I was always planning to write about something in the news for Friday. After a few more philosophical and historical posts about my research, I thought I was due. But one of my Twitter friends linked an article this week that made me want to explore a problem in public relations.
Yes, it was about Ashley Madison.*
* Probably better than my original idea, a rant about the Iran deal and the exhaustion of global American power.
And yes, the popular reception of the Ashley Madison hack was immensely hypocritical coming in the same week as Gawker's outing of a high-ranking Condé Nast editor who no one is now naming out of contrition.** Dan Savage said it well enough that I can simply link to it. Shaming one rich person for an affair is terrible, but humiliating and compromising 37 million regular people is fine.
** This even though we all know who it is from having read the original Gawker story. I can say it because, not only do we know who it is, I’m one guy with kind of an anti-authoritarian streak. It’s David Geithner. Tim Geithner’s brother. Who is married to a woman and has sex with men. Soap opera country.
|So incredibly cheesy.|
That’s a moment of popular hypocrisy that I can acknowledge and move on. Because I’m most interested in exploring an analysis at PR News about how Ashley Madison’s public relations department was caught flat-footed by the hack. Well, as anyone would be with such a catastrophic compromise in your company’s confidential data.
The brief set of solutions that the article’s author, Matthew Schwartz, recommended have to do with maintaining a solid relationship between the PR and IT department. Ashley Madison’s major PR messages were that their information was absolutely secure from any hack, attack, or thievery. They promoted themselves as “the last truly secure space on the internet.”
If the PR folks had interacted with the IT department, they would have known that there is no truly absolute security on the internet. Every security system has its vulnerabilities, simply because of the complexity of software architecture, and the rigid nature of the logic of computer programs.
A company’s level of internet security is only as strong as its attackers are weak. If your data is secure, it’s only because no one has thought of how they can steal it – yet.
Always, there is yet.
This is true. It’s a basic truth of internet security that you can glean from an afternoon chatting with your company’s IT folks over coffee, or reading Neal Stephenson’s Cryptonomicon. I don’t think the problem was that Ashley Madison PR was somehow not knowledgeable about how internet security works.
The problem was that the priority of Ashley Madison’s PR department was not set to respect the company’s duty to be honest with their clients about the limits of internet security. Their priority was to disseminate messages that would encourage people to gravitate to Ashley Madison when they wanted adulterous services.
That’s a marketing priority. And it’s very easy for marketing priorities to leave out information that complicates how someone understands a company’s business, if that information would make them skeptical.
“Ashley Madison is perfectly secure” is a simple message that encourages people to use the website for their secret sex transactions. “Ashley Madison does a generally very good job with security and we hire the best people, but at a particular level, we’re still constantly playing catch-up to the innovations of cyber-criminals and web malignants, just like every other business and government on Earth,” not so much.
The troubling part about PR is that it can be in the department’s best interests to obscure information that would make people think twice about becoming customers or clients. It’s the company’s best interests too, at least in the immediate frame of reference.
Ultimately, PR is caught between the need to draw people to their business and the need to be open and honest with the people who’ve trusted their business.
It isn’t a lie to omit a truth, but trust requires openness.