First, let me open this post by telling you that I am not going to bash the Marine Corps (USMC) or ESPN for their unfortunate and ill-advised decisions regarding social networks this week. But I will say this: Their respective decisions to temporarily (or permanently) impose restrictions and/or bans on their personnel with respect to social network access do not address the problems they hoped to correct.
We’ll get to that in a bit, but first, let’s flashback to what actually happened this week:
Exhibit A: On August 3, 2009, the United States Marine Corps released a document entitled IMMEDIATE BAN OF INTERNET SOCIAL NETWORKING SITES (SNS) ON MARINE CORPS ENTERPRISE NETWORK (MCEN) NIPRNE. The fully capitalized document essentially banned Marines from accessing social networks like Facebook, Myspace and Twitter from their network. (An issue for potentially tens of thousands of USMC families who currently use these platforms to stay in touch with their loved ones – deployed in active theaters or not.)
A few key elements of this ban:
1. PURPOSE. THIS MESSAGE ANNOUNCES AN IMMEDIATE BAN ON INTERNET SNS WITHIN THE MCEN UNCLASSIFIED NETWORK (NIPRNET).
2. BACKGROUND. INTERNET SNS ARE DEFINED AS WEB-BASED SERVICES THAT ALLOW COMMUNITIES OF PEOPLE TO SHARE COMMON INTERESTS AND/OR EXPERIENCES (EXISTING OUTSIDE OF DOD NETWORKS) OR FOR THOSE WHO WANT TO EXPLORE INTERESTS AND BACKGROUND DIFFERENT FROM THEIR OWN. THESE INTERNET SITES IN GENERAL ARE A PROVEN HAVEN FOR MALICIOUS ACTORS AND CONTENT AND ARE PARTICULARLY HIGH RISK DUE TO INFORMATION EXPOSURE, USER GENERATED CONTENT AND TARGETING BY ADVERSARIES. THE VERY NATURE OF SNS CREATES A LARGER ATTACK AND EXPLOITATION WINDOW, EXPOSES UNNECESSARY INFORMATION TO ADVERSARIES AND PROVIDES AN EASY CONDUIT FOR INFORMATION LEAKAGE THAT PUTS OPSEC, COMSEC, PERSONNEL AND THE MCEN AT AN ELEVATED RISK OF COMPROMISE. EXAMPLES OF INTERNET SNS SITES INCLUDE FACEBOOK, MYSPACE, AND TWITTER.
Exhibit B: On August 4, 2009, US sports broadcaster ESPN also announced new Social Media guidelines regarding employee/talent usage of Twitter.
Some key elements of ESPN’s new guidelines (bold text for editorial purposes only):
“We expect to hold all talent who participate in social networking to the same standards we hold for interaction with our audiences across TV, radio and our digital platforms. This applies to all ESPN Talent, anchors, play by play, hosts, analysts, commentators, reporters and writers who participate in any form of personal social networking that contain sports related content.”
* Personal websites and blogs that contain sports content are not permitted
* Prior to engaging in any form of social networking dealing with sports, you must receive permission from the supervisor as appointed by your department head
* ESPN.COM may choose to post sports related social media content
* If ESPN.com opts not to post sports related social media content created by ESPN talent, you are not permitted to report, speculate, discuss or give any opinions on sports related topics or personalities on your personal platforms
* The first and only priority is to serve ESPN sanctioned efforts, including sports news, information and content
* Assume at all times you are representing ESPN
* If you wouldn’t say it on the air or write it in your column, don’t tweet it
* Exercise discretion, thoughtfulness and respect for your colleagues, business associates and our fans
* Avoid discussing internal policies or detailing how a story or feature was reported, written, edited or produced and discussing stories or features in progress, those that haven’t been posted or produced, interviews you’ve conducted, or any future coverage plans.
* Steer clear of engaging in dialogue that defends your work against those who challenge it and do not engage in media criticism or disparage colleagues or competitors
* Be mindful that all posted content is subject to review in accordance with ESPN’s employee policies and editorial guidelines
* Confidential or proprietary company information or similar information of third parties who have shared such information with ESPN, should not be shared
Any violation of these guidelines could result in a range of consequences, including but not limited to suspension or dismissal.
Not everyone will agree with me on what I have to say about this and that’s okay. Just hear me out and feel free to tell me why I am right and/or why I am wrong.
First things first: The USMC’s ban.
Remember these posters from WWII? Seaborne convoys to Europe were under constant attack from German U-boats and it was believed (rightly so) that Nazi spies were listening in on conversations to help plan attacks on ships. The US government created an awareness campaign to remind people (military and not) to keep sensitive information (schedules, troop movements, ship departures, etc.) to themselves.
Smart move: Creating that awareness saved lives. People were introduced to a threat they had not considered, understood the stakes, and were asked to take responsibility for their actions. This was essentially a combination of awareness and training.
What the government didn’t do was ban military personnel and their families from using telephones, the US postal service or classified ads (the technologies of the time) out of fear that sensitive information might be leaked out via these mass communication devices.
Do you see where I am going with this?
Awareness, education and responsibility vs. outright bans. That’s the discussion we are really having today. What best practices can be put in place within an organization when it comes to social media usage?
In the case of the USMC, is an outright ban of SNS access on the NIPRNET truly the solution? Or is it possible that perhaps clear guidelines about what content is and isn’t acceptable (along with adequate monitoring) for Marines might yield better results without interrupting benign types of communications? Perhaps even create further layers of guidelines based on the role and location of these Marines. (Recon Marines in Iraq vs. a drill instructor on Parris Island, for example: Different threat. Different access to mission-sensitive info, etc.) This might sound complicated, but it isn’t.
Look at it in a different way. Is it possible that Marines chatting about a mission within hearing range of an Iraqi vendor or contractor might be as damaging (if not more) as a Facebook update? An overheard phone call? An intercepted postcard while on leave? Isn’t it more likely that sensitive information would find its way into the hands of the enemy through conventional means than through a tweet or Facebook update?
The risk here is not the medium, it is the behavior. Ban access to the medium and you solve nothing: The behavior is still there, only now, you are blind to it. Double-fail.
Identify the threat, then address the specific threat. That’s how it works. If you identify the wrong threat and engage it instead of the real threat, you’re screwed. I fear that this is what has happened with the Marine Corps. In other words, not only will the move not save lives, but it will instead help further isolate soldiers from their families at a time when technology makes deployments a lot more manageable than they have ever been.
I kidded on Twitter earlier this week was that to avoid being outdone by the Marine Corps, the Army was planning to ban the use of telephones and the Air Force would look into banning the use of snail mail. Don’t take it too literally (I understand the different threat posed by the openness of social networks), but don’t dismiss the notion too quickly either. Twitter… telephones… not a huge difference when you step back and look at the full picture.
There is a reason why telephones and mail were not banned in WWII: Training and awareness worked. A ban of technology usage would not have worked at all. The lesson: Give people some credit. Give them the opportunity to do the right thing. Don’t treat them like stupid little children. Chances are, they’ll make you proud. (That’s what IBM did… but hang on. We’re not quite there yet.)
In regards to ESPN’s Twitter guidelines:
Many of these guidelines are solid. Especially “Confidential or proprietary company information or similar information of third parties who have shared such information with ESPN, should not be shared”, “Assume at all times you are representing ESPN” and “Exercise discretion, thoughtfulness and respect for your colleagues, business associates and our fans.” No problem there. These should actually be #1 #2 and #3 on that list.
When it comes to being professional, representing your employer 24/7 and not sharing confidential information, thumbs-up. Good stuff. I’m right there with you, ESPN.
But wait… then things get a little out of hand.
Case in point: “Personal websites and blogs that contain sports content are not permitted.” Seriously? So let me get this straight… if I am a triathlete working for ESPN and want to write a post on my own personal blog about the half Ironman I just competed in last weekend, I am not allowed to do so? Am I also prohibited from posting pictures of my son playing basketball on my Facebook page? Openly supporting a charity like Livestrong or Susan G. Komen is out of the question then? Let alone sharing with anyone that I am a fan of a particular team or athlete?
Another problematic policy here is this one: “The first and only priority is to serve ESPN sanctioned efforts, including sports news, information and content.” Not to get Clintonesque here, but can ESPN define “the”? Whose priority are we talking about, and in what context? Is ESPN implying that their employees use of social media platforms (FaceBook, Twitter, blogs, Skype, Friendfeed, IM) is exclusively limited to ESPN-sanctioned communications? So… Any use of social media outside of a ESPN-sanctioned context is in violation of company policy? Outside of work, ESPN employees are no longer allowed to connect with old high school friends on Facebook? They shouldn’t engage with friends, neighbors, golf buddies and family members on Twitter? They should immediately end their involvement with the dozens of hobby-related communities they belong to online, from sports clubs and antique car collector communities to foodie and health-minded forums?
Help me out here. I don’t see how this makes any sense from an HR or PR perspective (let alone a legal one). Though some elements of this policy are sound, others fall completely outside the realm of realistic, enforceable and effective guidelines for company-wide social media usage. Perhaps ESPN might want to consider other options (and probably better sources of advice) when it comes to framing policies for its social media program? Perhaps (again) incorporating training for employees as well might be a better solution?
Counterpoint: IBM’s fantastic internal social media policy – A template for all companies? (Maybe.)
You might not expect a corporate juggernaut like IBM to lead the way when it comes to creating effective social media guidelines for its employees, yet here we are: IBM was one of the first enterprise-size companies to not only recognize the need for such a document, but also to deliver an adequate set of guidelines within it that made sense and allowed its culture to spread. IBM recognized that treating its employees like responsible adults rather than dangerous little children might yield pretty good results.
And they were right.
I want to highlight a few specific elements of the document here so you can enjoy the radical contrast between ESPN’s less than savvy approach vs. IBM’s:
As outlined in the Business Conduct Guidelines, IBM fully respects the legal rights of our employees in all countries in which we operate. In general, what you do on your own time is your affair. However, activities in or outside of work that affect your IBM job performance, the performance of others, or IBM’s business interests are a proper focus for company policy.
IBM supports open dialogue and the exchange of ideas.
IBM regards blogs and other forms of online discourse as primarily a form of communication and relationship among individuals. When the company wishes to communicate publicly as a company—whether to the marketplace or to the general public—it has well established means to do so. Only those officially designated by IBM have the authorization to speak on behalf of the company.
However, IBM believes in dialogue among IBMers and with our partners, clients, members of the many communities in which we participate and the general public. Such dialogue is inherent in our business model of innovation, and in our commitment to the development of open standards. We believe that IBMers can both derive and provide important benefits from exchanges of perspective.
One of IBMers’ core values is “trust and personal responsibility in all relationships.” As a company, IBM trusts—and expects—IBMers to exercise personal responsibility whenever they participate in social media. This includes not violating the trust of those with whom they are engaging. IBMers should not use these media for covert marketing or public relations. If and when members of IBM’s Communications, Marketing, Sales or other functions engaged in advocacy for the company have the authorization to participate in social media, they should identify themselves as such.
Read the rest here.
Beautiful, isn’t it? IBM actually treats its employees like responsible adults. How about that.
By the way, check out when IBM started working on this: 2005! Most companies today still don’t have adequate (or even specific guidelines when it comes to social media usage) and we’re just a few months away from 2010. Anyone feeling a little unprepared right now? Yeah. Some of you probably should be.
That is how it’s done, boys and girls: With calm, insightful knowledge and understanding. With respect for the medium, the process, your employees and your customers.
Okay, now come close. I have a secret to tell you: The best antidote to fear is knowledge.
That’s right: Companies whose staffers understand social media, community dynamics, organic brand management and new technologies will figure out how to do this right. (Like IBM.)
Conversely, companies with a lack of knowledge, understanding and practical experience in these areas are bound to let fear overcome logic and common sense. Fear, ignorance and paranoia aren’t exactly good foundations upon which to base a social media program – or anything else, for that matter. This is how companies can suddenly invalidate the entire potential of their social media efforts AND turn a knee-jerk reaction into a PR disaster all in one fell swoop. (And man, is it painful to watch.)
Incidentally, if you are a corporate executive who actually fears his own people… why are they your people? (Either hire better or train better. What are you doing? Hiring mean-spirited unprofessional idiots with no common sense? In this economy? When you could have your pick of the best talent out there?) If you have to impose bans and draconian restrictions on your staff to keep them in line, if the stick needs to be bigger than the carrot, your problem isn’t Twitter or Facebook. Your problem is you. (Something to think about.)
One last bit of wisdom from IBM’s Social Web Guidelines to send you off on a good note:
Be who you are. Some bloggers work anonymously, using pseudonyms or false screen names. IBM discourages that in blogs, wikis or other forms of online participation that relate to IBM, our business or issues with which the company is engaged. We believe in transparency and honesty. If you are blogging about your work for IBM, we encourage you to use your real name, be clear who you are, and identify that you work for IBM. Nothing gains you more notice in the online social media environment than honesty—or dishonesty. If you have a vested interest in something you are discussing, be the first to point it out. But also be smart about protecting yourself and your privacy. What you publish will be around for a long time, so consider the content carefully and also be judicious in disclosing personal details.
This is so evolved that it almost brings a tear of joy to my eye.
No need to panic. If IBM can pull it off, our company can too. (Yes, even you, ESPN.) To start with, all you really have to do is take this social media program building process seriously and maybe ask for a little bit of expert help to help you avoid these types of snafus.
Incidentally, if your company doesn’t currently have either a solid set of social media guidelines or employee awareness training in place, give me a call (or have your HR manager give me a call). I can help you with that.