Conspiring Against Your Employer? Watch What You Email

Eric Giguere writes "In a story that has Bay Street (the Canadian equivalent of Wall Street) in a kerfuffle, the Globe and Mail writes that bank employees defecting to set up a rival investment firm didn't realize that their employer could easily track the emails and messages they sent and received, even when they're sent via a nominally-secure system like RIM's BlackBerry. In particular, the employees were assuming that the messages they sent via direct PIN-to-PIN communication (a PIN uniquely identifies a BlackBerry device) weren't trackable. But if they're on the device, they're available to the employer to see. The employees may also have thought that PIN-to-PIN messages are encrypted, though RIM has always said that they're not -- it's only the connection to the corporate email server that is secure. A lot of damning information pulled from those emails and messages has made its way into a lawsuit."

Agreed

[log0n]

I can't believe that this isn't even common sense for a lot of people.

People are either getting dumber, or too trustful - either way, one is a sure sign of another.

Idiots**2

[Deep Fried Geekboy]

These people are in charge of your money, folks.

They are idiots for two reasons.

First, because they clearly acted unethically, which is the really big idiocy. I run my own company and rule number one is due diligence. I am not going to screw myself by doing something that could bite me in the ass further down the line.

It's astonishing how many investment guys simply don't get this. I have literally had my own investment guy sit there and tell me that a particular investment 'cannot lose', in the presence of his lawyer -- who looked very uncomfortable and was forced to intervene by saying "Look, you cannot say that".

Second, anyone who uses unencrypted email on a server they do no control, ESPECIALLY if it belongs to someone they are screwing, deserves to spend the rest of their productive years flipping burgers, or possibly stamping licence plates.

ssh and silc via blackberry

[gmailflows]

It is quite silly to think that Email is secure in today's day and age, however what none of these bankers considered was using ssh [idokorro.com] and then say something like silc [silcnet.org] to have a secure conversation. Most large institutions with RIM have the BES and thus using ssh is an option. which is certainly more secure than email, but is it totally secure? Or still prone to eavesdropping?

Re:Can I be the first to say "duh"?

[Errtu76]

*can*, yes. But is it legally allowed? I know for a fact that in the Netherlands (where i live) it's illegal to 'spy' on your users, and then use that obtained information. Even if we saw an email from one of our users that contains illegal/damaging information we can't do anything as this would be a violation of the user's privacy.

This happened to my old ex-boss!

[Sethseekstruth]

This exact thing, getting caught in a conspiracy to leave the company, happened to my boss and a coworker. I was working away, and they were both told to clear out thier desks, and I was then called into the HR office. I was told that my boss and co-worker sent emails back and forth on company machines that said things like "we are going to rip these morons off so bad". They actually discussed inviting me and a secrty. to join the company they were going to start up, but decided to not take because I would not go along. They also defraued the compny by faking orders and ended up in criminal cout last I heard. the fired boss was the one who hired me, and the atmosphere was poisioned and I eneded up getting canned myself a few months later, but with a nice severance package.

Not to be trusted

[canuck57]

In reading the replies to this post it is clear there are two camps. One which says they were stupid to get caught and the other that has no pity.

Remember, these turncoats gladly accepted a pay cheque to be a representative of their company. Their actions could cause the company to lay off people, perhaps you if it causes financial harm.

I for one would not look forward to calling one of these turncoats a friend. It would only be a mater of time before they framed me for their own gain.

Let these turkeys fry

Re:gratitude

[maxpublic]

Bullshit. These people were idiots for using company resources to talk about setting up their own firm, but loyalty of any kind doesn't enter into the equation. Capitalism relies on the exchange of goods and services, in this case labor for pay - NOT some stupid, pathetic "company uber alles!" mindset.

Businesses pay me for my skills. They don't get my loyalty as a freebie on top of that. Companies aren't nations, aren't friends, aren't family, and they sure as hell don't deserve my devotion as a matter of course. If this is a problem for some people, they can haul their anti-capitalist asses off to some fascist shit-hole that's more to their liking.

Max

Re:gratitude

[WindowlessView]

Loyalty used to mean something in this country.

Where have you been for the last twenty years?

We can easily get in a chicken and egg argument but in my opinion this trend toward lack of loyalty was begun by employers, not their employees.

It wasn't the employees who first went around pronouncing that the age of lifetime employment was over and people had better get used to have 2 or 3 different careers in a lifetime. It wasn't employees who decided to ship their own jobs overseas to save some money. It isn't the average worker who is pushing the trend toward hiring people with the precise skill set needed at the moment and then throwing them overboard the second they aren't needed. And god forbid a company should spend money on retraining these days.

These guys may have been a little sleazy in how they went about things but the fact that anyone should be surprised by their behavior is astonishing - and not a little too self-righteous for my taste.

You want traditional family values to make a comeback? How about starting with a move toward a society where the family wage earners can have some measure of stability and faith in their employer.

How to Get Away With It

[lukewarmfusion]

I just started my own company, directly competing with my previous employer. I spent nearly eight months on their payroll while I began up my own business and sought projects of my own. Here's what I learned:

1. Don't stab anyone in the back (burned bridges, insert your favorite cliche). It can come back to hurt you.

2. Don't give your bosses a reason to be unhappy with you. Work just as hard - or harder. If you're valuable to the company, leaving them will be more painful (and can produce a more profitable situation for you).

3. Encrypt every email, instant message, and web transaction that deals with your activities. Don't assume anything is safe unless you're actively doing something to ensure its security or you can verify it easily (SSL, for instance).

4. Regularly scan your machine for viruses and spyware. Use a packet sniffer to see if you're sending anything unexpected. Look through your machine to see if there are programs installed that shouldn't be there... is your company spying on you?

5. Don't use their phones. Upgrade your damn cell plan and use that.

6. Take advantage of non-company resources for communication and whatnot. Find a decent webmail provider with SSL enabled.

7. Make sure any contract or agreement you signed isn't going to come back to bite you. If you signed a non-compete agreement or whatever, don't assume it's invalid or that they won't pursue it. See a lawyer BEFORE you have legal troubles in this area.

As others have complained, there are loyalty problems in this country. I used to love my job, love my work, and love the company. Some things changed, and while I still love the work I no longer enjoyed anything about the company. Many attempts to change it from within failed. When your boss is taking advantage of you, you need to re-evaluate. When you're stuck in a dead-end, you need to re-evaluate. When you get the line, "if you don't like it, then find somewhere else to work," the time for re-evaluation has passed and it's time to end that part of your life.

Employers aren't loyal to employees any more than we are to them. I heard stories of pre-1980s-boom-and-crash Japan, where a failing company's president would give everything he had back into the company to keep it going as long as possible...and if it wouldn't work, he'd split the cash from his shares, pay, etc. among the employees. This was in return for the lifetime loyalty you gave to the company.

Don't BlackBerry PIN messages bypass the BES?

[Anonymous Coward]

I think there is some misunderstanding here - on either my part or the article author's.

My understanding is that BlackBerry PIN messages are not stored on the company's BlackBerry Enterprise Server (BES) at any point - they are network 'peer to peer' messages. As such, they bypass the BES and go directly between devices.

For a company to read PIN messages, either the sender or the receiver's BlackBerry would need to be physically examined. The other scenario I was thinking of is that the desktop software was set to do a backup of the BlackBerry when it was synced and the backup was examined.

Any BlackBerry experts able to shed any light on this? PIN messaging is very commonly used for 'private' messages and therefore a breach in its 'security' would be devastating to the dedicated users of it.

Yes, but also keep all comms separate

[Presence1]

A company I worked for was very paranoid and badly managed (so much so that 30+ other people left within the same six week period as I did). After we left, they installed video monitoring of every desk, door monitoring and other intrusions.

However, it turns out that before that, they had installed keystroke monitors, and used this to obtain passwords to private web-based email accounts. We found this out because one of the former employees was hit with a lawsuit with "evidence" from his private Yahoo email account. The suit was bogus and never went anywhere, but he still had to start a defense.

The answer is simple, do not use ANY form of communication that intersects with any of your employer's systems. Use separate private cell phones, private email on your home computers or private laptops (off your employer's network), and talk off site.

Not only is this the safe thing to do it is also the right thing to do. Even when your employer has proven themselves to be irredeemably unfair, and that you are right to leave and compete with them, that still doesn't make it right to use their resources to do so. Get your own.