Forgot your password?
typodupeerror
Privacy Your Rights Online

A Search Engine For Corporate Desktops 117

Posted by timothy
from the well-loooookie-here! dept.
Chibi writes: "Wired has an article about Altavista creating a new application that allows corporations to search their own networks, e-mail systems, and computers. It allows for certain areas to be designated off-limits and companies can determine who has access to the application. They claim it is a tool to increase productivity, but what are the chances it will be used to monitor people instead?" As the article points out, if a business implements this kind of desktop snooping, though, they could face additional liability as well.
This discussion has been archived. No new comments can be posted.

A Search Engine For Corporate Desktops

Comments Filter:
  • by Anonymous Coward
    A little OT, but a similar app already exists to search for shares over windows/samba. It's called Strangesearch [dhs.org], and is in development at sourceforge [sourceforge.net] right now.
  • by Anonymous Coward
    A web cam can't see everything, lke that girl under the desk....
  • by Anonymous Coward
    Doing a SQL query for "%.mp3" is much faster than napster or gnutella...
  • by Anonymous Coward
    Great, guess I have to stop making those pr0n slide shows in Power Point. Oh well fun while it lasted.
  • by Anonymous Coward
    Flashbacks are largely urban legend, in so much as they do exist they're more related to post traumatic stress disorder - there is no evidence that LSD is stored in the fatty tissues and randomly re-released later in life. See this [erowid.org] or this. [alchemind.org]

    I know, off topic, but I just hate to see incorrect information propagated...

  • "They claim it is a tool to increase productivity, but what are the chances it will be used to monitor people instead?" Chibi

    "paranoia a tendency on the part of an individual or group toward excessive or irrational suspiciousness and distrustfulness of others" Merriam-Websters

    --

  • If there were some law passed that made writing software that does this illegal, then there would be _another_ YRO article about how the evil government is taking away the file-sharing rights of the masses.

  • I think everybody is missing the point here. By "increase in productivity" they mean that this new system will be faster than walking up to every computer and using the admin password to snoop around.

    If a user can logon to a system that a sysadmin operates and a company owns, why can't a sysadmin logon to a system that a user operates and a company owns? Notice the common denominator there. Either way, the company can do whatever the hell they want because they own the systems!

    If you don't like it, don't work there.

  • by pen (7191)
    Too bad this won't work with Slashdot -- all the links are explicit.

    --

  • Once again, I'll posit that /. needs a moderation choice of "+1 (Flame)".

  • anyone that is worth anything knows to keep things "under lock and key" Yes I have personal documents on my work machine... PGP'd, and they'll never figure out how to open them. If I websurf I use a browser that is non-proxied (or use the @home gateway+firewall we added to avoid corperate networking)

    if you have 1/2 a brain, you can avoid any detection in the heaviest watched networks.
  • Actually, I've seen a demo of this very thing (probably a much earlier, less refined version, but still...) from a CD the Altavista guys were passing out at DECUS meetings (and possibly Comdex '96 as well) more than 4 years ago (IIRC, the demo explicitly EXPIRED at the end of February '97).

    Also, realize what it is and is not designed to do: it isn't a spying tool (you can preclude it client-side from scanning certain directories), it's a productivity tool. Example -- this is employee Bob's train of thought:

    Hmm. I don't seem to have the minutes of that meeting I attended last week. Let's check the network... searching for everything containing my name... ah, yes, Carol has a copy right there on her hard drive! Too bad the boss actively blocked it from scanning his Performance_Reviews folder, I might've found out what kind of raise I'm getting next week. Oh, well, it makes me more productive, not more intrusive.

    MOO;IANAL.

  • If you work for a big company that produces a lot of confidential documents, it's difficult to keep track of them and make sure they're stored securely. It would be useful to be able to find all documents across web servers, SMB shares, etc., check them for proprietary or confidential markings, and generate a report for the people that keep track of this sort of thing.

    As far as privacy goes, whether or not you have an expectation of privacy on your work machine, you would have to be really dumb to leave anything personally sensitive on it. So I'm not bemoaning the loss of a privacy that never really existed.

    Caution: contents may be quarrelsome and meticulous!

  • by Medievalist (16032) on Tuesday June 12, 2001 @01:23PM (#157524)
    OK, dig:

    All large networks have a means of shoveling out system patches, upgrades, etc. For example, in a MSquishy or Novell network the login processes make the client run a script which the system admin specifies. I use these scripts to hack the registries of WinBlows boxes to make them less insecure, and to identify rogue boxes that lusers set up without loading minimum patch sets.

    If you don't have this, you are either a wimpy little network (less than 1000 nodes for sure) or in a situation of impending doom as entropy grinds your systems into chaos.

    So, the system admin shovels out a set of public keys, and an ssh daemon, and now he can run find remotely on you. If you can't afford ssh daemons that run on your OS, get linux ^H^H^H^H^H^H^H^H^H^H^H^H I mean write a beentsy little TSR that listens on a weird port and runs whatever find facility your OS uses. Pretty trivial really. You can half-assedly secure it by changing the keys daily, and you should block the port used on edge routers, but really, this is nothing compared to the stuff admins do on large networks as a matter of course.
    Our chief network admin guy (not me, any more, hooray!) thinks it's a slow week if he hasn't edited files or registries on at least 400 PCs...
    --Charlie
  • Everyone I know turns off the findfast feature of Microsoft Office (a.k.a. "runslow"). I'm not sure it's even enabled by default any longer. I've seen non-techies install Office and then be mystified by sluggish behavior and high levels of disk activity. The culprit was findfast, indexing everything on the disk. Kill and disable findfast and everything goes back to normal.

    I'm sure that this eventually stops, once it is only necessary to index new and changed documents. I never waited long enough to find out.

    Anyway, it's pretty obvious what's going to happen. This software is going to be installed, and the poor PC support guys are going to be flooded by complaints about sluggish systems, and everyone will just live with it. The workplace gets a tiny bit more hostile ...

  • by willki (20190)
    ...wait a second... Computer can store porn?
  • Only in "mangeral" speak could meetings generally be considered productive.

    Hey, here's an idea, why not improve productivity by eliminating all bathroom breaks! Great idea. And let's charge employees for toilet paper, and dock their pay for sticky poop that leaves a mess on the side of the bowl! Why not? Hey, why shouldn't slavery be legal if the slave sells themselves? The answer to all of these is human dignity, apparently a concept unknown to you.

    Only a simplistic idiot argues that everything you take away from employee freedom is a plus for productivity - except the kind of retards who aren't managers and are posting on company time - or else are in college and don't know a damn thing about work at all.

    Boss of nothin. Big deal.
    Son, go get daddy's hard plastic eyes.

  • The thing is, management only sees $. They could care less about psychology. Only results.

    And their red Slimline stapler. Bastards.
  • Ok, here's a little quick lesson in mangeral speak with some background.

    Increase Productivity = restrict anything that isn't productive.

    You're work 8 hours a day. Company-related email checking, meetings, etc take, say, an hour out of that. 7 hours a day of real work. Anything personal - personal emails, personal calls, resume touch-ups, etc - is being non-productive.

    Duh. Increase productivity by removing everything else.

    ______
  • At my company, we have implemented a far more effective policy: If employee x doe not perform his or her duties, employee x is relieved. Regardless of what websites I visit, I am considered close to irreplaceable based on my work ethic and corporate knowledge. I take a week off, and the place falls apart. I am sure this applies to many Slashdotters. If you need to use a search engine to determine whether or not someone is productive, they are probably not all that productive.
  • by jazman_777 (44742) on Tuesday June 12, 2001 @10:34AM (#157531) Homepage
    There goes the heyday of reading /. Surely this will reduce the incidence of sites getting /.ed.
    --
  • ...BOFH are rubbing their hands in glee!

    "Well yeah, boss, there is a business reason for my needing that 61 inch monitor. It will help me insure that no nasty Outlook viruses would, say, for example, dump all those e-mails to 'HoneyBuns' from your outbox into your wife's inbox. No, don't bother deleting them now, they've all been archived. I can expect delivery tomorrow? Wonderful!"
  • Remember this article [slashdot.org] that the companies would have to tell employees of their policies beforehand
  • If you work in a factory, your line manager comes by, makes sure you are doing things properly and monitors your productivity. What does this mean? He makes sure you are meeting quotas, keeping up to pace with the rest of the employees. Why? Because then the owner of the factory can state with some level of certainty how much work he is getting for his dollar. Project managers are supposed to do something similar in software companies. They are supposed to ask for estimates, assign tasks, measure and record how long it takes to complete those tasks and monitor your productivity. This allows managers to make estimates with some level of certainty as to how much new work they can take on, when to set deadlines (instead of defering that to marketing) and work his budget for new hires, equipment, etc. It also means that me, as a code whore, can do my work with some sort of idea of how well I am performing, when I'm going to step out of this long dark coding tunnel and get to do something new, and have some sense of achievement when our deadlines are met. It also means that the responsibility to find work, lead the production schedule, evaluate feature requests, find out what the hell everyone else is doing and who I can/should colaborate with, etc, etc can be liften off my fragile shoulders and given to some who actually likes that kind of crap, and I can concentrate on coding.

    But in the mean time, I'll just keep takin' your money, sucking back the free "soda" and posting random shit on Slashdot. All in a day's work.
  • What's the difference between this piece of crap and launching a big "grep" on network mounted filesystems ?
  • What's the difference between this and grep.

    Relinquishing my +1 bonus because I didn't read the article.
    ------

  • If you've worked on a help-desk or in a customer-service type role (hostmaster? customer-facing webmaster? tech-support?) then how many times have you had a customer tell you "but I got an email that told me xyz"??

    8-9 years ago I needed a way that a bunch of people in different departments could present a coherent front to customers through email and eventually hopefully link it to any system our support teams developed. So I invented "automaster".

    We copied all of our corporate emails to the automaster by cc'ing it, and in-house built a simple search engine that would do lookups for us so that if I was dealing with CustomerA on Wednesday and someone else needed to on Friday, they could pick up where I'd left off, even if the customer didn't quote me in his next email.

    Naturally at first they were all a bit worried that this was big brother in action, but the fact is in the long term it shouldn't put any more pressure on you that taking your role seriously does.

    Our folks would point out the odd mistake to each other and the level of competence of our staff went up massively. It wasn't long before most of the other UK ISPs were copying the idea, and it spread fairly rapidly beyond after that.

    What Altavista is providing is an excellent tool. And if it means that management can see how you deal with their customers, well, they pay you, surely they are entitled to know just exactly what they are paying you for. And if the company is willing to spend enough money on people to sit around and read all your emails then thats just less money in the CEOs pocket.

    K
  • It's the same reason that drug testing is perfectly legal. If they don't want to hire someone who does drugs, then they don't have to.

    This is the perfect analogy, because it points out the problem; if its what employers want to do, fine, its their money, their workplace, and their stuff. However, many employers don't want to do drug testing, but do anyway Why you ask ? Easy, insurance. I know a guy who owned a small business. Several of his employees used drugs on their off-time, he knew this, but was of the opinion that if it didn't affect their performance at work, they could do whatever they wanted. Unfortunately, his insurance company raised his rates, and then told him that they would lower them IFF he instituted a drug testing policy and submitted the results to the insurance company. He ended up losing some of his best people, and his company was never the same afterwards. So much for caring only about your employees doing their job.

    -- Rich
  • The porn people do that because various browers (in the past, but they live forver) interpreted http://##/ as a local intranet machine, and thus gave it more trust, let it do more things within the broswer, automatically tried to logon with your creds, etc.
  • They also own your phone. Do you think it's OK to monitor your phone conversations? Do you think you should have any privacy at work?
  • by VFVTHUNTER (66253) on Tuesday June 12, 2001 @10:35AM (#157541) Homepage
    I like the Slashdot crowd, and I recognize that most people here are only paranoid in an intelligent fashion, but it seems like every article I see on here anymore is people whining about how this new technology X is going to be used against us.

    The problem with this viewpoint it that it flies in the face of the fact that most of us think DeCSS should be legal. We sit here and say that the new X technology is bad because it will be used against us; Judge Kaplan basically said the same thing when he ruled against DeCSS.

    The fact of the matter is, this new corporate technology does have a legitimate business purpose. The same can be (and should be) said for DeCSS. We don't come down against DeCSS just because it can be used for piracy; we should not come down on this because it can be used for snooping.

    If you are doing sketchy internet stuff at work, either use PGP for mail and browse the web through www.safeweb.com, or SSH to your home machine and be sketchy from there.

  • > yet Google can search the entire web in under 1/2 a second for me?

    Because google has over 4,000 !! linux boxes with custom clustering software.

    http://www.ee.ethz.ch/~slist/ee-talks/msg00056.htm l [ee.ethz.ch]

    http://www.slashdot.org/articles/00/05/31/1242237. shtml [slashdot.org]

    Cheers

  • Texas Instruments, one of the companies I retired from, clearly stated their policies on using company computers and telephones even before I started with them in 1974. The computers and telephones were company property, and meant for company business. Anything and everything could and would be monitored. Misuse and abuse would not be tolerated. Having said this, the company was then quite lenient in all but the worst cases. The worst cases involved sexual harrassment, viewing porn (clearly prohibited in several announcements), attempting to misuse or steal trade secrets, or attempting to misappropriate money. The first sin by telephone or computer usually brought a polite request to obey the rules. A second notice was a step toward dismissal. Pay telephones were always available for personal calls, and employees could bring in their personal computers if they wanted, although connecting to the company network put them under company rules. TI did find employees using telephones for personal business, making excessive family calls, some by long distance, and using the company computer for personal gain and sexual pleasure. The only people not given a second chance were some pranksters that let a fake news item go company wide, instead of only to the intended victim. The fake item abused stock exchange regulations, and embarrassed TI. Company policy was clearly stated when an employee was hired, and several reminders and clarifications were published by the company. The company owned the computers and the telephones, and every bit of data on the computers. If this bothered you, you could always leave.
  • Just because you exclusively use a machine at work doesn't make it "yours", nor give you a right to the data stored on it. It's owned by the company - it's their right to check your computer if they want to. Granted, it makes us a bit more nervous to think we're being monitored, but at least it keeps productivity up. Well, that, and a surplus of Mountain Dew.

    Don't like it, don't store anything sensitive on your work computer.
  • ...Ask Jeeves going to make a killing doing this for companies like Microsoft? And look how much money they have made doing it. Hmmmmm.
  • ...as long as everybody get equal search access.

    The article mentions peer-to-peer uses similar to Napster. Well, as long as all the computers on the network are peers I don't see anything wrong with this. What I'm getting at is that, as long as the Junior Graphic Designer has the same searching privledges as the Senior Vice President (or higher), then I think this new search application could be useful in finding files on a corporate network.

    However, we all know it won't be the case. Management will be the ones with the access and the worker drones will be the ones with their privacies invaded. Is this really a big change from what could already be happening in the workplace? There is enough corporate "spyware" programs available that a new search application shouldn't be the wakeup call for a change in office privacy laws. Check out this link: http://www.pcworld.com/resource/printable/article/ 0,aid,32863,00.asp [pcworld.com]. Most interesting are the charts that show the increase in employers monitoring employees.

    Here's to wishful thinking. Maybe companies will implement this new Altavista corporate search but give everyone equal access. Could help keep things kosher in the office and discourage incidents like this: http://www.thestandard.com/article/0,1902,9375,00. html?printer_friendly= [thestandard.com].

    redking
  • Altavista reckons there are enough companies whose systems and internal web sites are a mess that it's worth releasing a customised version of their technology to help the staff at those companies track down information.

    Whether search engine technology will actually help is a moot point: at the place I work (multinational, financial services sector) the internal network is approaching unnavigability, even with a search engine and a structured topic list that's intended to point to the official starting pages for the more important areas. The trouble is that the company web has been growing without supervision and structure, there are no rules on flagging content with keywords, and the structured topic list which was hailed as the salvation of the company web when the prototype was rolled out never got the funding needed to stay current.

    As for privacy implications, different jurisdictions have different rules. If you don't like the rules in the place where you live and work, give up the self-indulgent group whines and get involved in changing them.

  • That's assuming that one can be productive for 7 hours straight every day. Personally, I'll take a break every once in a while to take a stroll around the office, have a quick chat with someone, or check slashdot :)

    If I didn't take the occasional 5-10 minute break I'm pretty sure I'd be less productive in the long run.
  • just because a company can monitor what the employee is doing, doesn't mean they should. Sure, maybe i'd then only spend 1 hour of my workday doing *productive* internet things. But would the 7 other hours be productive? hell no! without the occasional break to read slashdot, check personal email etc, i would go out of my mind. productivity is directly liked to morale. Its pretty easy to tell if an employee is goofing off *too* much just by looking at what they get done. Monitoring employees and keeping them on task all day long may *seem* like a good idea to management types, but in reality the employees will just hate their jobs even more, and as a result be less productive.

    it's like monty burns said... "let the fools have their tar-tar sauce"

    ---

  • I don't think you understand what a search engine does.

    It does not monitor your ports and intercept email or activate the web cam in your montitor. A search engine isn't the same thing as echelon or coarnivore. It uses a program to follow links and build a database of pages it has visited, and then allows you to search the database. Then it returns a list of sites that match.

    For instance, if you wanted to find the online company helpdesk page for installing netscape, you might use the corporate search engine and type:

    netscape installation help

    And with Altavista's customized corporate search you will also be able to look for an email you accidentally deleted on the exchange server with something like:

    Report Q3 Project ABC

    but because of permission restrictions, you wouldn't be able to see the version your boss forwarded to the VP after he erased your name and put his at the bottom.

    Now, if you're running a Napster-like service on your shared network (F:) drive (Probabaly samba on Solaris) so you can listen to Enter Sandman when you're in the lab tracking down a bug, then your name will probably show up anytime someone types Metallica in the corporate search engine.

  • by tycage (96002) <tycage@aol.com> on Tuesday June 12, 2001 @10:39AM (#157551) Homepage

    Why is it when Napster gets told, your product can be abused, Slashdot is quick to say that the users who abuse the system should be punished, not the system.

    But when piece of software like this is mentioned, Slashdot jumps all over it because it can be abused.

    Shouldn't we keep the same standard here?

    Sure the software can be abused. That doesn't mean it will be. And if it is, it should be handled on a case by case basis.

    --Ty

  • by SIGFPE (97527) on Tuesday June 12, 2001 @10:40AM (#157552) Homepage
    I mean the release of a new search engine is hardly news. And the tenous link to employee rights is just that...tenous. My employer can come to my PC and do windows->start->search any time they want. They can do it remotely using VNC. They can mount my local disk and do it remotely anyway. There's nothing new here except someone deliberately trying to put spin on an innocuous story to gain publicity.
    --
  • The only test I know that will find LSD is a spinal tap. And I don't think they can just do those randomly because they fuck you up so bad..


    --

  • by Sc00ter (99550) on Tuesday June 12, 2001 @10:34AM (#157554) Homepage
    While I agree with you on snooping on you at the work place. I don't agree with you about drug testing..

    What I do on my own time is my business.. Of course, if I show up at work high or whatever, that's another thing. But as long as my performance is fine then they shouldn't be messing around with my personal life.


    --

  • Insightful? What are the mods smoking, this rubbish is just a flame. :P

    It's an insightful flame, cowlick.

  • Once again, I'll posit that /. needs a moderation choice of "+1 (Flame)".

    Amen to that. Sometimes these articles and posters need to be flamed, because they're just plain stupid.

  • by zpengo (99887) on Tuesday June 12, 2001 @10:39AM (#157557) Homepage
    This is getting absurd. It's a perfectly logical business solution, and hasn't anything to do with Big Brother.

    Hey, did you hear that Windows has installed a "Find File" feature in windows so that my sister can spy on me?

    Hey, did you hear that Google allows Government thugs to search my personal websites?

    Hey, did you hear that flashlights a violation of our personal rights because they are being used to perform surveillance in previously dark corners of my garage?

    Shut up already.

  • "Jones sit up straight and bend your wrists, we can't have you taking workmans comp for CTS!"

    Huh...? I thought CTS was a joke [slashdot.org]? :)

  • We can already search your email using Grep!

    Get over it.
  • This sort of undiscriminated searching leads to a quite unacceptable signal to noise ratio.

    In CB Radio terms, it's like not having a squelch knob, and whatever knowledge is there to be heard is drowned out by static and background chatter. It's all about signal to noise.

    Privacy issues aside, such an approach just is not very useful.. A better solution is to add value through accessability to things that people think are worthy of sharing (http://www.isysdev.com [isysdev.com]), and use technology to power that sharing. It's not necesarily just about personal privacy or freedom -- sometimes the best business results can be congruent with other ideals, and give a better result all round.

  • six line Perl script.
    ---
  • by _xeno_ (155264) on Tuesday June 12, 2001 @10:59AM (#157562) Homepage Journal
    You've managed to inadvertantly hit onto something that really annoys me - the idea that if a programmer isn't writing code, he's not being productive.

    and if they're getting it done in half the time, then spending the other half browsing porn and napstering, I'll want a goddamn good explanation

    Well, I wouldn't be browsing porn or napstering, but I often read Slashdot after coding for a while. Why? What am I doing, reading Slashdot instead of working?!? ... Well, I'm trying to solve a problem. I've looked at the problem from one angle for long enough and now it's time to move on. It's not at all abnormal for me to come up with a solution to something after I've stopped actively working on it for a while.

    In fact, generally speaking, if I were forced to be actively working on something every minute of an eight-hour day, my productivity would fall sharply. Many times I've spent an hour working on something, than left to do something else, and come back and looking at it fresh realized that instead of starting the variable with a "t" I meant to start it with an "r" - a stupid typo just wasted an hour of my time.

    The bottom line is that computer programmers and network admins probably won't spend their entire day "working" - however, even when they're doing other "worthless" activities, their subconcious is still attacking something from earlier in the day, and when the programmer gets back to the task, they'll be far more productive than if forced to just pump out code all day.

    --

  • that allows you to organize, sort, and search for information in your enterprise.

    This new tool lets you store information electronically, and store many thousands of pieces of information for instant recall using either simple searches or browsing through organized folders.

    Although this new tool has been widely praised for its ability to help manage the enterprise, it is also vilified by some by its insidious capability to monitor and spy on people. Your actions can now be tracked and recorded for all to see.

    This new tool can be combined with other like tools in a network, further increasing its capability for unleashing restrictions on your freedoms.

    It's called...a computer.

  • Deciding who to pay is a RIGHT; privacy at work is not.

    Do you have those camera installed in the bathrooms as well?

    It seems to me that my employer pays me for what I do not how I do it. I occasionaly take work home, and you know what? I also occasionaly take my personal interests to work. If I'm not doing the job I was hired to do, well, fire me. No need to spy on me.

  • If your administrator has half a brain, you won't be able to establish an outbound connection directly to the router - it will be configured to only accept connections from the proxy that logs your actions.
  • Thank you. I wonder why Wired focused on the privacy issue instead of the "gee I'll get my work done more quickly and efficiently because I won't have to know the location of a given document" bit. I suppose FUD sells... Add to your list MS SharePoint, Oracle 9i (pieces) and IBM WebSphere Portal server. All the major players have a product like this. Welcome to the table, AltaVista.
  • "Hi, we're here for your drug test"
    "What's that behind your back?"
    "This? Oh, it's nothing"
    "That's a 6" long needle, isn't it?"
    "No... Er.. Yes... Ah, heck, just grab him!"
  • If I'm paying someone to do work, I want to know that they're doing it - and if they're getting it done in half the time, then spending the other half browsing porn and napstering, I'll want a goddamn good explanation. Either reward them for their efficiency, or give them more work to do (probably accompanied by a raise due to their heightened value to the company).

    I completely agree with you. BUT, why is everyone overlooking the legitimate use of this software? Corporations spend tons of time trading paperwork back and forth, often in an email-tag type atmosphere.

    Consider this scenario:

    An employee in California would like to review a draft of a memo written by an employee in London. Under normal circumstances, the only way to do this would be email the London based employee, who, due to the fact he's in a far distant time zone would not respond until the next day. Thus, the California based employee is forced to either attempt to search (shared resources, ftp sites, corporate file servers, whatever) manually for a document. This software, however, could expedite this process SUBSTANTIALLY.

    So, I submit to the /. community this: why must you focus on the negative possibilities? Assume that Some people are good, and not everyone is out there trying to invade your privacy. This program could have its merits, give it a chance before condemning it to hell for something that hasnt yet happened.

  • What is with the color scheme, I though only bsd stories were red (or something)

    Second, I think that this would be really great, you wouldn't have to go and ask "Bob the forgetful" or "Alice the daughter of chaos" for the sales figures / etc from '95. Honestly, waiting for people to get you stuff is a pain in the ass, especially if, well, you know.

    As for privacy, well, quite honestly, if you're at work, don't expect any. Seriously, with windows boxes being so open, its a joke to even consider that your files can not be searched at the current time. Shit, everybody runs windows 95/98 at all companies I have worked for except one (they used nt 4.0).

    \\BobsComputer\C\My Documents\FuckIHateMyBoss.doc
    isn't exactly hidden.

    I don't think emails should be included in the search, but you get enough "personal information" (read gossip) around the water cooler / coffee maker / cappuchino (SP?) machine / ping pong table.

    as for

    For instance, an employee alleging harassment by another co-worker could demand an employer search for incriminating evidence in e-mail accounts and PC hard drives.

    They can do / do that stuff right now, lets not kid ourselves, have no expectation of privacy at work, shit, especially if they own the computers, facilities, etc.. there is nothing that they can not do.

    The slashdot 2 minute between postings limit:
    Pissing off hyper caffeineated /.'ers since Spring 2001.

  • You are _very_ correct, but where this little tool is truly dangerous is when you turn the tables and ask how can this little tool hurt the company.

    Even if the IT group implements a fantastic security model with near perfect permissions and group heirarchy, the company will get burnt by this tool. I'd even wager that its guranteed to cause a company more harm than good.

    No matter how hard you train/indoctrinate people, they are going to gossip, and someone is going to put it in an email or some other document. The next thing you know, items from an employee's confidential personnel file has found its way into the general index and the company is liable for that leak. As a paralegal, I've seen companies lose thousands for failing to properly safeguard personnel files in which one or two people improperly viewed them. This tool has the potential to raise the bar on the level of liability into the millions.

    Now I'm not saying there are no beneficial uses to this program, but the article was right, this is an "Ivory Tower" tool.

  • Yes, and many do. In fact, if you've ever paid attention to the greetings on nearly every 800# in the world you will have noticed the alert that some calls are monitored for quality assurance. I used to work in a place like that and had absolutely no problem with it. My supervisor at the time would randomly listen to our calls with customers and then critique the sampling at the end of the month. Everyone knew about this and there were phones in the lounges and breakrooms that were never monitored. Furthermore, the policy was you can make personal calls from your desk, but realize that someone may have tapped into your phone expecting to hear a customer call. Of course, the good managers would come back to you when you were done, but there was no expectation of privacy. Did I mind? Not at all, it was a valuable tool for identifying rude and stupid reps.

    Now, do I think its right to monitor people's phones who don't interact with customers over the phone? No, but it is the employer's right, and if I don't like it I don't have to work there.

  • So if I receive a personal FedEx shipment while I'm sitting in THEIR office, does it belong to them?
    No, because they don't own the package.
    When I put my bag with private notes from my bookie/girlfriend/boyfriend/connection in THEIR credenza, does that give them the right to search through it?
    They don't have any right to your private notes, but they certainly have every right to go through their credenza. They own it, not you. You are simply permitted to use their credenza. As for delving into the contents of the bag, that is a little grey. They can demand to search through the bag, but they have to have a good reason like suspecting you of stealing. Of course, if they're wrong there isn't much you can do either.
    I use my own (i.e. paid for out of my own pocket with my own money) notebook PC, hooked to THEIR network when I'm in the office. So what rights do they now have? Can they intercept my personal email while it's going through their POP server and on their pipe, but once it lands on MY system I'm home free?
    This one is just as clear in the eyes of the legal system. They can't search your laptop, but they can legally sniff every single packet sent over their network if they so choose. Again, you are being permitted to use their network. Furthermore, any email resting on their servers regardless of origin or destination is theirs for the reading. Also, they can demand to search the laptop for trade secrets or confidential documents that shouldn't be leaving the office, but I don't think they can force you to without a court order. Not sure on that one.
    I don't disagree with the concept of ensuring that people are productive while at work, and I don't disagree with a company taking appropriate steps to safeguard its own legal liability as a result of its employees' actions. However, I've never been in favour of such intrusive spying, surreptitious scanning of email, web usage and workstation hard drives. Acceptable use policies and goal-oriented management (as opposed to counting lines of code generated, for instance) should be enough for a competent management team. (Fair disclosure: I am a 40+ executive in a tech company.)
    I agree completely, if a company cannot treat me with respect and resorts to draconian policies with regards to snooping, I'm gone. Its there perogative though, and if they want to be dicks and make their employee's lives difficult they're going to find themselves constantly looking for help.
  • Even if the IT group implements a fantastic security model with near perfect permissions and group heirarchy, the company will get burnt by this tool.

    I think you bring up an excellent point. However, right now the general problem on corporate networks is not too much information leaking, but too little -- data is locked up in thousands of word and excel files floating around on people's hard drives. Million dollar "knowledge management", document management, portals, groupware, and hell even fileserver solutions are attempts in trying to correct this, but for the most part, they only work as well as the users do.

    This tool seems to take the underhanded approach of "Hell, if IT can't teach the lusers how to use their 'S:' drive or Outlook, why not go to the source and suck the files right off their hard drives." But, that begs the question that if users can't figure out how to use a shared drive, how will they understand a private/public directory setup on their local drive?

    Not to mention the common HR attitude that IT can't be trusted to secure their personnel files, so they stay right on the computer locked in their office.
  • BUT they are both victimless except in extreme cases (guy on coke while driving company vehicle or disgruntled employee decides to take advantage of MS Exchange's features and email everyone on the planet). So, to a lot of us, they are the same and should both be legal. Your argument that people shouldn't equate two things because one is currently illegal is just silly. What? Once some asshole decides what is right for the wrong reason no one can have an opinion?
  • The argument that "It's THEIR equipment..." so all your email and download are belong to... nevermind that! So if I receive a personal FedEx shipment while I'm sitting in THEIR office, does it belong to them? When I put my bag with private notes from my bookie/girlfriend/boyfriend/connection in THEIR credenza, does that give them the right to search through it? Not the same, you say? I fail to see the substantive difference, but try this one on: I use my own (i.e. paid for out of my own pocket with my own money) notebook PC, hooked to THEIR network when I'm in the office. So what rights do they now have? Can they intercept my personal email while it's going through their POP server and on their pipe, but once it lands on MY system I'm home free? I don't disagree with the concept of ensuring that people are productive while at work, and I don't disagree with a company taking appropriate steps to safeguard its own legal liability as a result of its employees' actions. However, I've never been in favour of such intrusive spying, surreptitious scanning of email, web usage and workstation hard drives. Acceptable use policies and goal-oriented management (as opposed to counting lines of code generated, for instance) should be enough for a competent management team. (Fair disclosure: I am a 40+ executive in a tech company.)
  • I can't see how immediately the majority of people will jump directly to the most paranoid inferences anyone could draw from the capabilities of such a product.

    I mean obviously whatever evil corporation you work for may choose to abuse this type of product as another way to spy on employees, but be realistic - for the most part companies don't care what you do as long as you're productive and don't cause problems. Sure certain environments are very high on increasing productivity, to the point where washroom breaks are timed, etc, but most places are not like this.

    In a less orwellian workplace, these types of products can be excellent tools to facilitate the search for knowledge. Would you know who to call in your company to get some obscure piece of info about how a particular system works? Would your co-workers? Probably not - that's why this type of global content indexing and affinity-mapping can be a great asset. I may not know who to call about the way an ACF2 subsystem on mainframe X is used by web application Y, but I can do a quick search and have someone recommended. I would kill for that capability in my job today - as an enterprise architect we need to know who the movers and shakers are in the company and keep a handle on ongoing projects, and unfortunately 80% or more of them never go in front of any sort of review board, so searching out the stealth projects is a big problem.

    As a result, we've investigated a few products in this space - for those who are interested, a couple of other examples are:

    Verity K2 Enterprise [verity.com]
    and
    Lotus Discovery Server [lotus.com]
  • If a company plans to go Echelon on me, it'll have to get man-hours from someone else. Free market, baby!
  • I guess that depends where you are a manager. If you manage a Taco Bell, your example seems to work just fine. Work people as hard as possible, giving them the legally required breaks so they remain standing long enough to slap more tacos together.

    But if you are in an office environment a good share of the work is mental-- especially the more professional the work gets. Writing/communications, working up ad campaigns, programming, managing products, managing people... even engineering and academia-- these are things that productivity can not be measured in widgets or in hours, but in results and achieved objectives.

    Any professional is going to be given a budget to work against, whether this is an amount of time, or money to spend, the return on investment from the point of view of each next higher layer is all that matters. Completely degrading workplaces that lack basic privacy are not going to foster better results, it will simply stress people out who will then make mistakes.
  • Desktop search/update utilities have been around for a while. My work desktop had one that kept going online to update things like IE (ostensibly for Y2K compliance) - it was slowing me down, so I found and deleted it. Case closed.
  • For reference, another company, Enfish [enfish.com], has been developing this software for the past three-four years. I have seen their product grow from a beta to a full fledged released product. It organizes your documents, email, network folders, and so on. They have a nice flash demo [enfish.com] which shows how the product works.

    I like them and I like their product; however, it didn't quite set sales goals on fire. It's very difficult to get used to accessing your data through a search engine when you're used to opening up folders on your disk. It's a great replacement for the Start | Search feature in Windows, but the extra power and extra speed it provides never generated the enthusiasm the founders hoped.

  • If the computer equipment, network and the software they use is owned by the company, then they can do whatever they want. However, the email content is the property of teh owner. As long as they don't read the messages it is perfectly legal and It may be a great tool for administrators. At home you can do whatever you like.
  • by arnie_apesacrappin (200185) on Tuesday June 12, 2001 @11:31AM (#157582)
    One thing that is very important to remember when you are surfing at work, is that most proxy servers (read: every one I've worked with) send everything from the client to the proxy back and forth in clear text. Even secure connections are clear text from you to the proxy, and then secure from the proxy to the internet server. So, even if you are using safeweb (don't know exactly what it does), if you are using a proxy, your requests will most likely be sent to the proxy in clear text. And, they'll probably be logged.

    A better way to get around corporate monitoring of browsing habits is to convert the IP address of the site you want to visit into a decimal number. That should confuse your typical admin enough. To convert:

    • Get IP address (nslookup or www.dns411.com)
    • Take the octets of the IP address (A.B.C.D) and plug into the following formula A*256^3 + B*256^2 + C*256 + D.
    • Go to http://resultingdecimalnumber/
    For www.safeweb.com it would be:
    • 216.104.228.137
    • 216*256^3 + 104*256^2 + 228*256 + 137
    • 3630752905
    • http://3630752905/ [3630752905] should work.

    There's a web site that does this too, but I don't remember it. Just remember, beware the proxy and the person that owns the logs. If he/she has time and a grudge against you, he/she can find all kinds of stuff.

  • http://3630752905/ should work

    It works! I sometimes see those stupid URL's in spam mail I get advertising porn sites. I always just assumed that they were stuffed up addresses and that the person setting up the mail just didn't know what they were doing.

  • While I take on board all the points about it's your company's computer, network, internet pipe, etc...

    Hands up who's posting from work!
  • I just hope it doesn't do anything else dastardly, like port scanning. Yup. These are tools that can only be used for evil, greedy, corporate oppression.
  • The whole point of the insurance business is to collect premiums and minimize your chances of paying anything out. Does your friend own a company where the employees are required to operate any heavy machinery or perform any other work that may result in accidental injury to others?
  • by wrinkledshirt (228541) on Tuesday June 12, 2001 @10:31AM (#157587) Homepage
    Who cares if it gets used as a snooping tool? Most workplaces have agreements that don't allow you to use work email for personal use anyway, so if you agree to those terms, isn't any means the employer uses to enforce it also fair game?

    The computers, network, servers etc. all belong to them in the first place.

  • Or perhaps the ability to relax every now and then is what makes them so efficient in the first place. Did you ever think of that?
  • Spending non productive time != being less productive. It may in fact improve your productivity. It is a matter of psychology, if you aren't happy, you probably aren't productive, taking a break, taking care of some personal business can improve your mood, and your productivity.
  • by clinko (232501)
    "a new application that allows corporations to search their own networks, e-mail systems, and computers. "

    It's called Windows and a Bad admin. This is implemented in plenty of places... :)
  • If I worked at a company which considered using this product what I'd be concerned about would be whether there were any nice juicy backdoors for Altavista to use to spy on my data.
  • This isn't really anything new its just new marketing. I test drove a form of this from Altavista several years ago.

    Now, what happens when Peer-to-Peer and the corporate world really get put together?

  • With all this discussion of privacy issues, it's strange to see no discussion of the liability issues. Large companies are increasingly leery of storing any unnecessary information for fear it could be the target of a subpoena. If Microsoft and the Reagan White House had not backed up their emails, they'd have done much better before the courts and the Congress. A large, cached, search engine database would be very likely to contain embarassing material. For this reason, the commercial potential of the system seems limited.

    Tim

  • We were developing an intranet portal that included a similar search engine along with 'AI' technology that monitors what people are working on so it can dynamically assign weightings for areas of interest and expertise - for example, if you want to find out something specific about maritime law you'd search for any work product (including emails, etc.) regarding the issue and then you'd search for intra-company talent - you'd get not only profiles of employees who declare their maritime expertise (in their public profile, essentially their .plan) but you'd also get info on employees who've written emails, articles, or just stored notes on the system regarding maritime issues. This allows large multi-national corporations to effectively leverage their human cap. blah blah blah blah. We started this a couple years ago and at that point we were using a mix of technology, some of it already several years old. Thus I conclude this is neither new nor particularly interesting.

    I was really excited about the dynamic expertise algorithms, and I think everyone should be interested in technology that helps people find other people who can help them, can't we talk about how cool some of this stuff is instead?

  • Correct me if I'm wrong, but couldn't I just stick gnutella on all the computers in the network and just point them at each other? I've never tried it, but I've thought about doing that for finding stuff on a small network.

    As for spying, that's what back orifice is for. I'm used to /. being paranoid, but not *that* paranoid.

  • Hey, did you hear that Windows has installed a "Find File" feature in windows so that my sister can spy on me?

    And the C:\WINDOWS\RECENT betrays the secret locations of her obscene love letters...(so does my cheap p0rns, DOH!)
  • You know, it's your employer's equipment. They're providing the connection and the computer. They expect you to use it to increase productivity at the workplace.

    Don't expect privacy at the workplace. There's no point to it -- your employer can do whatever they want.

    Employers have been 'spying' (if you want to call it that) on their employees for years. What do you think 'quality assurance' is for tech support workers? That's right, "All phone calls may be monitored or recorded?"

    How this qualifies as news is beyond me.

  • That would suck, because a lot of places say that if you refuse a drug test, you get canned. And who wouldn't refuse a spinal tap? Hmm... Good way to get rid of deadweight without paying severance, actually.
  • mailto://mycompany_all (alias)
    Subject: XXX.xxx needed
    Message:
    I'm looking for XXX.xxx document. I seem to have lost my copy. Does anyone have a copy I could borrow?

    Thanks,

    Dancin Santa

    It works like a charm.
  • So your friend decided that saving a few bucks on insurance was worth losing some of his best employees. Doesn't sound like a good decision to me...
  • LSD has more urban legens associated with it than Richard Gere. There is no test in the world that can tell if you've taken LSD if you wait 4 or 5 days after ingestion. It is water soluble (unlike THC), so it isn't stored in your body fat. It is also not stored in your spinal fluid or anywhere else in your body. Flashbacks, if they exist at all, are a purely psychological phenomena.

    Check out the FAQ [erowid.org] for more info.
  • So, even if you are using safeweb (don't know exactly what it does), if you are using a proxy, your requests will most likely be sent to the proxy in clear text.

    The following is probably either obvious or completely wrong, but let me try it:

    If the browser shows an icon for a secure web page, then you've got an SSL connection. SSL is end-to-end, correct? The Proxy can't mount what is effectively a man-in-the-middle attack without your browser knowing it (and therefore failing to display a secure icon.) The situation you mention above would be obvious to any user who knows enough to look in the corner of their browser window (or better yet, check the Security properties for the page), correct? And if the icon isn't there, they can't really claim to be using a secure connection (hopefully most porn-surfers know this much.)

    Since the GET requests you make over an SSL connection are all encrypted, the only thing the proxy would see is which host you're trying to connect to (Safeweb over and over again), not the full request URL (eg /cgi-bin/redirect?url=www.stinkypanties.com... etc).

    A better way to get around corporate monitoring of browsing habits is to convert the IP address of the site you want to visit into a decimal number. That should confuse your typical admin enough

    I would imagine that a half-serious porn-monitoring operation would log the IP addresses and use a reverse lookup (or at least, look at a table of known porn sites.)

  • by dachshund (300733) on Tuesday June 12, 2001 @11:16AM (#157603)
    We don't come down against DeCSS just because it can be used for piracy; we should not come down on this because it can be used for snooping.

    The difference is that we (the "Slashdot crowd") don't have the capability to declare things illegal. All we can do is make a lot of noise and hope the powers that be will consider our opposition before they head down a potentially abusive path.

    If the MPAA had restricted its complaints about DeCSS to a few web pages and newspaper articles rather than heading to court to flex their newly purchased laws, I don't think we'd all be quite as annoyed with them.

  • >I don't agree with you about drug testing..

    But what is the case for the person that is high on coke and you can not tell. I believe in random drug testing.

    I do believe in screening for LSD. LSD stays in the body for a very long time and can activate when a layer of your body ( i think it's the fat layer) come's into need. I would not like to see an a person working heavy machinery when under a LSD trip.

    ONEPOINT


  • by regexp (302904) on Tuesday June 12, 2001 @10:35AM (#157607)
    This seems perfectly reasonable to me, but since it's being done by corporations, it must be bad. Corporations are all evil. It's true--I read it on Slashdot®.
  • by shorti9 (307602) on Tuesday June 12, 2001 @10:40AM (#157609)
    Having worked in small- to medium-sized companies, I've been a bit spoiled with regards to interpersonal communication. But occasionally it's hard to find out who on the team has written a spec, or who has the source code to a component (CVS, i know... don't ask), etc. This would be great for that -- you don't have to go desk-hopping or send a broadcast email to find out who has what, you can just search for it.

    As far as privacy concerns, well, don't store private things on your work machine. The software theoretically allows you to set certain areas as unindexed, but i wouldn't trust it at all. Look at it this way: would you leave private things in your (unlockable) desk before going home at night? Your computer is just like that in this system--it's a desk you can't lock.

    I carry a backpack around with me when i go to the office; it contains random personal things, they don't go in my desk. Personal data should be in a data backpack of some sort, if you bring it at all.

    All in all, i think this has more positive potential than it does negative. When it comes to productivity vs privacy at the office, i'll take productivity at the office, so i can get to my privcay at home.
  • If you've paid me to walk around normally for a couple of days, then sure you can follow me. I've surrendered my right to do things besides walk around normally in return for your money. Therefore, feel free to follow. I would reccomend that you do it unobtrusively as possible, though, since you don't want to interrupt my walking around normally.
  • by Migelikor1 (308578) on Tuesday June 12, 2001 @10:39AM (#157611) Homepage
    This is one of those things that shouldn't bother you unless you're doing something wrong. An employee is hired to provide a specific service to a company. The company, under a capitalist system, tries to use the employee to earn money. The best way to do so is to have the employee providing their given service at peak efficiency. If that employee spends all day downloading prOn or trying to get first posts on /., the company should logically either pay the employee less, or punish them. Sure, it'll make work suck, but that's a fact of life. (Office Space, anyone?) If all employees were forced to work straight through their workday, they'd have mental breakdowns, and corporations would shorten the workday. In short, this is just a move by businesses to make more money, and if you already do good work, it won't effect you. If you don't work hard, it may force you to. If it's used to make unreasonable demands, productivity will fall, and business structure will change.
  • What don't you people understand? Your employers are allowed to spy on you for a REASON. They don't want to GIVE their money to someone who is going to turn around and stab them in the back or waste time all day long. It's the same reason that drug testing is perfectly legal. If they don't want to hire someone who does drugs, then they don't have to.

    Deciding who to pay is a RIGHT; privacy at work is not.
  • by hyehye (451759) <hye@gulch.nitg.org> on Tuesday June 12, 2001 @10:31AM (#157620) Homepage
    and you shouldn't be doing anything on it or with it that they would not approve of. Why is it that so many people tend to ignore/forget property rights? Monitoring a home user is evil, monitoring your employees is just smart. If I'm paying someone to do work, I want to know that they're doing it - and if they're getting it done in half the time, then spending the other half browsing porn and napstering, I'll want a goddamn good explanation. Either reward them for their efficiency, or give them more work to do (probably accompanied by a raise due to their heightened value to the company). Sheesh, guys - if it's not your box, and not your network pipes, then shut the fuck up and recognize the owner's rights to his own property.

Arithmetic is being able to count up to twenty without taking off your shoes. -- Mickey Mouse

Working...