Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Evan Schuman: Social media endangers corporate secrets

Evan Schuman | April 9, 2014
Employees can unintentionally share more than their employers want anyone to know.

Your enterprise may not have Apache helicopters to protect, but it does have information that's every bit as valuable.

And as I said, the ways of unintentionally exposing data are growing. Twitter recently started allowing its network to mark the precise location of every tweet. This development has already been blamed for disclosing the home addresses of celebrities. But it won't be a problem just for celebrities. It can be a problem for your company if your employees tweet from the road.

But this should be an easy problem to address, right? Just tell your employees to disable the location option on Twitter. Maybe not, if IBM Research is to be believed. It has developed an algorithm that it claims can analyze anyone's last 200 tweets and determine his or her city with almost 70% accuracy. I have my doubts about assumptions behind this algorithm, though. For example, tweeting "Let's Go Red Sox" is taken to be evidence of Boston-area residency, but not all Red Sox fans live in the Boston area, and I can think of several reasons for a non-fan to tweet "Let's Go Red Sox." There are also assumptions about placing tweeters in specific time zones based on the frequency of their tweets in the course of each day, but those assumptions are fairly easy to dismantle. Maybe such faulty assumptions are what kept the tested accuracy of the algorithm down to 70%.

Not that social media sites are the only way to unintentionally reveal information. Far from it. Consider publications. Ars Technica ran a story in which the author was closely tracked for several days -- by Ars Technica. Like many websites that require logins, Ars Technica records the date, time and IP address that a user logs in from. The publication's normal practice is to discard all but the last of these records. However, it made an exception for editor Cyrus Farivar, who wanted to see just what is possible with such activity logs.

As it turns out, the answer is, "A lot." The analysis revealed where Farivar was when he logged in. It showed what he was reading. It showed how long he spent online. The information could be highly specific. Farivar writes, "In one instance, on Thursday February 6, at 9:30am, I was logged in at a particular San Francisco IP address. Looking up that IP on turned up not only the city, but one of two possible street addresses as well."

The results of Farivar's experiment suggest that another publication might have data showing that several people in your company took a sudden interest in reading about some obscure emerging technology. That information quite likely carries implications about your company's plans. And it is entirely out of your control and in the hands of a for-profit company that sells information.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.