To catch a thief (or a whistle-blower)

New Scientist wrote recently about software from the Air Force Institute of Technology (AFIT) that scans organizations' e-mails to detect potential thieves...and whistle-blowers. Applied to e-mail going outside the organization, it flags mentions of "sensitive" topics. Applied to internal e-mail, it flags a sin of omission: which employees aren't discussing social events with their colleagues and hence may be considered "alienated." If you're an alienated raiser of sensitive topics, it assumes that you're a risk. That's right: Not getting sloppy drunk with your co-workers can make a piece of software suspect you of perfidy.

So What?

If you think such a system can't really work (which is what I thought as I read the article), I must regretfully inform you that you are utterly, staggeringly wrong. The developers tried it on 250,000 e-mails from Enron and it flagged only three employees–one of whom was Sherron Watkins,the whistle-blower who helped bring the company's accounting practices to light. Whether the other two employees were among the Enron execs ultimately convicted–and how many of those went undetected by the system–the article doesn't say. Sure would be humorous if AFIT's system was pretty much exclusively a whistle-blower detector and tended to miss thieves. Bet it would still sell pretty briskly.

In most US states, by the way, this sort of monitoring software is perfectly legal. In Europe, it can only be used when an employee is under suspicion–which makes it effectively irrelevant since if you've got a single employee in your cross hairs, you can examine his mail manually a lot more effectively than AFIT's system can. I don't see a lot of (legal) European applications of the technology.

Of course, in this day and age, you'd have to be a particularly inept whistle-blower (or thief) to use your company e-mail account. No, the whistle-blower's friend is probably the humble thumb (USB) drive, discreetly filled up and snail mailed to a friendly journalist. However: I recently heard about security software that'll log USB port traffic and report it to a server, so even that's not necessarily a safe channel. Things are getting pretty well locked down, much to the delight of CIOs. I've even heard of organizations smearing superglue on their laptops' USB ports to make them unusable (this is true).

In the end, your only choice may be screen capture. This is awkward and makes for large-ish e-mails to the journalists, but it works. The following is in the nature of a Public Service Announcement for the less-technical whistle-blowers out there (data thieves, please ignore it): Under Windows, press and hold the Alt key, then press the PrtSc key, which will copy the topmost window's contents (perhaps an incriminating e-mail) to the paste buffer as an image. Create a new e-mail and paste the image into it. Repeat. Voila: What you're sending is just an innocent (for all anybody knows) series of pictures, which text scanners can't interpret. Let AFIT's software chew on that.