Software would heighten ability to monitor employees

[InfoSec News <isn () C4I ORG>]

http://www.techserver.com/noframes/story/0,2294,500216198-500306527-501702299-0,00.html

By JUSTIN POPE, Associated Press

BOSTON (June 14, 2000 6:49 p.m. EDT http://www.nandotimes.com) -
Beware, corporate snitches loose with company secrets - your boss may
have a new tool to track what you do with your computer.

Lexington-based defense contractor Raytheon Co. claims its
"SilentRunner" software is the vanguard of network monitoring.

Rather than rely solely on searches for suspicious keywords, the
program uses algorithms to analyze communications patterns. Then it
turns its analysis into 3-D pictures. By looking at the pictures,
monitors can follow traffic patterns and detect "back doors" or other
anomalies that may mean sensitive data is at risk.

And it's all undetectable by those being monitored.

Raytheon says the $65,000 program is a better way of protecting
companies from malicious or careless employees who threaten corporate
secrets. Also, the company argues, it's less intrusive because
monitors can identify potential problems without having to comb
through individual files or e-mails to look for suspicious keywords.

Clients already include government agencies and private companies,
Raytheon said, though it won't say which ones. On Wednesday, the
company's Linthicum, Md.-based Information Assurance Products division
unveiled the software in Arlington, Va., hoping to expand the market
for the software to a broader range of clients - basically, anyone
with a valuable secret to keep.

It's an issue that hits close to home for Raytheon, which last year
sued 21 people - mostly employees - last year for allegedly divulging
trade secrets in Internet chat rooms. Division vice president Jeff
Waxman says the project was well under way long before Raytheon's own
bad experience.

But Raytheon isn't the only company that's suffered. The company cited
a study arguing the Fortune 1000 companies lost $45 billion worth of
proprietary information last year, with most of the security breaches
coming not from hackers but from inside the companies.

Still, while conceding improved technology could allow employees to be
monitored in a less threatening way, some remain concerned about the
overall effect of anything that makes Big Brother more efficient,
especially when there is little legal framework concerning workplace
computer privacy.

"It opens up a host of issues," said David Sobel, general counsel of
the Electronic Privacy Information Center in Washington, D.C. "What is
the employer going to do with this information? What due process
rights would an employee have if a termination was based on info
gathered through a system? It's very problematic."

Raytheon says there's an important distinction between intruding into
workers' private lives and protecting private company information.

"SilentRunner is very possibly the least invasive technology of this
type," said Waxman. "It was designed with protection of data in mind,
not for overseeing employees' habits."

Indiana University law professor Sarah Jane Hughes said she is usually
wary of threats to privacy, but she said Raytheon's technology sounds
like a promising way to balance individual privacy and company needs.

Hughes also said a fierce but misplaced idealism about the Internet
often leads people to believe they should be allowed to do things in
cyberspace - like divulging company secrets - that wouldn't be
tolerated elsewhere.

"I certainly am as interested as the next person in my personal
privacy on the Internet, but I don't think the availability of the
Internet gives us license to commit certain kinds of torts or property
thefts that we would not be allowed to commit in the atomic world."

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".