“Important Kickstarter Security Notice”
What happened in summary?
- Last week on Wednesday (this date is relevant) Kickstarter’s website was hacked and users’ personal data was stolen. Kickstarter released a PR statement regarding the security incident on Saturday (yes, 3 days later, on a holiday weekend) with recommended instructions that users should take.
Why am I writing about this?
- Security breaches are becoming more and more common and with the need for companies to release PR statements informing their users of an incident, invariably technical instructions need to be conveyed as well. For example, see my previous post on this topic: Rhetorical & #TechComm Analysis of Adobe, Avast, Avira, & AVG “hacking” responses.
- The need for PR and Technical Communications departments to collaborate on these communiqués is essential to ensure that users are properly instructed on what they need to do to protect themselves.
- Incidents like these affect users very personally and the communications needed to explain what happened are technical.
- The public-facing “Crisis Response” not only shows a company’s organizational ethos but also is an example of the relationship between Public Relations (PR) writing and Technical Communication.
- “We operate in a world of information coming from engineers, journalists, and PR and marketing specialists and their practices (and abuses) influence the way technical writers are perceived. The average individual doesn’t notice who it is generating information and doesn’t necessarily know a technical writer from a PR specialist—how the education and degrees differ, how the jobs differ. As a consequence, we have to be vocal about who we are and how we contribute, vocal about the ethical principles of this profession. We have to be vocal about, for example, that the PR specialists we’re working with might be violating their declared principles. And if technical writers are asked to do PR, we have to know the code of conduct for that profession as well as for Technical Communication” (Dr. Sam Dragga, ENGL 5385).
What my analysis emphasizes
This post merely attempts to highlight the obvious rhetorical devices employed by Kickstarter in how they communicate the necessary information to their users. This is not meant to be an in-depth analysis. My primary interest is the usability of the responses to help users understand what happened and what they need to do. My opinion is that issues such as these (which are occurring much more frequently) are the purview of not only PR writers but also Technical Communicators. I will try to point out where and how Technical Communicators could contribute to technology crisis responses such as these.
Kickstarter’s blog post: “Important Kickstarter Security Notice”
- The title of the post emphasizes the event “Security Notice”. This is clearly meant to divert the issue from “hacking” to a more innocuous “Security Notice”. Kickstarter directly mentions “hackers” as the cause of the problem in the first and second paragraphs.
Technical Communication – For searchability, the post should use a title that provides better context for the issue and uses keywords that users would likely use on search engines while also being “true” to the nature of the content.
- The issue is obfuscated by using a generic term, “data” to stand for the actual information that appears in the third paragraph–once again after reiterating that “some information” was accessed: usernames, email addresses, mailing addressing, phone numbers, and encrypted passwords.
- The first paragraph needs to identify the most important information to a user. Kickstarter chooses to publish the information most important to them: “we immediately closed the security breach and…”
- The second paragraph is in bold-font, which is clearly meant to draw the reader to it and also identifies to a reader that this is important information. This information does qualify as important to a user reading this post but I think that reformatting the layout and display of this content would be better than simply adding bold-font to call out this content (see # below).
- It takes four paragraphs until Kickstarter addresses their users to explain how they could be potentially affected by this issue and what steps they should take.
Technical Communication – To a customer and user, this would be the most important information – most important because the primary reason they came to this post was to see how they would be affected by this hack. A Technical Communicator would have placed this content at the beginning of the post, to immediately communicate the technical details of the issue and address a user’s immediate concern. Additionally, this content could be presented better using basic formatting such as indentation, more sections with better title headers, ordered lists, hyperlinks to relevant pages (such as the Kickstarter login page), and images (to provide context to users, such as “the banner at the top of the page…”).
Technical Communication – It is the technical writer’s job to communicate information in a way that all readers can understand. In this instance, the explanation for how the passwords were encrypted could be explained a little better by Graham Cluley at We Live Security by saying that “the stolen passwords aren’t easily accessed” because they are encrypted using multiple methods and “that makes it harder (but not necessarily impossible) for a hacker to crack your password and exploit it.”
For an example and summary analysis of a good PR and Technical Communication response, see my summary of Adobe’s “Customer security alert” response.
Or am I wrong and this response is perfect? How much should Technical Communicators be involved in “crisis communication”?