Sep 25 2010

In defense of the PCI “No social media” policy

Published by at 5:13 am under PCI

I know it’s odd coming from me, but I have to take a few minutes to defend the PCI Council’s decision to ban social media from the PCI Community Meeting this week and at every community meeting.  Yes, a large part of the real reason for the ban is so that they can control the message and so that they aren’t getting a lot of criticism floating out from the sessions, but the reasons they state for the ban are valid as well; the Community Meeting is an opportunity for merchants, service providers and everyone else to comment and speak freely and the threat of being tweeted or blogged about would place a chilling effect on the conversation at the event and the questions asked in the meetings.

Let’s be honest, my letting loose with a few tweets during a meeting probably wouldn’t have any affect on the vast majority of the people attending, since only a few of them even know what twitter is, let alone monitor it.  The thought of a blogger or podcaster sitting in the audience is a bogeyman to many of attendees, social media is something they’re aware of but don’t understand so they’re afraid of it.  By stating that no tweeting, blogging or podcasting is allowed from the event, the PCI Council has made a large swath of the audience feel much better at the expense of annoying a very small, but vocal, minority.  And in theory they’ve stilled the voice of criticism, or at least delayed the criticism until it’s too late for it to have any affect on the PCI Standards.  The criticism will come soon anyway, but that’s beside the point.

The reason I do feel the need to defend the ban has nothing to do with the meetings though.  Quite frankly, I think the majority of convention presentations at an event like this are worthless; most of the information revealed had been out and available for a while, or the hour long meeting could have been summed up in five minutes by saying “It depends” or “we’ll address that soon”.  There’s really not that much that’s being said, it’s a sad, honest truth of most conventions, not just the PCI Community Meeting.

So why is the ban on social media important?  Because of the meetings that go on in the halls between talks.  And the conversations that are happening in the lunch room.  And the drunken brainstorming that goes on after hours and leads to new alliances and relationships between individuals and companies.  The PCI Community Meeting is no different than any convention in that it’s what happens in the interstitial spaces between the organized meetings is often more important than what goes on in the meetings.  What is different is that sometimes these meetings lead to changes in the infrastructure of the the credit card industry or business deals that can move millions of dollars from one pocket to another.  And you can’t have this sort of dealing going on when you’re looking over your shoulder to wonder if someone’s listening in, about to tweet what you just said

The group of people that meet every year at the PCI Community Meeting don’t have the chance to meet like this anywhere else and don’t have the direct access to the PCI Council and the card brands at any other time.  So it really is important to preserve some of the expectation of privacy they bring with them.  I don’t like the decision to ban social media personally, but I do see that it adds some value for the people who are paranoid about such things.  And it does an excellent job of delaying the criticism as well, so it’s an all around win for the PCI Council at the expense of annoying a few folks like myself and Branden Williams, who’d tweet, blog and otherwise publicize the event if they’d let us.  And speaking of Branden, take a couple of minutes to read his “Review of the 2010 ____ ____ Meeting“.  His comments on a better way to treat social media at events like this is also worth a few minutes to peruse.

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

7 responses so far

7 Responses to “In defense of the PCI “No social media” policy”

  1. rybolovon 25 Sep 2010 at 6:30 am

    Ever hear of the Chatham House Rule?

    And yes, you’re spot-on, Martin.

  2. Branden Williamson 26 Sep 2010 at 5:55 am

    Love it! We should do a point/counter-point podcast on this.

  3. Scott Morrisonon 28 Sep 2010 at 12:44 pm

    And you can’t have this sort of dealing going on when you’re looking over your shoulder to wonder if someone’s listening in, about to tweet what you just said

    If the conversation you’re having is sensitive enough to require this level of consternation, perhaps you’re in the wrong venue for that conversation.

    But to tackle the overall topic, do the rules prevent someone from taking notes, and blogging about them when they get back to their hotel room? Why not make the context of select meetings, or the entire conference confidential, proprietary or trade secret?

    While protecting the anonymity and frank nature of the some of the conversation is a reasonable goal (See Catham House Rule, above), considering the topic at hand, at what point does it devolve into security-through-obscurity?

  4. Martinon 28 Sep 2010 at 12:57 pm


    The content and people at the meeting are supposed to be off limits for social media, in theory to make the attendees feel better. This portion of it is about feelings, not logic, so trying to act logical about it isn’t going to get you anywhere. It’s also just an excuse to maintain control over the message coming out soon from the PCI Council. I guess part of the point that I didn’t make well enough is that they have more to gain from letting us blog and tweet than they have to lose. Or at least they would if the message they’re putting out at the event was defensible to begin with.


  5. […] also covered the social media ban on his […]

  6. LonerVampon 29 Sep 2010 at 1:27 pm

    I’ll admit, there is often a certain unnecessary amount of squabbling and crying in comments or blogs or social media…especially if someone makes an assertion and they don’t feel they were taken as seriously as possible, or maybe not everyone agreed. Feedback and dialogue is good. Drama queens are not. And lord knows there are many different views, opinions, and beliefs in security (if there were correct answers, we’d know them by now!). Or other people who point and laugh if someone makes a silly remark or mispeaks. We should do anything we can to share information and facilitate those who have good info to share, even if it means seemingly taking a step back now and then…

    I can certainly see both ways. For Infragard (or barroom) meetings, some level of discussion just won’t happen if there is not that expectation (spoken or understood) of some level of respect and caution.

    At any rate, that’s me giving the benefit of the doubt. :)

  7. […] Review of the 2010 ____ ____ Meeting. Sometimes the most popular posts only have a few days to percolate.  That would be the case with my initial review of the PCI Community Meeting in Orlando. Social media ban?  I’m not on board (obv), but some are. […]

%d bloggers like this: