I am giving a presentation later today on “protecting privacy by spying on users.” Here is the talk abstract and the slides I will be using. I am also providing a link to a paper that will be presented at a social network analysis conference in January.
Corporations are facing increasing demands to monitor their compliance with policies and regulations. Using the Enron email corpus as an example of corporate communications, the research explored methods to identify instances of password sharing, a practice that should be a security concern to any organization. Social network analysis was able to identify key creators and sharers of passwords, and an analysis of the passwords themselves showed that quality was clearly a problem. The network analysis was also able to reveal interesting communication patterns, such as sharing passwords with external accounts owned by the same person, which might have been useful as indicators of a problem in corporate systems or practices. The research also uncovered cases of possible policy violations, such as the sharing of internal and external accounts.
Paper: Monitoring Corporate Password Sharing Using Social Network Analysis