Microsoft Lync gathers data just like NSA vacuums up info in its domestic surveillance program

Microsoft Lync gathers data just like NSA vacuums up info in its domestic surveillance program

Las Vegas -- Microsoft's Lync communications platform gathers enough readily analyzable data to let corporations spy on their employees like the NSA can on U.S. citizens, and it's based on the same type of information - call details.

At Microsoft's Lync 2014 conference, software developer Event Zero detailed just how easy it would be, for instance, to figure out who is dating whom within the company and pinpoint people looking for another job.

+ Also on Network World: What the NSA and business (should) have in common | Reported NSA actions raise serious questions about tech industry partnerships +

Whether that's ethical or even legal is another question, says Event Zero CEO David Tucker, but it is possible.

Microsoft says these call detail records have been stored by traditional PBXs for legitimate reasons such as accounting for cross-charging, to help with trouble-shooting or even to track contact-center agent productivity, and that's why Lync does so as well.  "From a reporting perspective, Lync does this no differently than any other enterprise communications system," says Barry Castle, senior product marketing manager Lync and Skype, in a written response to questions about the significance of this data possibly being misused.

Either way, it's pretty easy to do using Windows PowerShell, SQL Database information gathered by Lync for monitoring purposes and custom PowerShell queries to sort the information in ways that are useful. Tucker's colleague Shane Hoey demonstrated that the sorted data can readily be exported and be presented in HTML or whatever graphic representations that Excel supports.

The powerful monitoring uses of the same technology are useful and innocent enough, he says. Slicing the identical data can help businesses troubleshoot quality issues on VoIP calls, show trends in bandwidth use to head off network congestion and seek out spots where call quality is deteriorating so remedies can be found.

But using PowerShell queries can also be easily written that parse the same information to figure out personal details about employees. "You can become your own mini-NSA," Tucker says jokingly. "Just make sure it doesn't end up on Wikileaks."

A lot of the information available in call records gathered by Lync includes personally identifiable information about individuals and therefore opens up a can of worms, he says. There may be legal restrictions on use of that data depending on what the laws are in the country or state where the data resides, he says. And individual corporations and departments may have their own rules restricting their use, so IT pros tempted to mine the data should beware, he says.

Some of the analysis walks a fine line. While it might be ethically questionable to check out which employees spend a lot of time on the phone with each other, it might not be bad to check out how often they call competitors.

Lync itself comes with built in analytics, but this is not what Tucker is talking about. He describes custom analysis that is easy to craft and that uses a broader range of data from which to draw conclusions.

The NSA gathers up call detail records from U.S. carriers on all landline calls (and fewer wireless calls) that it stores in a massive database. The way the system works, once the NSA has reason to believe a person is tied to terrorism it can seek a court order letting it view and analyze that person's phone's data as well as data of phones called by that number.

Analysis of that select data could demonstrate a link between a suspected terrorist and a known one.

The same type of analysis could be legitimately valuable to businesses, Tucker says. A charity, for example, could check who within its organization has been contacted by a potential donor, giving some sense of how interested that person is in giving more.

Tim Greene covers Microsoft and unified communications for Network World and writes the Mostly Microsoft blog. Reach him at and follow him on Twitter @Tim_Greene.

Read more about lans and routers in Network World's LANs & Routers section.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoftunified communicationsskypeNetworkingnsaLANs & Routers



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments