Forgot your password?
typodupeerror
Privacy Communications Your Rights Online

63% Of Corporations Plan To Read Outbound Email 565

Posted by timothy
from the oh-that's-sensible dept.
John writes "Aviran's place reports that a recent survey of 332 technology decision-makers at large U.S. companies reveals that more than 63% of corporations with 1,000 or more employees either employ or plan to hire workers to read outbound email, due to growing concern over sensitive information leaving the enterprise through email."
This discussion has been archived. No new comments can be posted.

63% Of Corporations Plan To Read Outbound Email

Comments Filter:
  • This isn't funny as it has resulted in more than one person being terminated because of what was called "inappropriate" material (meaning someone COULD have taken offense to it. Remember...Charlie is Watching!
  • Yeah this is great (Score:5, Insightful)

    by Azureflare (645778) on Tuesday June 07, 2005 @10:33PM (#12754193)
    But how many plan on reading AIM conversations their employees are having?

    My corp uses AIM for internal communications, and I am really disturbed by this. I'm amazed the local admins have allowed this to go on. Basically all our conversations are going through AOL's servers and the internet, in plain text. And there is ABSOLUTELY no reason for this, since we're all on the local LAN.

    I'm planning on setting up a jabber server on the linux box there, but it may be a chore getting employees to switch from AIM to something like gaim or trillian (does trillian support jabber?)

  • Re:Go Ahead (Score:5, Insightful)

    by rd4tech (711615) * <emilijan@@@cpuedge...com> on Tuesday June 07, 2005 @10:33PM (#12754194) Homepage
    Nope, you are getting it all wrong, imagine the following: "And by this, my dear shareholders, our development team will know that their email is read, thus, reducing the time they spend on writing non-work related emails to minimum... and..." :) Management 101 = "everything is magic"
  • Well, it seems to me, and I might be way off here, that thinking up an email by an employee is in fact his company's property and hence, they have all the rights to read it, and it doesn't breaks anyone's right to privacy.

    Email is considered company property, but people have gotten a little miffed because work and home tend to mix some. (No worries. It's natural as long as you keep it under control and under wraps.)

    The part that amazes me these days is that people bother to send personal email through their work address when perfectly good webmail clients exist (*cough*gmail*cough*). Yes, your employer can probably see that you're surfing Gmail/Hotmail/Yahoo/Home *nix Server. However, your email is not likely to be captured by their system, and remains private.

    So, why do people still use work for private mail?
  • by FosterKanig (645454) on Tuesday June 07, 2005 @10:34PM (#12754206)
    You are using company resources. They can do whatever the hell the want.
  • Well (Score:4, Insightful)

    by Rew190 (138940) on Tuesday June 07, 2005 @10:35PM (#12754214)
    Well, the gut reaction is to say this a bad and terrible thing (also a bit silly, as it seems to me that anyone with any technical know-how would just use internet-based mail to get sneaky anyhow), but really, if you're on their payroll, isn't it well within their right to make sure you're not doing damage to them?

    At the very least, it seems like a good way for the companies to weed out the idiots who would be stupid enough to send questional material through their servers.

    Yeah, it sucks to be being watched and not trusted like that, but this shouldn't outrage anyone. They'll probably reverse their policies when the costs of something like this start racking up with nothing to show for it.
  • by Timbotronic (717458) on Tuesday June 07, 2005 @10:39PM (#12754241)
    As with most draconian Big Brother initiatives this one won't work. What's to stop employees from just logging into a private webmail account over HTTPS and sending information out that way? Unless employers block browser access, search people for USB keys, iPods, floppies etc there's a dozen ways information can be leaked out of a building.
  • by rsborg (111459) on Tuesday June 07, 2005 @10:40PM (#12754253) Homepage
    Can anyone with legal experience enlighten me on this one? Do the bastards have the right to do so, provided that one doesn't sign a document that explicitly states "you can read my email" but instead contains a fine version of "all your bases, off lunch hours, belongs to us?

    IANA Lawyer... but I'm not sure you could afford one to solve this kind of issue for you. It seems to me that question here should not be "what is their legal rights" so much as "what are my technical capabilites". Assuming you have internet access at work, the best answer may not be to challenge their capabilites but to simply use encryption. If you have access to gmail, use it for your personal mail. If you're not into that, setup an SSH tunneling service so that you can pipe your mail out encrypted.

    IMHO, I try my very best not to use my work mail for anything that is not directly related to work... that way when I see an alert in Tbird saying I have new mail, I know it;s important, if I have time to burn I browse to gmail (or my personal webmail server)... both of which are encrypted.

  • I think I may be playing Devil's advocate here, but I don't really have a problem with the companies reading their employee's email. Your work email address is for just that - work. These emails are written on company time and they are on the company network. I'm sure there is an AUP for the company network; they aren't hiding the fact that they can read your emails. In short, don't waste time with personal emails at work and don't send out company secrets through email. Isn't that unethical anyway? Keith
  • Re:Next up... (Score:2, Insightful)

    by Nobody You Know (750014) on Tuesday June 07, 2005 @10:48PM (#12754306)
    Does anyone realize that we are probably 3-5 years from a real, Orwellian existence??

    And you base this on a company wanting to control a medium that it pays for and that it is, in today's litigious climate, liable for? Given that lawsuits today seem to include "every e-mail mentioning X" as a standard discovery item, why would any company want to open itself up to this kind of liability. To look at it in another light, if you're going to be held accountable (legally) for anything downloaded from your home internet connection, would you really want to keep that home wireless network wide open? This is ass-covering 101.

    Sorry, but if you don't want your e-mail (or websurfing, or other internet habits) monitored, don't do them from a host that isn't under your complete control. How hard is that to understand?

  • ROT 13 (Score:3, Insightful)

    by 3770 (560838) on Tuesday June 07, 2005 @10:51PM (#12754325) Homepage
    I bet even ROT13 "encryption" would defeat the corporate censors.
  • by Anonymous Cowdog (154277) on Tuesday June 07, 2005 @10:57PM (#12754371) Journal
    >What's to stop employees from just logging into a private webmail account over HTTPS and sending information out that way?

    Keystroke logging.

    So if you're an employee who values privacy and wants to send a bit of private personal email once in a while on your personal web mail account (say, gmail), the only way to retain that privacy is to either do all that mail through a cell phone, or install an OS that the IT people don't have a keystroke logger for. Where I work all our computers have the corporate spyware installed from day one. To have privacy, you have to find some obscure Unix distro (Red Hat isn't obscure enough; they have that covered too) and use it.
  • by Anonymous Coward on Tuesday June 07, 2005 @10:58PM (#12754376)
    ...considering that it was carried out by a company that has a product for scanning outgoing mail...
  • by yagu (721525) * <yayagu@gmai l . com> on Tuesday June 07, 2005 @10:59PM (#12754385) Journal

    This is oh-so-wrong on too many levels! One (that's too many.)! There are so many ways for employees to betray a financial or corporate trust. Likewise, there are many ways for an employer to betray a trust. This would, in my opinion, be one of the most onerous with many potential avenues for backfiring.

    Consider the disgruntled or dishonest employee. Think they're intent to betray a company is stopped by this policy? Not a chance! This kind of "policy" would only bolster a disgruntled employee's rationalization/justification, etc. to follow through with betrayal. They only need choose some mechanism other than e-mail and there are many.

    Now, consider the neutral employee... a policy like this could create a tipping point and generate resentment enough to give cause to consider doing something subversive to a company. After all, the company, by fiat, is essentially assuming an employee is "up to something".

    Finally, consider the loyal employee (how many of those will there be after widespread policies like these?)... A quick glance around and loyal employees may begin to wonder what end from loyalty....

    No, this is just plain bad policy.

  • by AlexMidn1ght (705563) on Tuesday June 07, 2005 @10:59PM (#12754391)
    A lot of employers block access to gmail, hotmail, msn messenger etc. which leaves people with only one option, company mail.

    Also, when you say email is company property, I understand the technical principle that the bits and bytes are on the company owned servers but it's still a form of communication and people should have the right to a little privacy. When I talk on the company phone (or even company paid cell for that matter), I do not expect someone to be listening to my every conversation. This is becoming ridiculous, my employer pays me to do a job and I do it. He shouldn't have the right to ear, see and read everything I do in the company office because he's afraid I may leak private information. Where will we have to draw the line between the company's right to corporate secrecy and its employees' right to privacy? Heck! who's watching me at night in case I may talk to a friend or a relative about some secret company ploy?

    Finally, to answer your last question, I use company mail because it's the only thing I can use and I spend over 60 hours a week there :-P
  • by tylernt (581794) on Tuesday June 07, 2005 @11:10PM (#12754466)
    "However, your email is not likely to be captured by their system, and remains private."

    While Yahoo does support optional SSL, and I have no experience with Hotmail, I have never seen an SSL 'padlock' icon on Gmail. So the messages you read and send on Gmail appear to be transmitted in plaintext, and would thus be easy for the sysadmin to read.
  • Re:Go Ahead (Score:3, Insightful)

    by davmoo (63521) on Tuesday June 07, 2005 @11:14PM (#12754495)
    I'll explain to my shareholders why I wasted $50 or so thousand a year paying an employee or two to check email.

    And while I'm doing that, you can explain to your shareholders why the company lost millions of dollars on a new product because someone inside the company sent company secrets to a competitor.

    Or you can explain to the shareholders why the company is now paying a multimillion dollar settlement for sexual harrassment via an employee's email.

    Paying someone to read email is vastly cheaper than the alternatives. If you drive 20 years without an accident, do you consider the insurance payments you made to be "wasted"?

    In addition, employers don't need another trick to sack an employee. Unless you signed a very unusual contract, or you are an empoyee that is covered by a union, your employer can already fire you because the sky is blue, the grass is green, or they didn't like the color of your socks last Tuesday. Most tech employees are hired "at will". They can be fired just as easily.

    Finally, as far as privacy issues go, you have no privacy on work place computers. The company owns the hardware and software and pays for the power to run it, you don't. And in the United States, there are multiple Supreme Court rulings to back that up.
  • by atomm1024 (570507) on Tuesday June 07, 2005 @11:54PM (#12754719)
    Indeed! Especially when you've probably signed an employee contract allowing them to do that.
  • by NanoGator (522640) on Wednesday June 08, 2005 @12:34AM (#12754903) Homepage Journal
    " However, your email is not likely to be captured by their system, and remains private."

    At that point, does it matter to the parent corp as much? One of the dangerous things about having a corporate email address is that it ties you to that corp. Imagine the difference between recieving 'leaked' specs of Nintendo's next system from a Hotmail address. Then imagine that same email from Nintendo.com. The problem isn't just privacy, it's that with that address you are a voice for the company.

    My company doesn't play games like that with email, but if it did, I think their biggest worry is that I'd run around telling our customers they have free copies of our software.

    On a side note: Is Slashdot broken, or am I being punished? "It's been 42 minutes since you last successfully posted a comment"

  • if I have some sort of sensitive private communication to make, I can wait until I get home or go outside and use my cell phone.

    This is why employers ought to let a reasonable amount of personal email usuage. The time spent going outside to use a cell is going to be a lot longer that a quickie email. I can understand why employers wouldn't want employees messing around on company time, but everyone knows everyone does it from time to time. You can bet your last penny even the bosses have spent personal time on the company clock. I know this because I've been on both sides.

    A reasonable person would realize that draconian systems cause much more waste than rational limits ever do. The problem is, computers are very easy to monitor so they end up getting all the focus of nosey bosses. Employees are smart enough to get around this, though it takes more time out of their day. Excessive monitoring is a loss for everyone.

  • by RWerp (798951) on Wednesday June 08, 2005 @02:32AM (#12755346)
    If I can't send an e-mail to my wife from work saying "what do you want me to buy at the grocer's at the way home?", then it's only fair when I ignore anything job-related as soon as I exit the company building. But this is of course absurd, and companies all the time expect people to carry over their work problems into their spare time -- read stuff, talk to people, etc. If it's OK for the employer, it should be also OK to let me send a few private e-mails from work. Otherwise, it's not fair.
  • by ArsenneLupin (766289) on Wednesday June 08, 2005 @04:50AM (#12755761)
    It will also ring the alarm bells if the certificate you downloaded at home is tainted by the home ISP's SSL interceptor though.

    Less likely, or do you let your ISP set up your computer for you? The attack is only possible as described if the attacker can somehow install the root CA certifcate of his CA into his victim's browser. That's trivial in a corporate setting, but more difficult for an ISP.

  • by TractorBarry (788340) on Wednesday June 08, 2005 @09:44AM (#12756857) Homepage
    And then Google get to read, index, and (at a later date) profit from your emails...

    Personally I've set up SquirrelMail [squirrelmail.org] on my little home server and am busy working out how to get it to work in https mode only.

    That's got the advantage that it too is web based but it's (hopefully) private to boot (my sysadmin incompetence not withstanding :)

    Having said that I do have a gmail account but I have every expectation that a future Google will become a.n.other corporation and all their current concerns about privacy will be slowly eroded "to enhance our customer experience whilst maximising shareholder value" etc. etc.

  • by Morinaga (857587) on Wednesday June 08, 2005 @10:59AM (#12757730)
    You do know that, "See you tonight honey. Wear the red dress" is code for bagging on one's company. Oh, and "The Frog is in the water" means you should leave the building immediately. Seriously, do companies truely believe that any employee willing to give trade secrets would use company email? You don't prevent a bank robbery by requiring ID for withdrawls. It seems like a waste of company resources to have someone reading email all day. Sounds like paranoid management to me.

    This is what I don't get about management in general. Employees have a job to do. They either do it well or they don't. But that's not good enough for some. It creates an atmosphere of some employees acting busy when they aren't, and a poor long term working environment. Managers that want to squeeze blood from a turnip will find that micro-analysing employee's time does not lead to greater long-term productivity. If your company has the resources to read every email you send to make sure YOU are being productive then they have got their priorities messed up. Measure employees on how well they do their job not on what % of time worked is work related. I'd rather have intelligent people that are happy with their work environment. Ones that execute their duties swiftly and accurately with ample room to breath between than a US Postal worker who ALWAYS works but takes 10 minutes to walk from the freeking counter to the freeking package drop off, back to the freeking counter while there are 50 customers waiting in line.

    Where was I? Oh yeah, I think this is an IT learning curve for management too paranoid to keep their eye on ball.

It is impossible to enjoy idling thoroughly unless one has plenty of work to do. -- Jerome Klapka Jerome

Working...