Businesses Struggle To Control Social Networking

← Back to Stories (view on slashdot.org)

Businesses Struggle To Control Social Networking

Posted by Soulskill on Monday May 10, 2010 @07:09AM from the some-struggles-are-doomed-to-failure dept.

Lucas123 writes "Businesses in highly regulated industries are trying to strike a balance between workers who use social networking sites such as Twitter, Facebook, and LinkedIn to communicate, and trying to satisfy federal requirements to monitor, capture, and audit all forms of electronic communications. As with instant messaging a decade ago, corporations are first blocking all access to the applications, and then considering what tools may be available to control them in the future. A cottage industry is being built around software that can not only control access to social networking websites but also ensure conversations over those websites can be stored for electronic discovery purposes."

29 of 131 comments (clear)

Min score:

Reason:

Sort:

Why not block them entirely? by eviloverlordx · 2010-05-10 07:13 · Score: 3, Insightful

Aren't these people supposed to be, you know, working?

--
'Loose' is when your pants are three sizes too big. 'Lose' is when you misuse 'loose'.
1. Re:Why not block them entirely? by the1337g33k · 2010-05-10 07:16 · Score: 4, Insightful
  
  Exactly, thats what I do. The company pays people to work, not play farmville.
2. Re:Why not block them entirely? by andrewd18 · 2010-05-10 07:17 · Score: 5, Insightful
  
  Or post on Slashdot.
3. Re:Why not block them entirely? by swanzilla · 2010-05-10 07:20 · Score: 4, Insightful
  
  Aren't these people supposed to be, you know, working?
  There exist lines of work that both require access to social media sites, and require capture/reporting of said access.
  RFTA. It is quite interesting.
  
  --
  0 = 1 + e^(Alt something)
4. Re:Why not block them entirely? by Captain+Splendid · 2010-05-10 07:35 · Score: 5, Insightful
  
  The company pays people to work, not play farmville.
  
  Then the company is stupid. We have decades' worth of scientific and anecdotal evidence that putting human monkeys in tight little boxes is Not A Good Thing, both for the monkey and the maker of the box.
  
  My employees have two rules to follow: 1. Get the job done. 2. Don't embarrass the company. Compliance with them ensure a wide variety of perks and other 'human' touches which both they and I appreciate. Anything not covered by the two rules is already small potatoes and not worth pulling your hair out. Everybody wins.
  
  Disclaimer: This management method looks like it would be a bitch to scale. Not my fucking problem, thank Cthulu.
  
  --
  Linux, you magnificent bastard, I read the fucking manual!
5. Re:Why not block them entirely? by Archangel+Michael · 2010-05-10 07:39 · Score: 2, Interesting
  
  Slashdot has saved the place I worked more time than I've wasted reading it. I've learned how to do stuff that I would never find reading Tech Manuals and taking classes.
  Practical application of practical experience is way better than theoretical classes on optimal situations.
  
  In theory, theory and practice are the same, in practice they are not.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
6. Re:Why not block them entirely? by value_added · 2010-05-10 07:55 · Score: 2, Interesting
  
  My employees have two rules to follow: 1. Get the job done. 2. Don't embarrass the company.
  Seems reasonable, but Number 2 may be harder than you think.
7. Re:Why not block them entirely? by bennomatic · 2010-05-10 07:56 · Score: 4, Interesting
  
  Disclaimer: This management method looks like it would be a bitch to scale.
  Good point; it may be worth considering that if your company is so big that treating people like human beings doesn't scale, it's time to break up into smaller, more manageable units.
  
  I read somewhere that 3M Corp actually does that, breaking off independent business units for each product line. As soon as a particular unit gets to be above 300 people, they figure, they can safely be split in two. If one of the two parts can't survive on its own, they let it die, as it was probably a drain on the bottom line anyway.
  
  --
  The CB App. What's your 20?
8. Re:Why not block them entirely? by dave562 · 2010-05-10 08:05 · Score: 3, Informative
  
  Pretty much any company that produces a product has a justification for having at least some of their employees involved in social networking. I work for an organization that lives and dies by public perception and participation. A portion of our communications department is devoted to social networking.
  As the person in charge of IT policy, I fought against giving people access for the longest time. I based my argument on the security considerations of social networking sites (Flash exploits, Javascript vulnerabilities, etc.) I eventually lost the battle because I can see the compelling reasons to allow access. The pros outweigh the cons in my particular organization. I had to setup an extra layer of redundency including up to date workstation images and additional security software (proxy / webfilter, etc). I'd rather block the sites entirely but in the end it wasn't my call.
9. Re:Why not block them entirely? by Captain+Splendid · 2010-05-10 08:06 · Score: 4, Insightful
  
  Some interesting points there. Shame that advocating breaking up successful companies in order to maximize employee contentment (and, perhaps, productivity and other 'useful' things) would make an MBA have a heart attack.
  
  --
  Linux, you magnificent bastard, I read the fucking manual!
10. Re:Why not block them entirely? by Captain+Splendid · 2010-05-10 08:45 · Score: 2, Interesting
  
  Actually, I am, since we're a law practice.
  
  But another one of the things I do "different" is that I hire people based on brains, not skills or experience. Not that the latter two aren't important, but that having brains will get you skills and experience, but skills and experience don't get you brains.
  
  I also pay more than everybody else. The point: Compliance is easy. Trust is hard. Guess which one I've decided to concentrate my energies and money on?
  
  --
  Linux, you magnificent bastard, I read the fucking manual!
11. Re:Why not block them entirely? by grcumb · 2010-05-10 09:36 · Score: 2, Interesting
  
  Then the company is stupid. We have decades' worth of scientific and anecdotal evidence that putting human monkeys in tight little boxes is Not A Good Thing, both for the monkey and the maker of the box.
  Amen.
  The only thing we need to do to get a proper perspective on this problem to change the headline slightly:
  Businesses Struggle to Control Their Staff
  Suddenly, it becomes crystal clear that this is an administrative issue more than it is a technical one. Yes, compliance with federal regulation is a daunting task. It's not even reasonable to attempt it without active buy-in participation of the employees. I don't want to go all Princess Leia on you, but there's a point to be made about tightening one's grasp too far.
  Consent and a collective sense of responsibility are far more powerful tools when dealing with issues like confidentiality and corporate ethics.
  
  --
  Crumb's Corollary: Never bring a knife to a bun fight.
12. Re:Why not block them entirely? by Archangel+Michael · 2010-05-10 09:38 · Score: 2, Interesting
  
  Things I've learned about on Slashdot, while waiting for old style shit to get done ....
  I learned of RIS (WDS) on /. and was getting ready to deploy it when I heard about DriverPacks on /. and then about using MSI based silent installers, and combined them all to now set up a workstation from scratch.
  Before I read about such things on Slashdot, I used to run around and use Windows XP CD to install XP by hand, manually typing in Product keys and what not. Four to six hours of babysitting installs. Per computer.
  Now, I can RE IMAGE a machine using RIS (WDS) with about 5 mins of tech time. It provides a consistent installation base for all users.
  Map "My Documents" to Network Share and now you have a system where I don't care what is wrong with it, I just re-image it. Virus? Don't care. Hardware failure? I don't care. Crappified computer? I don't care.
  I don't have to spend hours trying to fix something. Now it takes five to ten minutes of my time, and less than two hours total time to have a fully patched (slipstream patches to the RIS image) and ready system.
  So, compared to the former ways of doing things, I now have the time to work on more interesting projects. We can get more done with less people, provide better service and support, and respond quicker to problems and resolve them more quickly.
  THAT is just one example of a "how to" found within the comments of /. Oh, BTW, this solution cannot be found anywhere in any training for any certification that I've ever seen.
  Solving a real problem with real innovative solutions that requires experience and a bit of creativity.
  So yeah, /. has saved thousands of man hours.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
13. Re:Why not block them entirely? by Hogwash+McFly · 2010-05-10 09:57 · Score: 2, Interesting
  
  See Dunbar's number. This is a concept covered, as my Anonymous sibling is correct to believe, in The Tipping Point by Malcolm Gladwell.
  
  --
  Mother, do you think they'll like this sig?
14. Re:Why not block them entirely? by b4k3d+b34nz · 2010-05-10 11:17 · Score: 2, Informative
  
  It's usually in the comments that I find gems of knowledge (or stupidity), not the stories.
  For gems of stupidity I just wait until kdawson's shift.
  
  --
  Grammar Lesson: you're is a contraction of "you are"; your means you possess something; yore means days gone by.
WTF?!? by khasim · 2010-05-10 07:17 · Score: 2, Interesting

From TFA:

Social networking sites have proved valuable for sales-lead generation, marketing and general broker-client relations, but regulators have been quick to take notice and to offer the same warnings they did more than a decade ago when e-mail and instant messaging (IM) became common.
Seriously. What idiot wants his financial transactions posted on FaceBook?
1. Re:WTF?!? by MozeeToby · 2010-05-10 07:52 · Score: 3, Interesting
  
  There's rules about what financial advisers can and can't advertise with. Basically, everything they put out to the customers usually has to be put through their broker dealer's compliance department. "Offering the same warning they did more than a decade ago" just means reminding them that if you're using Facebook or Twitter to communicate with your clients you better be putting it through compliance first.
Seems like a game you can only lose. by HungryHobo · 2010-05-10 07:19 · Score: 2, Insightful

I mean there are enough almost trivial ways to hide information in pretty much any channel when the 2 parties get to meet up before hand to agree a protocol.
I'd almost ask why the even try.
"hi, mike, what time's the meeting today" or "Morning,how're the kids" can carry enough information to let someone game the system.
Social networking just adds a few bands.
Old tangible vs. intangible model. by JustinOpinion · 2010-05-10 07:22 · Score: 4, Insightful

Hm. I wonder if we perhaps need to rethink the difference between communication and documentation. The current rule seems to be that in regulated industries, any electronic document is subject to documentation/retention requirements. However this comes from an old model, where documents were somehow "official". So things like face-to-face conversations, or telephone calls, were not required to be recorded and archived. But anything written on paper was supposed to be archived to create a paper-trail, and because these were the "official documents".

In a modern world, some electronic documents (PDFs, word processor documents, emails, etc.) have taken the place of "official paper documents", and other electronic communications (instant messaging, social networking sites, etc.) have taken the place of the less-formal communication modes. (Obviously phones and face-to-face conversations still exist, also.)

On the one hand, it seems like the more documentation we can retain in regulated industries, the better off we are. (In case of negligence or malfeasance, it makes it possible to assign blame, bring people to justice, avoid repeating mistakes, etc.) On the other hand, as long as we are allowing some communication modes to be informal or undocumented, then allowing other modes that are also undocumented doesn't seem to change much. (People who want to have secret conversations will surely find a way to do it.)

I'm not sure what the right answer is. But I'm not convinced that making all electronic modes of communication subject to the same level of recording/documentation/archiving really makes sense.
1. Re:Old tangible vs. intangible model. by Anonymous Coward · 2010-05-10 07:34 · Score: 3, Insightful
  
  The problem is that in a regulated industry (in all industries, actually), there is no such thing as a communication that is not "official." If one of your agents makes a representation, and one of your stakeholders acts on that representation, then you are responsible for it. It doesn't matter how that representation was communicated. Whether or not the document was stamped "official" or not is irrelevant.
  What's happening now is that firms are given the tools for rapid and wide communication, and they are coming up against the same old problems of information leakage and people saying things that they shouldn't. But unlike the old days when such things were just verbal and impossible to capture, now they are persistent and can be automatically captured.
2. Re:Old tangible vs. intangible model. by BuffaloBandit · 2010-05-10 08:29 · Score: 2, Insightful
  
  Agreed.
  
  The issue is that with an actual in person conversation, there is no ongoing record of that conversation and the content of that conversation are heresay. It's one person's word against the other, and without a tape recorder, no way to know what was actually said. With the various forms of new communication (of which I'll even include The Web), there are varying degrees of permanence. I can post a bad share price to my website for 15 minutes, and then correct the error, if someone buys a share of my company based on that price, I am obligated to honor that. However, without proper record keeping, how can either party prove what was on the site when the purchase was made. As such, there are regulations in place that specify that Web content must be discoverable, so that those answers can be determined. It's complex, but not overly complex, because I own the servers on which the information gets published. I simply save a copy of every version of a file, every time it's published and save a state of the database. Presto magic.
  
  Things start to get really complicated when I no longer own the infrastructure. If I post to Twitter, Facebook, LinkedIn, Slashdot, or wherever and misquote a shareprice, then that information is controlled by somebody else. It's still considered public communication by the legal and regulatory entities, but I can't reproduce it. I can't even be sure that it's retained and could be reproduced by the site on which I left the remark. This is no different than the environment that has existed since the days of BBC forums and the comment sections of blogs. The issue now, is that the form of communication now has a name: Social Media. As such, many of these issues are actually making their way to the individuals who manage risk at these heavily regulated industries and the questions are being asked.
  
  I don't deny that the regulations are outdated and were written for a time when the printed page was the primary method of communication, but in the space between the current rules and the new ones, there is a tremendous risk for those organizations who have to comply and a huge opportunity for an industry of service providers to step in and put their minds at ease.
  
  The same debate raged when email hit the scene. Seems silly now, but that's just the way things go.
iPhones and Androids and HTC Heros, Oh My by Darth+Sdlavrot · 2010-05-10 07:22 · Score: 3, Insightful

Stockbrokers with smartphones. Ain't going to stop 'em.
You cannot control it, merely hope to harness it. by Anonymous Coward · 2010-05-10 07:27 · Score: 2, Insightful

To paraphrase Process Leia, The more you tighten your grip, the more slips thru your fingers.
Where I work (the stuff I do when not commenting on Slashdot), they're in the process of trying to harness LinkedIn to increase sales, however, alot of people have difficulty with the concept. The old model consisted of cold calls and "walking the streets". The new hustle is e-mails and add me as your friend.
Trying to teach a fifty year old salesman what his granddaughter does with ease is almost baffling.
Management pondered with the concept of controlling everything but I recommended harnessing it rather then controlling it - it is the only way.
HTTP over SOCKS over SSH over SSL thankyouverymuch by Gothmolly · 2010-05-10 07:38 · Score: 3, Interesting

Websense can suck it.

--
I want to delete my account but Slashdot doesn't allow it.
Until the first lawsuit. by khasim · 2010-05-10 07:44 · Score: 3, Insightful

The reason for the documention (and control that such requires) is to keep the company on the right side of the law.
Being able to show the EXACT communication that took place can save a lot of money in fines.
Department of Defense is struggling with this also by Message · 2010-05-10 07:47 · Score: 5, Interesting

The DoD has been struggling with this same issues as well, they recently issued guidance that opened up social media on their networks.
http://socialmedia.defense.gov/index.php/2010/02/26/dod-official-policy-on-newsocial-media/
Re:HTTP over SOCKS over SSH over SSL thankyouverym by BitZtream · 2010-05-10 07:51 · Score: 3, Insightful

If you think you're special because you can do that to get around a block then you are confused. If you can use this sort of workaround then your admins are either idiots or don't actually want to stop you, they just want you to go out of your way enough that its obvious you were breaking the rules.
Either way, you aren't special.

--
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
One print page! by antdude · 2010-05-10 08:31 · Score: 2

http://www.computerworld.com/s/article/print/9176439/Social_networking_boosts_legal_regulatory_compliance_headaches?taxonomyName=Financial+Services&taxonomyId=130

--
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Re:HTTP over SOCKS over SSH over SSL thankyouverym by jroysdon · 2010-05-10 16:17 · Score: 2, Interesting

Meh, when done right, it just looks like a long ssl and/or vpn tunnel session.
You really cannot do much to filter/firewall this sort of bypass for the technical user. Unless you allow whitelist-only access to https/ssl sites and/or force corporate-only machine access with corporate-installed SSL CAs that decrypt SSL traffic and re-encrypted (putting the corporate proxy as a man-in-the-middle) you have no way to stop this.
The real trick is blocking all "leaking" dns and apps. Socks leaks badly, as does flash, java and many other plugins. Just firewalling all outbound traffic except your tunnel works, but will require a dedicated machine.
http to a remote proxy over openvpn (ssl) is a bit more efficient than socks over ssh and clearly better than socks over ssh over ssl.