Deutsche Bank Switches Off Text Messaging

Deutsche Bank has banned text messages and communication apps such as WhatsApp on company-issued phones in an effort to improve compliance standards. From a report: The functionality will be switched off this quarter, chief regulatory officer Sylvie Matherat and chief operating officer Kim Hammonds told staff in a memo. Unlike emails, text messages can't be archived by the bank, said a person with knowledge of the matter who asked not to be identified discussing internal matters. "We fully understand that the deactivation will change your day-to-day work and we regret any inconvenience this may cause," Matherat and Hammonds said in the memo. "However, this step is necessary to ensure Deutsche Bank continues to comply with regulatory and legal requirements." The policy also applies to private phones used by employees for work purposes. Communication apps such as WhatsApp, Google Talk, iMessage are also prohibited, the memo said.

This is starting to happen in a lot of places...

[slasher999]

Unfortunately this is starting to occur is lots of places. Companies are being forced, or choosing to, move away from real time communication back to email in large numbers due to laws around compliance and a desire to comply at the lowest possible cost. Personally I see these moves as harmful to the business long term but the management I've spoken with about the issue are not interested in taking on that challenge now.

In other news

[The-Ixian]

Deutsche Bank is apparently the last remaining hold out to the "BYOD" model....

Re:In other news

[jon3k]

Only about half of large organizations allow BYOD. See the graph here.

Re:In other news

[slasher999]

That article is over 2 years old. Those numbers have certainly changed significantly in that time.

Re:In other news

There are a lot of companys who still think they can save money by commandeering their employees personal phones...

Re:In other news

[geekmux]

There are a lot of companys who still think they can save money by commandeering their employees personal phones...

There are a lot of employees who assume that the cost of mitigating risk and maintaining compliance is free.

Don't like working in that kind of environment? Try not to let the door hit you on the way out.

Re:In other news

[JaredOfEuropa]

Most of my clients that implemented this saw BYOD as a win-win: they no longer have to provide company phones, and most employees seem to prefer using their private phone for business stuff (and bearing the costs as well) over having to carry 2 phones. In case where the employee had a choice between a company phone or BYOD, almost everyone ditched their Blackberry and used their personal device instead. And it certainly was seen as a win by employees who did not qualify for a company phone, but now have access to their work email, agenda, directory and IM service.

Re:In other news

[Actually,+I+do+RTFA]

You mean the last one to embrace BYOD, or the last one to insist on it?

I don't grok why I would ever let an employer control/monitor my hardware. I suppose I could get a second device if they insisted on BYOD, but that's just making me pay for the hardware they're too cheap to. I hope the software they want to use runs on a prepaid $50 android phone.

Re:In other news

[thegarbz]

I've yet to come across a large company which has a BYOD only policy. Most offer BYOD as a service for employees who don't want to use the company selected phone.

Re:In other news

[jon3k]

I'm all ears. If you've got a more recent source I'd love to see it.

How do they ban it on privately owned phones?

[mark-t]

[nt]

Re:How do they ban it on privately owned phones?

[slasher999]

Likely as part of their BYOD model they require the use of software on the phone to allow them to manage what features on the phone can be used. This would be the same software installed on company owned devices. Central management coupled with a gateway that only allows connections from devices with the software and policies in place before it can connect to corporate resources.

Re:How do they ban it on privately owned phones?

[runningduck]

There are companies that tie mobile device management software with wireless/cell scanners to monitor overall compliance with the policies. Non-compliant devices can be mapped with a location within the building and hall monitors take it from there.

Re:How do they ban it on privately owned phones?

[anonymous+cupboard]

If you have a company provided SIM, it is fairly easy to disable SMS. An arrangement can be made with the provider to disable SMS transmission and receipt. Note if you have a device under BYOD, then you have other compliance relevant messaging available. The downside is that you will need internet wherever you are to use it while SMS is a basic service which has high availability and is relatively fast/cheap.

Re:How do they ban it on privately owned phones?

[mark-t]

Obviously they could probably control calls from and to the device if those calls were actually being governed by the company, but the articl;e says not only are these things banned for work purposes, they ouright banned on the entire device if that device is used for work. Presumably, if the device is privately owned, it is used for things *other* than work as well.... but this policy would seem to suggest that encryption apps that do not allow the company to track communication with them would be prohibited on *ANY* device that is ever used for work, even if said communication had nothing to do with work.

Plus, if they do not actually prohibit it to that extent, then there is nothing stopping people from using said devices to communicate with eachother about work-related stuffs outside of regular work-hours anyways.

Re:How do they ban it on privately owned phones?

[thsths]

Well, guess what. If you stop BYOD, and people have their private phones, they can use those to call each other, too. Completely unregulated! (Not completely unrecorded, of course.)

At the end of the day, you need people to do the right thing, and technology can help, but it does not solve the problem.

Re:This is starting to happen in a lot of places..

Too bad there wasn't a real time communication method where you didn't have to type and was secure - all you'd have to do is speak.

I'll think I'll write an app where you talk, it then produces text and then the receiver hears the text translated into sound and they can then hear it. I'll give it some cutsy catchy name like tell-La-fone!

I'll get funding from some Silicon Valley VC, and eventaully the valuation will become ONE HUNDRED BILLION DOLLARS and we'll go public and the stock will sell for hundreds of dollars a share even though we're burning through hundreds of millions of dollars in cash.

I'll do guest appearances on TV shows, make outlandish claims (I see tell-LA-fone booths on Mars!) and folks will call me an innovative GENIUS!

Yessiree! Making money the Silicon Valley way - legally scamming people.

Re:This is starting to happen in a lot of places..

Unfortunately this is starting to occur is lots of places. Companies are being forced, or choosing to, move away from real time communication back to email in large numbers due to laws around compliance and a desire to comply at the lowest possible cost.

Actually, it's because they want their staff to actually work. Not mindlessly gossip over instant messenger with their mates.

Personally I see these moves as harmful to the business long term

Most instant messengers don't offer end-to-end encryption so if you're not shittalking with mates I assume your discussing work with co-workers and possible violating your NDA at the same time.

Two factor authentication

[Geeky]

What's the betting that another department complains about this breaking their SMS based two factor authentication once this is rolled out...

Re:This is starting to happen in a lot of places..

It's great. You don't want a bank, or any other major business to be run in a way where information moves in inscrutable ways, nobody knows who said what, when and to who. With email there's a trail, it can trivially be secured with GPG, and while there's much to be said about organisation of emails, it's lightyears ahead of what the various chat services offer.

Seems like someone finally reined in the cavalier egomaniacs.

Should have gone with blackberry...

If your company has a blackberry enterprise server installed, you can easily configure the phones to log everything to the central company-owned server: http://support.blackberry.com/...

Of course, nobody cares about anything but Ooh! Shiny! anymore...

Re:Should have gone with blackberry...

[PolygamousRanchKid+]

If your company has a blackberry enterprise server installed

I doubt that even Blackberry has a Blackberry Enterprise Server installed anymore.

Re:Should have gone with blackberry...

[omfglearntoplay]

Yeah, I want to say it did it by default when we were using it. Blackberry really was company-centric... but since companies got greedy and wanted to abuse BYOD and users wanted to be able to play more than use their phone for work... now we have the current state of affairs at most places.

Re:Should have gone with blackberry...

[JaredOfEuropa]

BYOD isn't a cost-saver, it's a matter of convenience. And playing on private phones has nothing to do with it (so sick and tired of that old "Blackberry is a business tool; iPhone / Android is a toy"-line).

Most employees prefer using their private phones for work stuff over having to carry a second phone, and BYOD can also be offered to employees who formerly did not qualify for a company phone. For a while, having a BB was something of a status symbol, but as soon as companies figured out how to make BYOD secure enough, most people got rid of them even if they didn't have to. The hold-outs who kept their BBs were seen as dinosaurs. The "current state of affairs" at places that did BYOD the right way is just fine and dandy.

Re:This is starting to happen in a lot of places..

Maybe it would be smart for banks to develop some kind of way of doing communications that is a bit more secure though.

I use Signal at my job to exchange information between clients and myself that we don't want going out across networks or being archived - for example: temporary credentials, discussions of software vulnerabilities and how to handle them, certificates & keys for https, etc...

I'm not comfortable sending those across the wire without end-to-end encryption.

Also sometimes there are "personal" matters that clients want to discuss in un-monitored channels. I've had clients having bad days stop to tell me about spouses undergoing chemo, their children struggling at school, marital issues, and other very personal things. And I listen because I genuinely do care. It also has a secondary advantage for the company I work for; the client relationship is stronger because it's more personal and built on shared experiences and trust. When projects struggle, when there are issues with deliverables, or any of the myriad of things that come up in software development that harm company-to-client relationships, it can be very useful to have people on both ends (client & service provider) that have more than just a wildly abstracted professional connection.

I get why banks are doing this, but there ARE many legitimate reasons to go out of band. The law is at fault here, but only in a very loose way. There may not be a way to fully legislate this properly (at least not that I can think of). There may be a case to be made for Banks implementing something like this block, and having some policies in place, but to not make it *too* hard to circumvent for valid reasons.

In any case, email isn't a very secure medium, I'm not sure I'd want all communication routed through that.

Re: This is starting to happen in a lot of places.

Exactly, and things like whatsapp are specifically dependant on one particular company which is bad newsletter to begin with.

You can even prove no tampering with dkim

[raymorris]

> With email there's a trail, it can trivially be secured with GPG

And with DKIM signatures (needed to send email to Yahoo users) you can even prove that the message in evidence is actually what they sent - it hasn't been modified. Podesta, Donna Brazile, and Time Kaine found that out the hard way.

Re:This is starting to happen in a lot of places..

I get the joke you are attempting to make, but what about the whole needing to log the conversation part?

Actually, now that I ask that.. so they are banning text messaging because texts cannot be logged. Are they also disabling the ability of these work-issued smart phones to function as, well, phones?

Re:This is starting to happen in a lot of places..

[anonymous+cupboard]

It is more around ensuring IM is recorded. You can still run OCS, for example, but everything is stored in case you want to manipulate LIBOR or something. There are places where encryption is important such as Mergers & Acquisitions but it really is just about ensuring that there is a log of all important communications.

Normal for financial entities

[Midnight+Thunder]

Given the regulatory requirements this makes sense. At one major US financial institution, where I worked, this is the norm, because the risk of information leakage is an issue. You even need to use application such as Mobile Iron or Good for accessing company e-mail. Company issued iPhones had the the essentials an nothing more, with certificates limiting what you could do with the phone.

At the same time, there was a move towards BYOD, which does provide a bit of a chink in the wall, but still requires Mobile Iron or Good for accessing company e-mail and a certificate limiting certain operations. You can't copy/paste from Mobile Iron or Good, for example.

These companies need to show to regulators that they are meeting requirements and maybe even going slightly beyond. All e-mail in and out is recorded for 7 years.

let's set so double the killer delete select all

[tepples]

I'll think I'll write an app where you talk, it then produces text

That'd be a killer app. Double the killer, in fact.

Re:This is starting to happen in a lot of places..

[slashrio]

Employees are still free to make a phone call, if you ask me...

Re:This is starting to happen in a lot of places..

[slashrio]

Don't worry, every phone conversation is being recorded.

Re:This is starting to happen in a lot of places..

[JaredOfEuropa]

Nope, this have nothing to do with private chats or calls during work hours. They cannot ban Whatsapp from private phones, only require that they are removed from private phones that are enrolled in their BYOD infrastructure (on Android and iOS, you can enforce this too). Instead of having a policy that requires employees to only use business-approved channels for business-related communications (and perhaps reinforce that policy with a short mandatory CYA* E-learning course), they opt for the easiest way to comply. As always.

*) CYA = Cover Your Arse.

Re:This is starting to happen in a lot of places..

[hey!]

I think it'll be interesting to see if it actually does hurt productivity.

Here's what I think will happen. A very few people will be seriously hampered in their work. Most people will end up about as productive as they were before. And some people may do a little better.

Re: This is starting to happen in a lot of places.

[MachineShedFred]

Don't forget bugging every conference room, hallway, closet, and bathroom stall - we wouldn't want any uncataloged near-real-time communications, would we?

Re: This is starting to happen in a lot of places.

[lymond01]

Slack.

Re: Inscrutability of banks

[presidenteloco]

If only there were a technology where every transaction was recorded in an irrefutable way in a public ledger.

Re:This is starting to happen in a lot of places..

[slashrio]

Your phone calls are already being recorded...

Re:Better news!!

[alexo]

Even better news!! The Obama Administration has 8 solid years of recordings already in place

True, but keep in mind that the mass surveillance was rampant was before Obama assumed office in 2009. Arguably the only thing that changed is the capability due to the technological advances.

for political or apolitical detentions.

Citation needed.

Re:This is starting to happen in a lot of places..

[raremediumwelldone]

>>Actually, it's because they want their staff to actually work. Not mindlessly gossip over instant messenger with their mates.

THIS.

I used to work for a company that used MSN Messenger as an in-house communications tool. They'd use your company email to make you an account, etc.

You were only supposed to add people on your immediate team, and supervisors (up to 2 levels above you). They canned the idea when a large number of people had every single co-worker on theirs and just IM'd them all day long.

Simple Fix

[nehumanuscrede]

Your in-house coders create their own Instant Messaging application.
All messages are encrypted in transit and flow through centralized company owned servers where any and all messages can be retained for however long you need them to be.

Ours supports simple text messaging, behind the scenes encryption, file transfers, multi-user group meetings, screen sharing / remote access, employee searches, etc. etc. It's probably more robust than many commercial texting systems are.

Hell, I even get a daily digest of all my messages in an email so I can keep them for record purposes and future referencing myself.

Re:This is starting to happen in a lot of places..

[Aliks]

For banks it is actually a bit more than just a need to log important stuff.

The regulator demands that there is a record of ALL messaging interaction with functions like trading. This is important if they need to track down collusion as happened in the LIBOR situation.

DB were heavily criticized (and fined) for not fully logging all such traffic. If the other bank does produce a record of messages and you dont, then you really are in trouble.

Re:This is starting to happen in a lot of places..

[thegarbz]

move away from real time communication

Nope. They are only moving away from third party real time communication. I see Lync *ahem* Skype for Business being deployed more and more in every direction. It has all the features of real time communication like WhatsApp, messaging systems, including phone systems, the ability to replace traditional VoIP phones (sign of the times that VoIP is now traditional), AND the company can log the communications.

Re:This is starting to happen in a lot of places..

[K.+S.+Kyosuke]

Why can't e-mail be real-time? How much time does it take to deliver a message with proper infrastructure? Why couldn't a messaging application use RFC822 as its communication protocol?

Re:This is starting to happen in a lot of places..

[dougTheRug]

This is by no means the first work phone to prohibit SMS. But I do wonder how they accommodate 2FA.

Sounds about right

[Rastl]

They're preventing third party messaging apps from running on company devices. It's no different than not allowing someone to run Google Hangouts on their work computer. It's a non-story.

They more than likely have an in-house IM product which is compliant. So company communication is done using company tools.

This whole BYOD craze still has me shaking my head. Why would I want to be connected to work 24/7/365.25? When I leave work I leave work. My cell phone number is on my public contact card if people need to reach me after hours.

Re:This is starting to happen in a lot of places..

[RockDoctor]

Since these are company-owned phones issued for company business, that is entirely their prerogative.

Doing work on personal phones will be banned shortly - and if you need to do work on a telephone, you'll be issued with one to carry for work purposes. If you want to carry a personal phone too, that's your choice. Don't expect work to either pay for it, or acknowledge it's existence.