The media has been awash with stories about Paris Brown, the UK’s first youth police and crime commissioner who felt she had no option to resign even before formally taking up her post as a result of allegedly offensive messages she had posted on Twitter.
To many, she had done nothing wrong; here was a teenager who was simply testing and pushing the boundaries of her adolescent world, sharing views and comments in her private life in an attempt to learn, identify with and grow into an adult. She had been chosen from a large number of candidates for this role precisely because she was typical of many of her peers, and her views of the world and the society she lived in, warts and all, were almost a requirement of the role in the first place.
To others, she was demonstrating vulgar and offensive sensibilities in a public domain that have no place in a role in public office. To that end Kent Police are currently reviewing the tweets in question so ascertain if a case should be made against her.
I believe this is going to be the thin end of the wedge, and that many more instances of issues like this will come through over the coming years. This is going to have, in my opinion, a number of ramifications in our industry in a number of areas:
BYOD. The adoption of smartphones across society combined with bring your own device policies across industries has meant that the boundaries between personal and professional life are becoming increasingly blurred. This blurring means that people will increasingly lose the definition between what can and can’t be shared from the workplace which is going to become an issue. Sharing confidential documents via a BYOD enabled smartphone to personal accounts so they can be worked from home is not going to be seen as an issue; the content is on “my” device after all. Tweeting or blogging about activities from the workplace is increasingly the norm, even if those activities are confidential or secret. Even the acronym NSFW, not safe for work, has evolved to identify what content may or not be suitable for viewing and sharing in the workplace (how else can I get the time to view all of this awesome content?). As quickly as NSFW has come about I predict it’s demise as these boundaries crumble and fall and anything and everything will be considered as acceptable to view at work as long as it is on “my device”.
Privacy vs Personal. There has been a growing trend amongst recruiters to look at the social media profiles of potential candidates. There is nothing illegal or unethical in this per se, although even standard police employment checks for the kind of role Paris Brown was entering into don’t specifically call out the need for social media checks/reviews. This is the dichotomy of the situation; how can I expect privacy when I do not observe it with my company data, and yet posting my weekends antics to my friends should remain with my friends, and yet this is the very real expectation it seems. How long will it be before this crashing realisation for a generation of people that what they have done in their adolescent years as they grew up really wasn’t just between friends but between the whole world, and put them at a distinct disadvantage in the job market? And will this realisation bring a raft of legislation along the lines of age discrimination, that disallows the use of this information during interview? There have already been cases of prospective employers in the US asking for Facebook credentials of candidates in order to check their backgrounds. Whilst this does cross moral, ethical and professional lines in many of our books, this is the inevitable alternative if this legislation doesn’t come in. As an infosec industry we will be on the front line of educating people of these consequences and potentially enforcing any incoming legislation in the workplace.
Professionalism in our Industry. But what about the here and now? As a profession we are held to a high standard of professional standards and ethics. All the organisations that we affiliate ourselves with to one extent or another have clear professional ethics. If during the recruitment process you have an opportunity to review somebodies social media background, would you take it? How would you use that information, and to what extent would a checkered social life influence your decisions? There are two sides to this of course; do your professional ethics stop you from looking (or just taking action from them), but then again would you want someone who appears to display a lack of self control and publicly put themselves into position of vulnerability that may allow them to be more easily bribed or blackmailed in an area that demands high levels of security and trust?
This generational gap in appreciation of the long lasting impacts of current social media in the world of big data is an area I believe is yet to be addressed fully. The sociological impacts of a series of younger generations engaging with an always on culture of social media are not yet fully understood and should be explored further. I hope the above is dipping a toe in the water of this huge body of water. Ultimately, if you are not paying for it, you are not the customer; you are the product…