Slashdot Mirror

← Back to Stories (view on slashdot.org)

Businesses Struggle To Control Social Networking

Posted by Soulskill on from the some-struggles-are-doomed-to-failure dept.

Lucas123 writes "Businesses in highly regulated industries are trying to strike a balance between workers who use social networking sites such as Twitter, Facebook, and LinkedIn to communicate, and trying to satisfy federal requirements to monitor, capture, and audit all forms of electronic communications. As with instant messaging a decade ago, corporations are first blocking all access to the applications, and then considering what tools may be available to control them in the future. A cottage industry is being built around software that can not only control access to social networking websites but also ensure conversations over those websites can be stored for electronic discovery purposes."

14 of 131 comments (clear)

  1. Why not block them entirely? by eviloverlordx · · Score: 3, Insightful

    Aren't these people supposed to be, you know, working?

    --
    'Loose' is when your pants are three sizes too big. 'Lose' is when you misuse 'loose'.
    1. Re:Why not block them entirely? by the1337g33k · · Score: 4, Insightful

      Exactly, thats what I do. The company pays people to work, not play farmville.

    2. Re:Why not block them entirely? by andrewd18 · · Score: 5, Insightful

      Or post on Slashdot.

    3. Re:Why not block them entirely? by swanzilla · · Score: 4, Insightful

      Aren't these people supposed to be, you know, working?

      There exist lines of work that both require access to social media sites, and require capture/reporting of said access.

      RFTA. It is quite interesting.

      --
      0 = 1 + e^(Alt something)
    4. Re:Why not block them entirely? by Captain+Splendid · · Score: 5, Insightful

      The company pays people to work, not play farmville.

      Then the company is stupid. We have decades' worth of scientific and anecdotal evidence that putting human monkeys in tight little boxes is Not A Good Thing, both for the monkey and the maker of the box.

      My employees have two rules to follow: 1. Get the job done. 2. Don't embarrass the company. Compliance with them ensure a wide variety of perks and other 'human' touches which both they and I appreciate. Anything not covered by the two rules is already small potatoes and not worth pulling your hair out. Everybody wins.

      Disclaimer: This management method looks like it would be a bitch to scale. Not my fucking problem, thank Cthulu.

      --
      Linux, you magnificent bastard, I read the fucking manual!
    5. Re:Why not block them entirely? by Captain+Splendid · · Score: 4, Insightful

      Some interesting points there. Shame that advocating breaking up successful companies in order to maximize employee contentment (and, perhaps, productivity and other 'useful' things) would make an MBA have a heart attack.

      --
      Linux, you magnificent bastard, I read the fucking manual!
  2. Seems like a game you can only lose. by HungryHobo · · Score: 2, Insightful

    I mean there are enough almost trivial ways to hide information in pretty much any channel when the 2 parties get to meet up before hand to agree a protocol.

    I'd almost ask why the even try.

    "hi, mike, what time's the meeting today" or "Morning,how're the kids" can carry enough information to let someone game the system.

    Social networking just adds a few bands.

  3. Old tangible vs. intangible model. by JustinOpinion · · Score: 4, Insightful

    Hm. I wonder if we perhaps need to rethink the difference between communication and documentation. The current rule seems to be that in regulated industries, any electronic document is subject to documentation/retention requirements. However this comes from an old model, where documents were somehow "official". So things like face-to-face conversations, or telephone calls, were not required to be recorded and archived. But anything written on paper was supposed to be archived to create a paper-trail, and because these were the "official documents".

    In a modern world, some electronic documents (PDFs, word processor documents, emails, etc.) have taken the place of "official paper documents", and other electronic communications (instant messaging, social networking sites, etc.) have taken the place of the less-formal communication modes. (Obviously phones and face-to-face conversations still exist, also.)

    On the one hand, it seems like the more documentation we can retain in regulated industries, the better off we are. (In case of negligence or malfeasance, it makes it possible to assign blame, bring people to justice, avoid repeating mistakes, etc.) On the other hand, as long as we are allowing some communication modes to be informal or undocumented, then allowing other modes that are also undocumented doesn't seem to change much. (People who want to have secret conversations will surely find a way to do it.)

    I'm not sure what the right answer is. But I'm not convinced that making all electronic modes of communication subject to the same level of recording/documentation/archiving really makes sense.

    1. Re:Old tangible vs. intangible model. by Anonymous Coward · · Score: 3, Insightful

      The problem is that in a regulated industry (in all industries, actually), there is no such thing as a communication that is not "official." If one of your agents makes a representation, and one of your stakeholders acts on that representation, then you are responsible for it. It doesn't matter how that representation was communicated. Whether or not the document was stamped "official" or not is irrelevant.

      What's happening now is that firms are given the tools for rapid and wide communication, and they are coming up against the same old problems of information leakage and people saying things that they shouldn't. But unlike the old days when such things were just verbal and impossible to capture, now they are persistent and can be automatically captured.

    2. Re:Old tangible vs. intangible model. by BuffaloBandit · · Score: 2, Insightful

      Agreed.

      The issue is that with an actual in person conversation, there is no ongoing record of that conversation and the content of that conversation are heresay. It's one person's word against the other, and without a tape recorder, no way to know what was actually said. With the various forms of new communication (of which I'll even include The Web), there are varying degrees of permanence. I can post a bad share price to my website for 15 minutes, and then correct the error, if someone buys a share of my company based on that price, I am obligated to honor that. However, without proper record keeping, how can either party prove what was on the site when the purchase was made. As such, there are regulations in place that specify that Web content must be discoverable, so that those answers can be determined. It's complex, but not overly complex, because I own the servers on which the information gets published. I simply save a copy of every version of a file, every time it's published and save a state of the database. Presto magic.

      Things start to get really complicated when I no longer own the infrastructure. If I post to Twitter, Facebook, LinkedIn, Slashdot, or wherever and misquote a shareprice, then that information is controlled by somebody else. It's still considered public communication by the legal and regulatory entities, but I can't reproduce it. I can't even be sure that it's retained and could be reproduced by the site on which I left the remark. This is no different than the environment that has existed since the days of BBC forums and the comment sections of blogs. The issue now, is that the form of communication now has a name: Social Media. As such, many of these issues are actually making their way to the individuals who manage risk at these heavily regulated industries and the questions are being asked.

      I don't deny that the regulations are outdated and were written for a time when the printed page was the primary method of communication, but in the space between the current rules and the new ones, there is a tremendous risk for those organizations who have to comply and a huge opportunity for an industry of service providers to step in and put their minds at ease.

      The same debate raged when email hit the scene. Seems silly now, but that's just the way things go.

  4. iPhones and Androids and HTC Heros, Oh My by Darth+Sdlavrot · · Score: 3, Insightful

    Stockbrokers with smartphones. Ain't going to stop 'em.

  5. You cannot control it, merely hope to harness it. by Anonymous Coward · · Score: 2, Insightful

    To paraphrase Process Leia, The more you tighten your grip, the more slips thru your fingers.

    Where I work (the stuff I do when not commenting on Slashdot), they're in the process of trying to harness LinkedIn to increase sales, however, alot of people have difficulty with the concept. The old model consisted of cold calls and "walking the streets". The new hustle is e-mails and add me as your friend.

    Trying to teach a fifty year old salesman what his granddaughter does with ease is almost baffling.

      Management pondered with the concept of controlling everything but I recommended harnessing it rather then controlling it - it is the only way.

  6. Until the first lawsuit. by khasim · · Score: 3, Insightful

    The reason for the documention (and control that such requires) is to keep the company on the right side of the law.

    Being able to show the EXACT communication that took place can save a lot of money in fines.

  7. Re:HTTP over SOCKS over SSH over SSL thankyouverym by BitZtream · · Score: 3, Insightful

    If you think you're special because you can do that to get around a block then you are confused. If you can use this sort of workaround then your admins are either idiots or don't actually want to stop you, they just want you to go out of your way enough that its obvious you were breaking the rules.

    Either way, you aren't special.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager