I wonder if, in the public relations community, there's an unofficial moratorium period after which you're free to leverage the misfortune of others (companies, people, etc.) in order to forward your own agenda. Today, approximately two weeks after news surfaced that HP chairwoman Patricia Dunn ordered the surreptitious investigation into the source(s) of leaks to the press (an investigation that invaded the privacy of HP directors, employees, members of the press, and their families), I've received e-mail from providers of supposedly "legitimate" big-brotheresque solutions, seeking coverage on ZDNet.
In both cases, the "pitch" opportunistically uses the scandal at HP as "the hook." I've decided not to mention the names of the vendors or the people who sent me the e-mail. But I thought I'd share with you what showed up in my inbox. In my 15 years of tech journalism, this stuff is pretty par for the course. Something bad happens that has to do with technology and some group of vendors that thinks their solutions are relevant to the situation invariably move in like vultures. Quite often the pitch is a bit of a stretch considering the news that triggered it. But creative PR people will look for any way to spin something to their advantage. The first e-mail arrived at 3:38 this afternoon under the heading New investigative tool from vendor xyz announced tomorrow. According to the first e-mail:
....given the uproar around the recent HP spy scandal I thought this news from vendor xyz (which will be formally announced tomorrow) would be of interest to you and your readers.....product 123 is an investigative email auditing tool for investigating, scanning, and reading employee email accounts without changing the password or otherwise alerting the owner of the email account that an investigation is happening. With product 123, corporate IT staff are not needed to conduct the investigation; providing corporate officers a tool that can be used without jeopardizing the security and sensitivity of an investigation....prominent analyst Isay Itforabuck said "Recently we've witnessed how HP is dealing with what some in the media have called the 'embarrassment' of that company needing to 'spy' on members of their board of directors, but that situation shows how serious the regulatory environment has become."
Under the subject heading The effective way to monitor employees on the Internet, the next e-mail arrived around 30 minutes after the first (almost as though some magical deadline had passed). It said:
The growing need for organizations to monitor employee communications can get some companies into unnecessary trouble, as shown in the recent news of the covert methods Hewlett-Packard used to investigate internal news leaks. While organizations are within their right to monitor their employee’s electronic actions, not having the proper “insurance” monitoring tools set in place to legally and efficiently monitor digital behavior can cause companies embarrassment, legal problems, and financial jeopardy.....For your developing coverage of the HP situation or discussion of the issues that it has raised, I’d like to introduce you to a C-level expert at ABC vendor that can discuss legal and appropriate methods of gathering information within an organization.....Their product, product 123 attaches itself to the Internet gateway of an organization and captures everything coming in, going out and passed within the network.
Suffice to say that neither of these solutions would have been very helpful in conducting the sort of investigation (that ultimately used pretexting to gain access to phone records) that Dunn ordered. So, I'm a bit shocked that solution providers are invoking the HP situation to make their case. I see the connection. But trust me... anybody that's secretly communicating about company secrets with someone outside the company is not going to be stupid enough to share what they know over the corporate infrastructure.
Also, I understand that there's a place for these sorts of products given various regulations and the need for some organizations to monitor Internet usage for nefarious activities that could constitute sexual harrassment (eg: having Web pages from porn sites in plain view in the work place). But I also believe that transparency is the best policy. Let employees know what is or can easily be monitored and what the company DOs and DONTs are. I also don't believe that such tools are appropriate for determining whether someone is goofing off on company time. If someone is goofing off on company time, that should show up in their performance and any decent manager should be able to spot it in a heartbeat.