Posts under ‘Leaked Shell Emails’

We should not give the impression that we are over-concerned with the D’s website, or that management spends a lot of time worrying about it. (Shell)

By John Donovan

I am still studying the Shell internal documents and communications the company was recently obliged to supply to me in accordance with an application under the Data Protection Act.

It is interesting to note the way events in our unusual relationship with Shell have been spun by Shell lawyers, depending on who is being given the information.

Richard Wiseman (right) is now the Chief Ethics & Compliance Officer of Royal Dutch Shell Plc. We crossed swords with him many times during the seven separate court actions we brought against the oil giant, which settled ALL of these claims, involving breach of confidence, breach of contract and libel.

You would never guess this when reading the written briefings given regularly to a Shell senior management obsessed with our activities, to the extent of running a global spying operation against Shell employees, the Donovan’s and our website. This includes “invisible” investigations involving Shell Corporate Affairs Security (CAS), trying to discover who is supplying us with insider information, and who is visiting or posting information on our Shell Blog from Shell premises.

Since Wiseman was intimately involved in the bouts of litigation heading up Shell’s legal team, it is inconceivable that he has not had an input into the written briefings, at the very least checking to ensure accuracy. Indeed, he informed me when we last met at a Shell AGM (in 2006?) that he is still brought in to all matters involving the Donovan’s, including the royaldutchshellplc.com domain name battle, which Shell also lost.

I will just pick out a few examples of blatant spin in a briefing dated 31 August 2007.

1. The first sentence of the first paragraph states:

We should not give the impression that we are over-concerned with the D’s website, or that management spends a lot of time worrying about it.

This is like a boxer trying to pretend that punches to his midriff are not making any impression, when everyone else is gasping at the obvious damage from sickening blows. A small selection of Shell internal documents, mainly from 2007 onwards, confirm that contrary to the self-delusion, Shell management is indeed obsessed by our activities.

2. Shell says in the briefing document:

…the company has always refrained from commenting on specific issues raised by the Ds and will continue to do so.

Anyone who has seen the recent published email correspondence I had with Wiseman in relation to the worlds biggest breach of employee data knows this claim is more BS. Extracts from what Wiseman said to me in his email replies were republished around the world. Shell lawyers have provided comment many times previously as would be obvious to our regular visitors.

3.  Shell also said in the internal briefing document:

In the early ’90s when Shell wanted to use Make Money again, Mr D claimed that he still owned the concept. Shell paid D for the transfer of the concept. Mr D then launched legal action against Shell in connection with two other promotions. While Shell was confident of defeating the claim, in the interest of saving costs for both sides, it was agreed that the matter would be settled. Following this settlement, Mr D sued Shell again. He claimed that he had invented the Smart promotion and that Shell had “stolen” it from him. The case went to court but Mr D eventually abandoned his claim

Yes, Shell did settle the Make Money claim, but only after we issued High Court proceedings seeking an injunction.

With regards to the litigation concerning “two other promotions”, Shell says it settled to save both sides costs. How unusually generous of Shell. We previously received an entirely different explanation from Mr Wiseman in his email dated May 1997. At the time, he was claiming  that Shell had settled out of a moral obligation which  arose out of the termination of the Company’s long standing relationship with us, not out of any particular claim. In fact, Shell settled after independent mediators reached the conclusion, after accessing the evidence and interviewing key witnesses, that “Don Marketing has been pissed on from a very great height”. A memorable verdict.

Wiseman claiming that Shell settled with us on moral grounds is on a par with the claim by Shell executive director, Malcolm Brinded, that Shell settled the Wiwa litigation last June on the court room steps for $15.5 million as a “goodwill gesture”, after Shell had dragged out the proceedings for many years. Oil and morals do not mix. All such decisions by Shell are taken on purely commercial grounds, which factor in potential reputational damage.

Shell also misrepresents the outcome of the SMART trial. Shell made two settlement proposals. I rejected the first and accepted the second only after it was agreed that my legal costs would be paid and that I would receive a secret payment not even disclosed to the trial Judge.

What hope is there for Shell management to make informed decisions when such inaccurate self-serving information, trying to cover-up past embarrassments, is conveyed to them?

News articles generated by royaldutchshellplc.com and its Shell insider sources in 2009

A lengthy document sent by allegedly disillusioned Shell employees to leading environmental and human rights activists sought to launch a corporate revolution at the oil giant.

The document, which was given to IT PRO, was attached to a leaked database containing contact details of nearly every Shell employee. It was sent by 116 disillusioned full-time employees in the US, the UK and the Netherlands to Greenpeace and other campaign groups active in Nigeria.

The document contained information on how the contact database could be used change the way Shell operates, by influencing employees, the public, top institutional investors and non-governmental organisations.

“Using the files we have attached… the Royal Dutch Shell Corporate Revolution that we propose and describe in large detail in Section 5 of this document provides a step-by-step guide on how to shatter the walls of mass ignorance in the corporation in order to bring about informed and meaningful insider dissent from Shell’s common-folk robot employees,” the document reads.

One recipient of the files, John Donovan, a campaigner at anti-Shell website www.royaldutchshellplc.com, told IT PRO that the disillusioned employees may have been planted there by activists solely to extract information such as the database. Donovan said more data breaches would be forthcoming at the oil giant.

According to the document, the employees are upset at a range of environmental and human rights abuses that they believe their employer is taking in Nigeria, one of its key markets for energy exploration.

“We are extremely concerned regarding Shell’s behaviour in Nigeria and we are disgusted by the injustices that Shell is committing in Nigeria,” they wrote.

The document was not signed by the authors, they say, to protect their own jobs. They fear they would be sacked if they revealed their identities.

Shell accepts that the database is genuine, but says it believes that the covering letter is not.

The oil giant publicly argues that individuals’ security has not been affected by the distribution of the database. However, an email apparently sent by Shell’s chief ethics and compliance officer Richard Wiseman suggests there are wider internal security concerns.

“Although the vast majority of information in the [Shell corporate] Address Book is largely business related, there may be cases where the security of an individual may be impacted by release of such information,” Wiseman wrote.

Some personal phone numbers are included in the database where the individual uses that number to work from home. IT PRO understands that Wiseman sent a memo to Shell staff declaring that some might receive nuisance phone calls.

Donovan said: “We expect to receive further leaked information from Shell insiders.”

Shell is currently investigating the circumstances under which the database was leaked. This investigation includes trying to identify if hackers were involved.

The company could offer no comment on whether the leak was caused by people or if it’s a process or technology issue, and what actions it would take to prevent the issue happening again.

SOURCE ARTICLE

By John Donovan

Shell media spin machine went into overdrive last week trying to downplay the worlds biggest ever leak of employee details, including personal information, which Shell Ethics boss Richard Wiseman, has twice admitted puts the safety of some employees at risk.

A copy of a related email from Mr Wendel Broere, Group spokesman, Global media relations, Shell International B.V, desperately engaged on a damage limitation exercise with the news media, was leaked to me on the day it was sent. My role is discussed in the email, no doubt because I am the person who broke the story which turned into a global PR disaster for Shell, with all kinds of unwelcome repercussions, including an investigation by the Information Commissioners Office and the prospect of a fine for being reckless with confidential employee data.

The information sent by Broere on the record says that Shell is investigating the matter and will comply with all legal requirements. The issue of personal security is only mentioned “Off the record” in his email, down-played to being no greater risk to Shell employee personal safety than merely handing out a business card.

Shell now says there was no private address information. That was not the case in the leaked employee data I received which Shell pressured me into destroying before Shell media started pumping out smoke. In fact, many post-codes were included in the data: Far more than could be only Shell addresses. Also personal mobile phone numbers, along with an array of other contact information.

The line now being taken by Shell is totally incompatible with the unambiguous statement on the personal security aspect made by Shell Ethics Richard Wiseman that he subsequently reconfirmed to me by email. This was after I published a leaked email Wiseman had sent to all employees, which failed to mention any risk to personal safety.

And it was not just Shell employee information that was leaked, but four other data files, all forming part of an carefully contrived plan – formulated with almost military precision – for a claimed corporate revolution at Shell by a subversive group that appears to have successfully infiltrated the oil giant. The whole thrust of the plan directed at Shell is motivated by its alleged crimes in Nigeria, which are listed in the extraordinary document.

Following contact with the Information Commissioners Office, we have also destroyed the other related files supplied within the attachment containing the Shell Global Address Book. However, we understand that now that the information has escaped into cyber-space, it will always be potentially retrievable.

Although Shell Corporate Affairs Security (CAS) is mounting a major investigation, how much confidence can employees have in a department headed by retired spooks, when CAS was presumably ultimately responsible for safeguarding security in the first place? At least it might divert CAS from carrying out “invisible” investigations against the Donovans.

Clearly the global spying by CAS against Shell employees to try to stop information from reaching us has not been entirely successful. The flood of leaked Shell information continues unabated.

According to a posting on our Shell Blog by a Shell IT insider (a regular contributor of articles to this website) a breach of the employee Directory could have happened at anytime in the last decade:

IT4me: What interests me about the Directory Leak story is that any competent scripter could have done this at any time in the last 10 years using just NOTEPAD and maybe 20 lines of VBS code. That’s because Active Directory (parts of it anyway) have been left open for use by RDS’s diverse collection of systems. So why didn’t it happen before ? And why doesn’t this sort of thing ever happen at GOOGLE ?

The Register

Posted in IT Director, 15th February 2010 09:20 GMT

By John Oates

Article by Glen Frost, Editor, The PR Report

Yes, 15 billion. This is the claim of John Donovan, a UK blogger who campaigns against  the global oil producing giant Shell (full name Royal Dutch Shell) using his blog www.royaldutchshellplc.com .

Arguably the most powerful blog in the world dedicated to covering one company; and intrigued as to how the site developed such influence, Glen Frost met with the blog’s founders, John and Alfred Donovan, to get the full story.

EXTRACTS

The blog is now so popular, and trusted, the site appears on the front page of major newspapers (see pictures), and has ex‐employees from Shell contributing regular articles

The Russian connection: the scoop that made the  Donovan’s blog famous

The Donovans had been collecting and publishing information online about Shell’s activities since 2001; this information dates back to the mid 1980’s and their former business relationship with Shell. Over the years, more and more people in the oil industry discovered the website, and the Donovan’ s have been swamped with information about Shell from both suppliers, contractors, insiders and former employees.

Some of this information concerned Shell’s activities in Russia from 1996. A Shell‐led consortium (called Sakhalin Energy) and the Russian Government entered into a production sharing agreement. It was information on alleged environmental abuses by the consortium from the Donovan’ s that killed the deal. John Donovan said he suspected his information was the trigger but didn’t know for sure until Oleg Mitvol, a senior figure in the Russian Government, stated so in a media interview.

Asked by a journalist from PetroleumArgus, a trade magazine, who his sources were for the environmental abuse charges that Mitvol laid against the Sakhalin Energy consortium, Mitvol, then deputy head of Russia’s environmental watchdog Rosprirodnadzor, said he had “email correspondence between executives in Sakhalin Energy management from 2002.”

The compromising material had come from Donovan, owner and blogger of the anti‐Shell website www.royaldutchshellplc.com, Mitvol said.

Donovan estimates the value lost to Shell is US$15 billion.

The Donovan’s website is a full frontal attack on Shell’s management and ethics. Shell has tried to shut the site down on the grounds that it uses the company name. However, the site www.royaldutchshellplc.com  makes no money, and, crucially, is registered in the USA, where laws on websites are weighted in favour of the domain owner.

“Our site receives up to 2.2 million hits a month; we want it to become a magnet for people who have a problem with the
company,” says Donovan.  “Many of the people using the site are Shell employees.

Blog publishes market sensitive information

Donovan publishes market sensitive information on the site, and he, and the website, are now quoted by esteemed news organisations like Reuters and The Financial Times. For example, Donovan  published information questioning the level of Shell’s reserves, in which the company was found to have inflated its oil and gas reserves by some 20% in 2003‐04, which led to negative media headlines.

The picture (right; The Daily mail, UK 8th Sept 2009) shows how Donovan’s blog published details of staff cuts before Shell had announced them to the markets and the media.

Because of the blog, and the Donovan’s insistence on publishing all information he can verify about Shell, good and bad, John Donovan’s influence with the media is now global, instant and at a senior level – John lists the names of all the UK, US and global media outlets, their Editors or senior correspondents covering corporate news or the oil sector as his contacts.

Shell’s external PR advisors

A post on the Donovan’s website links to an article in a recently published book on corporate reputation and the rise of blog sites that attack, or expose, poor corporate ethics and illegal or dubious corporate activity, and what CEOs should do about such sites; http://www.shellnews.net/images/CorporateReputationAED.pdf ‐ the book is written by Dr Leslie Gaines‐Ross, who, incidentally, was previously CMO of Burson‐Marsteller USA, who manage Shell’s public relations.

FULL ARTICLE (FREE SUBSCRIPTION)
Previous PR Report issues here: http://thepublicinterest.ning.com
PR Report Facebook page: http://tinyurl.com/ykg6p7j
PR Report YouTube channel: www.youtube.com/theprreport

EXTRACT FROM BOOK REFERRED TO ABOVE: “REPUTATION LOSS – 12 Steps to safeguarding and Recovering Reputation”

One such empowered activist is arch Shell critic Alfred Donovan. No one was more surprised than Royal Dutch Shell PLC to learn that this 88-year-old British army veteran had purchased the Internet domain name www.royaldutchshellplc.com. The gadfly Donovan was a well-known, though underestimated, critic of the company. By acquiring the domain name, Donovan obtained the perfect platform to voice his criticisms of the oil giant. Who would have thought a decade ago that such an unlikely individual could stand up to a corporate powerhouse, waging a war of words against one of the world’s largest companies?

Evening Express: Claim that oil firm staff could be at risk

By Jennifer McKiernan and Charlotte Jordan

Published: 12/02/2010

ADVICE: Shell employees at Tullos have been told not to be alarmed

A DATA leak has put Shell oil workers in danger from cyber-criminals and environmental activists, it was claimed today.

A Shell database containing details of 102,000 employees and contractor information was accessed and sent out from the firm, which has a major base in Aberdeen.

The information includes private addresses and mobile phone numbers.

Among those to be sent the details were British blogger John Donovan who said the personal details could be used to dupe staff and put workers in dangerous situation.

He said he “knew for certain” the data had been passed to a Nigerian activist organisation and six other groups.

And he accused the oil company of “covering-up” the full extent of risk to staff.

E-mails from Shell’s chief ethics and compliance officer Richard Wiseman said employee and contractor security could be compromised by the leaked data.

Mr Donovan said: “I voluntarily agreed not to make the database accessible online because bosses stressed the potential risk to the personal safety of some Shell employees.

“He probably had in mind employees in Nigeria at risk of kidnapping.”

However, in a public e-mail sent to all Shell staff, including those in the North-east, Mr Wiseman reassured staff there was “no need to be alarmed” about the leak, which he said could result in “nuisance telephone calls”.

A Shell spokesman said: “The details of such data are primarily business related. We will investigate this matter and comply with all legal requirements in relation to this issue.”

jmckiernan@ajl.co.uk

ComputerWeekly.com

Ian Grant
Friday 12 February 2010 05:49

Royal Dutch Shell may have been infiltrated by activists, according to one of the people who received an e-mail containing Shell’s staff contact details and a 177-page infiltration guide.

The Times
February 13, 2010

The leaked list includes the names and telephone numbers of 170,000 staff

Robin Pagnamenta, Energy Editor

A full-scale investigation was under way last night into a security breach at Royal Dutch Shell as the oil company faced explaining to staff how the personal details of 170,000 employees and contractors had made their way on to the internet.

The Times has learnt that seven non-governmental organisations (NGOs) who were e-mailed a database of all Shell staff this month have been dragged into the row.

Shell has contacted all the groups — which include Greenpeace’s American office, Earthrights, Justice in Nigeria Now, Shell Guilty, Friends of the Earth (Netherlands), Remember Sarowiwa and CCR Justice — with a demand that they delete the database or face legal action under the UK Data Protection Act.

The list includes names, telephone numbers and other details of employees and contractors working for Shell worldwide. A small number of personal addresses were included in the list, which was leaked to the NGOs and to an anti-Shell website, Royaldutchshellplc.com, in an apparent attempt to highlight Shell’s activities in Nigeria and to call for changes to company policy in the country.

A Shell statement said: “We will investigate this matter and comply with all legal requirements in relation to this issue.” Shell confirmed that its security department had launched an internal investigation into the affair and was working to ensure that no further breaches were possible.

John Donovan, one of the creators of the Royaldutchshellplc website, which has become a focus for attacks on the Anglo-Dutch oil company for several years, said that he had threatened to publish the database on his website. He said that he had chosen not to after an exchange of e-mails, during which Shell advised him that to do so would be a criminal offence.

The security breach at Shell has emerged two months before the introduction of new rules that will mean companies could be fined up to £500,000 if they are reckless with personal information. The Information Commissioner’s Office, which has regulatory responsibility for data breaches, said yesterday that the ICO was “aware of the incident”. From April 6, the ICO will have the power to levy fines on companies that suffer similar leaks.

A spokesman for Greenpeace said that the database appeared to have been sent to a number of the NGO’s staff in the United States.

Shell added that it did not believe that a lengthy cover letter attached to the database, which was alleged to have come from more than 100 of the company’s own staff, was genuine.

Yesterday Shell sought to play down the leak. A statement said: “Certain data concerning Shell employees and other individuals on our internal address list has been disclosed to some external parties. The data is mainly business-related.”

A spokesman for BP said that it never discussed security issues.

Data protection duty

Under the Data Protection Act, companies are obliged to keep employees’ data secure by having up-to-date security. It should not be sent to other countries unless they have adequate protection.

The Information Commissioner’s power to punish companies in breach is limited. Fines for failing to protect against loss of personal data tend to be under £5,000. However, in financial services, the Financial Services Authority can punish failure to protect data; it fined HSBC £3.2 million for not taking adequate steps to prevent clients’ details being lost or stolen.

New laws are being considered for the Information Commissioner to punish companies in cases of loss of personal data for failing to have adequate measures in place. Fines could reach £500,000.

Shell would escape liabilty if the breach were found to be a result not of carelessness but of work by sophisticated operators beating controls. Those people, if found, could face criminal prosecution.

TIMES ARTICLE