`
`
`
`
`
`
`
`ELSEVIER
`DIGITAL
`PRESS
`
`John W.Rittinghouse
`James F. Ransome
`
`
`
`
`
`Page 1 of 13
`
`Facebook's Exhibit No. 1025
`Page 1
`
`Page 1 of 13
`
`
`
`Facebook's Exhibit No. 1025
`Page 1
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Elsevier Digital Press
`30 Corporate Drive, Suite 400, Burlington, MA 01803, USA
`Linacre House, Jordan Hill, Oxford OX2 8DP, UK
`
`Copyright © 2005, John W. Rittinghouse and James E Ransome.All rights reserved.
`
`Nopartofthis publication may be reproduced,stored in a retrieval system, or
`transmitted in any form or by any means, electronic, mechanical, photocopying,
`recording, or otherwise, withoutthe prior written permission of the publisher.
`
`Permissions may be soughtdirectly from Elsevier’s Science & Technology Rights
`Department in Oxford, UK: phone: (+44) 1865 843830, fax: (+44) 1865 853333,
`e-mail: permissions@elsevier.com.uk. You may also complete your request on-line
`via the Elsevier homepage (http://elsevier.com), by selecting “Customer Support”
`and then “Obtaining Permissions.”
`
`69 Recognizing the importance ofpreserving what has been written, Elsevier prints its
`books on acid-free paper wheneverpossible.
`
`Library of Congress Cataloging-in-Publication Data
`Application Submitted.
`ISBN: 1-55558-338-5
`
`|
`
`British Library Cataloguing-in-Publication Data
`A catalogue record for this bookis available from the British Library.
`
`For information onall Elsevier Digital Press publications
`visit our Web site at www.books.elsevier,com
`
`05 06 07 08 09 10987654321
`
`Printed in the United States ofAmerica
`
`
`
`Page 2 of 13
`
`Facebook's Exhibit No. 1025
`Page 2
`
`Page 2 of 13
`
`Facebook's Exhibit No. 1025
`Page 2
`
`
`
`Contents
`
`List of Figures and Tables
`
`Acknowledgments
`Foreword
`
`Introduction
`
`xiii
`
`XV
`
`xVii
`
`Purpose and Audience
`|.1
`1.2. What to Expect from This Book
`1.3 What Is IM?
`1.3.1
`IM and Its History
`1.3.2.
`[Mas an Integrated Communications Platform
`1.3.3.
`Common IM Application Approaches
`1.3.4 Who Uses IM?
`1.3.5 What Are the Advantages of Using IM?
`1.3.6 WhatAre the Risks of Using IM?
`Summary
`Endnotes
`
`1.4
`1.5
`
`2
`
`Flow Does IM Work?
`
`2.1
`
`2.2
`2.3.
`
`High-Level View of IM
`The Presence Service
`2.1.1
`2.1.2
`The Instant Messaging Service
`Basic IM Features
`Enterprise Instant Messaging Considerations
`2.3.1
`Operating System
`2.3.2
`Database
`2.3.3
`Directory Services
`2.3.4
`Interoperability
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Page 3 of 13
`
`Facebook's Exhibit No. 1025
`Page 3
`
`Page 3 of 13
`
`Facebook's Exhibit No. 1025
`Page 3
`
`
`
`vi
`
`Contents
`
`Schema Change Requirements
`2.3.5
`Standards Based for Third-Party Support
`2.3.6
`Compliance Management
`2.3.7
`Remote Access
`2.3.8
`Cost Considerations
`2.3.9
`2.4 An Enterprise EIM Nightmare Scenario
`25
`An Overview of Mobile and Wireless Instant Messaging
`2.5.1 What Is Mobile Instant Messaging?
`2.5.2. What Is Wireless Instant Messaging?
`2.5.3.
`Short Message Service
`2.5.4 Wireless Application Protocol
`2.5.5
`General Packet Radio Service
`2.5.6
`The Future of WIM
`2.5.7
`The Future of MIM
`Selecting and Securing a WIM Solution
`Summary
`Endnotes
`
`2.6
`2.7
`2.8
`
`3
`
`IM Standards and Protocols
`
`|
`
`|
`
`43
`44
`44
`44
`44
`45
`46
`46
`47
`47
`47
`48
`48
`49
`49
`51
`52
`
`53
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`3.1
`
`3.2.
`
`3.3.
`3.4
`
`3.4.4
`3.4.5.
`3.4.6
`3.4.7.
`3.4.8
`3.4.9
`3.4.10
`3.4.11
`3.4.12
`
`Extensible Messaging and Presence Protocol—RFC 2778
`3.1.1
`Jabber and the IM Community
`Jabber Protocol and XMPP
`3.2.1
`Architectural Design
`Instant Messaging/Presence Protocol—RFC 2779
`Session Initiation Protocol
`3.4.1
`SIP Security
`3.4.2
`Existing Security Features in the SIP Protocol
`3.4.3
`Signaling Authentication Using HTTP
`Digest Authentication
`S/MIME Usage within SIP
`Confidentiality of Media Data in SIP
`TLS Usage within SIP
`IPsec Usage within SIP
`Security Enhancements for SIP
`SIP Authenticated Identity Body
`SIP Authenticated Identity Management
`SIP Security Agreement
`SIP End-to-Middle, Middle-to-Middle,
`
`73
`Middle-to-End Security
`3.4.13
`SIP Security Issues
`73
`SIP for IM and Presence Leveraging Extensions
`
`
`
`|
`
`53
`57
`58
`59
`65
`66
`68
`69
`
`69
`69
`70
`70
`7|
`7\
`7|
`7\
`72
`
`Page 4 of 13
`
`Facebook's Exhibit No. 1025
`Page 4
`
`Page 4 of 13
`
`Facebook's Exhibit No. 1025
`Page 4
`
`
`
`
`
`
`Contents
`
`
`
`
`3.6
`3.7.
`
`The Future of IM Standards
`Endnotes
`
`4
`
`IM Malware
`
`76
`78
`
`81
`
`
`
`4.1
`
`
`
`
`
`
`8l
`Overview
`83
`4.1.1
`Instant Messaging Opens New Security Holes
`85
`4.1.2
`Legal Risk and Unregulated Instant Messaging
`86
`The Use of IM as Malware
`4.2.
`87
`4.3. What Is Malware?
`88
`43.1
`Viruses
`
`88
`4.3.2 Worms
`
`88
`4.3.3. Wabbits
`
`
`4.3.4—Trojan Horses 89
`4.3.5
`Spyware
`90
`
`4.3.6
`Browser Hijackers
`90
`
`43.7
`Blended Threats
`9I
`
`4.3.8
`Backdoors
`9|
`
`
`4.3.9—Exploits 93
`4.3.10 Rootkits
`93
`
`
`4.4 How Is IM Used as Malware?
`95
`44.1
`Asa Carrier
`96
`
`44.2 Asa Staging Center
`99
`4.4.3
`AsaVehicle for General Hacking
`100
`
`444 Asa Spy
`104
`
`4.4.5 Asa Zombie Machine
`107
`
`44.6
`As anAnonymizer
`109
`Summary
`ITI
`
`Endnotes
`Il
`
`
`
`
`
`
`
`
`4.5
`46
`
`IM Security for Enterprise and Home
`
`113
`
`5.1
`
`5.2
`
`5.3.
`
`How Can IM Be UsedSafely in Corporate Settings?
`5.1.1
`Understanding IM and Corporate Firewalls
`5.1.2.
`Understanding IM File Transfers and Corporate Firewalls
`5.1.3.
`Blocking and Proxying Instant Messaging
`5.1.4.
`IM Detection Tools
`Legal Risk and Corporate Governance
`5.2.1
`Legal Issues with Monitoring IM Traffic
`Corporate IM Security Best Practices
`5.3.1
`Start from the Firewall
`5.3.2
`Consider the Desktop
`
`116
`116
`119
`120
`122
`122
`124
`124
`125
`125
`
`
`
`
`
`
`|
`Contents
`
`
`
`Page 5 of 13
`
`Facebook's Exhibit No. 1025
`Page 5
`
`Page 5 of 13
`
`Facebook's Exhibit No. 1025
`Page 5
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`viii
`
`Contents
`
`Install Patches to IM Software ASAP
`Enforce Client-Side IM Settings
`IM Proxy Gateways
`VPNs
`Antivirus
`
`5.3.3
`5.3.4
`5.3.5
`5.3.6
`5.3.7
`5.3.8
`Set up Containment Wards
`5.3.9
`Secure Information with Encryption
`5.3.10
`IM System Rules,Policies, and Procedures
`5.3.11
`Monitor to Ensure IM Client Policy Compliance
`Security Risks and Solutions for Specific Public IM Clients
`5.4.1
`MSN Messenger
`5.4.2
`Yahoo! Messenger
`5.4.3
`America Online Instant Messaging
`5.4.4
`ICQ
`5.4.5
`Beware of IM Third-Party Clients and Services
`5.5 Home IM Security Best Practices
`5.6
`Summary
`5.7
`Endnotes
`
`5.4
`
`6
`
`IM Security Risk Management
`6.1
`IM Is a Form of E-mail
`6.2
`IM Security and the Law
`6.3.
`Cybersecurity and the Law
`6,3.|
`The 1996 National Information Infrastructure
`Protection Act
`President’s Executive Order on Critical
`Infrastructure Protection
`6.3.3
`The USA Patriot Act of 2001
`6.3.4
`The Homeland Security Act of 2002
`1M Must Be Managed as a Business Record
`IM Risk Management
`Summary
`Endnotes
`
`64
`6.5
`6.6
`6.7
`
`6.3.2
`
`7 The Business Value of IM
`
`126
`126
`126
`127
`128
`128
`129
`130
`131
`132
`132
`137
`145
`153
`156
`[58
`16!
`161
`
`165
`
`165
`166
`169
`
`170
`
`170
`171
`175
`188
`189
`191
`19|
`
`195
`
`Ubiquitous Presence and Workflow
`7.1
`It’s All about Culture
`7.2
`
`Overall RO! for IM
`7.3
`
`
`7.4.
`The Choice Is Yours
`Endnotes
`
`
`195
`200
`202
`204
`
`
`
`
`
`Page 6 of 13
`
`Facebook's Exhibit No. 1025
`Page 6
`
`Page 6 of 13
`
`Facebook's Exhibit No. 1025
`Page 6
`
`
`
`
`
`Contents
`
`8
`
`The Future of IM
`8.1
`The Pervasive Network
`8.2
`Peer-to-Peer Instant Messaging
`8.3
`Peer-to-Application (the Human-ComputerInterface)
`8.4 Machine-to-Machine (Application-to-Application)
`8.5
`Jabber
`8.6
`Security and Government Compliance
`8.7.
`The Business Impact
`8.8
`Endnotes
`
`A General Network Security
`
`|
`
`ix
`
`207
`209
`211
`21)
`212
`214
`215
`217
`218
`
`219
`
`220
`Threats to Personal Privacy
`A.|
`220
`Fraud and Theft
`A.2—
`221
`Internet Fraud
`A.3
`223
`Employee Sabotage
`A4
`224
`Infrastructure Attacks
`A5
`224
`A.6 Malicious Hackers
`225
`A.7 Malicious Coders
`
`A8—Industrial Espionage 225
`A.9
`Social Engineering
`228
`A.9.1
`Educate Staff and Security Personnel
`229
`A.9.2.
`Crafting Corporate Social Engineering Policy
`23!
`A.9.3
`Prevention
`232
`
`A.9.4—Audits 232
`A.9.5
`Privacy Standards and Regulations
`232
`A.9.6
`NAIC Model Act
`233
`A.9.7_
`Gramm-Leach-Bliley Act
`234
`A.9.8
`HIPAA
`235
`
`A.10 Summary
`A.J | Endnotes
`
`B Managing Access
`B.|
`Access Control
`
`B.I.1
`B.1.2.
`B.1.3
`B.1.4.
`B.1.5
`B.1.6
`
`Purpose of Access Control
`Access Control Entities
`Fundamental Concepts of Access Control
`Access Control Criteria
`Access Control Models
`Uses of Access Control
`
`237
`238
`
`241
`24!
`
`24!
`242
`242
`244
`244
`249
`
`oo SC Coontents
`
`
`
`Page 7 of 13
`
`Facebook's Exhibit No. 1025
`Page 7
`
`Page 7 of 13
`
`Facebook's Exhibit No. 1025
`Page 7
`
`
`
`
`
` * Contents
`
`Access Control Administration Models
`B.1.7
`Access Control Mechanisms
`B.1.8
`Internal Access Controls
`B.1.9
`B.I.10 Techniques Used to Bypass Access Controls
`Password Management
`B.2.1
`SmartCards
`B.2.2
`Biometric Systems
`B.2.3
`Characteristics of Good Passwords
`B.2.4
`Password Cracking
`B.2.5 Windows NT LOphtCrack (LC4)
`B.2.6
`Password Cracking for Self-Defense
`B.2.7
`UNIX Crack
`B.2.8
`John the Ripper
`B.2.9
`Password Attack Countermeasures
`Physical Access
`Summary
`Endnotes
`
`B.2.
`
`B.3
`B.4.
`B.5
`
`Cc
`
`Security Management Issues
`
`249
`25]
`251
`256
`257
`258
`258
`258
`259
`260
`260
`26!
`262
`263
`263
`263
`264
`
`265
`
`C.2
`
`266
`C.l Organizational Security Management
`266
`C.l.1
`Perceptions of Security
`266
`C.|.2
`Placement of a Security Group in the Organization
`267
`€.1.3
`Security Organizational Structure
`268
`C.1.4
`Convincing Management of the Need
`268
`€.1.5
`Legal Responsibilities for Data Protection
`269
`C.1.6
`DHS Office of Private Sector Liaison
`269
`Security Management Areas of Responsibility
`270
`C.2.1
`Awareness Programs
`27
`C.2.2
`Risk Analysis
`272
`C.2.3
`Incident Handling
`273
`C.2.4— Alerts and Advisories
`274
`C.2.5 Warning Banners
`274
`C.2.6
`Employee Termination Procedures
`
`C.2.7—Training 275
`C.2.8
`Personnel Security
`275
`
`C.2.9—Internet Use 276
`C.2.10 E-mail
`276
`C.2.11 Sensitive Information
`276
`C.2.12 System Security
`277
`C.2.13 Physical Security
`277
`Security Policies
`278
`
`C.3
`
`
`
`Page 8 of 13
`
`Facebook's Exhibit No. 1025
`Page 8
`
`Page 8 of 13
`
`Facebook's Exhibit No. 1025
`Page 8
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Contents
`
`
`C.4
`
`C.5
`
`Basic Approach to Policy Development
`C.4.1
`Identify What Needs Protection and Why
`C42. Determine Likelihood ofThreats
`C43
`Implement Protective Measures
`C.4.4 What Makes a Good Security Policy?
`C.4.5
`Review and Assess Regularly
`Security Personnel
`C.5.|
`Coping with Insider Threats
`C.5.2 How to Identify Competent Security Professionals
`C.5.3 How to Train and Certify Security Professionals
`C.5.4
`Security-Related Job Descriptions
`C.6 Managementof Security Professionals
`C.6.1_
`Organizational Infrastructure
`C.6.2_
`Reporting Relationships
`C.6.3. Working Relationships
`C.6.4 Accountability
`Summary
`C.7
`C.8 Endnotes
`
`D IM Policy Essentials
`
`ABC Ine. Information Security Acceptable Use Policy
`D.|
`D.2.— ABC Inc. E-mail/IM Use Policy
`D.3 ABC Inc. E-mail/IM Retention Policy
`
`E Glossary, References, and Policy Issues
`
`278
`279
`279
`280
`281
`283
`283
`283
`285
`286
`289
`295
`295
`296
`297
`297
`298
`298
`
`299
`
`300
`306
`308
`
`3101
`
`
`
`
`
`
`
`
`
`
`
`
`IM Specific Glossary
`E.|
`E.2. General Security Glossary
`E.3
`References
`
`Index
`
`31
`316
`342
`
`349
`
`
`
`
`Contents
`
`Page 9 of 13
`
`Facebook's Exhibit No. 1025
`Page 9
`
`Page 9 of 13
`
`Facebook's Exhibit No. 1025
`Page 9
`
`
`
`
`
`1.30 What Is IM?
`
`1.3.1
`
`IM and Its History
`
`In our fast-paced world there are times when even the rapid response ofe-
`mail is not fast enough. There is no way for you to know if the person you
`are sending e-mail to is online at that moment. This is one of the reasons
`why IM has gained popularity, acceptance, and become a desired tool in the
`workplace. IM provides us with the ability to maintain a list of people,
`often called a buddy list or contact list, whom we wantorneed to interact
`with. IM monitors ourlist of people and their status of being online or
`offline. If they are online, we can send messages back and forth. Businesses
`today are increasingly viewing IM as an excellent productivity and commu-
`nication tool that complements voice mail and e-mail, In order for there to
`be complete acceptance, there needs to be specific security, accountability,
`and uniformity among IM solution providers. There needs to be policies
`that protect critical organizational interests and comply with federal man-
`dates and regulations. Corporations want IM solutions that provide seam-
`less security, full audit trails, identity controls, and administrative controls.
`Most corporations agree that message encryptionis essential.
`There are three basic types of IM,as follows:
`
`1,
`
`2.
`
`3.
`
`Public messaging
`
`Enterprise messaging
`
`Wireless messaging
`
`In 1987, a computer scientist at MIT developed an instant-messaging
`program called Zephyrin order to provide a system that wasfaster than e-
`mail, which had begun to be bogged down, so that urgent messages
`regarding the school’s network and server could be received instantly in
`case, for example, the school’s network server was going down. Soon, stu-
`dents adopted Zephyr as a form of easy communication that could be used
`while they worked at
`their computers. This technology was quickly
`adopted by otheruniversities, and the simple early warning system that
`Zephyr wasoriginally designed to be was repurposed, becoming a popular
`tool of conversation and information exchange called IM. IM as we know
`it today was created in July 1996 by four young Israeli entrepreneurs. Yair
`Goldfinger, Arik Vardi, Sefi Vigiser, and Amnon Amir, started a company
`called Mirabilis in order to introduce a new way of communication over
`the Internet. They created a technology that would enable Internetusers to
`locate each other online on the Internet and create peer-to-peer communi-
`
`—
`
`| Chapter|
`
`
`
`Page 10 of 13
`
`Facebook's Exhibit No. 1025
`Page 10
`
`Page 10 of 13
`
`Facebook's Exhibit No. 1025
`Page 10
`
`
`
`1.3 What Is IM? 4
`
`cation channels easily. ‘hey called their technology ICQ(I seek you) and
`released it in November 1996. Within six months, 850,000 users had been
`registered by Mirabilis, By June 1997, Mirabilis was able to handle
`100,000 concurrent users and had become the world’s largest Internet
`communications network. Mirabilis and ICQ were acquired by America
`Online, Inc., in June 1998 for $287 million. AOL had also created its own
`Instant Messenger system. By that time, Microsoft had created its own IM
`client and service, MSN Messenger, and another Internet heavyweight,
`Yahoo!, created one as well. Because IM services evolved from proprietary
`systems created by companies to make a profit,
`their systems remain
`unable to interoperate because of the desire to control the IM market.
`AOLand ICQ,even though owned by the same company,are not interop-
`erable. ICQ currently has twoclients: ICQ4 Lite Edition with Xtraz (Fig-
`ure 1.1) and ICQPro™(Figure 1.2) [5,6].
`The AOL and ICQ clients cannot communicate with one another, and
`AOL maintains both systems and market dominance in the IM field. All
`this may change soon. Conditions of the AOL-Time Warner merger
`required AOLto openupits IM systems[7]. In its analysis of IM, the FCC
`concluded that the merger would combine an essential input of AOLs
`dominant IM service and future [M-based services—chiefly, the Names and
`Presence Directory (NPD)—withassets ofTime Warner, includingits cable
`
`—________>
`Figure 1,2
`LCQ™Pro,
`
`j—Ait hes :
`Servier =
`
`
`
`
`ait Urars Usique Settings
`ican on TopOe)
`
`
`
`
`
`Page 11 of 13
`
`Facebook's Exhibit No. 1025
`Page 11
`
`Page 11 of 13
`
`Facebook's Exhibit No. 1025
`Page 11
`
`
`
`1.3) What Is IM?
`
`facilities and Road Runner ISP An IM provider’s NPD consists of a data-
`base ofits users’ unique IM names, their Internet addresses, and a “presence
`detection” function, which indicates to the provider that a certain useris
`online and allows the provider to alert others to this information, The FCC
`noted that these features created a market with strong network effects.
`AOL,with by far the largest NPD,resisted making its IM services interop-
`erable with other providers’ services. The merger brought Time Warner's
`cable Internet platform and contentlibrary under AOLs control and gave
`AOL Time Warnera significant and anticompetitive first-mover advantage
`in the market for advanced, IM-based high-speed services (ATHS). Potential
`AIHSapplications include those using streaming video (lengthy, high-
`quality, one- or two-way video). The merger would frustrate the objectives
`of the Communications Act by preventing the emergence of a competitive
`and innovative market for advanced, IM-based services. This would violate
`key Communications Act principles, including the further development of
`healthy competition in the Internet and interactive services arena. The FCC
`did not establish an interoperability protocol. Rather,
`the FCC’s remedy
`requires AOL ‘Time Warnerto follow a protocol developed by the industry
`orto create a protocol with other IM providers pursuantto contracts, ‘T'hus,
`the FCCdid not create and will not review an Internet protocol,
`
`The FCC imposed an “IM condition” on the merger to avert market
`harm now so that it would not be required to regulate IM in the future,
`Given AOL Time Warner’s likely domination of the potentially competitive
`business of new, IM-based services, especially advanced, IM-based high-
`speed services applications, the FCC ruled that AOL Time Warner may not
`offer any ATHS steaming video applications that use a Names and Presence
`Directory (NPD)over the Internet via AOL Time Warner broadband facil-
`ities until the company demonstrates thatit has satisfied one of three pro-
`competitive options filed by the FCC. AOL Time Warner must file a
`progress report with the FCC, 180 days from therelease date of the order
`and every 180 days thereafter, describing in technical depth the actions it
`has taken to achieve interoperability of its IM offerings and otherofferings.
`These reports will be placed on public notice for comment. The IM condi-
`tion was set to sunset five years after the release of the order.
`AOL Time Warner was directed to show that it had implemented an
`industry-wide standard for server-to-server interoperability. AOL ‘Time
`Warner had to show that it had entered into a contract for server-to-server
`interoperability with at least one significant, unaffiliated provider of NPD-
`based services within 180 days of executing thefirst contract. AOL Time
`Warner also had to show that it entered into two additional contracts with
`
`a Chapter |
`
`
`
`Page 12 of 13
`
`Facebook's Exhibit No. 1025
`Page 12
`
`Page 12 of 13
`
`Facebook's Exhibit No. 1025
`Page 12
`
`
`
`1.30 What Is IM?
`
`significant, unaffiliated, actual or potential competing providers. AOL
`‘Time Warner was given the opportunity to seek relief by showing by clear
`and convincing evidence that this condition no longer serves the public
`interest, convenience, or necessity because there has been a material change
`in circumstances.
`
`several competing companies have joined
`Since the FCC ruling,
`together to advocate an IM protocolsimilar to those that allow the interop-
`erability of e-mail systems. Other companies have taken a different
`approach rather than wait for an agreed-upon standard. Jabberis one com-
`panythat has created a client program capable of communicating with var-
`ious IM systems. In less than two decades, the concept of IM has become
`an international tool of communication.
`
`1.3.2
`
`IM as an Integrated Communications Platform
`
`The IM platform can be the basis for true integrated communications by
`incorporating additional technology (such as extendingit into the wireless
`realm with mobile phones and personal digital assistants [PDAs]) or by
`adding other means of communication (such as voice chat or video chat).
`With the addition of IP telephony (VoIP) capability, the messaging service
`can even extendto telephony, makingit possible to communicate with any-
`one at any time. It can be used as a personal communicationsportal to cre-
`ate a single point of contactforall methods of communication,allowing a
`user to initiate any kind of communication from oneplace, using a single
`contactlist, Using IM as an integrated communicationsplatform allows for
`one-click communication, Instead of having to run throughalist of home,
`office, mobile, pager numbers, and e-mail addresses, someone trying to
`reach anotherperson can simplyclick on that person’s name. It also enables
`users to control how others communicate with them. If they prefer that
`calls go to their mobile phones when they are away from the office, they can
`set their profile so that the system directs calls that way. The system would
`route communications according to that person’s preferences, When addi-
`tional features such as integrated communications, reachability, and com-
`munications profiles are part of IM, the market for IM will increase from
`personal to professional use, creating better business markets for messaging
`services and making these services more of a revenue-generating opportu-
`nity for service providers[8],
`
`
`
`Page 13 of 13
`
`Facebook's Exhibit No. 1025
`Page 13
`
`Page 13 of 13
`
`Facebook's Exhibit No. 1025
`Page 13
`
`