Kafka, Orwell, algorithms and processes without thought.

It's been a month since LinkedIn falsely accused me of something but refused to tell me what for several weeks. I still don't know the details but I do know that LinkedIn was wrong. I was accused of inappropriate (not specified how) content in a job advert. I have not posted a job advert on LinkedIn.

For a month, I was sent into an Orwellian black hole where - if any response was received at all - it was merely to send me back into the swirl of a Kafkaesque torment where nothing changed, not even the words in the cycle of emails.

Endless complaints from me and from others using multiple channels eventually resulted in someone looking at it - and also realising that I had documented each of the times its own tech, and that of its external verification service, failed, and had documented failures in LinkedIn's own security systems, account policing, activity policing and could prove ineptitude on a grand scale.

Suddenly while I was away from my desk making a cup of tea things happened and the account was restored. This was within a matter of hours of my sending a succession of emails each showing a failure of LinkedIn's own systems.

It should not be like this.

If LinkedIn identified a problem, why did no one (or even an algorithm) look at e.g. my tenure as a member and the number of my connections (about 13,000) and followers (about 40,000), how about looking at engagements - me with other people and other people with me?

Why did LinkedIn refuse to tell me, for a month all but a few hours, why it had taken the precipitous step of blocking my account. And why, when I told them exactly why their action was unfounded was their response to tell me to change the password on my email account?

LinkedIn and its parent Microsoft claim expertise in the use of algorithms (I think even those who have fallen for the nonsense of saying machines are intelligent or learn would find it difficult to apply the term "artificial intelligence" to the facile systems which LinkedIn is using).

It talks of "safety" but it does nothing to prevent people attaching themselves to my company's page at Financial Crime Risk and Compliance. As part of today's barrage of evidence of their own lack of awareness of how frauds are committed on LinkedIn, I sent a stream of emails each including a fraudster claiming to work for LinkedIn. Did LinkedIn thank me? Of course not, even though the accounts were being created, used and reported in real time.

Don't mention the war

So, it seems that the hundreds of fraudulent, spam and scam accounts I have reported to LinkedIn in recent months have in fact led to even more audacious claims by those people, or - because of the high-frequency posting - more likely bots.

If LinkedIn had sent an email saying "we're not happy with something" it could have been resolved immediately with no time or cost or stress.

But instead, as I had used LinkedIn messaging to contact speakers for The Financial Crime Forum in November and had not collected their email addresses at the time I was disconnected, I had to cancel that Forum. And now it's too close to the Forum scheduled for December to get that one going.

LinkedIn has not made even a token apology for causing disruption to a well-settled business process that will have a long-tail effect. So: wrong, dismissive and unrepentant.

What of the tech?

What happened to begin with was that I was posting a comment on a post by a contact with whom I frequently have an exchange. All of a sudden, the system logged me out and told me to complete a security challenge. That didn't work as part of it didn't appear on my screen. After some time, first checking if LinkedIn were down, then checking my own system, I tried switching to Chrome. Then it worked. To be clear: I do not trust Chrome. I use Firefox on Linux and I can tweak what they do in ways I cannot with Microsoft and Google products. So, I was seriously unimpressed when it turned out that I had to compromise my own IT security. Then I was sent to a third party verification service, Persona.

There has been much comment about the terms and conditions used by Persona and I was seriously irritated that I was forced to accept terms that any sensible person would reject if I wanted to get back into LinkedIn. It's worse because while Persona would no doubt owe me a duty of care in negligence, there is no contract between us and so I could not enforce, at least not simply, a requirement that my information is not passed to any third party. "Oh", Persona would say, "you can contract out of that later in the process". And I would say "I know full well that you can pass my information to third parties as soon as I enter it and before the chance to countermand that provision is presented to me".

Worse, after many failed attempts Persona appeared to accept the images of my documents. Then it told me it could not verify them. Another process designed by people who don't use it. Why does it not ask what documents will be submitted and say yes or no before attempts are made to upload them. Incidentally, the document I submitted, my driving licence, met all the requirements set out by Persona: it's just that the system did not work. This, remember, is the type of tech that banks, et al, are using as part of their remote KYC.

Persona said to talk to LinkedIn. LinkedIn said to talk to Persona. The last I heard from Persona was that they said they needed me to give them more personal information so they could try to find what data they hold about me. I refused to give additional information and they have not replied.

Thank you to all those who offered and provided support.

I can't thank you all individually in part because I don't know who you are. Although I created a temporary account (from where I communicated with LinkedIn with a small team who tried to get those causing the problems to fix them) and a small number of contacts found me there. I'll ask the new ones (of which there was a surprisingly high proportion) to migrate to my main account. I know some people pestered LinkedIn directly by forms and emails. I know others made posts targetting LinkedIn and demanding my reinstatement.

LinkedIn has killed more than two months of prospective work which is made worse by the looming Christmas and New Year break. So, I'm available but not, obviously, free.

In the meantime, can I ask that we build a Plan B and that all my contacts and followers sign up for one or more of my newsletters at https://www.financialcrimeriskandcompliance.com/info/?p=subscribe&id=1 . In this way, if LinkedIn has another fit of pernicious false accusations and hostile action without warning, we have a means of communication. Or you could bookmark financialcrimeriskandcompliance.com or worldmoneylaunderingreport.com through which you can make contact if you wish.

What can you do if it happens to you?

I discovered that I am far from alone. A number of very senior, well regarded, people have been blocked and also never told exactly why. In fact it seems that I got more information than most. Perhaps LinkedIn doesn't tell users because when it does so the scale of its own inadequacy is laid bare. One person "went legal" and today I implied that, with all the evidence I had on hand, I was about to do the same. I suspect LinkedIn staff read that all the time but in my case I had evidence. Is there a lesson to learn? Only this: LinkedIn doesn't actually properly review anything until it becomes a nuisance and the first time it becomes a nuisance, it closes the ticket and says to start again. No one reads standard emails to ensure they are relevant: to be told, repeatedly, to take action after I have logged in when the entire point is that I could not log in demonstrates a level of failure to design and test systems in an intelligent (human intelligence) fashion.

Can I tell you how to resolve it ?

No, but a bunch of people willing to go to bat for you can't be a bad thing.

PS: after writing this I scanned my history and found a post warning about a scam and drawing attention to Google's part in facilitating email enabled frauds. That was about the time that my account was blocked. That post has an endorsement saying that only I can see it, that it's been removed because it breaches "Professional Community Guidelines." So, if that was the cause a) it means we cannot reproduce the text of fraudulent documents in order to demonstrate risk and b) LinkedIn lied about the job ad instead of doing a proper investigation. It's not very good, is it?

Nigel Morris-Cotterill is a financial crime risk and compliance pioneer with experience and understanding of systems and tech.