Instant messaging, once the best way to communicate sensitive information off the radar screen of your employer, is no longer a guaranteed private affair-despite the best efforts of many inventive users.
Remember that instant message you just sent to the new hire in the next cubicle? You know, the IM in which you made a disparaging remark about the manager down the hall? Or, how about that IM you just sent to a client about your department's push to 'run ahead' (trader talk for timing a trade a bit ahead of the market)?
Think twice next time. It's fair to assume that the boss-and maybe even the SEC-could be getting your IM messages now, too.
Dozens of new software programs with titles such as IMLogic and Facetime are wending their way into a growing number of US firms across the financial services landscape. Employers can read your once-untraceable IMs in detail, screening them for certain words or phrases -- either in real-time or at the end of each work day.
In addition, companies such as Merrill Lynch and Lehman Brothers are building new super IM systems of their own, which they say will be able to track, scrutinize and store all types of IM, whether internal, secure systems or those messages sent over less secure public IM systems such as AOL's AIM, Yahoo! Messenger and MSN Messenger.
And the IM offensive doesn't end there. Twenty-one financial firms, including Bank of America, ABN Amro and Credit Suisse First Boston, are teaming up as a group innocuously called the Financial Services Instant Messaging Association to promote the development of better and more secure IM technology throughout the industry (www.financialim.org).
Burn me once, shame on you...
Why the stepped up concern? Simply, companies burned in the past by careless use of email don't want to make the same mistakes with IM. And now the SEC, NASD and NYSE are telling firms to capture and archive all of their IM messages for three years - just like email. It was, after all, IM and email that tipped off government investigators to the fact that Wall Street energy traders were using cellphones and IMs to bypass employer surveillance of their desk phones and email.
The IM lockdown is playing out differently across the industry. Some banks, such as BNP Paribas, entirely ban the use of consumer IM accounts for most employees. Other companies, such as Thomas Weisel Partners LLC, a broker and investment banking firm in San Francisco, allow such accounts but use a type of monitoring software that can screen all forms of IM for key words and phrases-and influence employee policies, accordingly.
Beth Cannon, Thomas Weisel's chief technology officer, says, 'We in IT see some of the IM conversations and I think people just don't think about some of the things they say sometimes, that people can see it and read it. I think people can become complacent, still.'
That complacency is backed up by a recent survey from the American Management Association showing that 22 percent of people who use IM at work think IM content isn't as big an employee issue as email, and that IM tends to be more casual and conversational and candid than email. With the use of IM expected by research firm Gartner to outpace email by 2007, it falls on financial services firms to train their people to think of IM as a serious paper trail.
IM 2 SEC?
'It's just a matter of time before an IM leads to an SEC case,' says Nate Root, an IM analyst with Forrester Research, a technology and business research firm.. 'Most IM use in the workplace is still consumer IM and many companies think they've actually shut it off, but there is a lot of rogue IM out there, still.' At Merrill, for example, before tougher rules and security technologies were put into effect, executives discovered 13 different IM networks being used by employees.
How bad can it get? Just ask Vince Agosta, the CEO of New York-based Trading LLC, a small broker dealer that provides trading services to hedge funds. 'We use IM like crazy, and our IM monitoring software is spotting dozens of policy violations each day, everything from the use of four-letter words to the spreading of rumors to suggestions of insider trading."
So far, he says, these policy violations have been innocent, mostly. 'There's a cultural mindset that isn't used to monitoring,' he says. So far, he says, employees get warned and gradually, he says, he's seen a decrease in some behaviors. But Agosta expects enforcement may get harder as IM usage grows inside and outside the firm.
Advice to the new hire or mid-level manager: You and your IM are not alone, so act accordingly. 'No question that a violation could become a fireable offense at some companies,' says Forrester's Root. A CIO of a major investment firm based in New York says his company has already fired three people for IM policy violations. Agosta at Trading says: 'This idea that IM gives you privacy? Get over it. It's getting so that only privacy you get at work is when you walk out onto the street.'
Privacy at work? Increasingly FUBAR, no question.