For a moment let’s suppose I am the CEO of a multi-million dollar corporation and I send an Instant Message to my General Counsel. He sends me information that should never be seen by the outside world. As vetted peers, my General Counsel and I can chat in encrypted real-time. The communications are neatly logged on my removable USB fob (assume I’m traveling), and on the General Counsel’s laptop hard drive. We have met critical criteria with this exchange. Our IM is protected and therefore not accessible to interception, and we are compliant with both the National Association of Securities Dealers Inc. (NASD) and the Securities Exchange Commission (SEC), which, to paraphrase the rulings, state that Instant Messaging communications must be logged and authenticated; their validity unalterable.

"Government compliance" quickly became the fashionable phrase when Sarbanes-Oxley started holding court over industry. However, for financial institutions and large companies with a presence on the NASDAQ, the realities of NASD Rule 3110, coupled with the SEC’s Rule 176-a-4(b)(4), are of intimate concern. With encrypted IM, a unique key session between the user and the recipient ensures the authenticity of the exchange while providing the valuable log data required by these rulings.


The Secure Instant Messenger (SIM), a product of Ottawa-based Validian Corporation, is poised to change how IM is handled at the enterprise level. The SIM, in conjunction with Validian’s Application Security Infrastructure (ASI), provides high-level security currently unavailable in the usual "over-the-counter IM". ASI guarantees the delivery of messages and files to the target destination without fear of interception at any point in transit. Bilateral and multilateral exchanges can take place between numerous individuals while at the same time, secured files of varying sizes can be transferred. Logging of IM sessions takes place at the sender and recipient points-of-contact, whether PC-to-PC or PC to portable USB fob. As an extra measure of security, a mobile user using their removable USB device for IM leaves no trace of their session or communications once the USB is removed from the host computer. While this feature may appear anti-forensic in nature, the IM session is logged on both the USB device and on the receiver’s computer, making it ultimately traceable.