Now on the monitoring radar: Instant messages

Thursday, April 11th 2002, 12:00 am

By: News On 6

FOSTER CITY, Calif. (AP) _ An instant message exchange might seem as fleeting as a phone call or face-to-face chat. But, like everything else on the Net, it can have much more staying power than users think.

Unlike e-mail, the brief IM remarks that pop up on computer screens are not kept on central servers. But that hasn't stopped companies from developing software that snags every message _ including those unflattering to the boss.

Interest in IM monitoring is soaring as companies not only look to record important communications but also control information leaks and discourage cyberslacking.

Skeptics say it's just another example of how privacy has all but disappeared in the workplace.

``Some of the practices are far too invasive,'' said Sarah Andrews, research director of the Electronic Privacy Information Center. ``There should be limits on what they can or can't collect.''

Just like e-mail or Web traffic, instant messages can be monitored by corporate network administrators _ whether those messages are sent to colleagues using a company's own software or flashed to friends across oceans using freely available programs from America Online, Yahoo! or Microsoft.

Privacy advocates say they know of no major incidents so far of disciplinary action for IM abuse. But it may be just a matter of time.

As of last year, only about 20 percent of all instant messenger accounts belonged to business users, according to the consulting firm Radicati Group. By 2004, the percentage is expected to increase to 50 percent.

Jupiter Media Metrix says instant messaging use in U.S. businesses more than doubled from 2.3 billion minutes in September 2000 to 4.9 billion minutes last September.

First marketed as toys for consumers, IM programs quickly pervaded the workplace as people installed them without asking permission, said Michael Gartenberg, research director at Jupiter Media Metrix.

``There was no planning and encryption built in,'' he said. ``This started as an enthusiast tool for people chatting with each other one-on-one.''

Even so, once in the workplace, employees found IM useful for fast communication with colleagues and clients.

The financial services industry first felt the need for advanced snooping software to monitor IM traffic because federal regulators require that all communications with clients be kept for auditing.

Though the Securities and Exchange Commission has yet to order that instant messages be kept, investment banking firm Thomas Weisel Partners decided it was better to be safe than sorry.

Last summer, the San Francisco firm blocked all IM traffic. But clients missed the convenience and, by the fall, the messenger programs were back, said Pamela Housley, the firm's director of compliance.

Thomas Weisel Partners signed up for FaceTime's monitoring software, which runs on a computer on the firm's internal network, recording all IM traffic. Certain keywords can be defined to alert managers, or the traffic can simply be put into storage in case it's needed.

So far, there has been no need to inspect the data. And Housley said the company is not interested in reading every message.

``It's just easier to archive it all,'' she said. ``I don't have the manpower to have somebody look at this all day long.''

FaceTime also works with electronic archiving systems from companies like SRA International and Zantaz. It must be installed within a corporate network in order to capture all traffic that originates or is received by users of that network.

Earlier this month, White Plains, N.Y.-based Communicator Inc. signed up eight large financial institutions for its Hub IM, which tightly controls communications among customers and competitors with encryption and authentication by directing all traffic to Communicator's systems, the trusted third party.

But unlike FaceTime, all messaging occurs through a proprietary program _ not a public system like AOL Instant Messenger.

The companies that make such products see lots of opportunity beyond finance.

``The technology can be applied to any market and any industry,'' said Gabriela Garner, marketing director for Zantaz. ``In fact, we have received a lot of interest across the board in corporate America.''

There's no reason not to think that instant message chats won't wind up as fodder in investigations. Stored e-mail has already played a role in probes involving the Clinton White House and Enron Corp., to name a few examples.

Privacy advocates wonder, though, whether constant monitoring of simple chats might be taking paranoia too far.

``We know people do a certain amount of personal business at work,'' said Richard M. Smith, an Internet and privacy consultant. ``A company has a legitimate interest in limiting that ... but if it's personal they don't have any right to listen in.''

So far, the courts have yet to make any distinctions between instant messages and other forms of electronic communications, such as e-mail.

Though some argue that the technology deserves protection like telephone calls, instant messages are more likely to be treated like e-mail.

Employers typically issue guidelines and warnings against personal use of e-mail when company equipment and networks are involved.

``In the private sector, the law has been charitable to employers ... as there is a reasonable amount of notice,'' said Lee Tien, an Electronic Frontier Foundation attorney.

Customers of Zantaz reported a lot fewer e-mail jokes and goofing off when it began deploying its e-mail monitoring products, said Garner, the company's marketing manager.

``It changed the employee behavior. Their productivity went up,'' she said. ``They were a little bit more careful with their communication. It will be the same with IM.''