‘We’re in a high-risk business,” says MessageLabs group general counsel Nick Bright.
Some would call that an understatement when you consider that the IT security company silently deletes around three-quarters of the emails sent to, among others, Her Majesty’s Government, many of the UK’s top 100 law firms and several large financial institutions and companies.
MessageLabs scans roughly 2.5 billion emails and 1.5 billion web connections a day for spam and viruses. Only around a quarter of the emails are legitimate, but those that are often contain highly critical and confidential information.
If an important message was discarded after being misidentified as spam, or a virus crippled a client’s business, the consequential losses, both in real costs and in reputation, would be significant. As Bright says: “People have to trust us with their email.”
Unless you work in IT you may not have heard of MessageLabs, but if you scroll to the bottom of your emails, chances are you would find a discreet line stating that your email has been “scanned by MessageLabs”.
MessageLabs began scanning electronic communications in 1999. Unlike other antivirus and antispam solutions that install software on clients’ desktop computers, MessageLabs scans messages ‘in the sky’ before they even enter the clients’ premises.
MessageLabs offers a service, not a product, and Bright says it was the first company to claim it would stop 100 per cent of known and unknown viruses – or your money back.
The scanning is performed by sophisticated top-secret algorithms that go by the name ‘Skeptic’. The computer systems live in massive server towers (or clusters, as they are now known), which are scattered around 14 locations such as Frankfurt, London, Denver, New York and Hong Kong.
Viruses often start their malicious journeys across the internet when Asian businesses wake up, so they can be caught by the Asian cluster before they reach Europe and the US. Consequently, MessageLabs has the dubious honour of discovering and christening many new and often destructive viruses.
Bright joined MessageLabs and started up its legal department in 2001 when the dotcom heyday was all but over. But the company’s technology was still revolutionary – in fact, almost too revolutionary for the law to cope with it.
Bright recalls: “I’d spoken to quite eminent firms that claimed to be experts in the field but it soon became apparent that I knew more in the field after a few months of research than they did.”
Seven years on, much of the work is still handled in-house by Bright and his team of four lawyers, who are spread between Gloucester and New York. However, he has also managed to assemble an eclectic international collection of firms and lawyers around him.
“I’m very much an advocate of having a specialist doing a specialist area of work,” he explains, although he adds: “This doesn’t preclude big firms being specialists in an area.”
Bright has just held a beauty parade for new corporate legal advisers, but like many general counsel, the choices he makes are based on personal relationships.
Bright himself is “very much a commercial litigator”, having worked in law for 14 years, six years as a partner at Cirencester firm Davey Son & Jones.
However, the issues that he now comes up against are varied and Bright handles a lot of work involving European technology regulation.
For example, in 2002 confusion was sparked by EC directives on the interception of telecommunications, resulting in the UK Information Commissioner’s code of practice on the monitoring of staff in the workplace.
Bright became involved in the interpretation of the regulation because MessageLabs intercepts the emails of third parties and monitors them, albeit as part of an entirely automated process.
Privacy issues and regulation feature frequently in Bright’s work and the latest fashionable issue in the industry concerns data retention regulation.
The market that MessageLabs operates in is competitive: the company’s two biggest rivals were recently bought by Google and Microsoft.
Smaller acquisitions and disposals are therefore always on the agenda and last year MessageLabs sold Star Internet, an internet provider that gave birth to MessageLabs in the 1990s.
Bright and his team also deal with the contractual relationships that govern the service and assurances provided to roughly 16,000 clients in more than 86 countries.
The initial draft standard contract was developed during the first six months of Bright’s tenure and was drafted almost entirely in-house. It has developed hugely since that time into a six-page document, excluding detailed appendices and service level agreements (SLAs) that mitigate the risk faced by MessageLabs if the technology should fail.
Nevertheless, Bright’s faith in the Skeptic technology borders on fervour. Such faith is maybe necessary as new virus and spam methods are invented every day. “But touch wood,” Bright says, “we’ve been ahead of that arms race.”
Name: Nick Bright
Title: Global general counsel
Sector: IT security
Number of employees: 500-plus
Reporting to: Chief financial officer Stephen Chandler
Annual legal spend: £360,000 (plus £300,000 in 2007 on sale of Star Internet)
Global legal capability: Three lawyers in Gloucester and two in New York
Main law firms: Heller Ehrman, JA Kemp & Co, Mintz Levin, M Law, Morgan Lewis, Rouse & Co, Simmons & Simmons, Wiggin
Nick Bright’s CV
Education: 1984: BA Hons (Law), Chelmer Essex (now Anglia University)
1984-85: College of Law, Guildford
1987-90: Articled clerk, Charles Lucas & Marshall
1990-92: Director of business affairs, TKO Entertainment Group
1993-94: Assistant, RGS Solicitors
1995-2001: Partner, Davey Son & Jones (now Davey Franklin Jones)
2001-present: Global general counsel, MessageLabs Group