From March this year all ISPs will be expected by law to retain email
communications that pass through its servers. Civil liberties aside, the new law does not take into consideration the new generation of internet users that regularly use real-time communications and social networking sites such as Instant Messaging, Facebook chat and Skype to communicate.
“In today’s connected world, millions of users are already using IM to try and bypass email security controls that their employers have put in place,”
says Nick Sears, VP EMEA of FaceTime Communications. “When monitoring communications email is just one part of the story and it can’t be treated in isolation – it would be like locking the front door, but leaving the ground floor windows open not to look at real time communications tools such as IM, P2P and social networks.”
At the beginning of 2008 Jérôme Kerviel was arrested after causing a reported £3.6bn loss to Société Générale. Much of the communication for his crime was carried out over instant messaging. He believed that IM allowed him to circumvent the corporate controls on his email account. Fortunately in this case he was wrong and Société Générale was able to retrieve these instant messages provided a clear trail for investigators.
It may have been a different outcome if the messages were sent over Skype for instance, which encrypts the message end to end. This story is perhaps the most high profile to date, but FaceTime can point to thousands of crimes occurring over IM, P2P and other Web 2.0 communications every month – with social networks, IM communications and P2P networks being utilised in the sharing of illicit content and materials.
“Most security organisations are predicting that real-time communication and social networking sites will be the main focus for cyber criminals in 2009. If combating crime is the primary reason for implementing this law, then the Government should urgently review these plans to include the technology being used today, not yesterday,” concludes Nick Sears.