Stanford CIS

“Everything. I record everything.”

By Zohar Efroni on

This quote belongs to Robin Bienfait, RIM’s Chief Information Office (CIO). RIM makes the BlackBerries, and the title line of this post recites Ms. Bienfait’s answer to the question what information is being recorded on RIM’s internal network (e.g., telephone conversations and email exchange over employees’ devices).

So they record everything. As an employer that provides the devices for working purposes perhaps this practice is lawful (I am not saying it is. I said “perhaps”). Anyhow, what caught my eye was the reasoning for this surveillance scheme. Apparently referring to workers whose communications are being intercepted and logged, Bienfait says that "[t]hey're doing business inside of RIM. Everything they can say or do can be patented... We're not violating anybody's privacy. They're aware that their information is transparent and in visibility."

Huh? Everything they say can be “patented”? Maybe she meant subject to trade secrets protection: "Their running anything on the RIM network or in our space is something that we have to capture because of disclosure" adds the CIO somewhat ambiguously in that press interview.

I’ve always believed too that the interface between privacy and IP enforcement in networked environments raises many interesting issues. Admittedly, the separation between IP aspect of a given scenario and its privacy implications (and vise versa) is not always sterile. The tension usually emerges in the context of copyright, however, not patents. Patent information is open to the public anyway.

Does RIM’s desire to safeguard its network from information leaks that might have impact on its present and future IP portfolio justify this type of policing in the workplace? Perhaps some recording is acceptable, provided that one can see the linkage between IP violations and the record-keeping practice. In this case it seems to me that the IP rhetoric is largely a red herring. Workers know they’re being taped so if they want to hide something from their employer they won’t use that network. The company simply wants to record whatever that runs through its internal network, period. Who decides what to be done with all that information and according to which criteria it is to be handled? This is what you have CIOs for, right?