November 28, 2007

New Scientist

Up to no good at work? Software can analyze your e-mails

By Claire Bowles

Beware, very soon big brother will be able to follow you to work. Software is being designed to allow companies to flag up employees who are potential saboteurs, industrial spies or data thieves. It might also flag up whistle-blowers.

US companies surveyed earlier this year said at least one-third of damage to business due to cybercrime was committed by insiders.

“Many of the biggest financial losses tend to be due to trusted insiders, individuals who steal or who disable computer systems,” says Gilbert Peterson at the Air Force Institute of Technology (AFIT) in Ohio.

Writing in a forthcoming edition of Digital Investigation, Peterson and colleagues say their software is based on an open-source algorithm called Author-Topic.

Developed by researchers at the University of California, Irvine, it gauges which topics authors commonly write about.

Fed a series of documents, such as academic journal articles, Author-Topic examines the frequency with which words appear in each and uses that to infer which topic that document is about.

It then identifies topics that each person writes on most.

Peterson’s team uses the software to analyse emails, rather than articles, and extra software records whether people are sending emails internally or externally.

Their system identifies people who are not discussing certain, expected topics - say social activities - with their colleagues, and flags them as possibly feeling alienated.

It also identifies those who are discussing sensitive topics externally and classes them as having “clandestine, sensitive interests”. People who are flagged in both categories could pose a risk to a company, say the authors.

In addition to potential saboteurs, the software can also spot whistle-blowers. When it was fed the 250,000 emails sent between employees at bankrupted energy company Enron, it flagged employee Sherron Watkins as one of just three who were both alienated and had clandestine, sensitive interests. It was Watkins who blew the lid on the firm.

The search engine IDOL, made by Autonomy in the UK, can also detect insider threats, according to managing director Mike Lynch.

But the AFIT system will be open-source, so organisations will be able to use it for free.

In most US states such software is legal, but Ian Brown of the Oxford Internet Institute says that in Europe employees can only be monitored if they are suspected of fraud.
Up to no good at work? Software can analyze your e-mails