Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Finance
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Canadian lawsuit raises messaging privacy issue

Messages sent on corporate BlackBerry devices are at issue
Jaikumar Vijayan   Today’s Top Stories    or  Other Security Stories  
 

Sign up to receive Security Resource Alerts

January 14, 2005 (Computerworld) -- Private messages exchanged using corporate BlackBerry wireless devices may not be quite so private after all.
In a lawsuit filed in Toronto this week, the Canadian Imperial Bank of Commerce (CIBC) submitted scores of BlackBerry e-mails and messages as evidence that several former executives took confidential information from the company and tried to recruit others while they were still employees at the bank.
The lawsuit was filed against Genuity Capital Markets, a Toronto-based investment management firm started by six former employees of CIBC.
The messages submitted as evidence include so-called PIN messages sent between users with the BlackBerry's personal identification numbers instead of e-mail addresses.
This form of BlackBerry communication is generally considered more private than using e-mail addresses because PIN messages are sent directly from one BlackBerry device to another. Standard BlackBerry e-mails, on the other hand, are routed via a BlackBerry Enterprise Server and can be logged and archived like any other e-mail messages.
BlackBerry devices are manufactured by Waterloo, Ontario-based Research In Motion Ltd., which claims more than 2 million subscribers at thousands of companies worldwide.
"PIN messaging is common in financial circles and workgroups," said an executive at a Toronto-based technology vendor who asked not to be identified. "It's kind of like an SMS or instant message" that can't be monitored or logged by the Blackberry Enterprise Server itself, the executive said. As a result, many use the feature to exchange private and sensitive information with one another.
The fact that CIBC logged such messages is bound to come as a surprise to many users, said Thomas Smith, a director of the International BlackBerry User Group in Mountain View, Calif.
"I wasn't aware that PIN messages could be logged, but I'm not completely shocked either," said Smith, who administers more than 500 BlackBerry devices at the Houston-based company he works for. He asked that the company not be named.
Users of such devices "without question" believe that PIN messages can't be logged, Smith said.
That's a mistake, said Rob Moffat, president of Wallace Wireless, a vendor of software for BlackBerry devices in Amherst, N.Y. "There is some misunderstanding about the ability to archive such messages," he said. "The perception is that people can send PIN messages and there's no traceability."
The reality is that such messages can indeed be logged, said Moffat, whose company sells software that, among other things, allows companies to log BlackBerry PIN communications. The function has been available as a rarely used part of a broader business continuity software suite for some time now. But it's increasingly being used by financial services companies and government organizations to log BlackBerry communications, he said.
"There's specific Nasdaq, NASD and Sarbanes-Oxley stuff that these companies need to comply with," Moffat said.
The news should come as no surprise to security professionals, said Pete Lindstrom, an analyst at Malvern, Pa.-based Spire Security LLC. "Most people think of peer-to-peer communications as being a person-to-person thing. But somewhere in between there's almost always a server intercepting this stuff and logging it."




Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story
"You see, this is why we love our Macs. I had a good chuckle when I read..." Read more...
"Dear me. Just because I recently talked about Windows XP SP3's virtues and vices, some people seem to think I've..." Read more...
Read more Security posts or See all Blogs
The long haul: One company's migration to Vista
Taste the Sharkbait Widget
8 Tips for Landing a Job in '08
More top stories...
Know Which Risks Matter
Use Web analytics to turn online visitors into paying customers
A role on an IT help desk is what you make of it, tech pros say — just don't get too comfy.
Web-based e-mail may be exposing you to privacy and security dangers you didn't sign up for.
Ever been tempted to replace the mechanical hard drive in your laptop with a shiny new solid-state disk? Our expert did so, and here's what he found.
PARC showed erasable paper and other technologies that adds intelligence to documents with raw text.
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
Four years from now, the IT field will be a vastly different place. Will you be ready?
All Zones
Application Performance Zone
Enterprise-Class Security Zone
Enterprise Solutions Zone
The File Data Management Zone
Grid Computing on Windows Zone
Security Management Zone
ITIL Best Practices Zone
The SAS Zone
Storage Virtualization Zone
The Data Center Management Zone

Ads by TechWords

See your link here
Long Tail Supplier Collaboration - What's In It For You?
Long Tail Supplier Collaboration - What's In It For You?
Download this webcast, free, compliments of Sterling Commerce
Go to the webcast 
Computerworld Executive Bulletin: Building a Robust Antivirus Defense
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs.
(Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more.
Download this executive briefing download
Eliminate SPAM, Gain Productivity
Get this white paper now!
(Source: MessageLabs) Learn all about the dangers and the costs of spam in all its forms - from stock-touting to spreadsheet. Also, understand the drawbacks of traditional hardware- and software-based defenses - and the unique benefits of MessageLabs multi-layered, managed Anti-Spam solution; as illustrated by a real-world case study where MessageLabs stopped spam cold.
Download this white paper go
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
New Fujitsu High-End Itanium Windows- and Linux-Based PRIMEQUEST Servers Offer the Utmost in High Availability
New Fujitsu High-End Itanium-Based PRIMEQUEST Servers Offer Industry-Leading System Management for Linux and Windows
Symantec State of the Data Center Report 2007
View more whitepapers 
Layered Security Solutions
Although basic network security issues have changed very little over the past decade, the network security landscape has changed dramatically. Today's IT professionals still have the primary responsibility of protecting the confidentiality of corporate information, preventing unauthorized access, and defending the network against attacks. Security experts and analysts agree that a security solution comprised of multiple layers is the best defense against today's increasingly sophisticated attacks.

Download this white paper 
Universal Threat Management - Because Conventional UTM is Not Enough!
This white paper, written by Mark Bouchard of Missing Link Security Services, examines the challenges confronting today's enterprises with respect to managing threats on a network. It also discusses the need for "Universal Threat Management", which is a security solution approach for all physical locations within an enterprise that require threat protection.

Download this white paper 
Selecting the Right Threat Management Solution
This short demo will guide you through key considerations for selecting a solution to manage threats on a network. Learn about the popularity of Unified Threat Management (UTM), and how it fits into an overall security solution. Explore critical elements of a network-wide solution for multisite and large network-size deployments and identify the four key features of a threat management solution.

View this demo