Last week’s announcement that Mark Zuckerberg is Time magazine’s “person of the year” for 2010 put the issue in perspective. Many were aghast at this perceived slight of Wikileaks’s Julian Assange, but I tend to agree with it.

Too many years ago, I did a customized undergraduate college degree in the Philosophy of Journalism, so I probably should have some deeper opinions about the issues Wikileaks raises. When I was thinking about journalism in the early ‘80s, I was mostly considering differences between the Soviet model of journalism and how it compared to Western ideas. Like so many projects studying anything having to do with the Soviet Union, all that work has since become utterly obsolete and almost completely irrelevant.

Now I spend more time thinking about how enterprises use social software, an endeavour which might remain relevant for a bit longer. The Wikileaks affair actually does not have much to do with social media, or at least it shouldn’t. Despite its name, Wikileaks does not have much to do with technologies like social networking, discussion boards, or even wikis. The organization uses fancy security and anonymization techniques to keep their web sites up and protect contributors, but there isn’t much social about what they do in the way that Wikipedia or Yelp are social.

The rise of internet-mediated social interactions has had a profound influence on how we work, play, and interact as humans. Without downplaying the effect that Wikileaks will have on politics, journalism, and potentially business (if Assange’s threat/promise to release controversial banking documents comes to pass), the influence of social software goes much further. While not the only driver, Facebook is the public face of this influence.

So for once, I agree with Time. It doesn’t happen often.

I fear that an unavoidable, but unfortunate result of the furor around the Wikileaks disclosures will be an increased desire to lock down conversations and restrict communication at both commercial and government organizations. It will be used as a reason to block access to social media sites, stop sharing information, and treat many who want to collaborate widely with suspicion. After a period where sharing and access were generally encouraged, I fear that the pendulum will swing too far back the other way. This inevitable reaction is unfortunate from a social media perspective because encouraging participation is one of the biggest challenges I find organizations facing. As social software gains in maturity, usage grows beyond the pioneers who are naturally attracted to the technologies and interacting that way. After the pioneers, the settlers need encouragement. Clamping down amid an atmosphere of fear is not conducive to encouraging participation.

This would not be the first time that a desire for one thing triggered the opposite. When deciding on steps to take post-Wikileaks, I really hope that the familiar relationship between babies and bath water does not get forgotten.

While five cities in five days is a quick pace, it’s not out of the ordinary. I really enjoy these tours. As well as eating some great food, seeing (briefly) some nice places (the train trip from Zurich to Milan is stunning), I get a chance to talk to lots of people about what they are doing. It is always a great source of research, as I hear about the questions people are asking.

Here are the top three questions that I heard on this trip:

• How do we introduce social software into a skeptical organization?
  Although social media is hot, it ain’t hot everywhere.Some organizations are more conservative, or have been around for a very long time and aren’t too eager to adopt new technologies. In these cases, people won’t use it because it is cool or because Gartner says they should.
• Should we start our own customer community or build onto one that already exists?
  After hearing all the reasons why customer communities are good for you, this issue comes from those who have not yet really started. They face the dilemma of going where their customers already are (like on Facebook or a more specialized site), or trying to draw them to a site associated directly with their own brand.
• How do we handle privacy? Our users and customers find this stuff creepy.
  This is a huge issue in Germany, where attitudes towards personal and professional privacy are very highly developed, but was a hot issue across Europe this tour. Importantly, the questions were not about legal restrictions and requirements on privacy, but about how social media makes people feel. Many are not comfortable with sharing too much in their professional lives, and social techniques make them uneasy.

I’ve got some ideas about how to answer these questions, and will work them out in formal research notes in the coming weeks. I also will be talking about some of these (especially the first one) at Gartner Symposium in Cannes. Carol Rozwell will cover this in Orlando. There are also sessions on privacy in Europe, and social CRM.

My colleague Nick Jones offered a potential algorithm for determining levels of creepiness, but what really makes things creepy? In his comment, he proposed surprise, uncertainty and intrusiveness, but is that all?

Everyone knows what makes them feel creepy, but what are the attributes that are more likely to make someone feel that way? Here are some I have thought of:

• Vulnerability: Actions involving people who are in some way vulnerable are much more likely to attract creepiness. Anything that deals with children, the elderly, victims of any kind or even just people in a lower position of authority are far more likely to tend towards the creepy side.
• Context: Where and how interactions happen can have a tremendous influence on how people perceive them. Teasing or jokey comments which would be appropriate on an informal discussion board could easily turn creepy if used in a more formal venue, like a performance evaluation or project appraisal.
• Tone: How something is said is more important than what is said. Tone can be wrong for the particular context (see above) or just plain wrong. The easiest example is vulgar, obscene or hate-filled language.
• Sneakiness:  No one likes it if they feel that something has been snuck past them, collecting information or making connections that they don’t expect or couldn’t anticipate. Most users of free social media sites have gotten used to ad targeting based on information provided on the site. But when different sites share their information or pool it, then it can feel unpleasantly intrusive.

  If someone emails a friend from Gmail about a holiday in Brussels, it would be no surprise to see an an advertisement for Belgian hotels on the Gmail home page. It would feel creepy if those ads started appearing on newspaper sites. It would be alarming if after joining a Facebook group about World War I history, ads or spam for tours of Belgian battle sites started appearing. That would feel creepy.

• Specificity: The more specific the information or actions come to me, the more likely I am to get creeped out. If the spam for WWI battle site tours seemed to know the dates of the planned holiday, that would be very unsettling.

Some of these overlap or are covered by Nick’s three-part criteria, but I felt they were worth elaborating on, I would be interested to hear about the attributes of what you find creepy. Please add thoughts and descriptions in the comments. I am not asking for individual incidents or anecdotes, but the common threads of what companies or software products have done to make you feel that they have crossed the line.

But usually, creepiness is all about perception and how a policy, feature, or incident makes people feel. There is no ISO standard for degrees of creepiness that everyone can agree on. That makes it hard  for many technology suppliers to get their heads around. They are accustomed to making powerful tools that can do amazing things. Something as squishy as “how people feel” doesn’t fit into their engineering plans.

That feeling is not rational, but triggered by deep, unexplainable ur-reactions. I saw that myself when a supermarket I visit started using big monitors that display every item I bought as I went through checkout. Intellectually, I know that anyone can look over my shoulder and see what is on the rolling band. Still, it felt super-creepy to see all my purchases displayed on a big screen for all to see. I must not have been the only one; that experiment didn’t last long.

This problem has come up a couple times when talking to vendors promoting social network analysis (SNA). A tool to map the real communication lines and understand who collaborates with whom is undeniably a powerful tool, one that many companies can profit from. However, describe SNA as “our system will snuffle around in your email, read all the documents you create, and analyze everything you post on the intranet and Internet so that we know more about how the organization works” and you can feel the anti-creepiness hackles rise. Explaining that only automated algorithms will read the email (no people) and that subjects can preview and edit the analyses generated can help, but not really. The feeling of creepiness persists.

Different situations and places also bring different attitudes. Instant messaging and presence are good bellwethers. It is part of the standard infrastructure and work process in may organizations, while in others, employees rebel at the thought that their bosses can monitor when they are at their desk from a distance. What is a useful and even necessary communications tool to most is as bad as hanging surveillance cameras in the bathroom would be to others. Anecdotally, Germans seem to be especially sensitive to these issues. Hundreds of thousands of people in Germany reportedly find seeing their house on Google Streetview too creepy to bear.

Creepiness is also impossible to defend against. The second a company or a person starts to explain why what they have done is not creepy, it already ipso facto becomes creepy.

Google recently made the news with a creepy story of a Google employee who was fired after he used his position as an engineer to read the email, chat logs and other private information of some kids he had met IRL. While creepiness is often hard to define, everything about this incident was creepy. The facts of the breach itself, the pictures of the offending employee, the fact that children were involved, and the realization that quite a few Google employees can apparently dip into our private communications — all of this adds up to a huge bout of creepiness.

There is not much that Google could do in this instance, except fire the creepy guy and hope that the incident blows over. It looks like that will happen, but I expect the overall issue of creepiness will not go away so easily.

The most striking observation, although not unexpected, was that they looked at corporate blogging in very different ways, depending on their industry and what they want to achieve. One participant from a broadcasting company was exploring how to weave blogs through their normal activities. Blogs are well on their way to becoming yet another channel they use to communicate the news they collect.

A pharmaceutical company had very different concerns, mainly concerning compliance and control issues. Their regulated industry put very different demands on how to blog. Finally, a financial services company was looking at various aspects, including communicating with customers as well as encouraging internal exchanges. Very different issues arise depending on what the enterprise wants to achieve with their blogging initiatives. All agreed that the technical issues were not really a big problem anymore. They had access to more than enough blogging technology, at least from an EA perspective.

One of the more interesting issues raised by everyone at the session has to do with managing the different personas that people inhabit every day. When someone blogs publicly, are they writing for themselves, or as a representative of the company? Even on an ostensibly private blog, it can be difficult to separate the professional and the private. Different employment relationships muddy the waters as well. When a freelancer or part time employee says something, does it matter less than when employees say it? The level of influence the enterprise will need to assert over these sometimes private/usually professional postings will differ by person, industry, role and company.

I like coming to these conferences which are not 100% in my coverage area, because the participants often have a different perspective than the customers I commonly talk with. Enterprise architects often deal with collaboration issues, but they also usually have a broader brief. The wider field of operations they deal with often delivers different views. Rather than adoption or technical issues, they are asking how it affects the enterprise as a whole, and what policies and plans to put in place.

#GartnerPCC picks up tomorrow. I’m also looking forward to going deeper into these issues with collaboration practitioners.

With all those millions invested in compliance, risk management and business intelligence software, how did this mess seemingly come as such a big surprise? I suspect that it wasn’t a surprise to those who invested this money wisely. But either the warning signs were ignored, or the software was used to justify or mask ever-riskier investments. With the glut of capital in the system looking for a home that produces good returns, the pressure was on to find ways to invest it. Deep understanding of compliance rules or risk management algorithms makes it easier to game the system. And that’s what many financial institutions did. Well, at least the problem of ‘excess’ capital has been solved.

Another explanation derives from the false sense of well-being that comes from automated systems. Back office fulfillment systems make it possible to execute the blisteringly complex financial derivatives thought up by financial wizards. The applications show all of the individual obligations in nice neat columns, giving the impression of control, However, assessing the risk and attaching a valuation to a bank with billions of dollars or Euros of notes based on shaky mortgages goes beyond the capabilities of any computer system. Those comforting reports only show the last level of information. Once the basis of those complex constructions start to wobble, the most expensive reporting systems can’t portray what is really going on. That is a task more suited to a Ouija board or Tarot cards. 

Without these back office systems, financial institutions could not have created or executed these complex instruments. Without those compliance and reporting systems showing that they follow the rules, they would not have been allowed. Ipso facto IT is to blame.

I haven’t seen this idea in the wild yet, but I don’t think it will take long. Who has seen similar accusations out there?