Thursday, September 07, 2006

Privacy in the Board Room: The Ethics of Surveillance...

Corporate Governance in the board room itself is blazing out of control at Hewlett Packard (HP) as a result of an internal investigation. The finger pointing, board resignations and ethics questions are all in the news. And that is just a very small story on the entire landscape of corporate digital surveillance or internal investigations. This is a business your insurance company is funding and for good reason.

The entire episode—beyond its impact on the boardroom of a $100 billion company, Dunn’s ability to continue as chairwoman and the possibility of civil lawsuits claiming privacy invasions and fraudulent misrepresentations—raises questions about corporate surveillance in a digital age. Audio and visual surveillance capabilities keep advancing, both in their ability to collect and analyze data. The Web helps distribute that data efficiently and effortlessly. But what happens when these advances outstrip the ability of companies (and, for that matter, governments) to reach consensus on ethical limits? How far will companies go to obtain information they seek for competitive gain or better management?


It will be interesting to see if the California Attorney General is going to get into the middle of the battle. Yet, there seems to be less discussion about the ability of a skilled investigator using "Social Engineering" techniques to obtain the information in question.

Hackers like Kevin Mitnick call it "social engineering." Other folks call it plain old lying. But today's private investigators have a new word for obtaining information under false pretenses; they call it "pretexting," and it's apparently big business.


We wonder about the new legislation brewing in state capitals to extend the data privacy laws and the national Gramm-Leech-Bliley Act (GLBA)to telcos, ISP's and other repositories of personal information. Bankers have been working for a decade to stop the same criminal activity of stealing information to use in a fraudulent manner. It won't be long before your phone company will be sending you those privacy disclaimers in the mail and two-factor authentication will be the norm when you log in to Verizon Wireless.

No comments: