2 February 2015

You’re Doing it Wrong


Rule No. 13: “When in charge, take charge.” — General H. Norman Schwarzkopf

Saturday, November 22 started as a day like any other day. Get up, let the dogs out, hit the gym. Feed the dogs, make a cup of coffee, turn on This Old House, and begin the morning social media ritual. ISIS? Still a problem. Afghanistan? Still unsustainable. Russia? Still in Ukraine. Then, from out of nowhere, a strange retweet from @USAFPABoss, the U.S. Air Force Chief of Public Affairs, Brigadier General Kathleen Cook.

I sat back, took a long drink of coffee, and thought to myself “What a monumentally stupid thing to do.” Forget the disclaimer ‘RTs & links ≠ endorsement.’ That’s just not true. If you’re active on social media, you own what you post. That’s why you’ll never see @CocaCola retweet anything negative about one of its competitors, no matter how tempting it might be to do so. You post it, you own it. It’s really that simple.


To her credit, Brig. Gen. Cook’s staff was quick to take action and delete the offending retweet, but the damage had already been done:
Article 88 of the Uniform Code of Military Justice states, “Any commissioned officer who uses contemptuous words against the President, the Vice President, Congress, the Secretary of Defense, the Secretary of a military department, the Secretary of Homeland Security, or the Governor or legislature of any State, Commonwealth, or possession in which he is on duty or present shall be punished as a court-martial may direct.”
In other words, even a single tweet could land a military officer in jail.

Thus began what affectionately became known as “Twittergate.” The Air Force Times picked up the story, and reported Cook’s denial of responsibility.
“Throughout this entire process, I have been on leave tending to my daughter who had surgery this past Friday,” Cook said. “I was not on Twitter at the time of the post. It would be inappropriate to speculate as to how the retweet occurred without gathering all the facts. We’re looking into the matter closely and have already found that several other people had access to the account over the last few years. We have changed the password. While I remain on leave, obviously, I am concerned and I am engaged in determining how this could have happened.”

And that’s where the trail went cold. Two months go by without a word. Nothing. Nada. Nil. It’s as if the whole episode was swept under a rug in the Pentagon food court and conveniently forgotten.

Then yesterday, Brig. Gen. Cook offers “Lessons learned in protecting social media accounts” in response:
On a Saturday afternoon in late November, I was informed about a political remark that appeared on my Director of Public Affairs Twitter feed. A staff member called to ask if I was aware of the re-tweet. At the time, I was on leave, out of the state, tending to my daughter who had had surgery the day before. I was unaware of the retweet and when told of its substance, I arranged for a member of my staff to remove the tweet from the feed.
As far as how a tweet was unknowingly re-tweeted from my organizational account, we do not have a definitive answer. I realize this response may be unfulfilling to some, but it’s the truth. That said, as the owner of the account, I accept responsibility for its content.

Remember Rule No. 13. If Schwarzkopf was alive today, he would remind us all that as a leader, you lead. In this case, you lead the statement with accepting responsibility. That’s just the way it’s done. You don’t lead with a list of caveats that serve to deflect responsibility, then accept responsibility.

But it gets better:
What is clear is we’ve learned several lessons about protecting the security of social media accounts. Granted the lessons aren’t new, but it’s my hope that by highlighting them just one more time, others might avoid similar incidents.
- If you assume an organizational/positional account from a predecessor, change the password. Also, find out who else has/had access and determine if additional administrators are necessary.
- Make sure your password is difficult and not predictable.
- If others post on your behalf, consider having them include their initials behind their input.
- Never store passwords on a shared drive.
- Always log out and lock your device before walking away, putting it down, or tossing it in your pocket or purse.

Now let’s list out a string of “lessons learned” that everyone who’s ever suffered through annual Information Assurance training knows and understands. I also took the liberty of placing emphasis on one word in that statement, the choice of which further deflects personal responsibility.

Finally, the coup de grâce:
In the end, what I know to be true is that the account belongs to me and I accept responsibility for it. I’ve applied the lessons above to safeguard both my personal and professional accounts and encourage every Airman reading this to do the same.

Actually, this is a pretty good closing to an otherwise poor excuse for a post. It summarizes what Cook should have emphasized in the first sentence of the post: “I am responsible.” Sort of a “the buck stops here” statement that brings a close to the discussion before it starts. Pretty much what any crisis communicator would tell you to do.

More than anything else, that’s what people — both in and out of uniform — expected from Cook: to take responsibility. Nobody cares how many people in the office have the password, only whose face is on the account. Nobody cares how many others use the account, only that a recognized leader takes ownership of the content. Nobody cares that it was a Saturday and personal business was a priority, only that the leader takes charge when called upon.

No comments: