Presidential tweets, self destructing messages and the use of Shadow IT June 29, 2018
Last month Information Governance ANZ hosted an entertaining evening with Jason R Baron on the topic of Presidential tweets, Self-destructing messages and the use of Shadow IT. Jason is Co-Chair of the US Information Governance Initiative and previously served as Director of Litigation for the US National Archives and Records Administration.
Jason noted that government officials communicating about government business via Twitter should expect judicial scrutiny of their actions with respect to the ‘limited public forum’ they have created, and that tweets, like any communications sent by high level public officials about government business, are potentially appropriate for preservation as official records. This includes tweets from @POTUS and @realdonaldtrump. This lesson is repeatedly ignored when users confront novel communications platforms, such as email (1986), texts (circa 2002) and Snapchat (2016).
This view about the importance of capturing certain records of business transacted via email and social media aligns with advice provided by NSW State Archives and Records. (See our advice on Managing Email, Strategies for Managing Social Media Information, Mobile apps and patient records and How long should social media records be kept?)
In 2016, Jason was interviewed by the New York Times (Hillary Clinton Used Personal Email Server at State Dept., Possibly Breaking Rules’. Michael Schmidt, New York Times, March 3, 2016). He was quoted at that time as saying ‘it is very difficult to conceive of a scenario – short of nuclear winter – where an agency would be justified in allowing its cabinet-level head officer to solely use a private email communications channel for the conduct of government business’. Jason noted that he was right and wrong when he made that statement. Right in that Hillary Clinton’s case represents an extreme outlier, but wrong in that she alone was seeking to evade public scrutiny in connection with email and other forms of communication. He noted that politicians and corporate executives of all stripes adopt similar end-runs:
- Jared Kushner used private email in Trump administration
- Pence used private email for state business – and was hacked
- Malcolm Turnbull defends use of secret messaging apps and private email server
- QLD Labor MP Mark Bailey avoids criminal charges over deleted private email accounts
(Baron suggested the Wiki page of political controversies in Australia for more examples).
He did note however, that caution is needed as soundbites and headlines can be misleading. The policy guidance has been somewhat of a moving target from 2000 through to the present. The same rules were not in place and one needs to be careful in comparing apples and oranges. Using a private email system for non-official business like electioneering/campaigning may be perfectly appropriate, the problem comes when one is mixing public/private business on the desktop or one’s own device, or when directing staff on the government payroll to perform campaign-related duties.
Using a private email system from a government or personal computer to communicate about official matters is not per se a records violation (although it increasingly may raise security issues), rather it is not copying or transferring records of public business from the account that causes the fundamental problem.
There is partial statutory recognition of shadow IT in the US under US Code 2911 Disclosure requirement for official business conducted using non-official electronic messaging accounts. The Code states that:
In general an officer or employee of an executive agency may not create or send a record using a non-official electronic messaging account unless such officer or employee copies an official electronic messaging account of the officer or employee in the original creation or transmission of the record; or forwards a complete copy of the record to an official electronic messaging account of the officer or employee not later than 20 days after the original creation or transmission of the record.
The intentional violation of this (including any rules, regulations, or other implementing guidelines), as determined by the appropriate supervisor, shall be a basis for disciplinary action.
Jason noted the lessons from this are that:
- Lesson No1 – No one knows where everything is
- Lesson no 2 – No one knows what everyone is doing (he illustrated this point with a photo of Edward Snowden).
Bring Your own device policies and the world of ephemeral communications, including self-destructing messages on Signal, Confide, Whats App and Snapchat are an issue. He suggested the following best practices in confronting the reality of shadow IT:
- Develop a robust information governance policy that covers the emergence of shadow IT in the workplace
- Educate employees
- Employ IT solutions to protect information e.g. allowing remote access through directed means such as Citrix, require passwords and screen timeouts, make it easy to copy or forward messages to official recordkeeping systems
- Make agency systems and devices easier and more attractive to use than alternatives (he wished everyone good luck with this one)
- Periodically re-evaluate employee practices and company policies
- Practice what you preach
(See J R Baron and Amy R Marcos “Beyond BYOD: What lies in the Shadows’. The Ethical Boardroom (2015) https://ethicalboardroom.com/beyond-byod-what-lies-in-the-shadows/ for more about this topic)
Jason finished with the advice to not practice Black Swan information governance by being proactive and ended on a positive note that culture change was possible.
It would have been interesting to get Jason’s views on the recent stories that President Trump routinely rips up paper records.
A video of his presentation and copies of his slides are available from the Information Governance website.
Leave a Reply
You must be logged in to post a comment.