Forgot your password?
typodupeerror
Privacy Businesses Communications Security IT

US Firms Read Employee E-mail On a Massive Scale 263

Posted by timothy
from the this-call-may-be-monitored dept.
An anonymous reader writes "In its fifth annual study of outbound e-mail and data loss prevention issues, Proofpoint found that 41% of the largest companies surveyed (those with 20,000 or more employees) reported that they employ staff to read or otherwise analyze the contents of outbound e-mail. 22% of these companies said they employ staff primarily or exclusively for this purpose."
This discussion has been archived. No new comments can be posted.

US Firms Read Employee E-mail On a Massive Scale

Comments Filter:
  • by gnutoo (1154137) * on Thursday May 22, 2008 @09:23AM (#23504130) Journal

    All this does is prove that you can't trust people who work at big dumb companies. They can't tell you what they really think by email, so you have to assume they are lying to you. It's amazing that 41% of these companies admitted to the practice after the whole HP scandal.

  • by stoolpigeon (454276) * <bittercode@gmail> on Thursday May 22, 2008 @09:39AM (#23504322) Homepage Journal
    I wrote the code that went through the emails from a small company where I was employed. While I was writing and testing the system, I ended up reading a lot of email.
     
    I was shocked at what I saw. People shopping around their resume, looking for new jobs. People emailing people who they were involved with in an extra-marital affair. And lots of the other junk you mention. And this was primarily involving execs.
  • by adrenalinekick (884201) on Thursday May 22, 2008 @09:51AM (#23504472)

    Particularly for the Slashdot crowd? Hell, a portion of the readership is probably responsible for helping to implement such measures.

    Guilty as charged.

    On the whole good advice. In my experience most large companies use data loss prevention (DLP) products chiefly to monitor for personally identifiable information (PII) such as SSNs, credit card numbers, drivers license number, bank account numbers, etc. If your email doesn't contain a recognizable piece of PII, it generally does not get logged. DLP products certainly can be used to monitor "Acceptable Use" violations, but most companies I've seen would rather stick their heads in the sand than have to deal with every employee that writes a dirty email to his wife.

  • by bsDaemon (87307) on Thursday May 22, 2008 @09:54AM (#23504506)
    That's why God intelligently designed the French Foreign Legion. Do your time under assumed name, and gain French citizenship under that name -- or go back to your home country with your real identity intact if things don't work out (well, work out well enough that you don't get splattered across Algeria).

    One of their duties is guarding the ESA launch site in French Guiana, so some Slashdotters might be into that. Plus, working out and is a lot like "leveling up," as our friends at XKCD remind us. Just think of it as a real-life RPG.
  • by emptycorp (908368) on Thursday May 22, 2008 @10:00AM (#23504600)
    Who watches the e-mails of the people who watch the e-mails...
  • by adrenalinekick (884201) on Thursday May 22, 2008 @10:01AM (#23504608)

    I've got news for you - ALL of these products that are worth the price they charge also have the option to monitor your web browsing.

    Think you're safe using webmail at work? Not necessarily. Many webmail services only encrypt the login information, not your actual email. And since it is web based, these products can pick up your personal email if you send them over your corporate connection. Heck, even if your choosen webmail service does use SSL for all of your traffic, some of the more advanced products can make use of man-in-the-middle proxies that can and will actually intercept your SSL certificates and replace them with their own. Granted if this DOES happen, you or your browser should at least be able to recognize what is going on.

    Your best bet (unless you are friendly with the guy who reads your email) is to tunnel your traffic through a home based SSH server, and even that isn't perfect.

  • by Adeptus_Luminati (634274) on Thursday May 22, 2008 @10:07AM (#23504696)
    Even though technology is making easier and faster for companies to adopt this kind of behaviour, for the time being you still have some options...

    1) Work for companies with over worked and under-budged IT departments who fight fires daily and have no long term plans - These companies are highly likely not to have any time to be reading your emails. Hell, you'd be lucky if the mail server stays up all week.
    2) Write emails in foreign languages. In North America this works well, where so many people only speak English. Alternatively, teach your loved ones to use encryption in emails.
    3) Use a fax machine. I know, waste of paper, but most companies don't have technology implemented to sniff/wiretap fax transmissions.
    4) RDP to your home PC and write an email from there to your loved ones.
    5) Make calls from conference rooms instead of your desk. This won't work if you call people daily, but its good if you need to make personal calls once a week or so. At the very least, it won't show up on your phone's call log, or the PBX's log about your phone.
    6)If none of these are an option, you are working for a company that doesn't respect your privacy. Stand up for yourself, and go find another job.

  • Re:Get back to work! (Score:5, Interesting)

    by Lumpy (12016) on Thursday May 22, 2008 @10:11AM (#23504760) Homepage
    Yup. I stopped "special" surfing at the office when I put a linux box on a hub between the network internet router and the switches. I simply sniffed all traffic for image files and displayed it on a 42" LCD out in the sales area.

    Images were displayed of what people were surfing. I also attached the ip address of the user to the image.

    It stopped inappropriate internet surfing in that office in 3 days.

    When everyone can wee what you are doing, you get back to real work.

  • And opening themselves up for privacy lawsuits. Hmmm... get an email from a parent concerned about health issue X you are experiencing (unbeknownst to your employer). Employer finds out and terminates employee or boss uses it for leverage for extra work/projects. According to Mark Rasch from SecurityFocus.com, it's not as clear cut as one might think. Varying laws in the USA from State to State make the issue even more challenging. From Mark: "In many states, the same law that prohibits the interception or recording of telephone calls also prohibits the interception or recording of electronic communications without the consent of all parties."(Reference: http://www.securityfocus.com/columnists/412 [securityfocus.com]).

    Talk about a confusing issue. You require outright consent from employees AND the party your emailing. Period. No exceptions. Simply stating 'we monitor all emails' will not hold up in court - should it ever come to it - you need permission from that individual employee - or all employees and have a readily available record of their consent.

    If what I'm reading is correct, its far easier to leave your emails alone, and then search if you have an issue with court permission, than it is to be actively reading emails.
  • Re:Secure your email (Score:4, Interesting)

    by Courageous (228506) on Thursday May 22, 2008 @10:35AM (#23505092)
    Trust me - if the email admins noticed you, Joe Low-Level Employee, shuffling encrypted emails back and forth, you'd be frog-marched out of the corp faster than you can say "WTF?"

    Have you considered, perhaps you're being a tad hysterical here?

    I work at one of those "ultra-anal" defense contractors... a biggun... and know our IT processes quite well, including the realities.

    They don't "frog march" people out the door for those sorts of things. Actually, the IT security guys are lucky if they can get engineering to pay attention to them at all.

    Except in SCIFs, then it's a different matter.

    C//
  • by contrapunctus (907549) on Thursday May 22, 2008 @10:46AM (#23505284)
    This is the perfect argument to get a web based cellphone. It completely puts the company out of the loop and you can send/receive whatever info you want.
  • No outgoing e-mail (Score:2, Interesting)

    by Metorical (1241524) on Thursday May 22, 2008 @10:53AM (#23505408)
    A friend of mine at some big name bank sent me some intersting e-mails about the possibility of said big name bank being taken over by other big name bank.

    Interestingly he's been blocked from sending e-mails now but can still receive them!
  • Re:Get back to work! (Score:1, Interesting)

    by Anonymous Coward on Thursday May 22, 2008 @10:56AM (#23505450)
    i was thinking of doing that, but then the only one that does innapropriate stuff (and i dont mean watching slashdot or other fun sites) is the boss.

    he probably wouldn't have liked it /posting as anonymous for obvious reasons :)
  • Google loves HTTPS (Score:3, Interesting)

    by rsborg (111459) on Thursday May 22, 2008 @12:08PM (#23506656) Homepage

    Google may parse messages, but Google offers HTTPS. If you're at work sending e-mail and you should use encryption.
    This is VERY VERY important. If you're looking for a career elsewhere, then the difference between Google analyzing and aggregating your data as opposed to your boss knowing that you're exploring your options is HUGE.

    Also keep in mind that Google offers several services that operate on HTTPS: Google Reader [google.com] (great for bypassing those stupid web-filters that block political sites at repressive companies), Google Calendar [google.com] (so you can schedule your interviews without alerting your company), and Google Docs [google.com] (so you can work on your resume in private).

    Google is also a godsend for consultants at client sites who are working with sensitive materials they don't want their clients to see (and don't want to use VPN).

COMPASS [for the CDC-6000 series] is the sort of assembler one expects from a corporation whose president codes in octal. -- J.N. Gray

Working...