Exec's Electronic Messages Surface on Net, Raising Privacy Concerns

By CHARLES PILLER, KAREN ALEXANDER and ABIGAIL GOLDMAN

March 17, 2001 12 AM PT

TIMES STAFF WRITERS

Facing the ultimate digital nightmare, a Costa Mesa dot-com had thousands of confidential messages posted on the Internet, renewing concerns about electronic privacy and sharing the company’s woes with the world.

Messages written or received by Sam Jain, chief executive of EFront Media Inc., were apparently taken from a log file on his personal computer. They were posted to Web sites all over the world last week.

Most of the messages, sent using the popular ICQ instant messaging system, were about mundane aspects of running a small business. But within the hundreds of pages of transcripts were bursts of sometimes unseemly discussions about how to fend off creditors, snoop on competitors and bully customers.

It is not known how the messages were obtained. Security experts said the messages could have been acquired by a number of methods, from the use of specialized computer viruses to simply copying the transcript file off of Jain’s computer.

Although EFront is a tiny company with just 75 employees and only $450,000 in annual revenue, the posting of its private messages underscores the vulnerability of instant messaging, which is used by at least 50 million people.

Although the episode may represent one of the most flagrant violations of security regarding instant message systems to date, experts warn that they are designed for convenience and openness, not privacy.

No one at EFront was available to comment Friday.

But Jain, speaking to the Web-based news publication CNet, said, “I’ve been trusting everyone. I haven’t kept passwords. It was foolish of me, naive of me.”

Key executives of EFront were reportedly engaged in disputes with Jain, and several resigned last week, around the time the messages were made public.

Dennis Acebo, a vice president who resigned last week would say only, “I’m trying to move forward.”

The double doors to EFront’s headquarters, in an upscale 21-story office tower next to the Orange County Performing Arts Center, were locked Friday. An employee from a neighboring law firm, who asked not to be identified, said the company had moved out abruptly.

The purported messages provide not only a glimpse of Jain’s private life but also a window into the desperation of a dot-com struggling to survive.

Jain told CNet that the logs were real but had been “doctored.”

One of the more notorious exchanges involved Jain purportedly messaging derogatory comments about Jennifer Moss, founder of BabyNames.com.

Moss said Friday that she was shocked to see Jain’s comments. “The transcripts show a lot of hostility toward us and our site,” said Moss, who believes the messages are authentic. “This has been a very difficult and trying time for us.”

Launched in the summer of 1999, EFront gathers advertising revenues for a network of Web sites and distributes them according to each site’s traffic.

It became one of the fastest-growing Web properties through an aggressive acquisition strategy. It was among the 20 most frequently visited Web sites, garnering about 12.4 million viewers in July, according to Media Metrix.

As it acquired smaller Web sites, the company attracted global attention and made millionaires out of several young entrepreneurs whose businesses were swallowed up by EFront.

Some of the EFront messages suggest that rapid growth caused considerable pain for EFront partners, who pleaded with Jain for past due payments. There were also indications that there was significant tension within the company as the advertising market dramatically declined and EFront began to bleed money.

“We built this huge property, the ad market couldn’t hold it up anymore, so we got crushed by our sheer size,” said Bill Hodson, who resigned as EFront’s marketing manager last month, before the flap over the messages.

The EFront messages caused Internet discussion boards to light up last week. One common thread to these discussions was the issue of privacy.

“How would you like it if everyone read your private musings? Could you stand the scrutiny?” asked one participant on a bulletin board frequented by disgruntled technology workers.

About 40% of American corporations permit employees to use instant messaging freely, according to John Pescatore, a security expert with the research firm Gartner Group.

Officials at ICQ, a unit of AOL Time Warner Inc., said the company makes every effort to warn users that its free instant-messaging service is not secure.

ICQ’s Web site features an unusually blunt and explicit privacy statement, warning users about a litany of potential risks, including eavesdropping, electronic trespassing and hacking.

A spokeswoman for the FBI’s Los Angeles office said the bureau is reviewing the EFront matter, but would not say whether an investigation would be opened.

Federal and state laws prohibit people from cracking into a computer or network to obtain files, said Cindy Cohn, legal director for the Electronic Frontier Foundation. But those laws might not apply if a company official in charge of EFront’s computer network obtained the logs, Cohn said. On the other hand, she said, the company wouldn’t necessarily have the right to make the logs public.

The larger message of the incident may be a reminder that the apparently anonymous Internet experience often lulls users into a false sense of security, experts say.

“We don’t understand how the Net works,” said Bruce Schneier, chief technical officer of Counterpane Internet Security and an encryption expert. “You can’t make the threat go away.”

Times staff writers Leslie Earnest, Jon Healey, Joseph Menn, Alex Pham, Edmund Sanders and Dave Wilson contributed to this report.