Global Strategy - blog

This is the blog section of Glostra website

Feb 01 2009

Lex Nokia: preventing leaks in corporate IPR vs. employee "privacy"

Published in Technology, privacy issues, political strategy, IT, internet, intellectual property rights, Finland, communication, Blog by Jaakko Aspara

The protection of corporate intellectual properties is an important issue for any firm, and particularly so for globally operating high-tech companies. Unfortunately, part of the firm's challenge is to prevent its own employees from leaking corporate information and secrets to competitors. Even if it was only a fraction of a firm's employees -- perhaps 1-5% -- who might have the unfortunate predisposition to make leaks under certain conditions, the challenge is real.

One might assume that a rather basic way of having some control on the leaking is to be alerted in case a firm's employee is sending mails to the firm's competitors. Think about it: If in year 1995, Coca-Cola Corporation's employee John Smith had every Monday an ordinary-looking mail package in the firm's outgoing mail box -- but addressed to Pepsi Co -- I guess it would have been fairly reasonable and legitimate for John's boss to ask John at some point: "What's going on?". In fact, most of us would probably have considered John's boss to be a complete ass if he/she had not asked the question.

Now, somehow some people seem to think that the arrival of a bit more modern mailing technology completely changes this picture.

I mean: Does it change the picture if John, in year 2009, sends the mail packages to the competitor through email instead of traditional mail? Is it now less reasonable or legitimate for John's boss to be alerted? I really think that no, it isn't any less reasonable nor legitimate.

Yet for instance in Finland, many people indeed seem to think that it is outrageous that firms pay attention to where their employees send emails. The debate has heated up, as the government is going it install legislation that acknowledges firms' rights to oversee the addresses of their employees' emails, sent through the corporate email system. (The law in Finland has been popularly called "Lex Nokia", since it tries to protect the intellectual properties of high-tech companies such as Nokia.)

In Finland, it will -- fairly enough -- continue to be illegal for the firm to open and read the emails, but the firm will indeed have the right to track e.g. the destination addresses of the emails as well as the sizes of the emails. This seems perfectly OK to me. If you hesitate or disagree, just ask yourself if the addition of "e" to the beginning of "mail", or the change from 1995 to 2009, fundamentally changes anything. Again, I really think it doesn't.

Some people might, of course, also be worried that their boss will pay attention to the addresses of the private emails that they send through the corporate email system. Admittedly, it might be embarrassing if your boss comes to know that you're sending regular emails to e.g. This e-mail address is being protected from spambots, you need JavaScript enabled to view it . But then again, you might just send those private mails from your home, using e.g. a free Hotmail or Gmail account, mightn't you. After all, you wouldn't have sent those sensitive private mails through the corporate mail office in 1995 either, would you?

[ Back ]

Share This

Email This

Trackback(0)

TrackBack URI for this entry

Comments (5) Add Comment

Subscribe to this comment's feed

Show/Hide comments

Company property, practical impact
written by Henri Schildt, February 03, 2009, 14:14

In UK the university is able to monitor the use of the Internet connection at the office since it owns it (they also make us sign that we agree).
Now I would assume the issue is the same with company-operated e-mail server or internal snail-mail service -- if I send letters through university internal mail the university is prohibited by law to track who I am sending my letters to (?). This seems a rather far-reaching interpretation since clearly university is providing this service for their own cost.

This discussion seems truly insignificant though, since Nokia must understand that in the future any treacherous employee would communicate through gmail or any other untraceable web-based email service (thanks to SLL encryption, traffic to such web sites is rather difficult to monitor -- but also illegal).

I am slightly puzzled by the notion in Helsingin Sanomat that according to this law, my teleoperator would be able to track my emails. This must be false?

Pure constitutionalism vs. case-by-case pragmatism -- or a middle way?
written by Jaakko Aspara, February 02, 2009, 12:30

Now, don't get me wrong. I was definitely not advocating any changes or amendments to the constitution (or freedom rights) because of this kind of issue. Such changes would be an outrage.

What I was wondering, however, was why the legal experts in this case deal with the email issue in extremely abstract, even theoretical terms of constitution -- and totally ignore any practical perspectives to what the legislation would change in or what good or bad it would bring to ordinary people's vs. firms' day-to-day lives (if anything). I think a middle-way way of considering the issue would be possible and preferable.

A whole another point is, of course, to what extent knowing the destination addresses of employees' emails helps firms to actually prevent leakages of intellectual properties. As you implied: if you want to leak information to competitors, you probably won't do it through the firm's email system in any case.

Pragmatic Finns
written by Tuomas Kuronen, February 02, 2009, 10:44

If the article in HS on Sunday is to be believed, I got the impression that majority of the professors (if not all) had very critical views of the law.

I agree that interpretation is always influenced by the values of the interpreter. I also think that constitution is not a holy cow that shouldn't ever be touched, but rather changed/amended when there's a felt need to it. But as long as I am concerned, I would not want very far reaching case-by-case analysis in terms of basic freedoms. And I would not call the infringement of this 'pragmatic' (sorry sounds a bit harsh).

You have a fine point with the mail/email metaphor. However, I see it a bit differently. The proposed future is not an electronic version of the courier boy and some pigeonholes. But rather, imagine a modern data center searching and classifying emails with automated data-mining and profiling. How this would have been done with manual labour?

Fundamentally, this seems a problem of the policy-making infrastructure. In his blog, Jyrki Kasvi proposed the founding of a separate, juridic constitutional court (not sure about the terminology in English). Presently, constitutional issues are pondered by politicians (which by the way unanimously supported lex nokia, surprise surprise).

And one another point, how is this law going to prevent the leaking of company secrets? What stops the treacherous employee sending emails from his private account to both call-girls and scheming competitors?

Constitutional interpretations are often ambivalent
written by Jaakko Aspara, February 01, 2009, 21:27

Tuomas,

You do have a good point there, I agree. If there are doubts that the new law is against the constitution of the nation, this is of course a serious issue that should not be ignored.

On the other hand, we know that interpreting the constitution is a notoriously ambivalent task in many countries. The interpretations are also subject to the interpreters' values and ideologies. One legal "expert" who has a negative basic attitude towards the corporate sector might condemn the email law -- and claim it's against the constitution. Another legal expert who has a more positive attitude towards the business life might, in turn, view the issue in the light of the 1995 vs. 2009 comparison (traditional mail vs. e-mail) -- and conclude pragmatically that the new law does not change much the way things have always been done.

Yet another point -- specific to the Finnish society -- is that we haven't traditionally tended to view issues in the light of a holy Constitution (not to the degree that Americans have). The current Finnish "constitution" is actually rather new -- and has been in itself subject not only to interpretations but also to constant amendment requirements. My point is that for me as a Finn, it seems a bit odd that the legal experts are suddenly framing and interpreting things heavily in terms of the constitution, whereas the Finnish tradition has been to take a more case-by-case, pragmatic approach to legislation issues..

Issue and side one
written by Tuomas Kuronen, February 01, 2009, 17:38

I think there are two things here, the issue of 'privacy' itself and then how policy decisions are made.nnOne might argue that companies do have the right to 'defend' themselves. Another thing (the more important one, in my opinion) is what happens if a new piece of legislation conflicts with the constitution. In other words, should something what legal theorists consider as the foundation of a state be overruled by the economic interests of a private company?nnnNow, everyone might take a position on this, either or. Then, how the decision-making has been conducted is another point of interest. Let's assume that law professors actually know something about legal issues. Given this, why were their concerns bypassed?

Write comment

Show/Hide comment form