63% Of Corporations Plan To Read Outbound Email 565
John writes "Aviran's place reports that a recent survey of 332 technology decision-makers at large U.S. companies reveals that more than 63% of corporations with 1,000 or more employees either employ or plan to hire workers to read outbound email, due to growing concern over sensitive information leaving the enterprise through email."
Our company already does...internal AND ext. (Score:4, Insightful)
Yeah this is great (Score:5, Insightful)
My corp uses AIM for internal communications, and I am really disturbed by this. I'm amazed the local admins have allowed this to go on. Basically all our conversations are going through AOL's servers and the internet, in plain text. And there is ABSOLUTELY no reason for this, since we're all on the local LAN.
I'm planning on setting up a jabber server on the linux box there, but it may be a chore getting employees to switch from AIM to something like gaim or trillian (does trillian support jabber?)
Re:Go Ahead (Score:5, Insightful)
Re:Gentlemen don't read others gentlemen's mail... (Score:5, Insightful)
Email is considered company property, but people have gotten a little miffed because work and home tend to mix some. (No worries. It's natural as long as you keep it under control and under wraps.)
The part that amazes me these days is that people bother to send personal email through their work address when perfectly good webmail clients exist (*cough*gmail*cough*). Yes, your employer can probably see that you're surfing Gmail/Hotmail/Yahoo/Home *nix Server. However, your email is not likely to be captured by their system, and remains private.
So, why do people still use work for private mail?
Re:Gentlemen don't read others gentlemen's mail... (Score:0, Insightful)
Well (Score:4, Insightful)
At the very least, it seems like a good way for the companies to weed out the idiots who would be stupid enough to send questional material through their servers.
Yeah, it sucks to be being watched and not trusted like that, but this shouldn't outrage anyone. They'll probably reverse their policies when the costs of something like this start racking up with nothing to show for it.
Good luck reading secure webmail (Score:4, Insightful)
Re:Gentlemen don't read others gentlemen's mail... (Score:3, Insightful)
IANA Lawyer... but I'm not sure you could afford one to solve this kind of issue for you. It seems to me that question here should not be "what is their legal rights" so much as "what are my technical capabilites". Assuming you have internet access at work, the best answer may not be to challenge their capabilites but to simply use encryption. If you have access to gmail, use it for your personal mail. If you're not into that, setup an SSH tunneling service so that you can pipe your mail out encrypted.
IMHO, I try my very best not to use my work mail for anything that is not directly related to work... that way when I see an alert in Tbird saying I have new mail, I know it;s important, if I have time to burn I browse to gmail (or my personal webmail server)... both of which are encrypted.
Re:Gentlemen don't read others gentlemen's mail... (Score:2, Insightful)
Re:Next up... (Score:2, Insightful)
And you base this on a company wanting to control a medium that it pays for and that it is, in today's litigious climate, liable for? Given that lawsuits today seem to include "every e-mail mentioning X" as a standard discovery item, why would any company want to open itself up to this kind of liability. To look at it in another light, if you're going to be held accountable (legally) for anything downloaded from your home internet connection, would you really want to keep that home wireless network wide open? This is ass-covering 101.
Sorry, but if you don't want your e-mail (or websurfing, or other internet habits) monitored, don't do them from a host that isn't under your complete control. How hard is that to understand?
ROT 13 (Score:3, Insightful)
Re:Good luck reading secure webmail (Score:5, Insightful)
Keystroke logging.
So if you're an employee who values privacy and wants to send a bit of private personal email once in a while on your personal web mail account (say, gmail), the only way to retain that privacy is to either do all that mail through a cell phone, or install an OS that the IT people don't have a keystroke logger for. Where I work all our computers have the corporate spyware installed from day one. To have privacy, you have to find some obscure Unix distro (Red Hat isn't obscure enough; they have that covered too) and use it.
How representative is the survey likely to be (Score:1, Insightful)
wrong on too many levels (Score:5, Insightful)
This is oh-so-wrong on too many levels! One (that's too many.)! There are so many ways for employees to betray a financial or corporate trust. Likewise, there are many ways for an employer to betray a trust. This would, in my opinion, be one of the most onerous with many potential avenues for backfiring.
Consider the disgruntled or dishonest employee. Think they're intent to betray a company is stopped by this policy? Not a chance! This kind of "policy" would only bolster a disgruntled employee's rationalization/justification, etc. to follow through with betrayal. They only need choose some mechanism other than e-mail and there are many.
Now, consider the neutral employee... a policy like this could create a tipping point and generate resentment enough to give cause to consider doing something subversive to a company. After all, the company, by fiat, is essentially assuming an employee is "up to something".
Finally, consider the loyal employee (how many of those will there be after widespread policies like these?)... A quick glance around and loyal employees may begin to wonder what end from loyalty....
No, this is just plain bad policy.
Re:Gentlemen don't read others gentlemen's mail... (Score:2, Insightful)
Also, when you say email is company property, I understand the technical principle that the bits and bytes are on the company owned servers but it's still a form of communication and people should have the right to a little privacy. When I talk on the company phone (or even company paid cell for that matter), I do not expect someone to be listening to my every conversation. This is becoming ridiculous, my employer pays me to do a job and I do it. He shouldn't have the right to ear, see and read everything I do in the company office because he's afraid I may leak private information. Where will we have to draw the line between the company's right to corporate secrecy and its employees' right to privacy? Heck! who's watching me at night in case I may talk to a friend or a relative about some secret company ploy?
Finally, to answer your last question, I use company mail because it's the only thing I can use and I spend over 60 hours a week there
Re:Gentlemen don't read others gentlemen's mail... (Score:2, Insightful)
While Yahoo does support optional SSL, and I have no experience with Hotmail, I have never seen an SSL 'padlock' icon on Gmail. So the messages you read and send on Gmail appear to be transmitted in plaintext, and would thus be easy for the sysadmin to read.
Re:Go Ahead (Score:3, Insightful)
And while I'm doing that, you can explain to your shareholders why the company lost millions of dollars on a new product because someone inside the company sent company secrets to a competitor.
Or you can explain to the shareholders why the company is now paying a multimillion dollar settlement for sexual harrassment via an employee's email.
Paying someone to read email is vastly cheaper than the alternatives. If you drive 20 years without an accident, do you consider the insurance payments you made to be "wasted"?
In addition, employers don't need another trick to sack an employee. Unless you signed a very unusual contract, or you are an empoyee that is covered by a union, your employer can already fire you because the sky is blue, the grass is green, or they didn't like the color of your socks last Tuesday. Most tech employees are hired "at will". They can be fired just as easily.
Finally, as far as privacy issues go, you have no privacy on work place computers. The company owns the hardware and software and pays for the power to run it, you don't. And in the United States, there are multiple Supreme Court rulings to back that up.
Re:interception of email is illegal (Score:2, Insightful)
Re:Gentlemen don't read others gentlemen's mail... (Score:3, Insightful)
At that point, does it matter to the parent corp as much? One of the dangerous things about having a corporate email address is that it ties you to that corp. Imagine the difference between recieving 'leaked' specs of Nintendo's next system from a Hotmail address. Then imagine that same email from Nintendo.com. The problem isn't just privacy, it's that with that address you are a voice for the company.
My company doesn't play games like that with email, but if it did, I think their biggest worry is that I'd run around telling our customers they have free copies of our software.
On a side note: Is Slashdot broken, or am I being punished? "It's been 42 minutes since you last successfully posted a comment"
Re:Gentlemen don't read others gentlemen's mail... (Score:5, Insightful)
This is why employers ought to let a reasonable amount of personal email usuage. The time spent going outside to use a cell is going to be a lot longer that a quickie email. I can understand why employers wouldn't want employees messing around on company time, but everyone knows everyone does it from time to time. You can bet your last penny even the bosses have spent personal time on the company clock. I know this because I've been on both sides.
A reasonable person would realize that draconian systems cause much more waste than rational limits ever do. The problem is, computers are very easy to monitor so they end up getting all the focus of nosey bosses. Employees are smart enough to get around this, though it takes more time out of their day. Excessive monitoring is a loss for everyone.
Re:Blocking webmail may be a hint to do email at h (Score:3, Insightful)
Re:Not a protection if intruder controls the brows (Score:3, Insightful)
Less likely, or do you let your ISP set up your computer for you? The attack is only possible as described if the attacker can somehow install the root CA certifcate of his CA into his victim's browser. That's trivial in a corporate setting, but more difficult for an ISP.
Re:Gentlemen don't read others gentlemen's mail... (Score:3, Insightful)
Personally I've set up SquirrelMail [squirrelmail.org] on my little home server and am busy working out how to get it to work in https mode only.
That's got the advantage that it too is web based but it's (hopefully) private to boot (my sysadmin incompetence not withstanding
Having said that I do have a gmail account but I have every expectation that a future Google will become a.n.other corporation and all their current concerns about privacy will be slowly eroded "to enhance our customer experience whilst maximising shareholder value" etc. etc.
Re:Gentlemen don't read others gentlemen's mail... (Score:2, Insightful)
This is what I don't get about management in general. Employees have a job to do. They either do it well or they don't. But that's not good enough for some. It creates an atmosphere of some employees acting busy when they aren't, and a poor long term working environment. Managers that want to squeeze blood from a turnip will find that micro-analysing employee's time does not lead to greater long-term productivity. If your company has the resources to read every email you send to make sure YOU are being productive then they have got their priorities messed up. Measure employees on how well they do their job not on what % of time worked is work related. I'd rather have intelligent people that are happy with their work environment. Ones that execute their duties swiftly and accurately with ample room to breath between than a US Postal worker who ALWAYS works but takes 10 minutes to walk from the freeking counter to the freeking package drop off, back to the freeking counter while there are 50 customers waiting in line.
Where was I? Oh yeah, I think this is an IT learning curve for management too paranoid to keep their eye on ball.