LIBOR's hidden lesson: instant messages are deadly

Think all those Google Chat discussions via IM are less traceable than e-mail? Think again.

As investigators wrap their case against more than a dozen traders involved in the recent LIBOR scandal—which involves executives at Barclays and a growing list of international banks attempting to manipulate the benchmark figure for trillions of pounds’ worth of financial contracts—they’re revealing a curious fact about how some of the details were leaked in the first place.


It was no surprise that a slew of compromising e-mails were amid the evidence. But it seems the traders were fond of another mode of communication: instant messaging, or IM. Whether in the guise of MSN messenger, Gmail chat, Facebook chat or the age-old ICQ, these applications are almost always a separate entity from corporate e-mail accounts and, many employees might assume, less likely to be policed.

Less likely, perhaps, but not less able. Your office IT manager will happily tell you that anything that gets typed on a screen is completely traceable, regardless of whether it’s encrypted, sent directly from BlackBerry PIN to BlackBerry PIN, or even deleted afterward. And most companies, particularly those in the financial sector, have policies in place that allow management to sneak a peak at what their employees are typing, whether there’s a reason to be suspicious or not.

“Instant messaging is definitely not any safer to use than e-mail,” says D’Arcy Davis, director of forensics and e-discovery for Toronto security firm Digital Wyzdom. “Everything is cached somewhere. It’s a matter of how long that evidence stays on the computer before it gets overwritten or purged.” Break that down further: every single e-mail or IM goes to a server, and that server gets backed up every night. In essence, says Davis, “you could end up having 40 copies of one message archived in all those different places.”

When it comes to what exactly employees tend to use instant messaging for, Davis has seen it all. There’s the slightly inappropriate flirting between colleagues all the way up to illegal sharing of intellectual property. So the evidence from the Barclays/LIBOR case doesn’t surprise him. “As long as there have been computers around, people have been doing bad things with them,” he says. “At this point, I’m surprised when I find a computer that doesn’t have pornography on it.”

We may not want to admit it, but the vast majority of us have probably spent some time doing something we’re not supposed to be doing on a work computer or device. But not all of that activity deserves to be punished. Is there an argument to be made that employees need a safe place to share information that they don’t want going public?

“It’s human nature to gossip,” says Carla Nassar, a labour lawyer with Filion Wakely Thorup Angeletti, “and I think that people are happier and more productive in workplaces where they don’t feel like everything they say is being policed. But there are obvious limits to this—confidential information has to stay confidential, and people can’t be making comments that are going to create a poisoned work environment or directly denigrate their employer.”

And so while technology has provided tools designed to police staff, it can also provide tools designed to protect them. Google, most recently, has introduced a feature in its Gmail chat client called “off the record,” which allows two people to IM one another without any of the message history being saved. But pay attention to the fine print, which states that “if you’re talking to someone who is connected to the network with a desktop chat client, it’s possible that his or her software is keeping a separate copy of the chat history.” Those who work in the banking sector, for instance, should probably just assume that an “off the record” button is of little use to them.

“Financial services are particularly regulated when it comes to all these behaviours,” says Kirstin Grant, a Toronto-based HR consultant, “because their actions have a really high impact if things start to go wrong. The scale is just exponentially higher.”

She personally keeps all of her work and private e-mail accounts separate, and recommends that anyone employed in a business that deals with other people’s money or intellectual property do the same.

Nassar agrees. “There’s a level of arrogance that can start to creep in,” she says. “That’s the essence of the whole Barclays thing, isn’t it? Like ‘I’m too clever to make a mistake, too clever to get caught.’ These people tend to lose sight of the fact that everything we do on the Internet is essentially public.”

All of this points to one very low-tech solution for the person bent on spreading office rumours or conspiring with co-workers. It’s called the water cooler. Barring that, suggests Davis, “you could just walk over to your colleague’s desk or pick up a telephone.”

(Source image: HTC)