It's probably a good guess that a lot of what's said on instant messaging software is pretty trivial, neither vital to national security nor tightly held business secrets -- mostly office gossip, diet tips, celebrity news, and emotion-addled sweet nothings whispered to your sweetie.
But IM is "maturing," according to Chris Matteo, the president of IMpasse Systems, and many people are now using commercial IM software to do serious business. This trend worries some companies, as nothing said over IM is very private. Not only do instant messages travel freely over the Internet, like e-mail, but they're also explicitly routed through the servers of the company that provides the service -- and who knows what can happen there?
This situation prompted Matteo to create an application that encrypts conversations between chatters, making the chat unintelligible to those who might be listening in. The software, called IMPasse, sits on a machine alongside AOL Instant Messenger, MSN Messenger and Yahoo Messenger -- the three biggest chatting apps. With IMPasse, any conversation or portion of a conversation can be quickly scrambled. Both parties to a chat need the software; IMPasse charges $20 for two licenses.
Matteo said that the software works rather transparently, without causing any noticeable slowdown in the chat. Messages are encrypted and decrypted using strong encryption at each computer, and not even IMPasse keeps a copy of the password used to encrypt the messages.
Michael Sampson, an analyst who follows the IM world for Ferris Research, said that add-on software like IMPasse's is a "fairly new development" in messaging. He said that another company, Akonix, released a similar security app earlier this month.
"Traditionally, one of the biggest problems with IM in the enterprise," Sampson said, "is this question of security. Since these discussions happen in 'real time,' it's more likely that people will be less formal, so what goes over the wire will be close to what they're really thinking."
That close approximation of actual thought is, of course, what attracts people to IM. Chatting online is an "immersive" experience that allows for clarification and nuance. This can be well and good when you're talking about plans for the weekend, but these days the mind turns to less innocent conversations: What about plans to plant a dirty bomb?
Though law enforcement has suggested it's possible and, indeed, inevitable, nobody has shown any proof that terrorists are fans of IM. Still, encryption has always been a touchy subject for the authorities, and Matteo said he understands that the combination of messaging plus encryption might raise some eyebrows.
"As you know, we are at a very sensitive point in time in regards to encryption technology," Matteo wrote in an e-mail. "IMpasse Systems is located not too far north of Ground Zero, and we are very affected by this tragedy (my father is a retired NYC fireman, who lost friends and put the uniform back on in the wake of the event), though we maintain our objectivity when it comes to cryptography.
"At the risk of sounding political, one cannot lose sight of or freely hand over the civil liberties that hundreds of thousands of Americans have lost their lives to protect, including freedom of speech."
Since Sept. 11, the government has been ratcheting up efforts to monitor Internet communications. However, Matteo said that IMpasse has not yet been approached by any law enforcement officials regarding a secure chat.
If he is approached, he said, there's nothing his company can do to decrypt messages; he doesn't have the key. The most that can be done is to shut down a user's account through AIM, MSN or Yahoo.
It's unclear how AOL, Microsoft and Yahoo will react to third-party security applications like IMPasse. AOL has a history of making changes to its protocol to lock out programs that try to interact with its system, and Matteo said that AOL could lock out IMPasse.
Last month, AOL said that it is working on an "enterprise" version of AIM that will feature encryption.
AOL, Microsoft, and Yahoo did not return calls for comment.
