Forensic Linguistic Investigation as a Risk Mitigation Strategy

Tap, tap, tap…Is this thing still on? Yes? Excellent. Blogs can be like laundry. When you get busy with life and work and things, laundry and blogs are the first sacrificial lambs on the alter of Time. Laundry piles up and blogs grow cobwebs. Now the semester is coming to a close, I am wearing a clean pair of jeans, and I am dusting off this corner of the internet. Here we go.

I have all sorts of observations that have accumulated over the past few months that have to do with the intersection of the law and linguistics, but I think the first one should be a companion piece to the last entry (better late than never?). However, I want to reframe the discussion of “profits over people” before moving on to “taking the temperature of a company.”

To be clear, both of these themes are about identifying and mitigating risk. If there is evidence that can be construed as your company valuing profit over human safety, your company is at risk. If your company turns a blind eye to hostile work environments, again, your company is at risk.

Let’s keep going: If you have a rogue employee acting against your company’s best interests, that individual is an insider threat to the organization and exposing you to risk. If you have an entire department perpetrating fraud in order to cover up a range of misdeeds, or mistakes even, you have a substantial point of vulnerability that exposes you to risk.

Corporations have all sorts of ways they manage risk identification, analysis and mitigation, but the least popular and perhaps most complex method is regularly auditing their business communications, the digital artifacts of doing business in today’s computer-mediated environment. Furthermore, I think maybe inside counsel and the teams that oversee risk-mitigation strategies treat investigating and auditing their company’s text-based artifacts for things like “insider threats” (a most definite risk), or “fraud” (risk personified), as solely a technology/IT-related exercise/issue. I think the legal profession, and “risk” stakeholders in general, believe this to be true.

I also believe that auditing a company’s business communications is easier theorized about instead of accomplished. In fact, everything having to do with managing information today is easier said than done. You can’t go three clicks on the internet without reading a theoretical piece about information governance in the era of Big Data to see that it is a hot topic of discussion. Again, this discussion is almost always framed as technology issue, an IT issue. And to be sure, there is tech/IT component to it. A big one. BUT, it is also an unstructured data issue, as unstructured data (which includes text-based data) makes up 80% of Big Data. Unfortunately, unstructured text is the most complex data-type going. It is hard to deal with. It is hard to qualify and quantify. It’s hard to investigate and analyze. It is especially hard to govern.

Here’s why: Unstructured text-based data is natural language data. And today, it’s email, IMs, social media, and computer-mediated communication in general, that are filling up a company’s virtual landscape, making information governance a beast of a thing. And these types of communication? They don’t necessarily represent standard, systematic written language. These communication genres are more like written speech than anything else. We write with our keyboards like we talk on the phone, not like we’re writing a report or a thesis (unless of course we’re writing a report or thesis). Here’s something: The vast majority of a Fortune 500 company’s text-based artifacts are email.

No, text-based natural language data isn’t simply a tech/IT issue. Not if you want to extract useful information from the text, or if you want to archive it in some way that gives you visibility into the ideas/themes expressed in the text itself. And certainly not if you want to audit your text-based communications to identify risk. In order to do this effectively, you have to have linguistic expertise, and not just any type of linguistic expertise. A phonologist isn’t going to come to the rescue here. But generally speaking, linguistic and language expertise are the essential components regularly missing from risk mitigation strategies, as well as information governance strategies.

This also is not simply a classification issue either. Effective risk-mitigation strategies, as well as smart information governance protocols, are not just about classifying and categorizing information. How would you classify an email that said “If anybody finds out about what we are doing, we are going to end up on the news” (that’s an actual email I’ve come across, fyi). There is no keyword or “bag of words,” clustering, or predictive coding schema that is going to identify and categorize that email as “risk.” BUT, there are forensic text investigation strategies that will discover communications like this, and discovery is the first step.

There is a forensic linguistic component to insider threat detection, as well as fraud detection. Employees who are becoming increasingly disgruntled demonstrate it through their language use. Just as employees who threaten (overtly and using “veiled” threats) do so through their language use. People trying to conceal or downplay, use linguistic strategies to do so. Companies who value money over human safety leave a trail of linguistic evidence that transforms into a “profits over people” narrative. All of this is extant in email communications, if you have the expertise to identify it and measure it, that is.

Here is my point: These sorts of forensic linguistic investigations should be framed as risk identification and mitigation strategies, pure and simple. This is the framework that we should consult when talking about “profits over people” and “taking a company’s temperature.” What we are really saying here is that we are investigating and analyzing a company’s text-based artifacts in order to identify risk. You can’t mitigate risk if you can’t detect it in the first place. And you can’t effectively detect it if you aren’t employing the right expertise and methodologies to do so. Then and only then, can a company take steps to reduce risk, or eliminate it altogether.

The right forensic linguistic expertise plus the right tech/IT infrastructure can make all the difference in effective risk mitigation strategies. It might just be the critical factor between theorizing and doing.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s