Practical advice for managers on how the Web and social media can help them to do their jobs better

[source: Amazon]

I first heard Euan Semple speak about Social Media at a BCS (British Computer Society) ELITE event at BT Tower (in London) back in 2008. What differentiated him from others writing and speaking about the subject?

• Experience: he has a very credible background in collaboration and communications, formerly at the BBC and latterly as an ‘independent consultant’ with blue chips and niche players.
• Hype realism: a recognition of the need to drive real value from social media, delivering business outcomes, not ‘digital noise’.
• Adoption complexity: it takes ‘10 seconds’ to sign up on Twitter, and less again to start using it in an ineffective and potentially damaging way. Forces such as consumerisation and social web have created mind shifts in business. Euan sets out simple, effective, engaging and sensible advice which will inform CxOs, marketers and communications professionals alike.

If you have an interest in the social web and optimisation of communications using social media, this book is a must buy.

Further Info

[source: Amazon]

Today′s managers are faced with an increasing use of the Web and social platforms by their staff, their customers, and their competitors, but most aren′t sure quite what to do about it or how it all relates to them. Organizations Don′t Tweet, People Do provides managers in all sorts of organizations, from governments to multinationals, with practical advice, insight and inspiration on how the Web and social tools can help them to do their jobs better. From strategy to corporate communication, team building to customer relations, this uniquely people–centric guide to social media in the workplace offers managers, at all levels, valuable insights into the networked world as it applies to their challenges as managers, and it outlines practical things they can do to make social media integral to the tone and tenor of their departments or organizational cultures.

• • A long–overdue guide to social media that talks directly to people in the real world in which they work
  • Grounded in the author′s unparalleled experience consulting on social media, it features eye–opening accounts from some of the world′s most successful and powerful organizations
  • Gives managers at all levels and in every type of organization the context and the confidence to make better decisions about the social web and its impact on them

Euan Semple is one of the few people in the world who can turn the complex world of the social web into something we can all understand. And, at the same time, learn how to get the most from it.

Ten years ago, while working in a senior position at the BBC, Euan was one of the first to introduce what have since become known as social media tools into a large, successful organisation. He has subsequently had five years of unparalleled experience working with organisations such as Nokia, The World Bank and NATO.

He is a one-man digital upgrade option for us all to download.

This world is changing fast, but he makes sense of it because he understands that the core basics remain the same: community, learning, and interaction. He is a master story-teller who offers a host of practical tales about how this new world can work for real people in the real world.

Figure 1 – The Johari Window devised by Joseph Luft and Harry Ingham

The Johari Window is a model for describing personal awareness types and human interaction.

Quadrant A: encapsulates personal awareness and a wish to share information with others, for the purposes of simplicity assume this means publicly.

Quadrant B: encapsulates personal awareness of a different type. The motivations for concealment are plentiful (bad habits, competitive advantage, Machiavellianism, protection of personal interests etc.). The size of this box tends to diminish as trust relationships expand, however I contend: a) there are many types and levels of concealment implied here and b) many different levels of trust in different social circles.

Quadrant C: encapsulates weak personal awareness and misinterpretation (we assume others see us as we see ourselves, but this is not the case). This quadrant (in the context of Social Networking) provides an interesting opportunity for introspection and awareness development from social feedback, Social Network Analysis and sentiment analysis. This is a box full of brambles!

Quadrant D: Donald Rumsfeld’s infamous Known Knowns speech of 2002 sums up this quadrant.

A Prophetic View

Just under two years ago I wrote a somewhat prophetic article concerning Privacy and Social Networks in which I argued for the need for additional privacy controls and multiple walled gardens within social networks. Facebook lists were a crude approximation, but Goolge+ Circles now excel at delivering the concept. A sister post in February 2010 discussed Social Search and the Integrity of the Social Graph, concluding that Google was heading (with purpose) into the Social Networking space.

What I said back in January 2010:

Visualisation of Social Network privacy controls is poor. The granularity of access controls is too coarse. My solution would be creation of (either my privacy “Onion model”) or perhaps more simply a ‘radar’ or quadrant model on which connections could be placed within ‘trust zones’ (by dragging and dropping them onto the appropriate region). Configuration is half the battle, and visualisation of the resultant privacy controls effect is essential. This is where current controls are weakest. I also want multiple walled gardens to play with (where I could segregate user groups) and ensure no (uncontrolled) information leakage between…

A trust and privacy ‘radar’ would be equally interesting, with those closest to the centre having the greater trust relationship and access to more personal data.

The Johari Window and Google+ Circles

Figure 2 – The Google+ Circle Model

I have a number of Circles within Google+: Friends, Family, Acquaintances, Scientific Community, Social Media, Politics, Techies etc. There is also a ‘Public category’ which maps neatly onto Quadrant A of the Johari Window.

Quadrant B maps neatly to the different circles (Friends, Family etc.). This creates controlled separation, where I can isolate various topic discussions. This helps prevent Family members from being bored by discussions about Social Network Analysis or Social Psychology! Equally it saves Scientific Community colleagues reading my latest views on the European Union. There is a great deal more depth to this than simple ‘separation of interests.’ Despite what we may think, as multi-dimensional beings, we do not necessarily want everyone in cyberspace or our social sphere having a complete 360 degree view of our personality, interests or social connections.

Quadrant C could make for a ‘fun’ social network game – tell me something about myself that I don’t know, but you do know. Play at your own risk!

Quadrant D is ripe for Reality Mining as long as there is a digital footprint.

The Johari Window provides an interesting thinking framework on which to base an approach to online privacy protection and information sharing across social groups.

Extending the Johari Window for Privacy and Reputation Protection

I propose an extension to the Johari Window (as depicted in Figure 3). As information flows into a Circle we lose control of it. We must assume that we have chosen Circle members well and that each member will understand (and abide) by our privacy wishes in respect of that information. The obvious drawback however is that there is no adequate meta-data associated with the shared information to indicate to Circle members what is ‘allowable’. Perhaps Google will introduce ‘Circle Contracts’ to stipulate between parties what is acceptable!

Adding an A+ box (Figure 3) recognises that there will be information which I am happy to be disclosed by people acting as relays between Circles with no restrictions.

Box B+ recognises information disclosed to certain Circles must stay within that Circle or may be selectively disclosed to other Circles (not under my ownership) which meet certain membership/privacy criteria. There is currently however no way to express this (or manage disclosure across ‘logically chained Walled Gardens’).

Box C+ recognises that there is information about myself of which I am unaware, and would be happy about being disclosed. If it is information which may be publicly disclosed, it fits within box A. If it requires restriction per ‘Walled Garden’ or Circle, it fits within box B.

Box C++ recognises that there is information about myself of which am I unaware, and would be unhappy about being disclosed. This box is ripe for Reputation Protection.

Boxes C+ and C++ are interesting as I would be theoretically unaware of my privacy requirements until the information is disclosed (of course heuristics could be employed).

Boxes B, B+, C, C+ and C++ all have potential for information leakage. As Circles and Networks are highly interconnected, chances are the information could reach parties which you would rather not see it.

Extending the Johari Window and applying this thinking technique to online privacy within Social Networks is useful in terms of surfacing complexity and also challenging personal views of requirements for information management.

Figure 3 – Extending the Johari Window

[source: Steve Nimmons]

The Digital Revolution has brought many benefits and profound societal changes. As we endlessly skim the web seeking “information rewards” like crazed lab rats, are we in danger of losing cognitive function, the ability to read and think deeply? Are our brains being re-wired by the very machines and technological channels that we mistakenly believe we control? Has the master already become the slave?

Having just finished reading the astonishing “The Shallows” by Nicholas Carr, I am in vociferous agreement with his assertions on the dangers of cognitive overload and the risk of depletion of reasoning skills. Carr (formerly the executive editor of the Harvard Business review, and blogger), the author of “The Big Switch: Rewiring the World, from Edison to Google” famously posed the question “Is Google making us stupid?” And quite frankly, over-reliance on “search memory”, the neurological bombardment of constant digital stimuli and exponential demands of multi-tasking appear to be making us ‘flighty’ and intellectually shallow. Web pages are skimmed in an “F-shape” pattern in approximately 20 seconds. But, a “poor life this if full of care, we have no time to lift finger from mouse and stare” – and contemplate.

Carr questions if Google is a search engine or is it really (along with its Web cohorts) nothing more than a massively sophisticated distraction engine?

The Church of Google

Google’s business model is built on the art of distraction. Velocity counts, the paradigm demands constant skimming, link jumping, and attention hogging (chat, social platforms, RSS feeds, information sources akimbo). Web commercialisation, click revenues from advertising demand constant motion. A consumer ‘at rest’ decays in value. However, velocity through the digital mire may reward the AdSense gods, but does little for our comprehension, except service (and indeed reinforce it) with the banal and superficial.

From Socrates to Plato to Nietzsche

I hear screams of ‘Luddite’ echoing across the digital expanse. And true, the oral tradition of Socrates wrestled with the written tradition of Plato. Much would be lost. The concern was unfounded, and with Gutenberg’s printing press led to a surge in intellectual mass-cultivation and enlightenment. The tools we use become part of us, and we become part of them. As Carr reminds us of Nietzsche’s relationship with his typewriter:

“The Writing ball is a thing like me: made of iron

Yet easily twisted on journeys.

Patience and tact are required in abundance,

As well as fine fingers, to use us.”

We must not ignore the effect the tools we think we control, control us and shape us to their every whim.

Plasticity of the Brain

And it is indeed the marvellous plasticity of the brain that is its undoing. “What fires together, wires together” is a truism of the construction and reinforcement of neural circuitry. The brain adapts, and seems to be adapting to the attention deficient world of the web, and not necessarily to our benefit. Our ability to comprehend and subsequently ruminate over weighty or lengthy topics appears to be in swift decline. The speed at which information can be consumed appears to be a significant determining factor in its perceived quality and importance (an observation not lost on me in the way I have to structure blog articles).

Omni-visibility

For an number of years I have been interested in the concept of Web 2.0 “Presence Engineering.” In essence the automaton of self, always on, always present, always engaged. But as Seneca said: “To be everywhere is to be nowhere.” I therefore (taking heed of Carr) redefine omnipresence as omni-visibility. Multi-channel visibility is different to multi-channel presence. The former is advertising, the latter is fulfilment of brand promise. Substance comes with deep thought, contemplation, originality and innovation. Servicing web presence leads us into the same trap as the lab rat hunting for its next pellet. Consider therefore if you would benefit from greater digital disengagement in 2011, switch off the Kindle, buy some challenging (paper based) brain food and head for a secluded and tranquil glade for neural regeneration.

The Ultimate Book Worm

Carr also discusses Google Book Search and the extremely ambitious project to ‘digitise all of the world’s printed books.’ A wonderfully altruistic goal it might be argued, except for (copyright infringement aside) the placement of a single digital library in the hands of an humongous private enterprise. Monetisation of access, content ‘unbundling’, slice and dice and book mashups will surely follow. But is there a chimera under the dust cover? Why burn books when they can be digitally shredded? Search results could be skewed to present books ‘leaning to towards a certain ideology’, in digital form publication is transient – facilitating a re-write or implantation of propaganda revised narrative. And if a worm ever did get loose inside the great digital library, how could we ever trust the integrity of the word again?

The “Elemental Web” was a connection of machines, then a connection of sites, now it is a complex amalgam awash with traditional links and millions of ‘inter-personal’ connections defined by the Social Graph. But what exactly is the Social Graph, is it open to manipulation and how might this affect experimentation in Social Search? How shall we seek to vanquish the Social Chimera?

First let me define the Social Graph and the fundamentals of Social Search. The former is the connection of people and the defining relationships. It is built on new algorithms such as the Social Graph API as well as “older” technologies such as XFN and FOAF. It puts the ‘human face on linking’. Its emergence is driven by the uptake of Social Platforms (blogs, microblogs, Social Networks) the platforms on which the Social Graph is expressed and lives. Every participant has their own Social Graph (to whom and how they are connected), and the superset is a connectivity mesh of immense complexity (around the world in Six Degrees). Social Search seeks to leverage information within the Social Graph to provide improved relevance of results. Simplistically, we are influenced by our connections, therefore recommendations from trusted ‘friends and digital acquaintances’ have an obvious relevance and appeal. Trust, relevance and measurable contribution are key areas on which to focus. For an excellent introduction to the topic I recommend “Connected: The Surprising Power of Our Social Networks and How They Shape Our Lives” by Dr. Nicholas Christakis and Dr James Fowler, as well as “Trust Agents” by Chris Brogan and Julien Smith.

A range of start-ups (including some notable failures) have been active in Social Search experimentation (Sproose, Mahalo, Jumper 2.0, Wikia Search, Qitera, Scour, Wink, Eurekster, Baynote, Delver, OneRiot and SideStripe). Of ‘more’ interest however are ongoing trails in Google Labs…

Travelling back through the annals of time we recall a “Web of Machines” an interconnected backbone and fabric, the foundations of the modern Internet. Search Engines arose, linking strategies developed; soon links between sites became tradable commodities. Reciprocal linking remains a popular SEO (search engine optimisation) strategy (you link to my domain, I link to yours). A standard Webmaster to Webmaster behaviour was soon under significant ‘manipulation’ (aka gaming) by link spammers and link farms. This targeted link popularity at a domain level, but the ‘take home’ is that once search algorithms are (at least partially) understood, and there is benefit in higher placement in search engine results, then ‘algorithmic gaming’ is ever present.

The Social Web has given rise to a new form of linking, inter-personal links within the Social Graph. “You follow me, I follow you” is a personification of ‘old school’ reciprocal linking. The domain is no longer the ‘back link’; it is the ‘personal’ connection in the Social Graph. It could be argued that this is just good social graces, I’m interested in you, and therefore you should express and reciprocate the same interest. As with link farms and link spamming in the “pre-Social Web”, we are of course seeing a volume of similar misbehaviour affecting the Social Graph across today’s Social Platforms.

My concern and what I want to highlight in this piece is the potential to skew emerging Social Search algorithms, and how they must account for ‘hyper-connected gaming’. Naturally what motivates this (mis)behaviour is ’short cutting’, in other words rather than build up a following organically through ’service to the connected community’, you simply ’snowball’ a following using automated techniques such as ‘mass following’. Twitter is the ultimate sandpit. If not fuelled by it, it could certainly be argued that it is well lubricated with snake oil. This is not in itself a criticism of Twitter’s model, but rather recognition that auto-pilot users (often “mavens” or “work at home” marketing specialists) are ’swamping’ the platform with all manner of affiliate schemes which they promote through mass communication and mass following techniques. This is not what I classify as pro-social behaviour.

The great joy of the Social Web of course is that people and behaviours can be ignored and dismissed. Un-friend, un-follow, block are all readily available choices. Surprisingly however, research shows that we rarely do much housekeeping on our online networks and hence the Social Graph is additive rather than truly reflective.

With that précis of how I view some online social or really anti-social behaviour, I return to my concern of how the Social Graph is open to manipulation. I’ve written on numerous occasions about proactive Social Networking and how I feel this is often beneficial.

Connections extend possibilities, but there is a value to those connections and indeed how we behave in the social context of those connections, be that by social graces (etiquette) or through positive contribution to group and community dynamics. I very much view proactive or speculative networking on sites like Twitter to be very useful. Indeed my metaphor for such is a “tap on the shoulder”; Twitter being particularly valuable in this regard due to its non-invasive nature.

I am currently participating in the Social Search experiment on Google Labs, and it is through this that we must seek to vanquish the Social Chimera’s influence. The principle of the experiment is “more easily find relevant blogs, reviews and other public content from your social circle”. The social circle is determined by the Social Graph, for the purposes of this experiment being links and connections found within Google Profile. In my case this points to all of my Social Site presences such as LinkedIn, Twitter, Facebook, YouTube. You begin to see the potential, the more I am connected within the ‘graph of others’ the more likely that my recommendations and interests show up in the Social Search results of others (establishment of motive and opportunity). Manipulation of this centrality might therefore yield increased influence or (heaven forbid) opportunity to drive monetisation through questionable affiliate schemes. This presents problems; new motivations to drive hyper-connectivity (now inter-personal), a need to filter the Social Graph and the Social Search results and clear them of the behaviours associated with such manipulation.

The good news is that Google is astute and experienced in recognising, accounting for and penalising algorithmic gaming. But all is not simple. There are some very pro-social characters heavily involved in Social Media that have 100,000+ followers on Twitter. Many also follow the same number. Does this denote egalitarianism and utility, or something less admirable? It certainly does not provide transparency (in the link alone) to the utility and nature of that relationship to all 100,000 connections. We need to look therefore at relationship reinforcement in the Social Graph. If two people are tagged in a photograph they are “close by definition”, multiple conversations, multiple connections across disparate social sites also reinforce connections. But this still lacks sophistication as it negates (or dilutes) the role of the influencer. Such relationships might be more characteristically ‘one-way’, but none the less I might be more interested in the Social Search result of an influencer rather than a weak connection. It is also difficult to ascertain current “levels of manipulation” and how people within those networks should be accounted for (or discounted). Twitter seems endemically littered with ‘friend collectors’, fuelled by an insatiable (and mistaken) hunger for collection of worthless and highly contrived influence. So this presents the dilemma of how to filter the signal from the noise. This epitomises what I believe to be a principle challenge of Social Search.

What is noise, what is the signal and how is this algorithmically quantified across a vast array of differing Social Graphs, how do we qualify and ‘level’ the meaning and importance of relationships?

Beyond some of the basic reinforcement checks I described earlier, I suggest semantic analysis, sentiment analysis, measuring utility in relationships and contributions are of primary appeal for research and development. Personal control is also important. It could be argued that this is intrinsic in controlling personal Social Graphs at their source, but this involves restraint and is very difficult to visualise (it is also not a great deal of fun and constrains the potential of proactive networking). Control over the search results and how these feed through the Social Graph to the results of others (i.e. privacy control) also needs to be thought through. This could lead to the creation of additional Inference Channels, which we may prefer remained ‘hidden’.

I encourage you to engage in the Social Search experiment, at the same time ruminating on your perception of social participation on the Web. The motivations of others naturally need to be questioned, but drive your networking on the basis of pro-social activity. Share, contribute, grow, but be cognisant of the Social Graph, its emerging centrality to Social Search and a need to preserve its integrity. Equally, follow with interest further debate concerning algorithmic tuning to ensure social results are not “manipulated” by hyper-connectors. Ponder also Google’s strategy in Social Networking.

Create profiles, connect with others, collaborate and share: Google Profiles, GMail, Google Reader, Google Groups, Google Side Wiki, Google Talk, YouTube, Picasa, Google Wave, Social Search and so forth. There is no direct landing page or dedicated Portal (with the exception of Orkut), but ‘all of the above’ sounds a lot like a decentralised, feature rich Social Networking platform! Could it be argued that Google’s lack of explicit “overarching site” is leading to more natural social interaction and a purer emergent Social Graph from those actions?

I might typically end with a rhetorical “will Google be the ‘glue that binds’?”, but certainly it already is. It is the ultimate in “decentralised” Social Networking, Social Search being a tantalising addition if utility and purity can be appropriately delivered. Page Rank established a mechanism for quantifying importance and authority of sites. Will “Page Rank for People” emerge as a ’solution’ to Social Search manipulation?

“Privacy is an onion” (patent pending maxim); it is situational, temporal and multi-dimensional. Perhaps said axiom should be recast as a ‘genetically modified onion’.

Perusing articles on Facebook privacy control changes from a well-known security company, there is the revelation that “no private information should be on the Internet”. A wise statement for an information security purist, but what constitutes ‘private information’, to what degree is it fluid and are the controls within Social Networks sufficient to allow us to restrict access in the ways we demand / require? What are the ’sociological norms’, and what of ’super-social’ libertines (such as I) that have exceeded Dunbar’s Number by a magnitude of 700%?

How does information aggregation affect risk and perception of privacy control – are we at risk through inference channels in the Social Network? How do we perceive and manage trust? With rigour, paranoia, neutrality; is it earned, easily lost. How do we convey this and ensure our privacy is being managed accordingly? This brief set of questions hints at the complexity: cultural and emotional; qualitative; psychological; behavioural that guides our experiences online. Are Social Networks really equipped to meet sophisticated information management demands from a savvy user-base? How will they augment existing controls to facilitate virtual world technologies and context aware devices that would provide further “locational” (excuse the Social Computing neologism) and situational information?

Today’s Social Network (I take Facebook as a pervasive example) is a walled-garden (in general terms). Most users create a ‘private’ profile and control access by granting or denying friend requests, which can then (by and large) see profile information, pictures, status updates and other friend connections (there are nuances, but for brevity I generalise). My ‘bug bear’ with this model is a) poor visualisation of what effect the setting of privacy attributes has b) it’s not more walls we need, it’s more gardens! I shall elaborate on my latter ethereal viewpoint. Going back to trust, you may trust someone implicitly in the office, but don’t want to entrust them with private information in a personal Social Network. Trust and privacy are also really inter-woven concepts. There are also gradations of trust. For example I might trust someone based on their profession (doctor, airline pilot), but there is a limitation in the trust.

I might trust someone with another career background differently, or the trust may be quite neutral. We need more trust and privacy zones (which need to be explicitly defined and explicitly visible) to place individual connections inside a more sophisticated information handling model within the Social Network. In a rudimentary sense this exists with “Friend’s Lists”. These can be created in Facebook and ‘friends’ added to multiple lists which can then be used to permit or deny access to information at a group level. I term this ‘rudimentary’ as the configuration is somewhat arcane, and the visualisation of the result is best described as disappointing, a point to which I shall return.

Aggregation of information and how this affects risk exposure and privacy concerns are also interesting. Simplistically it might be argued “have a sparse profile with little personal information and this is a non-issue”. Whilst logical from a simplistic perspective, consider the aggregation of information from interaction, commentary, and chat services (etc.) and over time information aggregation becomes an increasing concern. I have also (of late) been thinking about the risk of “Inference Channels” in Social Networks. Database and data mining “theorists” will be familiar with this concept. Without diving into a treatise on Claude E Shannon and Entropy Theory, suffice to say this is concerned with deducible links through network connections and whether knowing about a set of relationships (perhaps even individual pieces of personal information) could lead to the discovery of inferred or elicited relationships or information. This may of course be entirely benign, but the Inference Channel has an implied risk that ‘unknown information’ will be discovered through analysis of multiple relationships (as I mention a known concern in highly secure database systems). A subject on which I have written (at some length) is also the opportunity for Social Engineering and leveraging elicited information for nefarious purposes. I am satisfied that the corporate world is generally cognizant of such risk, but wonder if more could be done in terms of “general public education.”

Risks have a tendency to multiply rather than divide, and the unrelenting pace of Social Network development leads me to concerns over a number of “emerging technologies”. Those that read my recent predictions on Social Network developments will have noted my belief that virtual world technologies will augment the rather unsophisticated and stifled ‘networking’ model that we have today. Context Aware devices will provide further enrichment, but both enrich not only networking experience but also the quality of personal information (now situational) that might ‘leak’. The Social Network’s model for configuring privacy controls, defining trust relationships and visualising the result is not equipped for this (I think it barely struggles with today’s limited demands).

Control, visualisation, predictability have been central themes of my ‘critique’ of existing offerings. I therefore close by suggesting a few improvements and opportunities for development and research in this area:

1. Visualisation of Social Network privacy controls is poor. The granularity of access controls is too coarse. My solution would be creation of (either my GM Onion model) or perhaps more simply a ‘radar’ or quadrant model on which connections could be placed within ‘trust zones’ (by dragging and dropping them onto the appropriate region). Configuration is half the battle, and visualisation of the resultant privacy controls effect is essential. This is where current controls are weakest. I also want multiple walled gardens to play with (where I could segregate user groups) and ensure no (uncontrolled) information leakage between. So my ‘quadrant model’ needs to work in three dimensions!
2. A trust and privacy ‘radar’ would be equally interesting, with those closest to the centre having the greater trust relationship and access to more personal data.
3. Inference Channels are ‘tricky’ due to the myriad of links, attributes and permutations affecting such. I continue to read widely on the subject and would welcome comments on how this might be best addressed. One area that would be interesting to research further would be ‘real-time risk advisors’ (as an example) on chat services seeking to warn users when the aggregation of personal information across “conversations” reaches a certain threshold. This would have numerous applications.

Finally, I hope my musings have not dissuaded anyone from participating in ’speculative networking’. We don’t agonise over privacy concerns before exchanging business cards, so with a degree of care and attention pro-active and speculative Social Networking can be beneficial. But remember, I am a self-confessed libertine!

This article first appeared on the Atos Origin CIO / CTO Blog in January 2010.

Article first appeared in the July 2008 issue of ITNOW.

From interruption to interaction, online advertising has progressed quickly in the last few years, says Steve Nimmons.

Online advertising has been with us since the earliest days of the internet and where eyeballs meet content, advertisers will be close by. The first web portals were (almost uniformly and tastelessly) bedecked with every imaginable flashing widget that might attract a valuable click-through. I will spare the early designers’ blushes but some sites would today come with health warnings for photosensitive epilepsy. Quality had to, and did, improve.

As the popularity of home computing exploded throughout the 1990s we experienced year-on-year exponential growth in the online community. Statistics for 2007 indicate that some 32.5 million people in the UK are now online, spending 16 hours per week on the internet.

Online advertising in the UK in 2007 hit £2.8bn and is currently running at nine times the level of growth of the entire sector. There has been a £2bn leap since 2003, a trend that can be linked to the strong uptake of broadband technologies (now with 90 per cent of the market penetration) and the richer experience offered by web 2.0.

Spending on internet advertising in the UK now exceeds that of press classifieds and regional newspapers. Video sharing services have also played a large part in this success, as advertisers have been able to use richer media and viral marketing. Search currently accounts for 57.1 per cent of all online advertising, display 21.5 per cent and classifieds 20.8 per cent.

Google’s headline advertising revenues have even surpassed ITV1′s, a landmark in the competition between traditional commercial advertising and internet media. UK ecommerce revenue predictions (Forrester UK ecommerce Forecast 2006-2011) foresee a rise from £30.2bn to £52bn by 2011. It is clear therefore that this is a burgeoning market and year-on-year spending growth exceeds 38 per cent (in the UK alone).

Web 2.0 has further ‘tipped the scales’. I describe web 2.0 as having rebalanced the content producer to consumer ratio, enabling a very simple entry point to web participation and content creation and distribution. In real terms this has led to massive growth and fragmentation of the delivery network.

This is characterised by the appearance of tens of millions of blogs, disparate, niche content and entrepreneurs vying for a slice of the monetised blogosphere. Improvements in mobile technologies have created new opportunities to reach audiences.

Social networks, blogs, wikis, video and picture sharing, chat services, forums and many others are competing for attention that used to be the preserve of radio and television entertainment and print media. Social networks are serving up captive audiences in huge volumes, which is quintessential catnip to advertisers.

But there is a problem. Advertising quality issues, abuse, the ‘malware of adware’, volume overload, relevance and level of interruption have been areas of traditional frustration and contention. The web is packed with affiliate programmes and advertising networks.

Google (for one) has been trying to provide better quality click through on sponsored links and suffered market turbulence in March when their ‘quality not quantity’ strategy resulted in a significant downturn in click-through growth. Advertising solutions are admittedly sophisticated but are they really delivering utility to consumers and sellers in line with our changing needs and expectations? What are the emerging challenges and opportunities we will face going forward?

There have been some reasonable attempts at contextual advertising and this is being extended with interesting work in behavioural targeting. I worked in data mining research back in 1993 and remember having many discussions about the way in which the web would emerge as the greatest profiling and personalisation experiment of all time.

I foresee increased velocity in the development of behavioural targeting, but this necessitates behavioural profiling and hence collection, storage and processing of personal data. Social networks and advertisers are keen to leverage this, but have had a great deal of difficulty in selling the concept to users. My view is that, while users would be perfectly receptive to the results, they are not at all comfortable with the means.

Considering that online privacy, phishing, identity theft, data protection and data security are high on everyone’s agenda, and with low levels of trust and high profile data security failures (from social networks to government departments) a great deal of work is needed to quell fears. It really does boil down to trust and ISPs, social networks, traditional sites and advertisers must provide adequate security, transparent policies, opt-outs (many would prefer opt-ins), anonymity, data protection and data destruction.

I would also advocate increased regulation of what information can be collected and sold (although we should not forget parallels with loyalty schemes in the offline world). There have been many examples of negative press in the past number of months concerning Facebook/Beacon, Phorm, deep packet inspection, user privacy, social networking security, preservation of anonymity and many others.

Although largely interruptive in nature, advertising sponsored software as a service solutions (SaaS) are interesting. Offerings such as Microsoft AdCentre equip SaaS suppliers to design and operate targeted ad funded services. Advertising fulfils a role therefore in innovations that provide utility to the consumer by reducing (or removing) total cost of ownership. Of course this has been a characteristic of advertising in the online domain for many years.

The semantic web will add another dimension as it begins to free us from the limitations of traditional key word searches. The semantic web will also be a less contentious mechanism for serving (improved) contextual advertising. There are currently some really interesting innovations in corporate marketing (products, services, and jobs), B2B / B2C and others in virtual environments such as Second Life.

A number of large IT companies (Microsoft and IBM in particular) are leading the way with interactive demos, virtual meetings and presentations, virtual sales representatives and self-service ‘kiosks’ linked to assets on corporate websites. As we edge towards web 3.0 a lot of harmonisation and platform aggregation lies ahead with web 2.0 and new search technologies folding in on virtual worlds.

The virtual shopping malls created in Second Life provide a view of future online retailing and the opportunity for advertising and cross-selling as part of a pure play uninterrupted and interactive customer experience. Semantic search and personalisation through profiling will strengthen this.

Advertising is fundamentally content and must follow the rules. This means relevant, attractive, interactive (at least non-invasive), regulated, ethical and innovative. Competition is fierce and advertising volume can be overwhelming.

Attention is getting harder to grab but desire to drive increasing growth in a booming multi-billion pound industry is unabated. Conversion rates and cost effectiveness are key drivers and advertisers need to match their pace of change with consumer confidence in relation to new methods and technologies.

The backlash against Beacon and public meetings over Phorm indicate that the consumer must not be rushed. The internet has an almost unique position in modern culture, for many a last bastion of escapism. We are profiled regularly in real world retailing, resistance to which has largely faded, but internet anonymity will not be easily surrendered.

Trust, data security and privacy must be addressed with users and not in spite of them. The key sell is advertising as content inline with user experience. Enriching and non-interruptive models coupled with semantic web and web 3.0 herald an exciting future for the industry and internet community.

Article originally published by Evaluation Centre / Conspectus, Summer 2008

Steve Nimmons warns of the hidden threat to corporate privacy and reputation lurking within Web 2.0.

The Historical Problem

I recall (approximately eight years ago) reading an interesting poster on social engineering at a well-known electronics company in California. This wall-chart communicated sensible advice for dealing with unsolicited phone calls, ‘chance’ conversations and the importance of discretion when discussing corporate matters on planes, trains and automobiles.
Topics such as tail gating, the ‘risk of gallantry’, the social and psychological tricks used by experienced practitioners to project ‘belonging’, the need for discretion and vigilance in public spaces and of course ‘clear desk policies’ were explained in concise, relevant and accessible language.

In this way, workforces across this and other enterprises were equipped to deal with the primary aspects of corporate social manipulation. Using in-house and industry standards, they shared the wisdom of primary threats, expected behaviours and above all encouraged staff training and awareness.

I visited many technology start-ups during this time. Their social engineering concerns centred mainly on leakage of financial data and intellectual property. With looming IPOs (initial public offerings) these companies had a lot to lose; the wrong information entering the market at the wrong time could potentially damage earnings.

Intellectual property was naturally their core competitive differentiator and was suitably protected, including legally through patents and non-disclosure agreements. It was clear what they feared, why they feared it and that they were being proactive in terms of minimising their overall exposure to risk. Their perimeter defences, with clear corporate boundaries and technological barriers, tamed Web 1.0.

The Problem Develops

Fast-forward eight years to the introduction and exponential uptake of Web 2.0 and it is fascinating (indeed crucial) to explore the need for similar protection and advice today. The Web 2.0 revolution essentially involves the removal of technological barriers to content publication. Blogs, wikis, forums, social bookmarking and social networks are just some of the means by which individuals can share and debate views (single click, no safety catch).

As we have discovered (or perhaps suffered) in the past few years, the web provides ideal conditions for libel, defamation (perhaps creating internal conflict or damaging partner relationships), careless divulgence of information and the association of the individual and corporations with unflattering and potentially damaging material.

These are arguably Web 2.0 ’s most concerning corporate side-effects. Worryingly, the individual is the power-broker of Web 2.0 and with microblogging (particularly Twitter) tipped for meteoric success, we will see even less control exercised over what are essentially globally distributed sound-bytes.

Pseudonyms provide anonymity, personally or corporately identifiable profiles ‘should’ engender a greater spirit of caution and present an opportunity for positive self and corporate marketing (for example, through blogging and thought leadership initiatives). But what needs to be understood clearly is that the search engines with their omnipresence discover our sins. In print media, yesterday’s news wrapped today’s fish and chips. But in the electronic age, opinion has an almost immortal quality. Search engines have a unique ability to discover and neatly present information that we may prefer remained hidden. Meanwhile, the Web and blogosphere contain a cacophony of voices inside which they are the eavesdroppers and intelligence agents.

There is an adage that Web 2.0 profiles are like tattoos – something you do when you are young and live to regret. But with appropriate controls, education and consideration, companies can seek to accentuate the positives and in sophisticated cases utilise them in personal branding and corporate marketing strategies.

Where once scraper and ‘shill’ sites were padded with ‘pointless’ copies of the Open Directory Project (an old trick to create thousands of pages to bloat a website that was then packed with affiliate programs and click-through advertising), they are now extracting content from RSS feeds, quite a number scraping via Technorati tags that simply mirror their underlying site’s (content) taxonomy. I use Technorati tags to categorise content for improved searching and user experience. I am often amused to see how my articles are ‘aggregated’ onto these sites totally against copyright and any sense of appropriate ownership and control. In some cases the use of such content may be beneficial (eg, offsite advertising), but consider the potential for widespread distribution of commentary.

Keep in mind the traditional political and broadcasting advice to ‘treat every microphone as if it were live’. Something said is difficult to retract in Web 2.0 ’s publishing model. This could affect your personal reputation, privacy, cause corporate embarrassment or perhaps worse. Social engineers are astute, so be careful of being drawn into electronic conversations that should be avoided. Solutions to some of these issues are emerging – including online reputation protection services such as Reputation Defender, ClaimID and Naymz – suggesting both the commercial and personal need to clean up ‘digital litter’.

Digital litter is all those nuggets of information personally linked to you – and be under no illusion that this body of
information is being pored over by fraudsters and marketing companies, and in the corporate realm by researchers and
competitors. Information, of course, is not as volatile as might be imagined. Simply deleting it from the original source is no guarantee of its destruction, with scraper sites, search indexes and historical web caches adding to the complexity. Reputation protection may only dilute some of the problems rather than completely remove them.
We must of course accept freedom of speech and the right of fair criticism. In the Web 2.0 domain, our ‘complaints’ may well be beyond any reasonable bounds of control.

Corporate reputation is also tightly coupled with customer satisfaction, shareholder value, innovation and similar attributes. A key addition to the advice from 2000 is therefore to minimise personal and corporate risk from a system of worldwide electronic publishing where everyone can act as content producers.

Corporate boundaries

As well as shifting the content producer-to-consumer ratio, Web 2.0 has removed some traditional corporate boundaries. In Unified Communications we talk about edgeless enterprises. Web 2.0 warrants a special mention as it has ‘eroded the edge’ through its technological simplicity, whilst also prompting a radical reappraisal of the psychology of home and work.LinkedIn, Facebook, Plaxo, MySpace and associated groups today provide a rich hunting ground for the social engineer. Companies can be significantly profiled. Their names, departments, reporting structures, nature of business, personal links and networks can be mined and prioritised for further attack.

It is relatively easy to comb sites for information to use in ‘impersonation attacks’, extracting additional detail through email, telephony and other channels. With no identity management (ie, no established trust) it is simple to create fake pages, groups and details and use these to link the unwitting.

I am opposed to companies blanket banning access to social networks. Bans of this nature have one glaring weakness – they end when employees go ‘off the clock’. They also restrict the business benefit that could be derived from appropriate use. It’s vital to understand your risk exposure and develop appropriate security policies, best practices and employee education.

Parental education is a recurring theme in the recent Byron Review (established in 2007 to study the online safety of children) and I draw parallels with employee and employer education. Threats are ‘evolutionary’ and social engineering is enjoying an upsurge in the volume and quality of unsolicited, freely and legally attainable information. Reputation protection faces new challenges due to the speed of content production and distribution, a mechanism of such
simplicity and attractiveness that bewildering numbers have embraced it across previously untouched demographics.
There is a strong case for placing the onus on site providers to better protect privacy, but personal accountability must be advocated above all.

Key Points

So the key points that go on my updated wall-chart for 2008 are:

• Explain risk exposure in terms of information leakage, and libellous, defamatory or brand-damaging activities through the employee base. Public comments from identified staff are potentially detrimental to business reputation and relationships.
• Understand and (in many cases) limit the volume of available corporate data on personnel, roles, responsibilities and professional activities – the social engineering goldmine.
• Marketing and IT security play an expanding role in meeting new threats and opportunities.
• Introduce Web 2.0 savvy security policies and training plans. It is no understatement that the proliferation of Web 2.0 opens a sizeable number of holes in the sieve of corporate intelligence (take the recent Facebook security leaks and social worms like Secret Crush as examples). Educated staff can make informed decisions and can better manage their own digital footprint as well as that of their employer. It vital is therefore for modern security training to cover the fundamental dangers of Web 2.0.
• Companies should understand the mechanics of auditing, measuring and defending their online reputation. Web intelligence solutions are particularly useful but the ability to manage remedial action is still fairly undeveloped.
• With appropriate selection, guidance, motivation and controls, there is an opportunity to use the publishing power of Web 2.0 for extremely positive personal and corporate gain.

It is important not to be overtaken or overrun by technological advances. I recently advised a company following its discovery of some unofficial social networking groups (bedecked with company name and logo). These groups were innovative and well intentioned (if naïvely established) and such discoveries indicated corporate IT were losing touch with talented, motivated and active networkers.

Simple editorial control and content audits were set up. It is however important to reflect on the potential for damage as well as the potential for gain if the same enthusiasm were harnessed through focused and ‘moderated’ corporate initiatives.

Summary

Information leakage has reached the point where in April 2008 the Israeli Defence Force (IDF) was compelled to issue a
statement warning that “Facebook was a threat to national security”. At the heart of this was the ‘free and easy’ manner in which members of the IDF were posting personal information, identifying themselves as members of the security services, pictured at sensitive installations and discussing sensitive subjects.

In other words, the problems we face are so potentially damaging that they are now ‘on the radar’ of government security services. Online advertising models deserve an article in their own right, but I would briefly mention privacy concerns over Phorm and the highly publicised ‘Beacon disaster’ championed by an ‘unwisely zealous’ Facebook. These add an additional twist to the complex world of Web 2.0 security.

The best way to respond to these threats is to shape, cultivate, educate and empower your employees. Develop an
understanding of your risk exposure and Web 2.0 ’s threats. The blinkers of a ‘9 to 5’ blackout may be unworthy – but be warned, you lose control of your employees, your personal or corporate reputation in Web 2.0 at your peril.