to determine if, how, and to what extent originally public knowledge is being isolated,

converted to a private good, and appropriated. We expect firms to want to continue with their

patenting practices at high velocity to obtain the situation of effective “regulatory capture”.

Lastly, the above mentioned portion of knowledge that is shared is done so only with the

intention to destroy any remnants of strategic advantage. This is achieved by setting standards.

The value is greatest for the firm that is able to propagate its originally private technology

throughout the industry to become widely adopted as an industry standard. Even if subsequent

adopters derive value from some form of facilitated access to existing networks, their innovative

capacity and activity is predicated. This seems in contradiction with the regulatory perspective

of network and technology neutrality that evolved over the last two decades.

Finally, a reference to the European efforts in the area may yield additional insights.

Contrary to the rather uncoordinated and fragmented efforts of cyberspace and e-commerce

regulation in the U.S., The European Union has been attempting to govern with much more

regulatory activism. Several recent directives try to frame aspects of the sale of consumer goods

and associated guarantees, legal aspects of e-commerce activities in the common market,

harmonization of certain aspects of copyright and related issues, and establish a common ground

for he recognition of electronic signatures (Rekola, Pohjanpalo 2002). One can certainly remain

skeptical about the effectiveness and necessary dynamism of such efforts in the light of

traditional legal inertia and the heterogeneity of views of fifteen nations. It remains to bee seen

to what extent a necessary compromise will leading to a truly comprehensive, progressive, and

pragmatic regulation. However, it is a prime example of a high level of cognizance of the issues

on the part of the official regulators and the desire to curtail too much corporate mercantilism to

the detriment of consumer power.

Regulation, Innovation, Uncertainty, and Risk

The second body of literature where we found relevant and supporting notions for our

argument is comprised of the literature on innovation, and the tension between innovation and

regulation.

One strain of thought focuses on cultural dimensions.

Van Waarden (2001), in his recent comparative study of the Dutch and U.S. regulatory

environments, unravels a seeming paradox: Van Waarden’s posited that a more capable

innovative environment required a more stable and robust legal system. The U.S. legal

system, albeit manifestly detailed in nature and strictly enforced at first sight, is ultimately more

ambivalent. Due to legal pluriformity from a contentious federalist structure, activist litigation,

and a large production of case law, it is actually comparably less effective in reducing

uncertainty. In spite of this apparently less conducive regulatory environment, the U.S.,

however, disproportionately outperforms with respect to innovative capacity and activity. Van

Waarden ascribes this seemingly inconsistent result to cultural phenomena based on Hofstede’s

dimensions of cultural differences: The U.S. is more innovative because of its lower risk-averse

culture and uncertainty avoidance propensity.

Perel (2002) has advanced a similar conclusion on another of Hofstede’s dimensions. He

contrast American venture capitalism with the inferiority of Japanese consensus-style

management. He suggests the construct of “corporate courage” but criticizes shortcomings in

this area in the boardrooms and governance structures of publicly traded firms.

A more organo-technical explanation is advanced by Srinivasan, Lilien, and

Rangaswamy (2002). In extending the resourcebased view of the firm (Wernerfelt 1984, cited

in Srinivasan, Lilien, Rangaswamy 2002), the authors propose a new construct, labeled

technological opportunism. They distance themselves form the early research on the negative

form of opportunism, and approach their construct to the benign form originally explored by

Hunt, Reingen, and Ronchetto (1988) and Isenberg (1987). They identify two components:

technology-sensing and technology-response capability, and generalize the construct as an

additional firm-level capability in line with traditional strategy theory on resources and

capabilities, and consistent with the research on organizational traits.

They differentiated their construct form other related concepts of innovation

management, like organizational innovativeness (Deshpande, Farley, and Webster 1993) and

technological orientation (Gatignon and Xuereb 1997). They finally assimilate it conceptually to

market orientation of Jaworski and Kohli (1993).

This organizational trait is consistent with prior research on strategy that posited that

organizations proactively manipulate their environments to achieve their objectives. The

authors embed the construct in a model along institutional pressures on the firm to adopt the

technology, as well as complementary assets that facilitate the generation of value from the new

technologies. Basedcon prior research by Venkatesh and Davis (2000, cited in Srinivasan,

Lilien, and Rangaswamy 2002), perceived usefulness of the technology is included as an

explanatory variable. We find particularly relevant the contribution that invalidates the

previously held notion of the existence of some sole factor to drive “[…] firms to seek and

respond to technologies of their own volition, even in the absence of external pressures. Our

results of the role of technological opportunism on e-business adoption suggest that such a

perspective is misleading. An integrated model of technology adoption that includes a proactive

driver (technological opportunism) and a reactive driver (institutional pressures) provides a more

complete depiction of the adoption process.” (Srinivasan, Lilien, and Rangaswamy 2002) It is in

analogy to this construct that we will propose our construct of technological opportunism.

Finally we want to point to research preoccupied with other determinants of innovation.

Souitaris’s (2002) contribution is indicative of some interest in determinants of innovation, but

the scope of his study allows for little transposition into the current American situation. He

tested the applicability of Pavitt’s (1984) taxonomy of pattern’s of technological change

(socalled technological trajectories) with 105 manufacturing firms in Greece and identified

moderators for the inconsistent results of the management literature on the determinants of

technological innovation. He demonstrated that firms in different trajectories of Pavitt’s

taxonomy had differences in the rate of technological innovation. Especially “science-based”

firms (i.e. the category closest to our own scope) were found to dpend upon technology-related

variables, such as education and experience of personnel growth in profitability, and panel

discussions with lead customers. (Souitaris 2002)

Decisionmaking under Turbulence and the New Sciences

The third body of literature that circumscribes our issue is the established body of

knowledge on decisionmaking under turbulence in general. We will propose extensions to it

with respect to the legal environment in particular.

The organizational responses to turbulence have been investigated along the two

dimensions of structure and strategy.

Traditional contingency theories of management (Burns and Stalker 1961; Scott 1981,

cited in Ashmos, Duchon, McDaniel 2000) initially focused on structural responses and

established that, in order to adequately respond to variability in their environments, firms will in

fact align their structural complexity with the environmental complexity. They become more

complex and organic in the light of increasing variance around them, and conversely, under

conditions of stability, reduce their complexity and become more mechanistic.

Subsequent work by Boisot and Child (1999, cited in Ashmos, Duchon, McDaniel 2000)

identified organizations that would adopt mechanistic and simple structures despite

environmental turbulence. This is considered inconsistent with complexity theory that views

organizations exclusively as complex adaptive systems (Capra 1996; Stacey 1995; Wheatley

1992, cited in Ashmos, Duchon, McDaniel 2000) […] “that should be organized accordingly –

with multiple and conflicting goals, a variety of strategic priorities, increased connectivity among

people, as well as structural variety intended to maximize the flow of information and meaning

in the organization.” (Ashmos, Duchon, McDaniel 2000, 578). This contrarian approach was

termed “complexity reduction response” and the original “complexity absorption response”.

Ashmos, Duchon, McDaniel (2000) then tested the theory with a study of eight hospitals.

(Albeit an IT-unrelated industry, we think that their study deserves respect for its

generalizeability). Measuring goals, strategies, decisionmaking relationships, and structure

along the two dimensions of cognitive (i.e. measuring information content flow between agents)

and relational complexity (i.e. measuring structure of interactions among members) found that

complexity reduction responses were significantly outperformed by complexity absorption

responses. We believe that our proposed construct of regulatory opportunism, for its embracing

and leveraging character with respect to legal turbulence, would be categorized under the latter.

However, we also found indications, that, absent a formal model such as the above,

earlier views on managing legal risk focused on another dimension of structure, i.e.

formalization. “Policies and procedures should be created to promote the understanding of

potential legal risks. This understanding will encourage organizations to obtain help from legal

experts to design controls to subdue such risks.” (Bandyopadhyay, Mykytyn, Mykytyn 1999,

442) But this perspective is limited to the traditional reactive stance towards a presumably fixed

legal environment where the organization violates for example anti-trust and privacy in pursuit

of competitive advantage via IT deployment (Lightle and Sprohge 1992). A summary review of

popular industry publications confirmed the emphasis of an analytical-reactive stance with

respect to existing law in terms of liability, exposures, litigation, and compliance issues

(Newman 2001; Martin 2002; Greisiger 2002; Morris 2001; Croydon 2002; Bardy, Monin,

Tingley, Skelton 1999; Aldred 2000; Walter 2000; Dyson 1999). This strain of ideas stresses a

reactive and submissive posture, respectful of the status quo and focused on avoiding litigation.

It ultimately assimilates legal risks to other categories of risk and extends risk management logic

to it. We differentiate ourselves from this perspective by promoting an activist and proactive

stance: organizations should - and actually do - proactively engage in governance, shaping,

crafting, or creation of new and additional law. We intend to capture this potential via our

proposed construct of regulatory opportunism.

A review of more academically oriented literature validated the above tendencies.

Haapio (2001) proposes to capture the various forms of legal risk management practices, legal

audits, and compliance programs with the concept of “preventive law and contracts” and “Safe

Sales”.

In the management literature, the concept of scanning pushes the preemptive-reactive

attitude even further upstream (Lozada, Calantone 2001). Their research and emphasis on the

importance of anticipating important environmental changes is consistent with our proposed

construct of regulatory opportunism.

A second trend in desisionmaking analysis has been to look outside of the immediate

rational logic of business. This was the inclusion of game theory. Marrying game theoretical

concept seems especially appropriate since they originated in the ranks of Computer Science .

First formalized for economics by the mathematicians Nash, Harsanyi, and Selten (1994), it

recently was popularized for business and strategy by Brandenburger and Nalebuff with the

construct of co-opetition (1996, 6): “Game theory makes it possible to move beyond overly

simple ideas of competition and cooperation to reach a vision of co-opetition more suited to the

opportunities of our time. To many, this will come as a surprise. The image game theory often

conjures up is business-as-war. That’s to be expected, since the field was born during World

War II and grew up during the Cold War. The mentality was one of winners and losers – the

zero-sum game, even the zero-sum society. But that’s only half the subject. Contemporary

game theory applies just as well to positive-sum – or win-win – games. The real value of Game

theory for business comes when the full theory is put into practice: when game theory is applied

to the interplay between competition and cooperation.” So characterized, we believe that game

theory represents a fertile ground for response strategies given the tension between control over

information and the need for standards.

Finally, chaos theories of change management also capture some of the issues of

managing the information technology-intensive firm in a climate of legal turbulence: Brown and

Eisenhardt (1998) conducted grounded theory research on strategy and structure of twelve firms

in the computer industry representative for their ability to change and manage change. In their

study published under the title “Competing on the Edge – Strategy as Structured Chaos” they

motivated their choice as follows (1998, 249): “We focused our research on the computer

industry because it is the prototypical illustration of a high-velocity industry for which managing

change is the key strategic challenge. Each of the twelve businesses we studied competes in

industry segments that are extremely competitive and have high rates of technological change.

These businesses are thus ideal for studying strategy and organization in situations where the

ability to change is central to superior performance.” They contrast their approach with “[…]

other approaches to strategy that assume clear industry boundaries, predictable competition, or

knowable future. As such, these other approaches are insightful for setting a broad strategic

direction for markets in which change is slow enough that a sustainable advantage or defensible

position can be identified as lasting for a long period, perhaps even […] a decade or more […].

A more dynamic approach like game theory, gets closer to the competitive reality of fast-paced

change that many firms face. It is incomplete, however, because it focuses on “where do you

want to go?” and neglects the other half of strategy – “how are you going to get there?” In

contrast, competing on the edge assumes that industries are rapidly and unpredictably changing

and, therefore, that the central strategic challenge is managing change.”

“The underlying insight behind competing on the edge is that strategy is the result of a

firm’s organizing to change constantly and letting a semicoherent strategic direction emerge

from that organization. In other words, it is about combining the two parts of strategy by

simultaneously addressing where you want to go and how you are going to get there. A

semicoherent strategic direction is fundamentally different form what is traditionally called

strategy. What is unique and even provocative about it […] is [that it is] unpredictable […],

uncontrolled […], inefficient […], proactive […], continuous […], diverse.”

We find that this perspective can readily be extended to account for the degree and

intensity of firms’ adaptive, adoptive, and directive capacity with respect to the legal and

regulatory environment.

The Case for Regulatory opportunism of the IT-intensive Organization

Especially the above study on technological opportunism (Srinivasan, Lilien, and

Rangaswamy 2002) provides impetus for further development. Combined with the insights on

the new powers of private actors to shape and craft Cyberlaw, we propose an additional construct

for the purpose of the present paper, labeled regulatory opportunism. We believe that,

analogous to the above technological opportunism, there exists a measurable organizational trait

of a benign form of opportunism that defines law-sensing and law-response capabilities of the

information technology-intensive firm. This construct can be distinguished from the existing

ones as elaborated by Srinivasan, Lilien, and Rangaswamy (2002). We posit that firms that are

aware of changes and turbulence in their legal environment are likely to create pressures to make

the legal environment gravitate towards them. Strategy research has already established that

organizational decision makers are more likely to exert affirmative and proactive measures in the

light of strategic issues perceived as opportunities. Dutton and Duncan (1987, cited in

Srinivasan, Lilien, and Rangaswamy 2002) suggested that managers perceive such situations as

positive and more controllable. We feel that regulatory opportunism will prompt those firms to

perceive legal turbulence as a potential source of growth for the firm (through entrenching their

monopoly position for example) and will respond actively to absorb the inefficacies of the

regulators. This leads us to compare the new situation to the previous of regulatory capture. The

difference is that in regulatory capture, the firm had to be large, or part of an entire industry with

critical mass. It affected the decisionmaking process of the regulator itself, whereas, today, any

size firm is equally capable of neutralizing and predicate regulatory efforts through its own code.

These are not evasive political tactics or maneuvers like regulatory capture activities. These are

truly regulating, standard-setting activities substituting for the incapacity of the regulators.

Regulatory Capture

Regulator IT Innovator l

Figure 2 – Traditional Regul

Lega

Certainty

atory Capture

Regulator

IT Innovator

Regulatory Opportunism

Code/Soft Law and Regulation

Figure 3 – Regulatory Opportunism

Bibliography

Ashmos, D.P., D. Duchon, R.R. McDaniel (2000), “Organizational Responses to Complexity:

The Effect on Organizational Performance”, Journal of Organizational Change Management,

Vol. 13, No. 6, pp. 577-607

Aldred, C. (2000), “Internet Brings Global Liabilities”, Business Insurance, Vol. 34, No. 22,

pp. 17-18

Bagby, J.W. (2002), “Cyberlaw: A Forward”, Amercian Business Law Journal”, Vol 39, No. 6,

pp. 521-530

Bandyopandhyay, K., P.P. Mykytyn, K. Mykytyn, (1999), “A Framework for Integrated Risk

Management in Information Technology”, pp. 437-444

Brandenburger, A., B.J. Nalebuff, “Co-opetition”, Currency, New York, 1996

Brady, M.J., L.O. Monin, C.R. Tingley, T.L. Skelton (1999), “The World Wide Weband the

New World of Litigation: A Basic Introduction”, Defense Counsel Journal, Vol. 66, No. 4, pp.

497 - 536

Brown, S.L., K.M. Eisenhardt, “Competing on the Edge – Strategy as Structured Chaos”, HBS,

Boston, 1998

Croydon, H. (2002), “Making Sense of Cyber Exposures”, National Underwriter, Vol. 106, No.

24, pp 26-30

Doherty, S. (2002), “Managing Your Digital Rights”, Network Computing, Vol. 13, No. 19,

pp. 65-68

Don, B. (1999), “Revolutionary Adaptations”, Harvard International Review”, Vol. 21, No. 3,

pp. 42-46

Drucker, P., “Post-Capitalist Society”, Harper Business, New York, 1993

Dyson, B. (1999), “trying to Keep Pace With the Internet”, Reactions, Vol. 19, No.7, pp. 48-50

Fitzgerald, Brian F., (2000) “Software as Discourse: The Power of Intellectual Property in

Digital Architecture”, 18 Cardozo Artz& Ent LJ 337.

Freedman, C.D. (1999), “The Extension of the Criminal Law to Protecting Confidential

Commercial Information: Comments on the Issues and the Cyber-Context”, International Review

of Law, Computers & Technology, Vol 13, No. 2, pp. 147-162

Greenstein, S. (2002), “Markets ofr Technology: The Economics of Innovation and Corporate

Strategy”, Academy of Management Review, Vol. 27, No. 4, pp. 624-626

Greisiger, M. (2002), “The Perils of Web Site Liability”, Risk management, Vol. 49, No. 7, pp.

26-34

Gottschalk, P. (1999) “Strategic Information Systems Planning: The IT Strategy Implementation

Matrix”, European Journal of Information Systems, vol. 8, no. 2, pp. 107-118.

Gottschalk, P. (1999), “Implementation of Formal Plans: The Case of Information Technology

Strategy”, Long Range Planning, Vol. 32, No. 3, pp. 362-372

Gottschalk, P. (1999), “Implementation Predictors of Strategic Information System Plans”,

Information & Management, Vol. 36, pp. 77-91

Grover, V., P. Ramanlal (1999), “Six Myths of Information and Markets: Information

Technology Networks, electronic commerce, and the Battle for Consumer Surplus”, MIS

Quarterly, Vol. 23, No. 4, pp. 465-495.

Haapio, H. (2001), “Quality and E-Commerce Online Sales, Automated Contracts, Legal

Issues”, Quality Congress, ASQ’s Annual Quality Congress Proceedings 2001, pp. 37-52

Hackney, Ray, S. Little, (1999) “Opportunistic Strategy Formulation for ID/IT Planning”,

European Journal of Information Systems, vol. 8, no. 2, pp. 119-126.

Kobrin, S.J. (2002), “Territoriality and the Governance of Cyberspace”, Journal of International

Business Studies, Vol. 32, No. 4, pp. 687-704

Ku, R.S.R (2002), “The Creative Destruction of Copyright: Napster and the new Economics of

Digital Technology”, Vol. 69, No. 1, pp. 263-324

Laudon, K.C., C.G. Traver, “E-Commerce: Business, Technology, Society”, Addison Wesley,

Boston, 2002

Lessig, L., “Code and other Laws of Cyberspace”, Basic Books, 1999

Lessig, L. “The Future of Ideas; The Fate of the Commons in a Connected World”, Random

House, New York, 2001

Lightle, S., H. Sprohge, “Strategic Information System Risk”, Internal Auditing, Vol 8, No. 1,

pp. 31-36

Martin, R. (2002), “Managing IT in a Regulated Environment”, MSI, Vol. 20, No. 10, pp. 39-

40

Martindale, R. (2002), “Copy Fights: The Future of Intellectual Property in the Information

Age”, Library Journal, Vol. 127, No. 15, pp. 100

Minda, G. (2001), “Antitrust Regulability and the new Digital Economy: A Proposal for

Integrating “Hard” and “Soft” Regulation”, Antitrust Bulletin, Vol. 46, No. 3, pp. 439-511

Morris, B.A. (2001), Addressing E-Commerce Exposures”, Financial Executive, Vol. 17, No.

8, pp. 40-43

Nadel, M.S. (2000), “Computer Code vs. Legal Code: Setting the Rules in Cyberspace”,

Federal Communications Law Journal, Vol. 52, No. 3, pp. 821-836

Newman, S. (2001), “Legal Risk Analysis: legal Risk management via Dependency Modeling”,

Computer Law & Security Report, Vol. 17, No. 6, pp. 409-414

Patel, N.V. (2002), “Emergent Forms of IT Governance to Support Global E-Business Models”,

Journal of Information Technology Theory and Application, Vol. 4, No. 2, pp. 33-48

Perel, M. (2002), “Corporate Courage: Breaking the Barrier to Innovation”, Research and

Technology Management, May-June 2002, pp. 9-17

Polanski, P.P., R.B. Johnston (2002), Potential of Custom in Overcoming Legal Uncertainty in

Global Electronic Commerce, Jorunal of Information Technology Theory and Application, Vol.

4, No. 2, pp 1-16

Radcliffe, M.F., J. Sazama (2002), “Hollywood Confronts the Napster Challenge”, Managing

Intellectual Property, No. 123, pp. 73-79

Rekola, K., P. Pohjanpalo (2002), “Finland: Developing Regulation ofr the IT Regime”,

International Financial Law Review, Supplement: The IFLR Guide to the Nordic Region, pp.

69-77

Rowden, R.W. (2001), “The Learning Organization and Strategic Change”, S.A.M. Advanced

Management Journal, Vol. 66, No. 3, pp. 11-16

Somendra, P., H. Cheng, (1999) “ An Integrated Framework for Strategic Information Systems

Planning”, Information Resources management Journal, vol. 12, no. 1, pp. 15-25.

Souitaris, V. (2002), “Technological Trajectories as Moderators of Firm-Level Determinants of

Innovation”, Research Policy, Vol. 31, pp. 877-898

Srinivasan, R., G.L. Lilien, A. Rangaswamy (2002), “Technological Opportunism and Radical

Technology Adoption: An Application to E-Business”, Journal of Marketing, Vol. 66. No. 3,

pp. 47-60

Sutton, J.R., F. Dobbin (1996), “The Two Faces of Governance: responses to Legal Uncertainty

in U.S. Firms, 1955 to 1985”, American Sociological Review, Vol. 61, No. 5, pp. 794-811

Trott, B., J. Jones (2000), “Microsoft’s Legal Gambit”, InfoWorld, Vol. 22, No. 15, pp. 1, 32

Van Waarden, F. (2001), Institutions and Innovation: The Legal Environment of Innovating

Firms”, Organization Studies, Vol. 22, No. 5, pp. 765-795

Walter, P. (2000), “Privacy Provisions of Gramm-Leach-Bliley: No Small Compliance Task”,

ABA Bank Compliance, Vol. 21, No. 5, pp. 7-11

Zilner, T. (2002), “The Future of Ideas: The Fate of the Commons in a Connected World”,

Information Technology and Libraries, Vol. 21, No. 3, pp135-137