Saturday, January 28, 2012

New book from St. Martin's details the problems of online reputation, online security for visible individuals and almost all businesses

On my blogs, I have written extensively amount online reputation.  Much of my concern has been based on an older risk, in the Web 1.0 world, that manager, teacher, or anyone who makes decisions about others in the workplace, could demonstrate prejudice in front of search engines merely by expressing well-intended views or opinions about political and social issues (like race or gay rights) in an unregulated public space.  Over time, the issue of reputation became more complicated, especially with Web 2.0 and the growth of social media, where others could so seriously injure someone’s standing in front of others, causing job loss or even worse.

A new book carries this further, showing that many companies, and many people whose own reputations depend on how well they run these companies, as well as politicians and celebrities, have to spend a tremendous amount of attention to digital reputation.  Attacking the reputations of competitors has become an “accepted” way to do business.  This may be part of the “cheating culture” already presented here before (March 28, 2006).

Here are the details:

Authors: Richard Torrenzano and Mark Davis
Title: “Digital Assassination: Protecting your Reputation, Brand, or Business Against Online Attacks
Publication: New York: St. Martin’s Press, 2011, ISBN 978-0-312-61791-2, hardcover, 289 pages, 11 chapters, with endnotes and index.

The Amazon link is here.

(Just a quick note on the title: Microsoft Word tells me that “from” is the right idiomatic preposition, not “against”.)

The book is outlined around “seven swords” (of)  and “seven shields” (against) digital destruction.

The swords include volume bad-mouthing (leveraging search engines), impersonation, anonymity, placing “truth” out of context, and (with the most detail of all), hacking.  The shields involve a careful approach to online presence.

Since the advent of social media, it has become clear that almost no one can simply stay offline in order to escape “conflict”.  There is no call to “run away” from the problem of online reputation by becoming a Luddite.  One has to contemplate carefully just how much material (and about what) to put online, as that will affect his or her search engine results.  The authors recommend that people blog or write about only their areas of expertise. In my case, because so much concentric material is “generated” from the way one particular incident in my life was interpreted, and because I’m not in the business of volume-selling to people, I do think my own “best practices” would differ from those of most other people. In fact, the best behavior of “content generators” (such as artists or musicians) would differ somewhat from those whose living depends on selling the work (or political stakes) of others.  The old, trite soap opera question “Who do you work for?”  really matters, I think.

The authors offer an interesting comparison of the cultures of Google and Facebook. Google was originally more concerned with public self-broadcast, which can result in social connections (as it did very much for me). Facebook was more concerned with the friendship rings within which components of information circulate.  One problem is that “Facebook culture” could wind up creating a climate of social conformity if misunderstood by employers and families (as it has been).  On the other hand, “Google culture” (until more recently), could  eventually result in anarchy, which can in turn generate new forms of exclusionism, maybe even fascism.  The authors could be clearer on the significance on both Google+ and Facebook (especially the latter) that account holders use their real names or identities, precluding leading a "double life" online. 

The authors, at least indirectly, do take up the problem of downstream liability, discussing both the DMCA safe harbor and Section 230 at the end of the book.  The authors do not argue for public policy changes to increase downstream liability, but rather argue that individuals and businesses (especially) must learn how to work in the topology or “analytic measure” of the global digital world.  They seem to think that major policy changes are unlikely. The book apparently went to press before SOPA and Protect-IP proposals became controversial.  The authors do say (p 171) that under current law it’s illegal (in the US and the west) to hack or set up a company just to hack or to counterfeit or to pirate. But there’s no legal penalty for using materials stolen by others (a point that gets caught up in SOPA).

The author’s longest “sword” chapter deals with hacking and the near impossibility of defending against very determined attackers.  They discuss the risk to critical physical infrastructures, including nuclear power plants, the general power grid, and the entire petrochemical industry.  I remember that these grim possibilities were discussed in the Minneapolis papers in early 2002, shortly after 9/11.  Why are the systems associated with critical infrastructures (or even national security, including nuclear weapons launch) reachable from a public Internet?  (Banks seem to be different and more secure, but I wonder, given the identity scams.)  This does sound like a public policy question.  The proposals by Thomas Friedman and even our president to build a smart Web to manage all home energy use could be undermined by the vulnerability to hackers. 

The risk that all this poses to “ordinary users” is quite variable.  Again, people who must “sell” or whose own contributions to the content involved online may be more vulnerable.  The authors warn the reader about the desirability of disconnecting home wireless routers when not in use, and in taking other measures that could increase the risk of ordinary technical problems and disruptions. 

In my own mainframe information technology career, I had few concerns.  I worked "internally" and "retired" at the end of 2001; I had published my first "controversial" book in 1997 and become active in Web 1.0 by 1998.  In my day, one could lead multiple lives. No more.  

There has been controversy over how much “moral responsibility” or “karma” ordinary “amateur” web publishers should accept given that they are accepting the risks (along with the low cost) of a technology where it is very difficult to prevent deliberate malicious behavior and where some people (usually more vulnerable and less savvy or less intact) get badly hurt.  Should a home wi-fi owner be held responsible of a criminal drives by and uses it to disseminate child pornography?  Should computer users be held responsible if their own computers are hijacked to launch attacks?

A world where there is more downstream liability (or, in some prosecutorial circles, “absolute liability”) would mean a world where “average people” can do much less on their own without the supervision and approval of third parties (or at least without the equivalent of an Internet “driver’s license”).  There would return the higher barriers to entry of the past.  It would be less “democratic” or “egalitarian”.  It also might be safer and more sustainable, and force people to take more responsibility for others.  There’s another debate just under the surface of this book.

Richard Torrenzano speaks in this YouTube video by Leading Authorities. He says he and Davis approached the book from the viewpoint of reputation, not just technology.  (Daniel Solove’s book on Reputation is reviewed here Jan. 12, 2008.)  I’m surprised he doesn’t specifically discuss Michael Fertik and his company “Reputation Defender” (or “”) in more detail.

Would this book lend itself to documentary film?  "Online Reputation" certainly would make for a good PBS POV segment. 

No comments: