E-Mail Analysis Snooping in Your In-Box

A researcher working at the Air Force Institute of Technology (AFIT) in Ohio has found a new use for an open-source algorithm, reports New Scientist in its December 1 issue. While the software was originally used to analyze the topics people talk about, researcher Gilbert Peterson and his colleagues have found a new use: snooping through company e-mail.

MORE ON CORPORATE E-MAIL AND SEARCH

The Enterprise Search Tools

Acceptable Use: What Privacy are You Entitled to at Work?

Online Privacy Policies Hard to Find, Understand

ABC: An Introduction to E-Mail Management

Author-Topic, developed by researchers at the University of California, Irvine, is essentially a data mining tool that chews on textual information. If it’s fed academic journal articles, New Scientist suggests, Author-Topic “examines the frequency with which words appear in each and uses that to infer which topic that document is about. It then identifies topics that each person writes on most.” In another context, working with application code such as an Eclipse plug-in, the technique can “mine developer contributions and competencies from a given code base while simultaneously extracting software function in the form of topics.”

According to the article, Petersen has used the Author-Topic system to mine e-mail data. By looking at what people write about and the manner in which they do so, Petersen says, the system flags them as possibly feeling alienated. “It also identifies those who are discussing sensitive topics externally and classes them as having ‘clandestine, sensitive interests.’ People who are flagged in both categories could pose a risk to a company,” say the authors.

And, the authors point out, the software can also spot whistle-blowers. “When it was fed the 250,000 e-mails sent between employees at bankrupted energy company Enron, it flagged employee Sherron Watkins as one of just three who were both alienated and had clandestine, sensitive interests. It was Watkins who blew the lid on the firm.”

While other software, such as the search engine IDOL, made by Autonomy in the UK, can also detect insider threats, the article reports that AFIT system will be open source and organizations will be able to use it for free. Adds the New Scientist article, “In most US states such software is legal, but Ian Brown of the Oxford Internet Institute says that in Europe employees can only be monitored if they are suspected of fraud.”

Before you tell your e-mail administrator to install such a system, however, be sure to read CIO.com’s collection of articles about employee privacy and e-mail policies. As you’ll learn in How to Monitor Workers’ Use of IT Without Becoming Big Brother, Arthur Riel, hired by Morgan Stanley in 2000 and put in charge of the $52 billion financial company’s e-mail archiving system, discovered the hard way that the ethics of doing so were not exactly business-as-usual. As the article says, “E-mail exchanges that contained sexual banter and involved Riel’s boss, CIO Moira Kilcoyne, added to Riel’s conviction that something was wrong at the top. Believing, he says, that he was doing his duty, Riel claims to have sent hard copies of the offending e-mails to Stephen Crawford, Morgan Stanley’s then-CFO, on Jan. 15, 2004, anonymously via interoffice mail.” And that’s when the trouble started.