Conspiring Against Your Employer? Watch What You Email

Eric Giguere writes "In a story that has Bay Street (the Canadian equivalent of Wall Street) in a kerfuffle, the Globe and Mail writes that bank employees defecting to set up a rival investment firm didn't realize that their employer could easily track the emails and messages they sent and received, even when they're sent via a nominally-secure system like RIM's BlackBerry. In particular, the employees were assuming that the messages they sent via direct PIN-to-PIN communication (a PIN uniquely identifies a BlackBerry device) weren't trackable. But if they're on the device, they're available to the employer to see. The employees may also have thought that PIN-to-PIN messages are encrypted, though RIM has always said that they're not -- it's only the connection to the corporate email server that is secure. A lot of damning information pulled from those emails and messages has made its way into a lawsuit."

Can I be the first to say "duh"?

[the_mad_poster]

Honestly now, any communication that passes through any computer controlled by your company can be seen. Even if they were encrypted, if, at any point they are EVER stored outside of volatile memory unencrypted, they're available.

If you're doing something with their resources like plotting against them... well...

gratitude

[Anonymous Coward]

They deserve what they get. How is that for repaying your employer? He writes you a check, puts bread on your table, and you pay him back by using his own property to steal his business. Ridiculous.

Loyalty used to mean something in this country. I guess loyalty has gone the same way as traditional family values and faith in God.

Things are going to have to change, people.

Steve

No pity, no new violation

[dreamt]

I'm sorry, but I feel no pity for people being caught this way. Its very clear when you start working somewhere that the computers you use are the property of the employer, and you should expect no privacy from these machines. They used company owned BlackBerries because they thought it would be secret (implying that they knew other company computers were not). If you use something company owned because you think it is secure, while other company propery is not secure, it just shows you dumb enough to be caught. If they were so concerned about their privacy, they should not have used any company property.

Re:Silly Rabbits, its too late

[Anonymous Coward]

Setup a freakin gmail account and talk about it at home!

Yes. But, how many idiots would set up a gmail account and then use their companies computer to access that account?

I'm a knee-jerk privacy freak, BUT

[Lonesome Squash]

the company did right here. If they DIDN'T record all employee communication, the regulators (at least those we deal with in the US) would have demanded that they do so. Not only that, but they would be leaving themselves open to customer and shareholder lawsuits. I'm sure that somewhere in the mammoth stack of forms anyone working in securities must sign when they're hired on was one saying, "No facility is provided for private electronic communication."

The really shameful thing (aside from working on company time to screw your employer) is that these people didn't know this already. Looking at the list of those being sued, I see IT people who should have known better. Perhaps the company would have punished them more effectively by letting them go form their own company without understanding the basics of ethics, law (including allegedly trying to steal customer databases), or security.

Re:Another question,

[Anonymous Coward]

You'd think a group of people with enough assets to set up an investment banking firm could afford their own set of blackberries.

Re:gratitude

[Anonymous Coward]

I think loyalty disappeared when people who worked hard for a living and gave their company everything got laid off for cost cutting measures and had their pensions mismanaged into nothing.

While the CEO got a several million dollar bonus, natch.

Loyalty is earned. When employers start treating people well and don't lay them off at a moment's notice, then we'll think about being loyal to a company.

I think it's you who may have got your priorities the wrong way around...

Re:Can I be the first to say "duh"?

[Anonymous Coward]

I don't understand why it's not simple for people to understand. it's not your computer, it's not your network, it's not your e-mail: you are NOT protected.

Re:gratitude

[jridley]

I don't condone what they did, but there's no loyalty on EITHER side. Sure they write you a check, but most employers won't think twice about firing you if it suits their financial interest. If you're not getting loyalty, you tend not to give it back.
I admire loyalty, but there are situations where it's not warranted. Most corporations have chosen not to give or reward loyalty, so they get back in turn.

There's loyalty, and there's loyalty...

[rah1420]

Loyalty still means something, but it may not be what you think it means.

Look, these people were dumb, that much can be argued. They were dumb for using a monitored service to do this, and they were dumb for (ostensibly) stealing their company's resources for the purpose of setting up a competitor.

However, you need to decouple this from the loyalty argument. The loyalty you need to have is not to your company any more. Are they loyal to you if business turns sour and they have to start slashing the payroll? Hell no. The corporate sinecure is dead. "Ma" Bell doesn't evince the image of a benevolent mother any more.

The kind of loyalty you should have is to your projects, to your work, to you as an individual and to your Rolodex (or electronic equivalent.)

If you live every day as if you might be laid off, working on projects that will escalate your worth and making sure that lots and lots of people know what kind of value you contribute, then you'll be better off; your customers (those who are the beneficiaries of your projects) will be better off, and your company will be better off.

And if things should turn sour, then you shrug your shoulders, get your Rolodex out and start calling.

So instead of "Logo Loyalty" you should cultivate "Rolodex Loyalty" (thanks, Tom Peters. [tompeters.com])

Re:Can I be the first to say "duh"?

[Honig the Apothecary]

Because people are fucking dumb?
I mean seriously, how dense to you have to be to realize that there is no expectation of privacy at work. It is usually spelled out in the policies. If they own or pay for the computer, the network, or whatever other methods your connect with, they are going to be able to know what is passing between those devices.

Duh.

decent crypto, properly used

[Frogg]

sorry, but if i was trying to pull a fast one on my current place of employment (or otherwise rip someone off, or carry out some kind of espionage), i'd be a total fool to think any existing comms channels were secure -- /without/ having put in my own layer of encryption, to which only i have the key/passphrase.

install gpg, or worse than nothing, use s/mime - but if you need to ensure privacy, you need to have (put) your own privacy layer in place.

(it's no good hoping and relying on magic pixies)

Lesson in stupidity

[Matey-O]

Rule #0: If you're planning on screwing over your employer (an ethical conundrum all by itself), try not to use the employers resources to do so.

That means: keep the bits off their infrastructure. ALL of it.

Just like my workplace.

[rayd75]

To use a cliché, I'd be rich if I had a nickel for every time I've seen an employee frantically clear his or her browser cache or send an email then delete it from the sent items folder. Surprise! The device on your desktop is not the center of the universe! Maybe abiding by policies and staying away from any shady dealings is a better way to cover your ass.

Re:gratitude

[Sophrosyne]

...what ever happened to that tradition where men would get married to women, then "go out for milk" to sleep with other men.
Or the traditional family value of basically owning your wife and children... People miss "teaching others lessons" in the family.
If you pull back that blind nostalgia those traditional family values are no different than the ethics of Victorian England.... most of the time they were all a facade.
As intelligent people we should challenge tradition instead of complacently accepting that as good.

Re:gratitude

[silverbax]

"I guess loyalty has gone the same way as traditional family values and faith in God."

Ahem.

Over 80% of the nation's population is Christian.
The are blue laws to prevent the sale of alcoholic beverages during certain days (Sunday) or completely in roughly 80% of the United States.

There are over one hundred cable channels nationwide devoted entirely to Christian programming.

Nearly very company in the U.S. is closed on Christmas.

"In God We Trust" is printed on all U.S. money.

And yet, every day someone claims religious persecution of the Christian religion.

Re:Can I be the first to say "duh"?

[archmedes5]

This isn't an ISP spying in users who pay for the service, this is a bunch of employees abusing their company resources to organize competition. The difference is, with an ISP, you pay them, they generally stay out of your business. With a company, they pay you and the computer use is there to make your job easier, not to browse the internet or talk to your friends, or in this case, conspire against the company.

Silly Rabbits should not start businesses

[museumpeace]

The naive emails were being exchanged for the purpose of starting an investment company! would you give a nickle to a banker or broker who was that clueless?
it would cost the employer less to take out an add in the financial section pointing out that the upstart company was demonstrably dishonest and joining a competitive race with its intellectual pants down around its ankles than it would to sue the dummies.

Re:gratitude

[Anonymous Coward]

> As intelligent people we should challenge tradition
> instead of complacently accepting that as good.

Dude, _examine_ traditions to see whether they are good. Don't blindly _challenge_ them. Otherwise you've fallen into the silly fad of this age..
"_All_ intelligent people _must_ rebel, must never be sheep, contradict everything, question everything, go against everything, discount the wisdom of all elders."

Yes, faith in God, and loyalty in (heterosexual) marriage, not stealing, not conniving, and several (but not all) "traditional family values" are good. If you challenge them, you do so blindly, and contradict what is already within you - your own conscience.

Re:Can I be the first to say "duh"?

[Bios_Hakr]

The thing about USian corporate culture is that even if you are technicaly right, you are still wrong. Your boss could be setting baby kittens on fire and you could be the whistleblower that puts him away. The next week, you get fired for abusing the copy machine.

This once happened to me. A router in my area lost its config. They claimed I did it. I replied that it could have been a lazy admin never doing a "wr mem". They told me that I could either sign a confession or they'd reassign me to an outside work area while they "investigated". My boss outright told me the investigation would take months while they bounced me from area to area and shift to shift.

Given that kind of culture, the employee always loses.

Re:Can I be the first to say "duh"?

[Profane MuthaFucka]

The relationships between employees and companies are never equal, unless the employees organize in some way.

Re:Can I be the first to say "duh"?

[ifwm]

And your friend didn't sue? Your friends an idiot.

More importantly, you've left something out, or more accurately, your friend did. He has an actionable case, but most likely, he did something else, and is passing this story off to his acquaintances. I seriously doubt it went down they way you claim.

Re:Can I be the first to say "duh"?

[byron036]

The relationships between employees and companies are never equal, unless the employees organize in some way.

The relationships between individuals and organizations are never equal, unless the individuals organize in some way.

Unions aren't angels