http://www.freep.com/apps/pbcs.dll/article?AID=/20080124/BLOG01/80124038/1002/BUSINESS By Mike Wendland Free Press Technology Columnist January 24, 2008 The scandal over the thousands of text messages between Detroit Mayor Kwame Kilpatrick and chief of staff Christine Beatty has a lot of people wondering just how private their own messages are. For most people, the answer is ...don't worry. Just as cell phone calls are not recorded, neither are text messages. Regular text messages sent through regular cell phones are not kept in any central repository. When you zap them from your phone they are, in almost all instances, forever zapped. There is no federal law requiring that they be stored or kept by the cell phone provider. Text messaging is what the wireless companies call SMS for Short Message Service. It has become almost as popular as cell phone voice communications, with as many as 20 billion text messages being sent each month in the United States alone. Typically, text messages are 140 characters or less, sent via the data networks of the wireless providers from one device to another. In the mayor's case, the reason his messages have been exposed is because of the specialized service the city has contracted with to handle wireless communications between city officials. Although the scandal is already being dubbed BlackBerrygate by wags, the gizmo the mayor and Beatty used to communicate wasn't a BlackBerry at all. It was a SkyWriter, and although it looks a lot like a BlackBerry, it's a dedicated messaging device provided to the city by SkyTel, a Mississippi-based wireless company that specializes in providing paging and messaging services to large corporations and governmental bodies through its own wireless network and devices. "Every message sent over the SkyTel network ... is recorded, including: Date and time the message was sent... 'From' address... 'To' address... Length of the message..Entire message content up to 2,000 characters ," notes the company on its Web site in an article about the "benefits of message archiving." For major corporations and governments, the automatic archiving of such messages is important, where legal requirements mandate the storage of all business- or government-related communications. But tell the mayor that's a benefit today. The irony of the scandal is that if the mayor had used a regular cellphone and text messaging service from Verizon, AT&T or Sprint, there would be no record as those messages are simply passed through to the connected devices by the wireless companies and not stored on any master server anywhere. "We do keep them for about two weeks," says Mark Elliott, a spokesman for Sprint. "But that's just to make sure they get sent if the customer's phone is turned off or out of the network. After that, even if not retrieved, they're gone. We don't store them. We have no record of them. That's standard practice in the industry." A spokesman for AT&T, Howard Riefs, said the company keeps next messages for no more than 72 hours. After that, he said, "the text message is removed from our system and cannot be accessed or retrieved." Verizon Wireless issued a statement this afternoon saying it only keeps text messages "a very short time" before erasing them. But the mayor used SkyTel, a system that stores the messages. And by using the city-paid private messaging services from SkyTel for his very personal communications, the mayor left a trail that the Free Press uncovered. When you use a city-owned device on a taxpayer-paid communications system to plot your dalliances, there is no such thing as privacy. All this, of course, raises questions for all of us about the privacy of text messages. And it focuses interest on an issue many parents have raised, namely, how can they monitor the text messages being sent and received by their children. In general, text messages are pretty private. Once they're deleted on the phone, they're gone. If the messages are saved on a memory card on the phone, they can be recovered, even after being deleted, though the recovery is expensive and requires specialized firms. There is company called Radar, that, for $9.95 a month, sells a service that parents can subscribe to that passes messages and e-mail sent or received by their child's cell phone through a Web site that parents can check. Parents set up approved lists of people their children can communicate with and be notified if non-approved people try to contact them. They can even retrieve full text messages. The system works by downloading special software into the cellphone. A spokesman for the comany said the system works with most of the cell phone models now on the market. While text messages are not kept by the wireless companies for long, those who send e-mail via their mobile phones shouldn't think cell phone e-mail is similarly e-vaporized. That's because e-mail sent by phone is processed the same way as computer e-mail, through servers which store and archive the messages in electroic databases. While e-mail may be deleted from a computer or cell phone memory, it can usually be retrieved from the central server and... if required by subpoena... turned over as legal evidence in court cases. All this concern over privacy and messaging just underscores something most of us heard from our mom: Don't say (or write) anything you don't want other people to find out. ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Mon Jan 28 2008 - 00:33:36 PST