I was sitting in the Georgia Dome press box early Saturday afternoon, working on a story post and putting out a couple of tweets. As I sat there editing some images, the Southeastern Conference (SEC) media assistants fanned out through the press box dropping a form at each position. Even as they put each document down, one could sense the absurdity of the form, an absurdity validated one one reporter looked at it and said "I am not filling this out."
distributed a blogging form for media to fill out and submit before the start of the
2009 SEC Championship Game between Florida and Alabama. 2009/Eye on Sports Media.
The form was quite simple in its intent: reporters and outlets blogging better be reminded that there are rules to be followed, and that if they did not follow the rules, there would be sanctions imposed. The only problem is that what they were trying to do was logistically impossible to implement, especially if the forms were not filled out and submitted.
Despite their best efforts, the SEC failed here in some very important respects:
1. There was no signature required, so the conference would be hard-pressed to make a case for legal enforcement. The conference might say that they make the policies clear on their web site, but that clarity is open to users perceptions.
2. They did not appear the have the resources or staffing in place to monitor the sites and/or blogs.
3. The did not have, on a technological side, the ability to verify who was actually doing the updates. Were they being done in the press box? Were they being done from the stands? Were the being done from a tavern over in Virginia Highlands?
Without a real carrot or stick in place to make this process meaningful or effective, the "form" is useless.
What the SEC Should Have Done
The SEC had a very simple approach they could have taken. When the media signed in for the day, they could have been handed the form and told that unless they sign the form and present a picture ID, you will not a) be granted entry; and b) not be issued an internet username and password. Since the credentialed media had to produce a picture ID to get into the Dome to begin with, this would not have been difficult to implement.
But why make them sign the document before entry into the Dome? This is because there is a flaw in this approach. Some members of the media may choose to by-pass the SEC provided wi-fi access and use their own wireless cards. By requiring them to sign the document before entry (or even as part of their credential request), they would lose the "I did not know" defense.
For those who do not bring their own wireless card with them, there is also a security weakness in the SEC Provided wi-fi access (althought this could be what the Georgia Dome uses in general). It was secure in that a username and password had to be entered to gain access. But the username and password were so generic that all anybody in press row had to do was ask their neighbor or one of the helpful media assistants for the username and password. This means there is no audit trail or accountability.
Without a uniquely identified username and password for each user, much as what the University of Georgia does for their sporting events. Each user is given a unique username and complex password to get access to the on-ste wi-fi connection.
Of course this would cost money, and the SEC (or any other entity) would have to decide if the costs to put such procedures in place are outweighed by the benefits gained. This is not likely to happen because, as we have seen from the NCAA, conferences like the SEC, and professional sports leagues, they still do not "get" the fact that the implementation of such controls are useless and counter-productive.
If your organization wants to continue down this unwise path, you really need to look at controls such as those discussed above. It does mean you will need top have thick skin because the backlash would be fast, furious and widespread.
Oh and make sure you include Twitter and Facebook in any documents to make it even more interesting.
If you would like to talk to us about how we can work with you on these and other business process issues, both technical and non-technical, you can email us at infoATthecayugagroupDOT.com (replacing the AT and DOT of course) or call us at 706-363-0299.