Companies may now monitor employees' instant messages

[R. A. Hettinga]

http://www.nandotimes.com/technology/v-text/story/358924p-2911982c.html?printer



------------------------------------------------------------------------

Companies may now monitor employees' instant messages
Copyright © 2002 AP Online
 	E-mail this story

By MATTHEW FORDAHL, AP Technology Writer
FOSTER CITY, Calif. (April 13, 2002 12:41 a.m. EDT) - An instant message
exchange might seem as fleeting as a phone call or face-to-face chat. But,
like everything else on the Internet, it can have much more staying power
than users realize.

Unlike e-mail, the brief IM remarks that pop up on computer screens are not
kept on central servers. But that hasn't stopped companies from developing
software that snags every message - including those unflattering to the
boss.

Interest in IM monitoring is soaring as companies not only look to record
important communications but also control information leaks and discourage
cyberslacking.

Skeptics say it's just another example of how privacy has all but
disappeared in the workplace.

"Some of the practices are far too invasive," said Sarah Andrews, research
director of the Electronic Privacy Information Center. "There should be
limits on what they can or can't collect."

Just like e-mail or Web traffic, instant messages can be monitored by
corporate network administrators - whether those messages are sent to
colleagues using a company's own software or flashed to friends across
oceans using freely available programs from America Online, Yahoo! or
Microsoft.

Privacy advocates say they know of no major incidents so far of
disciplinary action for IM abuse. But it may be just a matter of time.

As of last year, only about 20 percent of all instant messenger accounts
belonged to business users, according to the consulting firm Radicati
Group. By 2004, the percentage is expected to increase to 50 percent.

Jupiter Media Metrix says instant messaging use in U.S. businesses more
than doubled from 2.3 billion minutes in September 2000 to 4.9 billion
minutes last September.

First marketed as toys for consumers, IM programs quickly pervaded the
workplace as people installed them without asking permission, said Michael
Gartenberg, research director at Jupiter Media Metrix.

"There was no planning and encryption built in," he said. "This started as
an enthusiast tool for people chatting with each other one-on-one."

Even so, once in the workplace, employees found IM useful for fast
communication with colleagues and clients.

The financial services industry first felt the need for advanced snooping
software to monitor IM traffic because federal regulators require that all
communications with clients be kept for auditing.

Though the Securities and Exchange Commission has yet to order that instant
messages be kept, investment banking firm Thomas Weisel Partners decided it
was better to be safe than sorry.

Last summer, the San Francisco firm blocked all IM traffic. But clients
missed the convenience and, by the fall, the messenger programs were back,
said Pamela Housley, the firm's director of compliance.

Thomas Weisel Partners signed up for FaceTime's monitoring software, which
runs on a computer on the firm's internal network, recording all IM
traffic. Certain keywords can be defined to alert managers, or the traffic
can simply be put into storage in case it's needed.

So far, there has been no need to inspect the data. And Housley said the
company is not interested in reading every message.

"It's just easier to archive it all," she said. "I don't have the manpower
to have somebody look at this all day long."

FaceTime also works with electronic archiving systems from companies like
SRA International and Zantaz. It must be installed within a corporate
network in order to capture all traffic that originates or is received by
users of that network.

Earlier this month, White Plains, N.Y.-based Communicator Inc. signed up
eight large financial institutions for its Hub IM, which tightly controls
communications among customers and competitors with encryption and
authentication by directing all traffic to Communicator's systems, the
trusted third party.

But unlike FaceTime, all messaging occurs through a proprietary program -
not a public system like AOL Instant Messenger.

The companies that make such products see lots of opportunity beyond finance.

"The technology can be applied to any market and any industry," said
Gabriela Garner, marketing director for Zantaz. "In fact, we have received
a lot of interest across the board in corporate America."

There's no reason not to think that instant message chats won't wind up as
fodder in investigations. Stored e-mail has already played a role in probes
involving the Clinton White House and Enron Corp., to name a few examples.

Privacy advocates wonder, though, whether constant monitoring of simple
chats might be taking paranoia too far.

"We know people do a certain amount of personal business at work," said
Richard M. Smith, an Internet and privacy consultant. "A company has a
legitimate interest in limiting that ... but if it's personal they don't
have any right to listen in."

So far, the courts have yet to make any distinctions between instant
messages and other forms of electronic communications, such as e-mail.

Though some argue that the technology deserves protection like telephone
calls, instant messages are more likely to be treated like e-mail.

Employers typically issue guidelines and warnings against personal use of
e-mail when company equipment and networks are involved.

"In the private sector, the law has been charitable to employers ... as
there is a reasonable amount of notice," said Lee Tien, an Electronic
Frontier Foundation attorney.

Customers of Zantaz reported a lot fewer e-mail jokes and goofing off when
it began deploying its e-mail monitoring products, said Garner, the
company's marketing manager.

"It changed the employee behavior. Their productivity went up," she said.
"They were a little bit more careful with their communication. It will be
the same with IM."

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com