- A Kaspersky Lab spinoff fuels concerns about privacy
- ‘A hot ticket for any company seeking to protect’ secrets
Ever sought a bit of privacy by stepping away from your desk to make a personal call on your cell phone? Soon, that may not be enough to prevent the boss from listening in -- at least not in Russia.
A Moscow security firm has developed technology that lets companies eavesdrop on mobile calls made on their premises. InfoWatch says the product is legal in Russia and that it’s scouting for other markets where customers -- banks, government agencies, or anyone else trying prevent leaks of confidential information -- would be allowed to use it.
“These technologies have been used by secret services or the military in certain countries,” said Natalya Kaspersky, chief executive officer of InfoWatch. “Our breakthrough is in applying them for corporate security.”
The product expands an employer’s arsenal for fighting industrial espionage but is also likely to further fuel the global debate about data privacy. In some countries, InfoWatch and its clients risk getting sued by workers who balk at the idea of the boss monitoring their calls, said Petr Gorodetskiy, an analyst at researcher Gartner.
“This technology may become a hot ticket for any company seeking to protect its commercial secrets,” Gorodetskiy said. "But it can’t be rolled out in markets where it may trigger court claims."
InfoWatch says the technology doesn’t compromise privacy because initial screening is done by computers that analyze calls and scan them for keywords. Security personnel will only get involved if there is cause for concern, the company says.
InfoWatch already sells technology for monitoring other communication channels -- landline phones, e-mails, messaging apps -- to customers including wireless carrier VimpelCom Ltd., Austria’s Raiffeisen Bank International AG, and oil giant Gazprom. The company had revenue of 1.1 billion rubles last year ($17 million), most of it from its Traffic Monitor service, which costs $3,000 for up to 100 computers for a basic version.
That product lets companies vet information that’s transmitted via corporate e-mail, file-sharing applications, instant-messages, and Skype, and it can track what gets stored on removable media like USB sticks. The company says it can even intercept encrypted messages from services such as Whatsapp and Telegram, but declined to give details.
"Our only loophole has been voice traffic on mobile phones -- we didn’t monitor that,” said Kaspersky, who co-founded Russian anti-virus firm Kaspersky Lab in 1997 but left the company in 2007 after splitting up with husband Eugene Kaspersky. As part of the split, she got control of InfoWatch -- originally a unit of Kaspersky Lab.
The mobile monitoring technology works in conjunction with a device called a femtocell, which amplifies wireless calls inside buildings and hands them off to the broader network outside. As the signals pass through the device, voice traffic is intercepted. Using technology originally developed for the former Soviet KGB, the device can convert calls in 35 languages into text and analyze them for words such as, say, “brokerage account” or “share offering” -- though there’s no reason they couldn’t also search for “football,” “sex,” or anything else.
If suspicious phrases are found, the text fragment would be sent to the client’s security department. After a confidential data leak is confirmed, a court order may be needed to identify the person suspected of the violation, InfoWatch says.
Stefano Zanero, a professor at the Polytechnic University of Milan who specializes in
cybersecurity, cautions that the technology would be illegal in many countries, and that he questions the reliability of the machine translation that lies at the heart of the service.
“The part that puzzles me is how successful speech recognition, transcription and automated analysis of texts can be. I don’t think this can be very accurate,” Zanero said. “I would be surprised if any major company decided to buy into this.”
InfoWatch says it has pre-orders from Indonesia, and that companies in Russia, other former Soviet countries and the Middle East have expressed interest. Requests from clients for mobile-call monitoring have been a driver behind the product’s development, Kaspersky said. Two of its customers are already testing the prototype, and the final product is set to be rolled out by year-end. InfoWatch hasn’t yet set the price for the service.
In the business of data-leak prevention -- a market that’s set to exceed $1 billion by 2020, according to Gartner -- InfoWatch faces formidable rivals such as Symantec Corp. and Raytheon Co., which offer monitoring and protection solutions for corporate data networks. Kaspersky is betting it will have an advantage with the first product for mobile monitoring.
Kaspersky acknowledges that Western Europe may be a challenge because of legal obstacles and privacy concerns. But in Russia and many other countries, workers often sign agreements allowing employers to monitor their activities at work, she said. Russia’s central bank in May started recommending that banks monitor employees’ personal mobile-phone calls at work along with e-mails, instant messages and removable media.
“Ignoring this channel of potential data leaks -- after we’ve got all other channels under control -- would be unprofessional,” Kaspersky said. “And we are professionals.”