IP: eWatch and CyberSleuth

[Dave Farber <farber@cis.upenn.edu>]

>Date: Thu, 29 Jun 2000 14:38:15 -0400
>From: James Love <love@cptech.org>
>To: "Farber, David" <farber@cis.upenn.edu>
>
>Given the interest in the Microsoft/Oracle surveillance news stories, it
>might be interesting to look at the activities of eWatch, a firm that
>offers a number of services that include surveillance of activism or
>criticism of a company -- services that are resold through an important
>Microsoft PR consultant.  Through its "CyberSleuth" service, eWatch can
>monitor what people do or say on the web, and respond.
>
>      "On the Internet, there are many communication
>      tools at our disposal. We can post back to the
>      message boards where the original postings
>      appeared to give our side of the story, provide
>      clarification or debunk it. We can email directly
>      those we think were affected by the incident."
>
>Edelman, the PR firm, is a reseller of eWatch services.  This is from
>the Edelman Interactive Solutions web page:
>
>http://www.eisite.com/client/home.html
>
>"From not-for-profit organizations like Chicago's Shedd Aquarium to
>corporate powerhouses like Microsoft, Barnes & Noble and Unilever,
>Edelman Interactive Solutions has been fortunate to work with some of
>the best companies in the world."
>
>And this is from the eWatch page on its CyberSleuth page:
>
>http://www.ewatch.com/pop_sleuth.html
>
>    eWatach CyberSleuth
>
>    It is unfortunate that companies are being targeted by entities whose
>motives are fraudulent, deceptive or criminal. eWatch CyberSleuth will
>attempt to identify the entity or entities behind the screen name(s)
>which have targeted your organization. eWatch CyberSleuth includes a
>30-day subscription to the eWatch All Coverage Bundle (except WebWatch)
>with the screen name(s) as the sole criteria. eWatch CyberSleuth
>requires 7 to 10 days to complete from the date of submission and costs
>$4,995 per screen name. 48-hour turn around is available for an
>additional $1,995 per screen name. Results will vary and cannot be
>guaranteed. Customers will receive a dossier detailing all information
>gathered about the subject during the inquiry. Click here to order.
>
>    Counteracting Online Anti-Corporate Activism
>While the Internet is in fact a new medium, based on our five years of
>experience in helping companies monitor the Internet, most of the old
>rules with respect to how we respond and react still apply. The biggest
>differences are that our actions are more public, the audience is larger
>and we're running in real-time.
>
>    There are six major motivations for online activism. The same
>response methodology cannot be used for all of them. It is critical to
>understand the motivation or motivations behind online attacks in order
>to employ the correct response mechanisms. The six motivations include:
>
>         Legitimate complaint.
>         Behavior influencing (Environmental group targeting an oil
>company, etc.)
>         Stock manipulation.
>         Revenge.
>         Mis- or dis-information.
>         Fraud and extortion.
>
>    Troubleshooting dubious postings need to happen on four fronts (what
>we call these the four C's):
>
>         Classification
>         Containment
>         Communication
>         Counteraction
>
>
>    Classification
>    Before troubleshooting, decide if action is warranted. Let's face it,
>there is a lot of awful content on the Internet about even the best
>companies. To take action on every occurrence is impractical.  What are
>the key triggers that your company will use to prioritize and classify
>online threats? In our experience, other companies have used these
>standards, among others, for online threat assessment:
>
>         Threats against the safety of employees.
>         Threats against property (physical and intellectual).
>         Decreasing sales.
>         Lowering stock price.
>         Affecting litigation.
>         Affecting negotiations (labor, acquisitions, etc.).
>
>
>    Containment
>    If the attack is prioritized for action, then containment is the next
>step. Containment is a two part endeavor focusing on (1.) Neutralizing
>the information appearing online, and; (2.) Identifying the perpetrators
>behind the postings, rogue website, hack, etc. Neutralizing information
>posted online, if appropriate, is the removal of the offending messages
>from where ever they appear in cyberspace. This may mean something as
>simple as removing a posting from a web message board on Yahoo! to the
>shuttering of a terrorist web site. The objective is to not only stop
>the spread of incorrect information, but ensure that what has already
>spread is also eliminated. Victims of verifiable libel and trademark
>infringement have a much easier time neutralizing Internet content in
>our experience. Non-libelous content but nonetheless incorrect or
>offensive content is less likely to be removed by 3rd party search
>engines, ISPs, etc.
>
>    Identifying the perpetrators behind the action requires the kind of
>special expertise that we've assembled for out eWatch CyberSleuth
>product. Internet attackers attempt to cover their tracks by erasing
>identifying personal information from their postings, using anonymous
>remailers to strip off network information, posting under assumed names,
>etc. Identifying these perpetrators is done using a variety of methods
>such as following leads found in postings and web sites, working ISPs,
>involving law enforcement, conducting virtual stings, among other
>tactics.
>
>    Communication
>    Depending on the scope of the event, it may become necessary to
>communicate to our key audiences about an incident that is occurring
>online. Our key audiences may include our employees, vendors, customers,
>prospects, regulators, beat journalists, financial analysts and
>investors (retail and institutional). The purpose of communicating with
>our key audiences is to signal that we are on top of the situation and
>have, or are working, to resolve it. When our key audiences are
>communicating in real-time, so must we. In certain situations, the lack
>of a response will be viewed as incompetence or worse, that there is in
>fact something to hide. As in other media, perception is reality.
>
>    On the Internet, there are many communication tools at our disposal.
>We can post back to the message boards where the original postings
>appeared to give our side of the story, provide clarification or debunk
>it. We can email directly those we think were affected by the incident.
>We can use our own web site -- or set up a temporary micro site -- to
>address the situation in detail.  Micro sites are useful for
>communicating a lot of information to a lot of people in a short period
>of time...especially journalists. For situations that are or have the
>potential to affect a large number people, companies are also using
>traditional media tools such as news releases and media relations that
>can reach outside the online world more effectively.
>
>    Regardless of the method used, the targeted company has to evaluate
>these tools with great caution. What may appear to a company as a
>serious incident may in fact not be to its key audiences. By
>communicating even to a small audience we run the risk of creating a
>larger problem where one did not exist before. And on the Internet, it
>is easy for our adversaries to take our response out of context.
>Furthermore, when communicating with our adversaries directly,
>everything we send them will more than likely appear online. Depending
>on the situation, curt letters from corporate lawyers merely serve to
>bolster their claims.
>
>    Counteraction
>    Based on the information that is learned about the perpetrator(s),
>and given the seriousness of the offense, the appropriate
>countermeasures are taken. These may include everything from simply
>exposing the individual online all the way to arrest. In some cases, the
>perpetrator is an employee of or contractor to the targeted company. In
>these cases, termination of employment is customary.
>
>    Counteraction may also include closing loop-holes in computer
>networks or developing new security procedures to prevent a recurrence.
>
>    For more information on eWatch CyberSleuth or to discuss a specific
>situation you may be facing, please email info@ewatch.com or call
>1-888-857-6842.
>
>--
>=======================================================
>James Love, Director           | http://www.cptech.org
>Consumer Project on Technology | mailto:love@cptech.org
>P.O. Box 19367                 | voice: 1.202.387.8030
>Washington, DC 20036           | fax:   1.202.234.5176
>=======================================================