Conspiring Against Your Employer? Watch What You Email

Eric Giguere writes "In a story that has Bay Street (the Canadian equivalent of Wall Street) in a kerfuffle, the Globe and Mail writes that bank employees defecting to set up a rival investment firm didn't realize that their employer could easily track the emails and messages they sent and received, even when they're sent via a nominally-secure system like RIM's BlackBerry. In particular, the employees were assuming that the messages they sent via direct PIN-to-PIN communication (a PIN uniquely identifies a BlackBerry device) weren't trackable. But if they're on the device, they're available to the employer to see. The employees may also have thought that PIN-to-PIN messages are encrypted, though RIM has always said that they're not -- it's only the connection to the corporate email server that is secure. A lot of damning information pulled from those emails and messages has made its way into a lawsuit."

Re:In the US.....

[Anonymous Coward]

Investment firms must catologue all emails for compliance and SEC inspection, in fact they must be kept for years. All transmitions including company issued handheld devices are monitored by this automated system at most firms. So if their canadian counterparts have to do similar things this is to be expected and they have a record of all of your emails for years probably.

Short and sweet

[Anonymous Coward]

People used to think I was an idiot IT schlep because of my harsh IT Security policies. Now they just think I'm a dick after 1 incident, and watch what they do because they know I'm watching:

Putting a bumper sticker on my car (from thinkgeek) that reads: "I READ YOUR EMAIL"

All that cutesy forwarded forwarded forwarded forwarded crap stopped in its tracks. Problem solved. What they don't know, however, is that every email sent and received is archived for legal reasons, per the Big Boss' instructions.

That said, if you're going to go behind your employer's back, do it from home, not from within the company, and especially not from company issued equipment. Common sense, really.

Looting != protected concerted activity under NLRA

[holt_rpi]

If you're acting with others for the mutual aid and protection of yourself and other coworkers, in the US you're protected by Section 7 of the National Labor Relations Act. A somewhat recent case highlights the NLRB's deference to email as well as other forms of communication:

In one case, the NLRB held that email communication may qualify as "protected concerted activity" under the NLRA. In

Timekeeping Systems, Inc., 323 NLRB 244 (1997) [nlrb.gov], the NLRB reversed the discharge of an Ohio computer programmer who criticized a new company vacation policy via e-mail. The NLRB concluded that because the employee's email message primarily sought the assistance of other employees in getting the old vacation policy reinstated, it qualified as a form of concerted activity.

The NLRB agreed that the tenor of the employee's message was derisive, but it did not feel the message was offensive enough to lose the protection of the NLRA.

I don't think "hey, let's blow this popsicle stand and take all of its business with it" qualifies as "protected concerted activity" under the act, even if it had occurred within the US NLRB's jurisdiction.

However, don't let this dissuade you from working together to improve your workplace under the protections of Section 7. You should, however, try to avoid using company-owned computer systems for obvious reasons. (They own them, they can read whatever they want on them, you have no expectation of privacy on them.)

Re:Silly Rabbits, its too late

[gstoddart]

Although an employer sometimes can go through the emails on your harddrive, I think what the people in this article don't realize is that it sounds like emails are being intercepted at the server level.

And people should realize that due to new regulatory reasons like Sorbanes-Oxley [sarbanes-oxley.com] companies are required by law to perform this.

In order that they don't get sued they need to treat e-mail as corporate records. So getting caught doing something like this is even more likely as companies make sure they can comply with that law.

Cheers

Re:PIN to PIN???

[NicolaiBSD]

Eeehm.. actually it is PIN. Blackberry PIN-to-PIN messaging is a way of sending email like messages to other Blackberry devices connected to the same Blackberry server. Each device has a unique 'PIN' which is used for the addressing of these messages, hence the term 'PIN-to-PIN'.

Re:ssh and silc via blackberry

[Eric Giguere]

Most large institutions have a BES, yes, but not all of them have the Mobile Data Service (MDS) enabled, which is what you'd need to run something like that. Without MDS, the BES is really only about getting email and PIM stuff in and out of the corporate mail server.

Eric

Re:Can I be the first to say "duh"?

[Monkelectric]

A friend of mine was in a similiar situation once ... he was a manager of a starbucks, and while he was unpacking a delivery of supplies he noticed the order was wrong and said under his breath "this is fucked up."

Two weeks later he is fired for *SEXUAL HARRASMENT* for using the word "fuck". And because he is fired for something of his fault, he is ineligable for unemployment benefits (which starbucks would have had to pay).

Lots of places have policies to *never* fire someone. The best thing to do is to force them to fire you :)

Camera analogy

[Tablizer]

Employers cannot place hidden cameras without telling employees. The courts already settled this for the most part. Just because it is company property does not automatically give them the right to snoop without warning. If a company wants to intercept messages and phone calls, it should provide direct advanced warning that it may do such. (I don't mean every incident has to be warned about, but the practice.)