VoIP conversations should be recorded

According to Martin Courtney’s article “Wanted: for crimes against IT”, “The annual policy premium could soon get higher as regulators find new kinds of data to include. Transcripts of voice over IP (VoIP) conversations may be next on the list alongside email and instant messaging chats”.

It’s fair to say that rules to make corporate executives more accountable were long overdue, if only to ensure that shareholders’ cash and employee pension schemes are less likely to fall into a big, black, financial hole. But though security experts always point out that it makes sense to calculate the extent of any potential risk before spending time and money implementing systems to protect against it, the legislators and industry bodies responsible for corporate governance rules and guidelines don’t appear to have been listening.

Recording, indexing and archiving employees’ VoIP calls so they can be retrieved at a moment’s notice when a nosy auditor comes your way would be difficult enough in itself. But what is more worrying is where the precedent of keeping such information could lead.

Because once you take the view that every internal conversation between employees for which there is no written record needs to be noted and stored, where does the line between what should and should not be included begin and end? Does a furtive tête-à-tête in the toilets, a sotto voce exchange in the lift, or a talking heads session by the coffee machine, qualify, for instance? What about the conversations between employees when they are not on company premises and perhaps not even on company time?

More crucially, how do IT managers actually collect this information in the first place without extending their remit to covert surveillance (and would they suffer consequences for any failure to carry out their duties)? “The future looks less corporate security, and more Ceausescu Securitate, it seems”.

This blog is run by the authors of FindProtected.
FindProtected is a security program that allows you to search for password protected files. With FindProtected, you can effectively identify protected files containing sensitive data on your network.

Comments are closed.