A week or two ago I got an unsolicited package in the mail from a software vendor. I opened it up, and there was a copy of Enron’s 2000 "Code of Ethics" booklet, which also contained the corporation’s information security policies. This surprised me. Hmm…what was this all about…
Reading the letter I found that this vendor was promoting their product by encouraging potential customers to view a site they set up with a copy of all the Enron email messages, "over 85,000 records" that were on the system at the time of the Enron collapse. They justified this by indicating that since the information "is already posted on the web by the Federal Energy Regulatory Commission" that the vendor "believes that it is not harming anyone." However, right before this the vendor indicates that it, "believes that most Enron employees are (and were) hard working, honest people who are (and were) trying to do a good job. We respect them and apologize for any embarrassment that this content may cause them." Obviously they realize that they are probably harming someone.
They then go on to offer *THREE* contests, each with a prize of iPod shuffles, to the people who, after searching through the emails, would find the best emails that 1) would be grounds for firing, 2) contained the funniest jokes, and 3) were the most embarassing to the sender.
They indicate they have scrubbed the emails of "really personal information"…but not of the people’s names…first and last names. Gee, that’s kinda personal, don’t you think?
Does this feel right or ethical? It is one thing for the government to post evidence under the FOIA, but it quite another thing for a vendor to actually make a copy of the information and post it, obviously indicating that they realize this will cause embarassment to the people named within the company, people who have lost their jobs and life savings, solely for the purpose of promoting their product. And then they go on to have *THREE* contests for people visiting their site to continue to embarass them!
There were around 28,000 Enron employees who lost their jobs, in addition to another 85,000 Arthur Andersen employees who also subsequently lost their jobs. And now this vendor is taking an opportunist advantage of the situation, and government regulations regarding evidence, to blatently promote their product and even go a step further and explicitly embarass anyone named in the now "public" documents in the name of their marketing gimmick…just because they can.
It’s almost like this vendor was setting up a circus around a train wreck and creating carnival side shows around the scattered victims.
Does this seem right to you? Does this seem ethical? If this vendor has CISSP, CISM, CISA or other certified professionals in their staff who went along with this, are they in violation of their ethics promises?
Today the Enron trial started. I’m sure the Google searches on information related to it are high. I’m sure this vendor had a very high hit rate on their site today.
No, I did not search the email database at their site…their justification for doing these macabre marketing stunts were enough to make me disgusted. The longer I think about this the more my gut, heart and head tells me this is wrong.
So, am I over-reacting?