Posted on 04/12/2002 11:03:12 AM PDT by Tumbleweed_Connection
An instant message exchange might seem as fleeting as a phone call or face-to-face chat. But, like everything else on the Net, it can have much more staying power than users think.
Unlike e-mail, the brief IM remarks that pop up on computer screens are not kept on central servers. But that hasn't stopped companies from developing software that snags every message - including those unflattering to the boss.
Interest in IM monitoring is soaring as companies not only look to record important communications but also control information leaks and discourage cyberslacking.
Skeptics say it's just another example of how privacy has all but disappeared in the workplace.
"Some of the practices are far too invasive," said Sarah Andrews, research director of the Electronic Privacy Information Center. "There should be limits on what they can or can't collect."
Just like e-mail or Web traffic, instant messages can be monitored by corporate network administrators - whether those messages are sent to colleagues using a company's own software or flashed to friends across oceans using freely available programs from America Online, Yahoo! or Microsoft.
Privacy advocates say they know of no major incidents so far of disciplinary action for IM abuse. But it may be just a matter of time.
As of last year, only about 20 percent of all instant messenger accounts belonged to business users, according to the consulting firm Radicati Group. By 2004, the percentage is expected to increase to 50 percent.
Jupiter Media Metrix says instant messaging use in U.S. businesses more than doubled from 2.3 billion minutes in September 2000 to 4.9 billion minutes last September.
First marketed as toys for consumers, IM programs quickly pervaded the workplace as people installed them without asking permission, said Michael Gartenberg, research director at Jupiter Media Metrix.
"There was no planning and encryption built in," he said. "This started as an enthusiast tool for people chatting with each other one-on-one."
Even so, once in the workplace, employees found IM useful for fast communication with colleagues and clients.
The financial services industry first felt the need for advanced snooping software to monitor IM traffic because federal regulators require that all communications with clients be kept for auditing.
Though the Securities and Exchange Commission has yet to order that instant messages be kept, investment banking firm Thomas Weisel Partners decided it was better to be safe than sorry.
Last summer, the San Francisco firm blocked all IM traffic. But clients missed the convenience and, by the fall, the messenger programs were back, said Pamela Housley, the firm's director of compliance.
Thomas Weisel Partners signed up for FaceTime's monitoring software, which runs on a computer on the firm's internal network, recording all IM traffic. Certain keywords can be defined to alert managers, or the traffic can simply be put into storage in case it's needed.
So far, there has been no need to inspect the data. And Housley said the company is not interested in reading every message.
"It's just easier to archive it all," she said. "I don't have the manpower to have somebody look at this all day long."
FaceTime also works with electronic archiving systems from companies like SRA International and Zantaz. It must be installed within a corporate network in order to capture all traffic that originates or is received by users of that network.
Earlier this month, White Plains, N.Y.-based Communicator Inc. signed up eight large financial institutions for its Hub IM, which tightly controls communications among customers and competitors with encryption and authentication by directing all traffic to Communicator's systems, the trusted third party.
But unlike FaceTime, all messaging occurs through a proprietary program - not a public system like AOL Instant Messenger.
The companies that make such products see lots of opportunity beyond finance.
"The technology can be applied to any market and any industry," said Gabriela Garner, marketing director for Zantaz. "In fact, we have received a lot of interest across the board in corporate America."
There's no reason not to think that instant message chats won't wind up as fodder in investigations. Stored e-mail has already played a role in probes involving the Clinton White House and Enron Corp., to name a few examples.
Privacy advocates wonder, though, whether constant monitoring of simple chats might be taking paranoia too far.
"We know people do a certain amount of personal business at work," said Richard M. Smith, an Internet and privacy consultant. "A company has a legitimate interest in limiting that ... but if it's personal they don't have any right to listen in."
So far, the courts have yet to make any distinctions between instant messages and other forms of electronic communications, such as e-mail.
Though some argue that the technology deserves protection like telephone calls, instant messages are more likely to be treated like e-mail.
Employers typically issue guidelines and warnings against personal use of e-mail when company equipment and networks are involved.
"In the private sector, the law has been charitable to employers ... as there is a reasonable amount of notice," said Lee Tien, an Electronic Frontier Foundation attorney.
Customers of Zantaz reported a lot fewer e-mail jokes and goofing off when it began deploying its e-mail monitoring products, said Garner, the company's marketing manager.
"It changed the employee behavior. Their productivity went up," she said. "They were a little bit more careful with their communication. It will be the same with IM."
I work as an information security officer in our IT department, and occasionally I have to check up on what people are doing at their workstations.
The over-riding principle here is a) the company owns the PC, b) the company owns the internet connection, and c) the company owns the mail servers.
They have every right in the world to monitor how that equipment is being used. Period.
In other words, tell me how many dollars those HR people who disciplined employees for unauthorized email use put into the company coffers? How many dollars did you put into company coffers?
As a friend of mine (an engineering manager for a major grocery chain) told his HR people when they wanted to fire one of his best store designers over a weak harassment allegation by a secretary - "How does this help us deliver groceries?"
I don't want to get in to some defense of IT, because that's a silly issue. While IT may not generate revenue, systems management, systems maintenance, and information security are safeguards of company information. It's the old saying, you don't need us until you need us, but when you need us, you need us NOW!
I agree with you that random harassment of employees over email systems is silly, but I have never seen that happen. Generally, a request for information is generated due to a complaint received by another employee.
IT people don't make HR policy or rules. If I get a request from an HR person that says "Mr. Soandso has been reported to HR by a co-worker for (whatever reason, usually porn related), and we want to know his activity for the last 30 days". At that point, it's not my place to make some value judgement about whether I think this is just or not. I get paid to do a job, and that's what I do. So I crack his PC, scan his files, his cookies, his cache, his history. Then I run a firewall sweep, and see where he's been going. Then I run through his mail files, and see what's going on there. When that's all done, I put all my findings in a report, and hand it to my boss, who reviews it and sends it back to HR. At that point it's out of my hands. HR will do whatever they need to do with him.
We all know the score. Mr. Soandso has been surfing porn sites and some other co-worker took offense. How much money will it cost the company to litigate a sexual harrasment suit? If the guy gets booted quietly, it saves money and publicity (which no company wants). If Mr. Soandso was an important cog in the operation, he should have known better. All companies have internet and mail usage policies, they are there for a reason.
I don't know what you do for a living, but the larger the company, the more sensitive they are to this sort of stuff. And the point still remains - it is the company's equipment, they are allowed to set the rules. If people think the rules are silly or stupid, then they should start their own company. Do I think some HR and corporate security people are overbearing, hell yes! But once again, it's not the employee's system to abuse, and when you work for someone else, you have to play by their rules.
I agree. I worked for a large telecomm company that was very big on all those perks. You would be suprised how many people don't take advantage of those opportunities.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.