IM Security Term of the Week: "Foley'ed"- E-Discovery Day

|

In Internet News Week our V.P. of Marketing Frank Cabri makes a notable quote along the lines of our usual rapier wit-wielding MVP- Chris Boyd. (e.g. describing IM safety along that "Ben Stiller and Circle of Trust Kind of Thing".)

"Some organizations' ears are ringing from this consumerization of an IT trend and the fact that employees are bringing in unsanctioned applications through the back door," Cabri said. "Organizations are hearing about it from us, from some of the industry analysts, and in many cases, seeing it first hand on their networks."

And yet there are still many that aren't aware of the issue and usage continues to grow. The recent Mark Foley case in the U.S. Congress where, in which Instant Messaging was used to send inappropriate messages to a teenage congressional page, is a case in point.

"Sometimes it takes a Mark Foley-like situation to happen in your own organization to raise awareness of the risk and the impact," Cabri noted. "Obviously, our goal is to help customers before this happens."

"Lets face it, no business wants to get 'Foley'ed' on a national level -- the business consequences of this could be extremely negative."

Ouch- "Foley'ed"- adapt coinage indeed. Frank is, of course, referring to the recent Mark Foley Scandal that recently emerged in IM.

Learn More: See a brief video of Kailash Ambwani, our CEO at Facetime Communications...as he covers why words like "guarantee", "rumor" or incidents like the Mark Foley Scandal and failing to monitor IM (or other greynets) can lead to big problems, especially if you are a big company.]

This cascade of events is one of the drivers that is forcing big companies to take a hard look at their corporate policies, especially with regulatory challenges like:

- Gramm-Leach-Bliley Financial Modernization Act (GLBA)

- Sarbanes-Oxley Act of 2002 (SOX)

- Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Will the Foley Force raise awareness of the issues? Good question and more pertinent than ever now December 1st approaches. What is the big deal about December 1st? It is "E-discovery Day" when things could get more tedious and potentially more costly for the Enterprise if they are not prepared.

E-discovery refers to finding and producing documents stored in electronic form in response to litigation or regulatory requirements. Civil litigants, regulators and criminal prosecutors as a matter of course now ask for copies of selected e-mail communications or make broad requests for all electronic records. After Dec. 1, changes are set to take effect in the Federal Rules of Civil Procedure make e-discovery a standard part of federal proceedings.

So where can you start if you are a large enterprise? First, figure out how much instant messaging traffic is going on in your network-you might be surprised not only by the traffic, but the other insidious malware that rides along. Facetime has a free tool called the RTMonitor that can help with this or you can contact them for a demo.

Best Practices for Emerging Compliance Challenges: Electronic Messaging and Communications (ReymannGroup):

[Download IM Compliance and Regulations Document [PDF] This paper is a great primer on what you need to know.

Some might be wondering...just what is Instant Messaging (IM)? We use it everday, it has been around for a decase, but because of its ephemeral nature we tend to treat it differently. I consulted Archive.org for some background...

Instant Messaging (IM) is an electronic messaging service that allows users to determine whether a certain party is connected to the messaging system at the same time. IM allows them to exchange text messages with connected parties in real time.

To use the service, users must have IM client software installed on their workstations. While there are many types of IM clients, they all tend to function in a similar manner. Client software may either be part of an agency's IT network and available to only registered users, or be public and available to anyone on the Internet. The client software logs into a central server to create connections with other clients logged in at that same time. Users create and exchange messages through their local client application.

Other important points:

* In addition to sending messages, users may have the ability to attach and exchange electronic files such as images, audio, video, and textual documents. This capability depends on the configuration of the individual client software as well as on protocols established at the client server.

* Depending on the software, users who are online may have the ability to respond to messages.

* Users may also block other users with whom they do not want to exchange messages.

* Users may only communicate with others using the same or a compatible client software.

How does IM differ from email?

Fundamentally, the difference between IM and email is the notion of presence. This means that users of the IM system are aware that other users have logged in and are willing to accept messages. Unlike email, IM content can only be sent to users who are logged in to the system and accepting messages. If users are not logged in, others do not have the ability to send them messages.

Because IM is not predicated upon an open standard, there is no uniformity regarding message transmission and structure.

Remember Instant Messenging will be treated like an e-mail- IM, despite its ephemeral or fleeting nature, it is a document- a document that should be factored into your archive equation if you want to cover the bases soundly and not get "Foley'ed"....let's go back to Archive.org...

Does IM content qualify as a Federal Record?

The statutory definition of records (44 U.S.C. 3301) [Google Government Research Query on 44 U.S.C. 3301] includes all machine readable materials made or received by an agency of the United States Government under Federal law or in connection with the transaction of public business. Agencies that allow IM traffic on their networks must recognize that such content may be a Federal record under that definition and must manage the records accordingly. The ephemeral nature of IM heightens the need for users to be aware that they may be creating records using this application, and to properly manage and preserve record content. Agency records management staff determine the record status of the IM content based on the overall records management policies and practices of their agency.

I think in light of the recent scandal (and how many don't we know about...) we probably will see agencies taking a new look at their IM practices- it is potentially too costly to ignore. This isn't the only scandal either, there are others, but they tend to focus around e-mail, again don't discount the ephemeral nature of IM, like the "Boy's Club Case" as reported by Baselinemag.com.

Peratis wanted WestLB to search for e-mail and Bloomberg messages from mailboxes of 19 current and former equities executives, human-resources representatives, bank managers and others, using more than 170 terms. These ranged from Quinby's name and initials, to employment-related words like "fire" and "bonus," to derogatory sexual slang...

In this case I don't know if IM was enabled or factored into discovery. However, according to our recent studies- it often is enabled, whether IT is really aware of it. Odds are after the Foley Case- e-mail will not be the only prime target for discovery- discovery that can be quite expensive to dig up if an Enterprise is not prepared.

About this Entry

This page contains a single entry by published on November 11, 2006 9:49 AM.

Facetime Communications Greynet Study Highlights was the previous entry in this blog.

The Free Myspace Viewer - Beware! is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.