The “What If” Scenario
Your social media security policy needs to address the “what if” scenario surrounding possible leaks of confidential information. Apple Computer found out firsthand what a leak of confidential information combined with a wired population can do to a brand’s global image and competitive advantage.
The short version goes like this: A guy walks into a bar with a coveted, yet-to-be-realized Apple iPhone 4 prototype. The guy has one too many drinks. He loses his phone in the bar. His phone ends up in the hands of one of the most widely read Internet gadget websites, Gizmodo.com. The website writes a detailed blog post on every aspect of the phone generating over 13,049,935 visits to the article (see http://gizmodo.com/5520164/this-is-apples-next-iphone).
The story quickly spreads around the globe and generates a PR and potential product launch nightmare for Apple, as the article reveals problems with the iPhone’s antenna. Apple, famous for secrecy surrounding its products, immediately unleashes a barrage of legal counter strikes, including filing charges of theft against Gizmodo founder Jason Chen based on a California law dating back to 1872. The criminal investigation includes the issuing of search warrants and the seizure of laptops, flash drives, and credit card statements from Chen’s California home. The loss of proprietary data and subsequent detailed broadcasting of this information was a major embarrassment to the carefully polished image Apple tries to maintain.
Although Apple may have a legal case regarding the physical property, Gizmodo, as an online news organization, is wholly and legally in its right to broadcast this sensitive data, which it did, leaking the confidential information all across the social connected Web. In 2001, the U.S. Supreme Court ruled that confidential information leaked to a news organization could be legally broadcast (http://www.techeye.net/business/apple-calls-coppers-on-gizmodo).
This ruling may come as a surprise to many organizations. With over 133 million blogs online and novel forms of news sources appearing on the horizon, the definition of a “news organization” is radically changing. Websites like WikiLeaks, Consumerist, Angie’s List, and countless others generating millions of visitors every day create a legal gray area for many organizations mentioned negatively on these sites. In October 2010, WikiLeaks released over 400,000 documents called the Iraq War Logs, documenting sensitive information on the wars in Iraq and Afghanistan. An enlisted serviceman allegedly copied the data from secure internal servers and sent them to WikiLeaks. What was proprietary to the U.S. government has been made public via this website.
These issues illustrate the difficulty of protecting and monitoring your company’s intellectual property and online reputation. Securing your intellectual property and assessing potential threat levels is getting increasingly more difficult as social networking tools become more accessible. Add to this the global nature of the Web, international policing issues, and conflicting judicial rulings and the issues multiply exponentially. In June 2009, the U.S. Supreme Court ruled in a 9-0 vote that an employee’s privacy becomes void while using company-issued equipment.
However, a U.S. district court ruled in Buckley H. Crispin v. Christian Audigier, Inc. et al. that items posted on social media sites such as Facebook and MySpace that were not available to the public could not be subpoenaed. Google Alerts will not track keywords on social media sites when they are included in comments that are posted in a way in which the content isn’t posted publicly. If you have 4999 friends on Facebook and publish a post to your friends, that monitoring technology will only pick up those 5000 potential leaks when they go public, by which time, it might be too late to stop the viral surge.