Instant Messaging Privacy on the Front Burner
With stored instant messages at the center of Washington's two hottest scandals, many Internet users are rightly asking questions about the privacy of the medium, which is designed to encourage candid, unguarded interactions. In the case of disgraced former Congressman Mark Foley, a string of stored instant messages were the smoking gun that revealed his improper dealings with congressional pages. In the Hewlett Packard "pretexting" case, the company is alleged to have logged the outgoing messages of its employees under the auspices of tracking down press leaks. Both incidents have heightened the focus on instant messaging. Although we have no polling data to support this assumption, it's probably fair to say that, because of the conversational nature of IM, the majority of ordinary users don't spend much time pondering what happens to their past messages when they close their chat windows. What many people don't know is that either party in a chat can easily log entire IM conversations without informing the other party in the chat. Some instant-messaging software even logs conversations automatically. When composing an email message, most people think twice (or at least once) before clicking the send button. We know that those messages are likely to be stored, and that a poor choice of words or a sensitive tidbit of information may come back to hurt us. Now people around the country are asking themselves whether they should be taking the same sort of precautions with their instant messaging. This new scrutiny is probably a good thing. Users should research the logging capacities and procedures of the instant messaging software they use. Companies that provide instant messaging clients should provide clear disclosures about their software's default behavior, including information about what is collected and how long it is stored. IM client developers should also seriously consider following the lead of some of their competitors by making automatic storage a user choice rather than the default and adding "off the record" buttons to stop automatic storage in some cases. Our February 2006 paper Digital Search & Seizure provides some good background on the privacy issues that can arise from stored Internet communications. If one small good can come out of two troubling ethical breaches, a renewed focus on the privacy of Internet communications is not a bad place to start.