Brokerage Instant Messages Must Be Saved 265
DrEnter writes "According to an AP story on Yahoo!, the National Association of Securities Dealers (NASD) has told its members that they must keep a copy of all instant messages sent or received by employees for at least three years. This is similar to their requirements on keeping e-mail, although technically not nearly as easy. The NASD is a self-regulatory organization, and U.S. federal law requires almost all of the 5,300 U.S.-based securities firms and brokerages to be a member of it. There's a news release from the NASD concerning the requirement - it looks like the daunting technical issues have already resulted in some firms banning the use of IM completely."
daunting technical issues? (Score:4, Insightful)
What's the value? (Score:5, Insightful)
"Daunting technical issues"?? (Score:3, Insightful)
Foolish... (Score:2, Insightful)
This is understandable (Score:4, Insightful)
Re:daunting technical issues? (Score:5, Insightful)
The difficulty is logging the traffic on a server level. The reasons are many. I think this article [securityfocus.com] describes them fairly well.
Basically, IM traffic tries to hide itself, generally as HTTP traffic. Yahoo for example prepends a HTTP header to all packets, thereby being disguised as a HTTP GET request. AOL/ICQ/MSN has the ability to use HTTP Proxy servers, and AOL provides www.proxy.aol.com for free (port 80, no pass). MSN will auto-configure itself to use a proxy server if direct access is blocked.
Here's the result of logging IM traffic on a client level. [com.com]
Re:daunting technical issues? (Score:5, Insightful)
In other words - yes, it can be done. No, it's not trivial.
Makes sense to me (Score:5, Insightful)
Re:What's the value? (Score:3, Insightful)
This is insider trading, trading with information from the inside.
The proxy'ing is simply a restrictive measure. It makes it easier to detect. Yes, you can't monitor all communications, but it makes it harder to do live communications, especially since the sound of typing doesn't say WHAT you are typing.
After hours stuff you can't prevent, but then again, after hours information is stale and is less usefull... though could be useful none-the-less.
Re:daunting technical issues? (Score:2, Insightful)
Re:daunting technical issues? (Score:5, Insightful)
Client side logging is not sufficient. An employee can turn that off or delete the logs. The logging would have to be done server side. That would require a corporate IM solution which would log. I work for a company effected by this law. They don't allow any external or web based e-mail access for the same reason, they can't log it unless you go through their server.
Re:What's the value? (Score:1, Insightful)
Err, exactly how off-the-record did they want? Do you know anyone who works at a telephone company?
Re:What's the value? (Score:4, Insightful)
Insider trading and information dissemination is strictly regulated to prevent classic insider stock manipulation gambits. To get some idea of how that worked you can read "Reminiscence of a Stock Operator " first publised in 1924.
Sam Waksel who was found guilty of violation of several securities laws and could have been hung up on obstruction of justice to boot is now spending 7 years in prison. He could have gotton 40.
The laws have become stricter more recently. Just before the bubble burst Congress enacted more legislation that prevented companies from providing non-public information to traders, analysists and the like. They mean it. Siebel executives during a dinner recently that off the cuff mentioned some data to an analysist are now having to explain themselves to the SEC. SEC is in a bad mood these days.
The point that is lost outside the industry is that the witch hunt is on. This happens after every debacle. It is not a technical issue. The IM infrastructure *must* meet SEC and NASD ( 1938 ACT ) rules and regulations otherwise the companies face prosecution and the individuals lose Series 7.
I am actually astonished NASD waited this long. Brokerage firms are all ready rushing to comply in 2003 because it has been assumed this would happen.
FYI
Most firms have done this for a long time. (Score:4, Insightful)
Re:record everything (Score:1, Insightful)
This is for all employees, not just brokers or in communications with clients.
So, in spite of what the press release says, paranoid companies are following these rules for all employees.
Re:Where I work... (Score:3, Insightful)
Timeline:
0700 - Get coffee, gossip with coworkers.
0800 - Install PuTTY on company computer.
0815 - ssh to home.
0817 - Get escorted out of the building by two rather large and unfriendly gentlemen.
0900 - Apply for unemployment insurance.
Re:daunting technical issues? (Score:1, Insightful)
Why not configure the IM software to log to a shared network location?
You'd need some sort of complicated transparent proxy to log normal IMs, and that wouldn't work with encrypted conversations.
No necessarily. With a standardized, locked-down machine configuration you could configure everything on the machine to use whatever proxy options you want. Nothing much would help log encrypted conversations, but, again, if you have control of the PC you can prevent them from using encryption.
Tunneling (Score:3, Insightful)
Currently, I have an SSH tunnel to my home, over which I encrypt all traffic, web, email, and instant messaging.
Pefereably, I would like to have an encrypted connection everywhere (thank you GAIM plugins), but this will have to do.
It is useless to log the SSH packets...so the only solution I see is to install a PacketShaper, and maybe filter out all SSH...but surely somebody must be using SSH legitimately...
Bottom line: logging communications is very difficult....
Firewall (Score:2, Insightful)