Posts Tagged ‘Social Networking’

Risk And Social Networking – Part 2: Social Convergence

Friday, June 24th, 2011

Convergence  - a term previously applied to the merging of multiple technologies into one device like a phone that combine email and internet browsing – now has a social mirror in the merging of the multiple social dimensions of a person’s existence with their corporate life and their corporate roles.   This social convergence presents risks both to the individual and the business employing them.

As a risk management professional, one of my particular concerns is the significant and rapidly growing scope of risks created by social networking and smart mobile technology.  I admit to being in “two minds” about this space.  On the one hand there are definite and clear branding, sales, performance, communication, and social benefits associated with the social media technologies.  On the other hand there are serious and real, present and potential risks that are growing rapidly. I remain concerned that these risks are little understood by the vast majority of the user base, and that there is not a clear path to either mitigating or avoiding them.

The one guiding principle that all internet users should remember, is that “the internet is forever”.  If you are bold enough to venture into the very dark-side of the internet – spend an educational few hours browsing the encyclopedia-dramatica (EA) web site.  (WARNING:  Not Safe For Work.  This site contains extremely offensive, bigoted, obscene and abusive content.  You WILL be offended by some, if not all the content.  While it is intended to be a humorous web site, its humour is based on being deeply offensive to almost everyone – so do not visit unless you have a very thick skin, it is not even remotely possible to offend you, you have a secret fascination for the sordid, an extremely well developed sense of the right of free speech, a professional excuse to be there and/or believe that there is no image or viewpoint too strong to gross you out.  Also, be warned, that there are some things that once seen can never be “unseen” and the image or text may haunt you for the rest of your life. )   One of EA’s pet projects is to explore and ridicule internet “memes” as they rise to fame.  A meme is an internet fashion – the internet equivalent of the proverbial 15 minutes of fame.  It may be a person, an idea, an identity, etc.  EA delights in recounting in depth the foolishness of targeted memes, the process used in tracking their real world identities and exposing their details (names, addresses, associates, phone numbers, etc).  Erstwhile anonymous people who have either done some thing foolish on internet social media sites or people who hold views they consider extreme or hypocritical are targeted and occasionally harassed.  It is this aspect of EA’s function that is relevant to this article, and the step by step accounts of how some of these semi-anonymous people have had their real identities, with phone numbers and addresses, family and real-life jobs exposed and linked together with their internet foolishness are a very strong lesson in how dangerous the illusion of anonymity is on the internet.  The advent of modern social media has made this work simpler, faster and possibly even more devastating to the individual.  

In the world of simple social networks – bulletin boards, chat rooms, YouTube and Email Lists , however, considerable resources and skills were required to achieve this kind of exposure.  It is possibly the ability of the group of people championing or supporting the EA website and the bulletin boards/chat sites from which it draws many of its victims to utilise their apparently large world wide participation base that allows them to sew the data together from these many sources and form a coherent story that facilitates their success.   The sheer effort required to do this kind of work has traditionally made it unlikely that the ordinary internet user whose internet behaviour is more “ordinary” had much about which to be concerned.   With the advent of increasing “smart” social media sites, like FaceBook combined with technology advances like facial recognition, smart phones with mobile apps and GPS tracking technology,  marketing agencies and commercial data tracking firms and 20 years of data tracking this is changing.

Consider the recent article in The Wall Street Journal published 18 October 2010: FaceBook in Privacy Breach.  The essence of the matter reported was that various apps in FaceBook were providing data to external sites that breached user’s privacy settings.  The apps on your FB  page have access to a considerable amount of your private data regardless of your privacy settings and are therefore capable of transmitting this data to external systems.  Even without this dimension, FaceBook uses a unique identifier to identify its users (a characteristic that would be difficult to avoid).  That identifier probably has to be available to any app used by a user for many of the app’s socially beneficial networking capabilities.  Given many apps make use of external (to FaceBook) databases, that id probably has to be available outside of the FaceBook environment.  For the 500 million or so FB users, this is effectively a unique identity number.  Combine that id number with even a polynomial hash of the personal data held in a user’s FB account, and then match that hash with a hash code held for the same fields – say name and address or email address – in a marketing or data tracker’s database and you can link the offline database with the FaceBook user even if you are not transmitting identifiable private information.  

Data tracking and marketing firms can use things as simple as advertisements and images displayed on a web page you visit to identify you by your browser and IP address to track where you go on the internet – before we even get into more sophisticated tracking methods.  So now we have the potential for that information to be tied to your FB user identity.

Now let’s add the latest FB innovation – facial recognition.  The addition of facial recognition capability to FB and applied to the profile and other images loaded up into the FB database and tagged with personal and “friend” identities gives FB possibly the largest facial recognition database outside of any government – and possibly larger than 90% of governments around the world.   

Lastly, we add to this mix the wide spread use of smart mobile technology with their GPS and web browsing systems – including FaceBook, and the growing social media linking systems like Xobni that matches your email inbox to the various social media sites like LinkedIn, FaceBook, Twitter, etc.

Take all of these systems together and we have a growing ability for people’s lives to be comprehensively monitored – real life, social life and internet life:  who you are, what you look like, where you go – in real life and internet life, who you work for, what you do, what you say, who your friends are, what you like, what your political views are, what you buy and what you would rather not have others know.  Does this bother you yet?

Even if this unprecedented potential for tracking and data matching – social convergence – does not concern a given individual, from a corporate perspective if creates some unique risk management questions:  

  • When a person’s real-world private life, internet private life and real-world corporate identities converge, and that convergence brings disrepute on an organisation, what should be the organisation’s response?
  • How can an organisation measure and limit the risk from social convergence?
  • Should an organisation be actively outcome-testing the social convergence of its key employees in order to anticipate the impact of ill-timed exposures?
  • Should employees be discouraged from using any data that can be used to match their corporate identities in social media?
  • Should an organisation actively educate their staff about the risks of social convergence to them and their employer?
  • To what extent should organisations apply the same social-convergence morality tests to the organisations with which the trade?

As a strong proponent of the rights of the individual, freedom of speech and the duty of employers to “mind their own business” with respect to the individuals they employ I find the implications of these questions extremely troubling, but I fear they will not be able to be ignored forever.