by Scott Martin, Luis Aguilar, Jenton Lee
In an information based ecosphere actors can create, retrieve, and analyze vast amounts of data with increasing efficiency. Just as individuals struggle to maintain control of personal information and communications, organizations face pressure to protect their Trade Secrets and Intellectual Property. IBM has developed a new business tool–IBM Security Intelligence with Big Data–to identify disgruntled employees who present a greater risk of leaking sensitive corporate information. This tool collects and compares employee corporate communication and public statements (such as comments on social networks) and conducts a sentiment analysis identifying individuals who are presenting divergent point-of-views internally and externally.
The introduction of this technological mediator would likely reshape the employee-employer relationship. Popular culture offers a window into the negotiation of these relationships with the introduction of email monitoring on the tv show, The Office. The delegations of responsibility can not only prevent unauthorized information release (think Bradley Manning and Wikileaks) but also have unintended consequences. How do relationships change when the system flags and makes an employer aware of sensitive information regarding an employee? Who maintains such a system and what powers do they project upon it? What happens to productivity and employee moral as these new mediated dynamics evolve?
False Positives
At first glance, this tool may look like the perfect solution for large corporations like IBM, which strives to protect valuable company secrets and intellectual property. Due to its technical resources and sheer size, the company can continue to tweak the system to further improve its results. However, issues will arise when IBM inevitably sells and installs their “black box” security tool for companies of all shapes and sizes. As with Latour’s sociotechnical exploration of issues related to keeping a door closed, the complexities of these heterogeneous organizations exemplify why security tools intrinsically are not a one size fits all solution.
When such a security technology is purchased by a small or medium sized organization and the consultants leave after reaching 100% build-out, who handles the inevitable future system “false positives” and filter tweaks required due to the nuance of that business? As presented by IBM, this work will fall under the purview of an organization CIO with the day-to-day operation delegated to the company’s IT staff. To make adjustments to the system, it means that they will need to test their updates using the company email and employee social network data. In short, this dramatically changes the structure of the company. Technical IT staff, generally untrained in HR and policies procedures, will in effect augment HR by being exposed to higher amounts of personal employee email and social network correspondence.
When employees get word that their communications are being scanned by an unknown technology, how will this change the supervisor/employee dynamic and productivity? Now that the managers know that a security system is monitoring employee communications, they may no longer need to be concerned with employee morale. In response to delegating the security responsibility to a technological mediator, project managers may focus on just handing out tasks and requesting project status updates via email. This new social dynamic may result in a chilling-effect, reducing productivity and innovation as employees invest time and effort to scrutinize each correspondence, self-censor communicates with others both inside and outside the company, reduce the frequency of communication or shift to off-line communications to circumvent the mediator.
Invasion of expected privacy
In the workplace, perception can be a very powerful apparatus that can help or hurt your career. Most people feel that they are in control of the way they’re perceived by their bosses and their coworkers. With the advent of these new ‘Security’ tools, the risk of an invasion of expected privacy becomes all the more salient. This invasion may result in creating an unfair negative perception of that employee in the eyes of those who monitor the tool.
The article mentions that the tool would monitor the social media activity of an employee and flag any behavior/conversations that the tool deemed ‘risky’. In a not so far-fetched scenario, imagine if there was an expectant mother, who hadn’t yet disclosed her condition to her co-workers for fear that she may get passed on an upcoming promotion. If one of her social media posts was flagged by the IBM tool, and that post happened to mention her pregnancy, whoever is overseeing the flagged posts is now aware of her condition. This overseer could very well be the woman’s manager or could pass on that information to the woman’s manager. At this point, the overseer and/or the manager have been made privy to personal information that was collected by the security tool, which runs counter to its initial purpose. Even though the intended prescription of the security tool towards the human delegates was to detect security leaks, the actual prescription has now become become one of unearthing personal information.
One could make the argument that because the female employee had posted information onto a public social network, then any information she divulged would be fair game. However, with the implementation of this security tool, what might have been information that was obscured by volume, is now identified because of the surveillance ability of this ‘Security’ tool. With the loss of control of one’s personal information in the professional setting, and employee may also lose a sense of personal and professional agency.
In closing, as mentioned in the Missing Masses article, even though a new artifact of technology (in this case, the door groom) may promise myriad benefits to the actors (people entering the building), the actual impact of the artifact may not live up to its expectations or leave some actors behind (there were some women and children were not able to exert enough force to open the door). Similarly, this IBM security tool may promise to identify possible data leakers in order to protect a company, but it is possible that the methods taken to obtain this data will end up harming the employees at the company.