Archive
Dealing with Grief in a Social Setting
We had to put our family dog down.
Princess Buttercup of Petersburg was my daughter’s first real pet and as my daughter grew so did Buttercup. For the past twelve years we celebrated life’s events and Buttercup was right there with us, every step of the way. Birthdays, holidays, even more pets; we could look back through our memories and there was my daughter’s best friend, a part of the family, celebrating right there with us. And now there is a hole in our hearts and lives where Buttercup used to live on a daily basis.
The sorrow that gripped my family was intense and each of us dealt with it in a different way; but it seemed to hit my daughter the hardest. She withdrew from the family and seemed to want to deal with the death of her friend on her own. At least that is what I thought until I saw my daughter’s Facebook status.
I read her words and they literally tore open the wound that I had so carefully closed the previous day. As I fought back the tears I suddenly realized that my daughter had not withdrawn, she had simply found a way to share her pain in a way that I could not and she chose to use her social network to do so.
Don’t get me wrong, I also wanted to say something about Buttercup, but I struggled to find just right words. It seemed that every carefully crafted message that I wrote was quickly dismissed as I considered each one inappropriate for one group of friends or the other. I wanted to confide in my closest friends but not share with a general audience. I wanted to post something that would honor Buttercup’s memory, but I didn’t want to deal with the awkward questions or the “I feel your pain” stories that were sure to follow as people felt obligated to respond to my post. So I simply said nothing wishing that Facebook truly had some way for me to selectively share my feelings with my closest friends. But on Facebook, you are either an open book, or you are forced to take your business elsewhere? But where? They have already cornered the market on all of my friends.
My lack of saying something made me question if I truly shared in my family’s grief. But my wife did not rush out to post either so it made me wonder if this is a generational thing. Are today’s youth able to post about every aspect of their lives while we still like to compartmentalize ours? Are the concepts of context and roles breaking down as everyone has access to the same information about you? Should your clients be privy to the same information as your family members? Does that draw them closer or push them away?
In 2010, Mark Zukerberg declared that privacy was no longer a “social norm” and that user information should be public. This was largely based on Facebook’s observation of the types of information that people were sharing with each other. As such, Facebook modified their privacy policies and subsequently their platform to share more and more information. But there are some things that I simply don’t want to share with the entire world. So my only options are to either adopt Facebook’s open model or suppress my activity on the site. Thus far, I have chosen the later, not because it is what I want to do, it is only because it is the prudent thing to do. Some people are comfortable sharing everything with everyone, some are not. But while I was struggling with the right words to say, my daughter was saying them.
What I find interesting is that there is an entire generation that has essentially become open books with both their feelings and their personal information. While older folks value their privacy, it seems like the younger ones are more open to sharing. Is this because they agree with Zuckerberg’s view on privacy? Or is it that they simply do not have a choice and they must play by someone else’s rules. I contend that it is the later and people are willing to exchange privacy for convenience in a world where they don’t have both. Facebook takes advantage of the fact that humans are social beings and the drive to be social is stronger than the drive to be private or simply careful. Most “Millennials” are OK with this and don’t give it a second thought – that is until their openness is taken advantage of and they are compromised in some way. Then they scream about how this could have happened and why they were not protected.
In the case of Buttercup’s passing, my daughter chose to play by Facebook’s rules and share her feelings with the world. Did she consciously make this choice, or did she simply use the only tool available to her express her feelings? Does she value privacy as much as us “older folks” and would she have chosen to use another conduit to share her grief if it were available? Ah, there’s the real question, but it is one that is impossible to answer until she has real alternatives to choose from. Ultimately Facebook will face more and more competition (think Google+) and some competitors will place a higher value on privacy than Facebook, but they have a lot of catching up to do. As Facebook continues to grow larger each day and as they approach an impending IPO that will put them on par with companies like General Electric, it is going to be more and more difficult for competitors to capture the intellectual capital that so many users have elected to invest in Facebook. Can competitors erode Facebook’s market share? Only time will tell, but in my opinion, it is about time.
Trust – The Missing Ingredient
I was having a conversation with friends the other day and while it may sound nerdy as hell, the topic was focused on identity. I swear (trust me) that no drinks were involved but the conversation went pretty deep, nonetheless. What is identity, how is it used, and how can it be protected? Like Aristotle and Plato before us, we modern day philosophers discussed the various aspects that make up our identity, how we can control it, and how we can selectively share it with our intended audiences. In an era when our private information has been unleashed like the proverbial opening of Pandora’s Box, how can we regain control of our identities without impacting our existing relationships or experiences?
But what about identity? What is it really, and why should you care?
When I think about identity, I think in terms of aggregation, management, and sharing. Each of these are key ingredients when it comes to users owning their own identities, but each of these can be further strengthened when we add trust to the mix. So, what is the recipe for success as it pertains to trusting identities in cyberspace? Let’s take a closer look at each of these ingredients to see.
Aggregation
My identity is the aggregation of all the things there is to know about me. One could trivialize this by saying it is simply all the discrete data elements about me (i.e. hair color, height, ssn, etc.) but in essence, it is much more. It consists of my habits, my history, my data, my relationships – basically everything that can be me and everything that can be tracked about me. Identity information is not found in a single location, it is distributed across multiple repositories but this informaiton can be aggregated into a virtual identity – which is essentially, me.
Management
When we allow someone to manage their own identity, we are allowing them to control their discrete data elements, but we are also allowing them to manage every other aspect about themselves as well. You can change your mobile number attribute (data element) when you get a new phone, or you can change your address attribute when you move. But just like you can remove the cache, history, and cookies in your browser, you should be able to maintain your privacy by removing (or hiding) your identity characteristics as well. Identity management simply means that I am able to manage those aspects of my identity that are my own.
Sharing
In real life, I have the ability to select which characteristics and/or information about myself that I want to share with each of my friends, family, co-workers or acquaintances. My work-related benefits stay private between my boss and I in the workplace. Conversely, I don’t share my family conversations within the office. Investment information stays private between my broker and I, yet I Tweet favorite quotes to the world. In essence, I selectively share information with different audiences based on the role I am playing at that time. Online personas facilitate the same selective sharing within the social web similar to our interations in the real world. I may take on a different persona as I interact in the virtual world and elect to share different information with each audience based on where I elect to use that persona. This also means that I can act anonymously if I so choose (which is similar to going ‘incognito’ in your browser).
Trust
Sharing data with others fulfills my desire to communicate information about me to you, but just like in real life it is totally your option to accept the validity of that information or not. To take the sharing to the next level (and address a major need on the Internet today), we need to have some method of trusting the information that we receive. Trust is transient (it changes), contextual (it is based on the situation), and 100% given by the receiving party – essentially they decide to trust you or not. In the real world we use driver’s licenses, passports, or referrals from friends to validate users and establish trust. This is no difference in the social web except for the fact that we are not seeing each other face to face and do not have the ability to provide a driver’s license as proof of identity. Hence the need for another method.
If the ingredients in the identity cake are aggregation, management and sharing, then validation is the icing on the cake; not the cake itself. While each of these ingredients are key in making the perfect cake, leaving trust out of the mix is kind of like leaving salt out of the recipe. Trust simply brings out the flavor and without it, the cake is way too bland!
“Breast-Grabber Dude” Caught on Camera
Invasion of privacy debates have escalated once again as a traffic camera snaps a shot of a speeder caught touching a woman’s breast.
(Full story can be found here.)
It is right to debate surveillance cameras, but am I the only one wondering how the picture made it to the Internet in the first place? Aren’t governments supposed to keep the information they collect on their citizens safe?
(Wait, did I just use the words “government”, “information”, and “safe” in the same sentence? I need more coffee.)
What’s next, TSA body scans leaked to the Internet? Uh oh, been there, done that last year (see One Hundred Naked Citizens: One Hundred Leaked Body Scans).
End point privacy is definitely up for debate, but come on guys, protection of information on the back-end is imperative!
Secret Identities
Methinks that Ziggy secretly works for Facebook.
He is incorrect, however, everyone needs secret identities.
Facebook’s Trolling for Keywords
I posted a status to Facebook that included the words “Sea World” and all of a sudden I received a recommended page for Sea World and other Orlando theme parks in their advertisement section. Does anyone really think that Facebook isn’t parsing every post for nuggets they can glean and use for advertising purposes?
From a technical perspective, it is pretty impressive. From a privacy perspective, it is very very scary.
Is Your Intellectual Property Slipping Out the Door with Their Pink Slip?
(I wrote the following article for BABM Business Magazine back in May/June of 2009. The article is reprinted here with their permission.)
With the latest layoff news continuing to add chaos to the economy, CEOs need to protect their businesses in case of staff cuts, restructuring or consolidation of offices. While your company may not be planning layoffs now, there is no guarantee that in three or six months from now this will be the case. There are steps your business should take, both proactively and reactively, to ensure that your most valuable information such as customer data and contracts isn’t walking out the door with terminated employees.
Ideally, even before layoffs occur, businesses need to be prepared to protect their assets. Employees may sense a layoff is imminent and start grabbing what data they can before they get the official word. This could lead to a loss of your company’s most valuable contacts that former employees may use to compete against you. Proactive monitoring of systems, before layoffs begin, can ensure that your company’s data is protected.
There are a variety of technologies you can implement to monitor your employees’ access of specific applications. For example, you can monitor who has access to what type of database and determine if an employee is running unusual reports. Are certain employees extracting every field, downloading the data to a local disk and/or sending it to themselves over email?
Having a solid process for role provisioning and access management will help limit access of certain information to those people who need it to do their jobs. If levels of access to various applications and corporate information are assigned for each job description, it is easier to set up monitoring systems for each employee as well as protocols for changing passwords and other termination procedures to remove access when an employee is let go.
A good rule of thumb is to trust, but verify. Monitoring can be performed at many levels and includes database access, disc usage, and whether or not USB drives are being plugged into company computers. Monitoring can even determine if proprietary data is being sent to an email account. When it comes to access management and monitoring, CEOs and executive management need to weigh how much protection they want with how much they protection they can afford. It’s a formula that will vary for every company.
Once a company is in an action stage and layoffs are about to begin, it’s almost too late to protect and secure its data without shutting off access altogether (which may not be feasible in all cases). As a fallback plan, many companies provide their security team with a list of users they plan to let go. On the morning the layoffs are to take place, the team is tasked with acting on the list and locking out those employees from their accounts. But there’s often the lingering feeling that something was missed. Are they prevented from accessing your systems remotely? Are they still receiving their email on their home PCs? Does the employee have access to vendor accounts? Can your security team effectively map the employee to all the accounts they have accumulated over the years?
There are many types of technologies that can be used from a proactive perspective and subsequently verified from a reactive perspective. CEOs should be proactive and have an effective user provisioning solution in place. This ensures that they have accounted for all the systems and the types of system access where a user has an account. Once layoffs have occurred companies should continue monitoring mission critical systems to ensure that the access has been terminated appropriately. A security event monitoring solution on the back end can monitor log files or traffic patterns to these systems and immediately notify of any unusual activity.
Companies that have implemented centralized account management systems have peace of mind that they can quickly prevent access by employees who are no longer associated with the company. They can be certain that they have locked all accounts being managed by the system and actions such as terminations can be performed by management (ahead of time) rather than needing to involve people from the security team.
Companies that have not implemented a centralized account management system are increasing their workload and effectively putting valuable corporate assets at risk. At this point, there has to be due diligence as you have to perform these tasks manually. The potential for damage is great, however, and fallout will rise exponentially as more layoffs occur. If you have implemented a centralized user provisioning system, congratulations! If not, don’t panic, there are still tasks you can perform to help protect your assets.
- Prepare your list well in advance and give your security team a chance to locate the various user accounts.
- Work with functional managers, supervisors, or project managers to further determine the user’s access.
- Monitor system logs and network traffic to determine if any unusual access or traffic patterns appear. Respond immediately.
Even with this type of preparation, the tasks can be quite time consuming and it could take weeks to properly locate and delete access. Hence, our advice is that it’s better to take more proactive steps to avoid headaches and possible customer data and other business asset loss later on. Getting a handle on your role provisioning and user access procedures and having a plan for monitoring employee application use are good places to start.
Staff reduction is never easy and you should make the separation as painless as possible. It is unfortunate that some employees view corporate assets as their own and feel entitled to take information with them when they leave. As a business owner responsible to shareholders or even to the remaining workforce, you need to take every action possible to ensure the protection of this data.
 |  |  |  |  |
Easy Identity 