Competitive Intelligence and Online Privacy, NSA Leaks from Edward Snowden

In preparation for attending the Privacy Identify Innovation conference here in Seattle with peers, my recent conversations have been around the  kind of data that Edward Snowden and related NSA leaks stirred up.


These conversations live in another dimension almost as spooky as the Twilight Zone.

While the NSA is in the center of this issue, we should think about the thousands of companies that have access to our personal information.

Through these companies there are an untold number of individuals who have access to our digital homes without our knowledge. Some of them knowingly allow access (while others do it accidentally.)

We have dropped the ball: not only as companies and organizations in the U.S., but as a global society we have absolutely failed to understand how the Internet of everything relates to metro, regional, ethical, and moral audiences around the world.

If this was my house it would  be leaving my front door unlocked and leaving it unattended. When we have a digital version of our home we need to give a little bit of thought about the benefits and risks associated to it.

  • We have to keep in mind that data isn’t limited to live where it is created.
  • It isn’t limited to a time or place.
  • It is a universe of information that covers both historical and future possibilities.
  • Our digital neighborhood isn’t local- it is global.

We need to ask questions about who may visit our home.

What do they know about me?

This is a big question. 

You need to have a grasp of the questions below before you can really begin to identify what they know about you.

If someone is interested in you they have decided you are worth a certain amount of effort.

The reality of the situation is that there are a lot of rocks to kick over and look under.

When competitive intelligence professionals like myself get involved there is a level of strategic and investigative research that takes place using all sorts of systems that help look under rocks quickly.

Examining what is under each rock cost a little bit of money and effort. If I have intent and reason to turn over thousands of rocks I will find out more about you than being lazy and turning over just one.

The speed at which this investigation can take place depends on the tools and the likelihood that the research effort will be rewarded with knowledge.

Thinking about who really has access to the data

When I turn on the typical desktop computer there are dozens of companies involved with the security of the data.

A basic example of typical computer privacy points:

  • The Brand/Creator of the PC
  • CPU Manufacturer
  • RAM Memory Manufacturer
  • BIOS programmer
  • Video Card
  • Wireless Processor
  • High Speed Modem
  • Network Router


  • Adobe Flash
  • Java
  • Microsoft Office
  • Firefox, Chrome, Internet Explorer (with several dozen plugins)
  • Internet is supplied by Comcast (Comcast router boxes, relay junctions, data stores, etc)

Web Services

  • Banking
  • Utility Payments
  • Mobile Services
  • Entertainment (Netflix, etc)
  • Social Networks (Facebook, Linkedin, etc)
  • Communication tools (email, digital phone, etc)

Securing the basic elements above almost requires a degree in rocket science.

Yet as a society of web enabled users we’ve thrown caution to the wind and have opted-in to all sorts of things like social networks and freemium web services.

Multiply the basic example above for laptops, tablets, mobile phones, etc.

Facebook is an amazing example of our blunder.

Over a billion people have joined the site and have given access to our profiles, social networks, and personal communications.

In addition to what we share on, Facebook scripts and widgets run on tens of millions of sites.

These scripts cover a range of login, recommendation, analytics, and sharing functions.

If you were to figure out the combined data collection of Facebook across all of these sites you’d have trillions of interactions.

But we also have Google who has access to sites with

  • Google Analytics
  • Google Webmaster
  • Google Adsense
  • Google Content Networks
  • Google Gmail
  • Google Docs

When you overlap just the properties and data collection points of Google and Facebook you end up with information on almost the entire web using population. 

The NSA may have access to that data… but who else?

While the NSA may have access, I wouldn’t typically focus on whether the NSA has it.

You should be focusing on people and organizations that seek you harm (if the NSA has reason to cause you harm, then worry about the NSA.)

Google and Facebook don’t necessarily want to harm us, but they do want to make a few dollars in profit.

The core item to think about is that there are thousands of businesses in the industry of collecting and monetizing our data or using it for harmful or monetary purposes. These include data brokers, financial organizations, major employers, and big retail brands. They also include criminal and military organizations.

The information they are collecting is specifically important to the intent of why they are collecting it.

You can help figure out where you sit in the big picture as both an individual and as a business by running through a series of questions.

What are the problems?

Data will always be created and collected by some process.

The core problem comes from the question of Good vs Evil?

Good uses:

  • Trying to use the data to improve the education system of a local town.
  • Supporting entrepreneurs to create green, sustainable business.
  • Helping third would countries raise the standard living.

Bad Uses:

  • Identifying an individual’s commute time to work so robbers know when the house is empty.
  • Discriminating against employees based on what was perceived as private.
  • Disabling a city utility by crashing the utility grid.

Why are they collecting data?

Most organizations use online data to define and segment millions of users into a size they can interact with.

They want to strategically locate communities and individuals who matter to them.

This usually revolves around simple items such as:

  • How many interactions?
  • How many relationships?
  • How many transactions?
  • How many habits?

 Who is using it?

The answer to who is using it creates a number of tangents to think about:

  • Where are they?
  • How do they store it?
  • Do they sell it?
  • Do they abuse it?
  • Do they learn from it?
  • Where do they have interests?

What laws am I dealing with?

As you answer the above questions about you begin to identify the legal structures of where your data lives.

In the U.S. we have some very specific ideas about privacy and freedom of speech. These same ideas may not apply around the globe.

  • Where does all that data live?
  • Who owns the lines it moves across?
  • What jurisdictions apply to the servers?
  • What companies have access?
  • What employees have access?
  • What criminals have access?

What ethics am I dealing with?

With some of the legal concepts detailed we can begin to think about ethical and moral uses of the data.

Some cultures and countries have wildly different ethical and moral concepts.

  • Do they want to hurt/help me?
  • Do they want to hurt/help my family/friends?
  • Do they want to hurt/help my company?
  • Do they want to hurt/help my country?

What can I do about it?

The key to protection is understanding.

#1 – write down a list of things that are most important to you.

#2 – write down a list of people who want to hurt you.

#3- ask an expert to detail ways #1 and #2 interact.

#4- Create a plan for protecting the things most important to you can be used by people wanting to hurt you.

#5- Apply a scenario to two or three organizations you don’t like and ask yourself what you can do to them.

These basic steps will wildly vary in results depending on if  individual and group perspective.

By understanding value vs risk you can allocate where your effort will produce the most protection.


5 common dating lies from a digital media agency

When trying to get your business, many digital firms act like sex starved singles prowling for a one night stand.

They get dressed up, tell you everything you want to hear, and try to glorify every statement so that you make an impulsive decision.

What they don’t tell you is the truth.

Read more

No Broken Bones with Competitive Intelligence

When the web emerged decades ago, few of us would have realized the sheer volume of information that we would digitally create, share, cultivate, and engage with.

I’m going to tell you how five basic problems demand the need for acting smarter and give some pointers for fixing these basic problems by wrapping them into the way you think about competitive intelligence.


I’m going to do it with a sports metaphor Read more

Reputation Management, the business value of who you are

Two years ago I wrote a white paper regarding the value of reputation management (see below) and the connection points within social media, public relations, executive branding, and business impact. These elements tie together to form the foundation of reputation management: with the business impact (both risk and reward) driving the primary strategic direction of the idea.

The bad part… Read more

Reputation Management and 15 questions to avoid a crisis

The story of reputation management in a crisis is fairly common: a businesses finds themselves in the center of a controversy spinning out of control on the web.
The  generally begins with an executive who happily fell asleep one night, only to awake the next morning with dozens of emails in the inbox and a team anxiously awaiting a “master plan” that will save them. The executive finds themselves wasting valuable time researching facts they should have known, trying to educate themselves on basic best practices, and hesitating to take action due to a fundamental lack of understanding.

This article takes a good look at why real reputation management is not just SEO, but an integrated and holistic communication strategy that ties into multiple parts of a business. By examining questions regarding reputation management to avoid a crisis elements, a business can have a healthy and positive online footprint that grows into a strong business asset.

In a crisis, the simplest actions become the most important ones.

While this exercise is written for a larger organization, all of the questions leading towards a good reputation management plan are valid regardless of whether your company has $25k or $500m in revenue.

“Prepare: the time to win your battle is before it starts.”
~Frederick W Lewis

Is your business prepared to operate without your web site?

There are a number of reasons why a site may go offline and you should consider ‘what if’ scenarios to ensure foreseeable events are taken care of. Failure to have a consistent presence during a crisis is a quick path to derail your reputation management strategy.

  • The most obvious is a simple hardware failure for the server.
    Make sure to have ample back-ups of the site (and keep them off location.)
  • Review if your site capable of having a major spike in traffic
    (can it handle 100k people using it?)
  • Have a site disaster plan in place (loss of power, flooding, fire, earthquake.)
  • Create a communication plan in case your web presence becomes compromised
    (I.E. hacked or crashed)

Who on your team is capable of answering specific issues about your high value assets?

Create a list of all the topical experts on your team.

Stack rank them in order.

If they are handling a very important asset, indicate a list of back-up personnel in case they can’t be reached. It is important to have an executive discussion and make a decision of who has responsibility before a crisis occurs.

Is your brand and mission statement integrated into a crisis plan?

In the digital world of reputation management and crisis control, responding quickly and transparently has huge benefits.

The simplest way to enable your team to act is to give them a direct brand and mission statement. By integrating this into the first step of your crisis plan, any employee in your organization should be able to ask a basic YES / NO question of “Do my actions support our brand and mission statement?”

This is critical for allowing an organization to have a consistent message at all levels.

“Not to know is bad: Not to wish to know is worse.”
~Nigerian Proverb

Do you know what assets you need to protect?

Like a good game of chess, you need to know the difference between pawns and your king. Sit down with an asset sheet and define all of your valuable assets.

This is the heavy lifting part of a reputation management project.

Write down every brand name, executive, and product your company offers.

You also want to include a list of top clients and high-value business partners.
Stack rank all of them in order of importance.

How can you monitor your important assets online for current and potential threats?

There are a wide variety of options ranging from free to paid systems.

  • For conversation monitoring there are tools like Google Alerts, Trackur, and Radian6.
  • For site monitoring there are tools like Google Analytics, Postrank, and Woopra.

Who is responsible for monitoring the web for early signs of a crisis?

If someone doesn’t have an official responsibility to monitor for signs of problems (and opportunities) – you will be doomed to a very jaded moment of finger pointing when the executive team all shrugs and says “I thought you were handling it…”

“You can either take action, or you can hang back and hope for a miracle.”
~Peter Drucker

Do you have a spokesperson capable of dealing with online communication?

The web can be a strange place: it involves blogs, article sites, consumer reviews, tweet streams, video critics, and community mobs. The spokesperson for your company needs to have a little bit of faith, a good amount of aptitude, an arsenal of technical education, and a whole lot of support. They also have to have a an attitude and a good character under pressure – the wrong statement at the wrong time (or taken out of context to the wrong place) can fuel a fire out of control.

Does your company currently have a system to push out a message to multiple social media channels?

When social media goes wrong, it can happen in a variety of places.

Think about the ways you can quickly create content and distribute it to channels such as Twitter, Facebook, Youtube, Slideshare, your blog, and the newswire.

This means having a ‘web brand kit’ ready that has the needed elements such as graphic visuals and video animations ready for use. The last thing you want to be doing during a crisis is waiting for your graphic designer to e-mail you a high resolution copy of your logo.

Does your company own its online brand assets?

There are dozens of important sites and profile accounts that your company should own. This prevents cyber-squatting on trademarked terms and important keywords that may be searched for online.

  • This includes accounts on services such as Twitter, Youtube, and Facebook.
  • It includes multiple domain variations (.com, .info, .org, etc)
  • It potentially includes common mis-spellings
  • It includes company, brand, product, service, and executive names.

“Problems become opportunities when the right people come together”
~Robert Redford

Do you have a real “web master” ?

All joking aside, you need to define someone who has both a business brain and an aptitude for the web.

In a real crisis, time is a very valuable and costly commodity. The faster you can initiate a proper response, the greater the chance you have of minimizing potential damages.

This person should also serve as the person who ‘double checks’ all of the basic preventative elements. When you are dealing with a potentially dangerous situation, you don’t want novice mistakes damaging your only lifeline.

(*Shameless plug : if you need someone who can handle this, drop me a line.)

Do you have an incident response plan?

This is really important. Everyone “in the know” should have a list of cell phones and e-mails to make sure that critical personnel can be reached quickly.

In an ideal situation, a private blog or employee portal can serve as a command center to coordinate information.

How can you help your business partners and how can they help you?

Share these questions with your business partners both internally and externally.

When forming a good reputation management strategy, the more the merrier.You don’t want to be trying to find the right communication person in a partner company or explaining the basics of this article during a crisis. You want to be able to pick up the phone and make a simple request to take specific action on behalf of your partnership.

This is a good opportunity for business partners to strengthen relationships. In the social media conversation, it is often more effective for your partners to lend defense and support. This can be incredibly important if the case happens to be oriented towards reputation management regarding search engine optimization (a few links from relevant partner sites can do a world of wonder.)

“When you create your own destiny you prevent others from doing it for you.”

How have you enabled your fans to support you?

Social media has some amazing benefits that extend outside of your immediate employees and business relationships. You have access to several different layers of social networks that can be activated to help you out.

  • Friends and Family – do a survey of your immediate relationships and find out what influential connections exist within your friends and family network. These users/decision makers/influencers can radically alter the way your business is viewed online (and in the real world.) While you may be planning a reputation management strategy for a crisis, this list is also a very valuable asset to be leveraged during good times (new product launches, special announcements, brand studies, etc.)
  • Happy clients and brand evangelists – these individuals may have no real reason to do something for you… except for the fact that they like your business, what you do, or who you are. This layer of fans has numerous advantages when dealing with the ‘digital mob’ that can arise during an online crisis. Understanding how to communicate correct information to this group quickly and effectively allows them to distribute it.

What happens when someone goes rogue?

It may sound harsh, but what happens when a trusted employee does something stupid? Perhaps they found a better job or they found out about a lay-off too early. Maybe they simply have too much personal stress and decided to push a couple of buttons…

Part of a good plan needs to have some consideration for back-up and redundancy. You never know who will be removed from the equation.

Do you have a social media policy in place?

This is a critical communication piece for your organization. Employees need to know how to act during both good times and bad. When looking at special assets and topics, your strategy may include exclusions for specific items that are ‘no comment’ items. This is commonly seen in traditional communication and crisis plans, yet online versions are often severely lacking.

*If you would like to develop a policy – read my recent eight part social media policy series.


If your company is publicly traded, how do you monitor threats that affect your financial value?

reputaion-management-ratingsA recent study by a researcher at Indiana University found Twitter has a predictive correlation to stock price (with 86.7 percent accuracy)

There are dozens of new platforms encouraging entirely new conversations online. The audiences involved in these crowds produce a massive amount of data that can often be correlated to revenue points within your business. It is critical that you think about what marketplace conversations are happening, what types of data are being created, and whether or not you can use that information to draw better business insight.

If you have survived a reputation management crisis,
what is one question you wished you would have asked
before it happened?

Read some of my other articles on reputation management here.