The first time I personally encountered it, on the other side of the equation -- as a vendor -- was with copy protection in the 80s. We were doing it like "everyone else" was. Kind of like the address book scandal that's breaking out now.
My company wasn't the main target of the outrage, Lotus Development was. That doesn't mean we didn't get punished by our customers, we did. And we deserved it, and like everyone else, eventually we gave the customers what they wanted. But it took too long. And I learned an important lesson here. It totally influenced my thinking about the role of vendors in relation to customers, and who's really doing the innovating.
The first tech crisis that came about after the birth of the blogosphere was the controversy about floating point math errors in Intel chips. A professor in Virginia had discovered that under some circumstances the math processor in an Intel chip would return the wrong answer! You could demo it in an Excel spreadsheet. The company responded at first with a technical answer, explaining how unlikely it is that anyone would ever see an incorrect result. As an engineer and mathematician and computer guy, I understood what they were saying, and was willing, personally, to take them at their word. But this did not go over at all with users and the press. Computers are supposed to be perfect. No bugs allowed. They didn't care how unlikely it is -- fix it! That seemed to be what people were saying. Intel tried to wait it out. They tried to stonewall it. I don't remember if they ever attacked the critics personally as we're seeing in the industry response to AddressBookGate, but if they had it wouldn't have gotten the results they were hoping for.
I posted about Intelgate on 12/26/94. This was less than three months after I started blogging, so it really was around the time of the initial booting up of the blogosphere.
Eventually Intel had to relent and offered to replace anyone's CPU with one that didn't have the bug. The cost of the exchange was huge. Not just in dollars spent on fixing the problem, but in reputation and trust lost. People found out that computer chips were fallable. This is not something they wanted to know. And had Intel responded initially with the response they eventually had to implement, the cost would have been much lower. It cost them a lot to try to douse the flames, and it didn't work.
The classic textbook example of a crisis perfectly handled was the Tylenol tampering incident in 1982. Some unknown person had put cyanide poison in a few bottles of Tylenol in Chicago, and seven users died as a result. This was not something, in the opinion of Johnson & Johnson, the owners of the product, they could brush off, or explain. They immediately, with no hesitation, took responsibility. They emptied store shelves of their product, even though the vast majority of them were not poisoned. They did not re-introduce the product until they had a process in place that would guarantee not that it was unlikely their product would be tampered with (Intel's defense) but guaranteed that it was impossible. All the double-security packaging you see on medical and food products these days is a result of that incident in 1982. That industry went from being innocent about possible security issues to passionate about it. It could have been the death, not only of seven customers, but of the brand. Tylenol quickly came back to the top, and trust in their product and the company went up as a result of the incident.
And when Tylenol communicated about the incident, they validated people's concerns, they did not dismiss them, or minimize them. They have families too! No one wants to take a pain reliever thinking it might be poison. They understood. They are humans, like we are.
This is what the tech industry should be learning. Will the adults in the industry get with the CEOs, behind closed doors, and coach them on this process. You simply can't win by trying to intimidate people who ask serious questions about the security of your products.
The truth is that repressive, murderous governments have been caught hacking into commercial vendors servers to get information about people they want to repress or murder. They use social networks to find out who they are associating with. This is a problem that is recognized by all serious security experts. It's not something you can or should want to brush aside. Here's a chance for your companies to shine. Instead the response has been even more sequestered than Intel's response to a much more benign issue, 18 years ago. It's time to make this change in tech, once and for all. Your products are not toys, they are used seriously by real people. You need to show respect for your product, and that means respect for your users.