Where do you stand on the using private social media accounts as part of an ‘extreme vetting’ policy?
The summer is on its way. Before long you will be packing your bags, grabbing your passport and heading off to fun packed family adventures. But how would you feel if when going through passport control, you were stopped and refused entry to your holiday destination. Not because your passport was out of date, or that you had brought with you one too many duty-free items, but because of your social media profile.
This is one of the elements of the ‘extreme vetting’ that is currently being discussed by the US Government. They would like to allow boarder control to have full access to your smartphone to see your contacts, scale media profiles – of all social networks, not just the one that begins with F and if that wasn’t enough, your personal financial data as well.
The target of this extreme vetting is to combat terrorism, but what about false positives. Perhaps you have shown understandable sympathy to the plight of nationals that are under a travel ban, maybe you have even been derogatory towards the current administration of the USA (who hasn’t), maybe you have inadvertently ‘liked’ or shared fake news.
If what was found was, shall we say, “somewhat unbecoming” to the authorities then you could be detained for questioning and potential refused entry.
Now let me just stress this is a proposal at the moment and is not in force. However, it does bring up all sorts of cyber security, privacy and moral issues.
The challenge is that social media has a much better and more detailed memory than you. That late-night rant when reviewed in the cold light of an interview room may no longer sound rebellious, but sound threatening and could even be construed as incitement.
Now I may be getting carried away here, but you can surly see how utilising the private communications of an individual to form a picture of their intent, is going to be plagued with problems.
The simple answer is of course, to have a contact list and a social media footprint that is so benign as to border on boring. But who, hand on heart has that?
So, can we all agree that this ‘extreme vetting’ is a very bad thing? Can we? It’s a gross infringement of our privacy, isn’t it? Well, before we all shout a collective ‘aye’, let’s look at this slightly differently.
Imagine a scenario that sensitive data about your company is finding its way onto the internet. You hear via a friendly competitor that your current customer list is being touted around to the highest bidder by somebody on Facebook. You soon discover that company secrets, in the form of door security codes, or passwords to email servers are out in the wild too. Then sensitive financial details are being discussed around the office because they have been ‘found’ on the internet,
You grab some of the many open source social media monitoring tools and start watching. You discover that a disgruntled employee, is trying to wreak ‘commercial terrorism’ on your business. On discovery, you understandably terminate their employment and commence legal action. During this investigation, the accused names (and shames) other employees who are also involved, but you have no evidence, nor do they. So, you do you start monitoring your employee’s private social media accounts? And what about new employees, having now been bitten once, would you do a preliminary background check on their social media activity to ensure that there was nothing that would cause concern? Many companies already do this, so isn’t this actually a form of vetting?
This debate is where security, privacy and morality all come together in a very challenging Venn diagram. Nobody wants crimes to take place, either on a National level, as per the USA, or at a company level. But can it be one rule for governments, and I’d hasten to add that if the USA does implement this form of vetting you can be assured that other countries will follow suit, and another rule for companies?
If in an interview situation with a prospective new employee who was being considered for a high-level position would you ask in that meeting to take a look at the phone, ask for the code and then poke around in their personal data? Probably not, but isn’t this just a modern way of obtaining a reference, not from an individual but from hundreds of connections and correspondence that would give a far rounder view of what they are really like?
So now where do you sit on this one? Are you in favour of ‘vetting’ and poking around in somebody’s social media to see if there is anything of concern, or not? Is this an invasion of privacy, or a crime prevention policy using modern technology?
I sadly have to admit that on this issue I’m on the borderline of being in favour of both positions. I can clearly see the case for both and that is a position that makes me and many others I have discussed this proposed policy with, feel deeply uncomfortable about.