The Immutable kBlog: thoughts on data integrity

Last week Finnish parliament approved a controversial law that allowed employers to track on their employee’s emails. This law, named “Lex Nokia” (Latin for “Nokia’s law”) was strongly supported by Finnish employer’s organizations; the name relates to Nokia due to a report by a respected Finnish newspaper reported some weeks ago that Nokia was threatening to leave the country if the law was not approved. The news, obviously was echoed around the Internet. Nokia has denied these accusations.

The laws does not actually allow employers to check on their worker’s emails and read their communications. It gives them the right to track them, though, by retaining associated information to those emails such as recipients, senders and the time when those emails have been read or sent. Employers can also check if emails have attachments, and data related to them. This law, of course, has created a big amount of discussion among civil rights groups, employers organizations and the Finnish society.

What we think is interesting is the way this is evolving. It seems that it is becoming an undeniable fact that business are in the need of defending themselves from corporate espionage. But there’s also the fact that allowing employees to check on some information about their worker’s email may open the door for abuses. The direct relation between being allowed to do it and the certainty of abusing this law is a matter of debate. The important issue here is that it will certainly put doubts in each worker’s mind: is my boss checking my emails?. So the key element here is the ability to prove, unquestionably, that emails have or have been not checked. And this is where the Kinamik Secure Audit Vault can be the final solution.

Of course, these accesses to the worker’s emails must be audited. But auditing does not provide a sufficient solution, since these audit data can be easily changed, specially when users have high privileges or power. By collecting, centralizing and securing this audit information with the Kinamik Secure Audit Vault, employers will not only gain in efficiency and lower auditing and compliance costs, but they would also be able to provide something harder to quantify but not less important: their employee’s trust. Being able to prove, without any doubt, that the audit recors that show who has done what have not been changed will certainly provide ease of mind to every single person in an organization. Knowing that there’s an always-on, tamper-evident watching system like this should definitely be the standard best practice whenever any organization wants to exercise their right of checking their workers’ emails.

One last note: I have been asked many times in the past why any worker organization would accept to implement a system like this into any organization, since they feel that they will be constantly watched. Well, the reasons mentioned above are exactly why: this kind of systems are not accussatory systems; they are protective systems, that allow the guilty to be proven guilty, and the innocent to be confident that his or her innocence will be unquestionably shown.