Microsoft Lync gathers data just like NSA vacuums up info in its domestic surveillance program
- 20 February, 2014 15:27
Las Vegas -- Microsoft's Lync communications platform gathers enough readily analyzable data to let corporations spy on their employees like the NSA can on U.S. citizens, and it's based on the same type of information - call details.
At Microsoft's Lync 2014 conference, software developer Event Zero detailed just how easy it would be, for instance, to figure out who is dating whom within the company and pinpoint people looking for another job.
Whether that's ethical or even legal is another question, says Event Zero CEO David Tucker, but it is possible.
Microsoft says these call detail records have been stored by traditional PBXs for legitimate reasons such as accounting for cross-charging, to help with trouble-shooting or even to track contact-center agent productivity, and that's why Lync does so as well. "From a reporting perspective, Lync does this no differently than any other enterprise communications system," says Barry Castle, senior product marketing manager Lync and Skype, in a written response to questions about the significance of this data possibly being misused.
Either way, it's pretty easy to do using Windows PowerShell, SQL Database information gathered by Lync for monitoring purposes and custom PowerShell queries to sort the information in ways that are useful. Tucker's colleague Shane Hoey demonstrated that the sorted data can readily be exported and be presented in HTML or whatever graphic representations that Excel supports.
The powerful monitoring uses of the same technology are useful and innocent enough, he says. Slicing the identical data can help businesses troubleshoot quality issues on VoIP calls, show trends in bandwidth use to head off network congestion and seek out spots where call quality is deteriorating so remedies can be found.
But using PowerShell queries can also be easily written that parse the same information to figure out personal details about employees. "You can become your own mini-NSA," Tucker says jokingly. "Just make sure it doesn't end up on Wikileaks."
A lot of the information available in call records gathered by Lync includes personally identifiable information about individuals and therefore opens up a can of worms, he says. There may be legal restrictions on use of that data depending on what the laws are in the country or state where the data resides, he says. And individual corporations and departments may have their own rules restricting their use, so IT pros tempted to mine the data should beware, he says.
Some of the analysis walks a fine line. While it might be ethically questionable to check out which employees spend a lot of time on the phone with each other, it might not be bad to check out how often they call competitors.
Lync itself comes with built in analytics, but this is not what Tucker is talking about. He describes custom analysis that is easy to craft and that uses a broader range of data from which to draw conclusions.
The NSA gathers up call detail records from U.S. carriers on all landline calls (and fewer wireless calls) that it stores in a massive database. The way the system works, once the NSA has reason to believe a person is tied to terrorism it can seek a court order letting it view and analyze that person's phone's data as well as data of phones called by that number.
Analysis of that select data could demonstrate a link between a suspected terrorist and a known one.
The same type of analysis could be legitimately valuable to businesses, Tucker says. A charity, for example, could check who within its organization has been contacted by a potential donor, giving some sense of how interested that person is in giving more.
Tim Greene covers Microsoft and unified communications for Network World and writes the Mostly Microsoft blog. Reach him at firstname.lastname@example.org and follow him on Twitter @Tim_Greene.
Read more about lans and routers in Network World's LANs & Routers section.
Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.
Thanks a million, Drupal
Optus goes over the top with VoIP service
Turnbull asks how the NBN got that way
U.S. retailers insist on PIN requirement in smartcard rules
Yelp speeds database access with flash storage