A Russian cybersecurity firm headed by Eugene Kaspersky’s ex-wife is touting a frightening new solution that would give your employer the ability to eavesdrop on all mobile phone calls that are made on the premises of the workplace.
InfoWatch, a firm specialising in data loss protection (DLP) solutions, is touting a new system that uses a femtocell – a small low-power mobile base station usually used to amplify phone reception in buildings where mobile signal is weak – to intercept all mobile voice traffic and then convert the calls into text transcripts in 35 languages.
The system then uses computer algorithms to analyse the data for suspicious keywords that might reflect an employee’s intention to steal and leak sensitive information. If the system detects suspicious phrases, it flags the conversation to the company’s security department to investigate.
InfoWatch was spun off from Kaspersky Labs in 2007 following co-founder and CEO Natalya Kaspersky’s divorce from her husband and the resulting business separation deal. Developing technologies to secure corporations against internet and external threats was originally an idea of Natalya’s back in 2003, and although InfoWatch was initially not profitable when it was first spun off, in 2015 the firm’s revenues hit 1.1bn rubles ($172m, £129m).
InfoWatch already has a successful solution called Traffic Monitor that is just as Orwellian as the new voice traffic monitoring technology – the solution monitors all communications from landlines, email clients, instant messaging applications, file-sharing applications, Skype and even encrypted mobile messaging apps like WhatsApp and Telegram.
The system is designed to enable HR departments to flag up employees who are on probation or that they just suspect of being suspicious, and it can also track and detect data employees are putting onto removable USB memory sticks and portable hard drives, even if they do so abroad on a business trip.
Spies use it, so why shouldn’t business?
“These technologies have been used by secret services or the military in certain countries. Our breakthrough is in applying them for corporate security,” Natalya Kaspersky told Bloomberg. “Our only loophole has been voice traffic on mobile phones – we didn’t monitor that.”
InfoWatch currently has almost 50% share of the confidential data protection market in Russia, where mobile call monitoring is apparently legal, and Natalya Kaspersky insists that the solution won’t compromise employees’ privacy since the computers are the ones that initially scan conversations for keywords, not humans.
However, essentially the company, bank or government agency in question could simply ask the software to search for anything else they don’t want employees talking about on the mobile phones, which would currently still be illegal in many countries, thankfully.
“We used to talk simply about DLP but we need much more than that now. We need to see what employees are actually doing. It’s less about leakage prevention and more about internal protection,” Natalya Kaspersky told SC Magazine in 2010, showing that the new solution has been in the works for a long time.
“We have a forensics stage in our solution where all information [and data] leaving the building is recorded. We can see what percentage of messages are not work-related, was anyone excessively sending out messages and are they appropriate to the job?”
InfoWatch says that it has already had pre-orders from companies in Indonesia, and is in talks with firms in the Middle East, Russia and other former Soviet nations. It is not known what the solution will be called or how much it will cost, but it is set to be launched by the end of the year.
The mobile monitoring solution would mean that employees would essentially be treated the same as inmates in US prisons, where all phone calls made by prisoners to outsiders (including privileged conversations between inmates and their lawyers) are recorded, and some prisons are even using machine learning to analyse calls to find suspicious patterns.