Communication glut - Instant messaging isn't private
Monday, August 5, 2002
"I think Mark is doing the right thing by going into rehab," Tim Gordon, vice president of an online concierge service, typed quickly to a friend. Sitting at his office computer, Gordon was multitasking in cyberspace as usual, holding several instant-messaging conversations at once.
And that's why he accidentally sent the message to a co-worker, not to his friend.
Sound familiar? Even people who successfully navigated earlier methods of communication, who never put a thank-you note in the wrong envelope, or dialed one friend's number thinking it was another friend's, have by now experienced e-mail mortification. It may have been an offensive joke accidentally sent to the boss or a love note that got broadcast company-wide.
Personal embarrassment pales, however, when compared with the ramifications of a business message getting into the wrong hands. E-mail has made it easier to have that happen. Click the mouse and, poof, there go those inventory figures your group needed. But you may, through inattention, have sent them to your competitor. And the use of instant messaging, those real-time electronic exchanges between friends and colleagues, is heightening the potential for disaster, or at least embarrassment.
Because while e-mail and instant messaging may be casual, they are not without consequence. Particularly in business.
The first big electronic wake-up call came when Microsoft Corp.'s internal e-mails were used against the software maker in the Justice Department's anti-trust case.
Messages don't quite disappear
Despite warnings, many continued to believe (still do) that electronic notes disappear into the ether, never to be seen again. Not quite. Just ask Merrill Lynch securities analyst Henry Blodget, whose e-mails became the cornerstone of a federal investigation into his company. When those internal e-mails became public, we read what Blodget wrote about stocks he'd recommended: "such a piece of crap,'' and a "dog.''
And so our collective attention shifted once again to the consequences of our e-mail actions. As most people now know, it turns out it's much harder to shred an electronic document than a paper one, especially when it has been sent to numerous recipients, copied, saved and forwarded. Today no corporate malfeasance story would be complete without mention of the authorities seizing the hard drives of the company's computers.
By now e-mails sent must number in the trillions or beyond. As for the more recent instant messaging, about 16.9 million people "ping" others at work, according to ComScore Media Metrix in Reston, Va.
The casual nature of both stems in part from the fact that both were devised for use in private life, for communicating with friends and family from a home computer. But it didn't take long for companies to recognize the obvious usefulness of ways to send company-wide memos (e-mail) and keep up an ongoing conversation among employees (instant messaging).
And so firms patched together their own systems. E-mail programs were an easy purchase. For messaging, though, some use proprietary intranet-type programs that allow communication only within the organization. Others imported one of the top instant-messaging services created for consumers by AOL, Yahoo and Microsoft. And some have resorted to a patchwork of programs.
It's the instant messaging that now causes confusion. The technology-savvy (or just those who follow the news) know that e-mails can be retrieved from computers' hard drives. Many companies back up internal e-mails.
May start monitoring IM
But most people think that instant messages are different, that once a message is sent, because it doesn't appear in any mailbox or sit on any server, that the thought is forever gone, the evidence irrevocably erased. In theory they're correct: Spokesmen for AOL Instant Messenger, Yahoo Messenger and Exchange 2000 IM from Microsoft all say that instant messages skip from server to server, but that no material is cached.
"People don't understand the nature of IM,'' says Michael Gartenberg, a research analyst with Jupiter Research in New York. Because of that, he predicts instant messaging will become much more of a problem to businesses than e-mails in the near future. He expects companies to soon begin creating policies that monitor the message flow.
In a recent report titled "What May Lurk in Your IM Session,'' the Gartner Group research firm recommends that companies develop written policies on acceptable use of instant messaging because "IM can be used as an untraceable channel for leaking files, source code and financial information."
Untraceable, says the report's author, Richard Stiennon, because some companies are still not tracking the mail.
Although the major IM services do not archive messages, recipients can choose to save them. And the messages do travel through servers, at different speeds depending upon the time of day and the system's configurations. While the mail may not be officially cached, it is possible to retrieve it at certain moments, like taking snapshots.
"In theory, the FBI could monitor IM traffic over AOL,'' says Stiennon. "In practice, it's a difficult task.''
Corporate message theft is the modern-day version of disgruntled employees walking out with boxes of sensitive files, says Stiennon. Now, he says, they just send company information to their personal accounts, where it can be disseminated more easily. Stiennon says he knows of a case at a dot-com where an angry employee logged into his boss' computer and posted the boss' messages to a public Web site.
Speaking of this medium where people often say things they wouldn't dare write even in e-mails, let alone on a piece of stationery, Stiennon advises, "Treat IM like it's going to end up on the front page" of the newspaper the next day.
Businesses have at least three reasons to fear instant messaging: the liability from notes that come back to haunt the company, lost productivity as employees chat the day away, and the blocking of the network's pipes as conversations drag on.