The development of counterintelligence is the next logical step for an organisation after tackling...
I am hurrying along on a cool March evening in Milan. The European Commission has invited me to give a talk at its international event on research for the information society (IST). I walk resigned to reaping indifference and some - hopefully virtual - stones for what I am about to present.
Expectations that will be fully satisfied.
(This post is a continuation of the first in the series The hurt locker (I): Counterintelligence, Marketing and Open Innovation).
I haven't said it, but it's 2003. It is a year before Facebook was founded, and about ten years before it has an impact on our lives on this side of the pond. However, on that date, collaborative systems are already appearing on the Internet that are proposed for sharing information in the business and personal environment. For collaborative product design, contract negotiation, for almost anything. And asymmetrical people like me - at that time I couldn't find another one - began to see drawbacks.
Drawbacks that will be seen, also, fully realised, ten years later.
In short, my thesis was very simple:
- Collaborative systems on the Internet - including social networks, which were not called such - allow information to be shared across organisational boundaries.
- Information is shared in practice by individuals, not by organisations.
- Information belongs to the organisation where it works, not to the person who shares it. (Here came the stone).
- We will have an asset protection problem in organisations unless we develop preventive technology at the same time as we develop the tools for sharing. (Here came the indifference).
I knew that I was going to shout "Get a grip! Alcohol kills brain cells!" in the middle of the Oktoberfest. At that time, everyone was drunk on the development of collaborative business systems, projects funded with public money. Some were developing product data exchange formats, others were working on automatic contract negotiation mechanisms, etc. etc. etc.
But no one was working on how to monitor the sensitivity of the information being shared. How to automatically warn whether the content of that information is confidential, restricted or free to use? On how to automatically know if that recipient outside the company is authorised or not by some agreement. And if not, the system automatically blocks the exchange of that information.
After many years we are still like this, without being able to control it. At least as far as a "normal" company -other than the CIA- is concerned.
The focus of this post is the company, but since we are talking about the CIA, let's also talk about the Russian military. Last September 2015, while Putin was denying Russia's involvement in the fighting on the ground in Syria, Russian soldiers were posting pictures on social media. Unfortunately for Russian diplomacy, these photographs were geo-located - a social media thing - and placed troops directly in the combat zone in the battered city of Homs.
So the problem is even for the biggest and most legally disciplined teams. Information is exchanged by individuals, across organisational boundaries, without regard for the degree of confidentiality, and causing damage to the organisation itself. We can hardly do anything against it. But what little we can do will significantly increase the protection of the company's assets.
Business interests versus brain chemistry
It was only when Facebook became brutally successful in its expansion that scientists explained it to us: When we talk about ourselves, our brain activates the same reward mechanisms as sex, food or addictions.
Therefore, the company is fighting against the most intimate neurological mechanisms of the human being.
Let's see, gentlemen of the sales force... Is it really necessary to publish openly, on your Facebook wall, that you are having dinner in that town in the region of Cordoba -Argentina-, where that customer we want to take away from the competition is?
Today's competitive intelligence systems can monitor social networks, among other sources. And any of our competitors, especially the one we want to take the customer from, will be immediately alerted to our intentions. They will only have to add 1 plus 1.
Are you sure, Mr. Support Engineer, that it is necessary to check-in on the social network Foursquare at the same time as at Osborne Airport -Australia-? Maybe - for sure - our competitors will know that we have already signed a contract and that we are going to operate in the Queensland mines.
Since the company has to fight against the most ingrained human drives, we have to know that we stand to lose. That's why we have to do a lot of work to raise awareness among our team members. And a short course in information privacy control would not go amiss.
The practice of individual privacy sometimes protects company assets.
As we said in the first post of this series: We are operating in hostile territory. We can only try to minimise the risks.
(The hurt locker is a film by Kathryn Bigelow released in 2008.).
By Miguel Borràs
Antara undertakes that the content published is created by its own team, clients or collaborators. Antara never outsources the generation of content.
The opinions of the authors reflect their own views and not those of the company.
